sssd-dbus-1.16.0-19.el7_5.5> H HtxHF[2{ ?*}}XUߚŸ7Zvc]{[N0 c9f54b426d285c41969c058ba1d00f27f7c6971b1;[+Q ;2F[2{ ?*}}DQVI(b<;x4n%Aԁr{6<]a- -EA8>?T?Dd   > .B_elt         6  @ h   07 7 T7( 8 9:s?>_?g@oGx HԠ I XY\ ], ^ bdעeקfתl׬t u vw4 x\ yڄ/@Csssd-dbus1.16.019.el7_5.5The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.[2esl7-kojislave01.fnal.gov:Scientific LinuxScientific LinuxGPLv3+Scientific LinuxApplications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-ifp.service >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-ifp.service > /dev/null 2>&1 || : systemctl stop sssd-ifp.service > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service >/dev/null 2>&1 || : fieKN [큤A큤[2eO[2eS[2eg[2eO[2eY [2eD[2eD[2eE[2eE4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8f1018b8062fec54f73a99b3e6621a491cfd79f1d5cf7a27860d6f3d349c32fb319739a7ba772f7762a5d25e7d65893e34a7c3f98114535be617924bc14f4ac3dda2631eb70e5cdc8392c97e19924dc9aca4ddcf4b38a44ada079dbfd5f3b5c8738ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903cd2e275b1bd3dfa54050c74dd3b312cce0913259f335f4305ec32f6a3ced2745a09c15c7654652ff9afed1b3ca66e1e63f5ab65548786cc3e5ef7524f79235c820444dcb6c3e9e799708221d2449facad9585d263fa26aa6621113fcd104679430ce361295308e49ded7d3130ad27694a6add559a199f122a4683b67653cd1a3rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.0-19.el7_5.5.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.16.0-19.el7_5.55.2-14.11.3[[Z@Z@ZZ_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.16.0-19.5Fabiano Fidêncio - 1.16.0-19.4Fabiano Fidêncio - 1.16.0-19.3Fabiano Fidêncio - 1.16.0-19.2Fabiano Fidêncio - 1.16.0-19.1Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z]- Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z]- Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z]- Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z]- Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z]- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh cadeuk1.16.0-19.el7_5.51.16.0-19.el7_5.5 org.freedesktop.sssd.infopipe.confsssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.16.0COPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus-1.16.0//usr/share/man/ca/man5//usr/share/man/de/man5//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnuXML 1.0 document, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=234a98eaa95b98e8c4559bc72aba28229e25dc24, strippeddirectorytroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)/R.R*RR RR0RRRR R,RR(RRRR RRRRRRRR R-RR%R#R&R'R/R R)R$R+R"R!RRRRRRR RR4?7zXZ !X♈] crv(vX0{󶖉gVVVJo#,[~4iQz L69alcZp7;8O2&wּJމey.~fVVUos!C4c@._fR_gMٖn!]AA |*WCYI$`̣Nѕ+oiKFKŏZ\Ṿ 5g]v æ( jP|g;tyBDF}f`ĦW~_S G Rrl eɸ~Mש/g~dO k7''ωt4\BgV7#ozQ;HvۥE#^Q5Td8/#R 8{^!T1ZdbWEZ4[Nx9r}-{sx:x#U6hvƸoU~)BFfJ!sQZ}l|OcDghMMv*:9ːhI92uڱұ> TuAJm/wnT Dz/C濥jv8H'CzXL뭖 o>LTհgYcBV(soy(zU"i4cs 팇hUO4JUX)DPȕ wcJY%ܑTe7y T3Dƒ]s}w'Tg~3MJVUTmfXӝ(_YnHeXFgk$G}`NjX('5~|/y$G6 /jUvz6yWy|#E*i Dbx'#NrE@\S1.WßW%_$=2Bxj9pH|Vht;U^Ђ|ׅ)ZP~62YhAj~`ܥlv",H ==- `S :g˫PhOJ6 ݋! F]S(>rBzyFFpDINz]T (0U쟊'ٹ;2aJC2g2_+VɔP)r; (!xEf9꒭qk3SD-v{ES2>0sfPu]shjM05sBbsFm/Zżo6K"8-]+󧝳p'9$#b7XnReFdX;A|\kXd}w̚z,ذ|]Rm3/P%ͦz ߮:ѸMWkr- R7g[W<~TRdW%Dֈ, #!~&G4} $PըJtXPy "5u1 6i\y ce_E8$U /عkpu<6~´qcbKm&"rP AuLDf8[Oeά{nu:U I֖`D54;\!2:Kfnqem8x g^XfS@w  H:+{}]N"jX 6T8rٞnx:B8eW%2,^uSũKn:M!/`e¸~}1Iv-ܞӞ#D2u qcKÁtz;xL8^bG{>tntCq bC1z] ^Na/(G¼MiӍyboQ_P.yFL.ȹC`lа2ӔuOw弛 'ҕԲn aiP1* y~pY7„"i9~jMJق66A&bkTl*{P4C&X$GX+/$4uZo?՝蓨9jQG7K=jhq1Bt@C_qUP[8mCQFAIהRAcObljac N=مi,NW@E; ENsLyft|(y ݊63@ o7b!82PR2`]BD$ 9GZ 0xfuHr?B($ r3dfGx 2ikϟ嵿;*%+=0rz{얚!Y/"w\~w9p.)<ՑawG+U0輁wpK :@3qg%'T, IB|gMs?Ӽ՘sAn4QC; lU410w ʀ@@D %L5#gt`iȺĘ) rfzH SeBV03d2&TCcfc' lDs~]cї4Gq0)1t%g;N/jK |iA]㨕OC zgqVc3}&`Y-MĈ];X2-$Q1}Va1?1F}u]pV؈{Wcynr1gyA1ʞ6Ƞs$]%bkP|mԄa>J;'֣yo6l$$%U<;Ǐ`CV$'Apw6@#6ñԘ!?v_5-cNyU9G%)%#D7]rF82%AԞhr[Me>IjPYY\zv/>C%T]saAIeR{ulit07lamGl_sAm}Z\IOy[ލx2ګ=4oϸy3,,XXp쌸 s =TFz؂nVtSZ~l!EBmX>Δ~O-E H;+/9>-ceFku5'8UzgԳ@4AHye,H5䃴tqA`F޲KS{e蟸(ѩA;fILf U"z=gc&Jpw'+iM^ &R-h,_L޿\.3kLz*T st-5Ɠ2NCU?g8YரKb'St޲JotY ּb`ԅݍz>pcm%M<;wvqS;? ' 0)gºݝbWc;2gS т"Hƪu2g H{g2@`ή?HFiz}Zg/-i;4<Cקq?,8CI*!$I$]Ks 9n]\9+rGs? \A"^41f~ B ePm ImBSSQpqHrY %Jæ]2~!|[l%`SPLs]K fpwj)13bGsL8^THOœW>yK1Al|chNJk6ϵ _Ш.޸G<(IR !K0͈'NTd|}L,ԡlJZʚđA8L̈&̠ՐnqYprb ʿBe(bdL^Vъftg%l _˄.,QF9{aEc?^220jHcJ?I݋ZrϬP!vyv_8DR9 BS_,̥nU߱0Z G7pk J~f5s&4cίhWף26gRۄ38]\t_H/8/$f >@Mv˂ʷQ+ZEXAoc; [|{)ѡGVW_zۢ~q1}[[udxt`3se:"6*9iDšvQGfE-A3'{{K'ԽV1K)l&ݖGnkG)@MxmnZh1I`S*GYn 6z?I|C)7 2)hԺ*bbsAm? FH)T+N2X_'M}rr 7h C]`{ JP͒T|gb&mPiR"Jb (MR;3(q!ME7xlغ J4xՈ6~7 #b4:!cňVAkėB504kWOL%pQ,b=AQQ7s55ph;ܥblyTr[4ރ6 m;Nsg>we⦯DȶWcVJ,ƸAńGk*hK\+3)lOi4.v@\4z;ȃܧ1|n?LM,!v'S[*o!] FܘZ=c\ֽ al#(HM%]k Il2N$0|{`JiW G?] jXT ABe#ϫ(gD&0sB !8QfV?$湲jiiܣ{TIPQZ] cyYIHu-4*:E+3iFҀT_ v ?o  4 xthG]xy 2 eU/ҎVi Ԝu.c^~(rECVäWG38 asVm\H H ⌜ R0'3\>i$4j~#ȁZPwD)-3ގ+4#fZB㾪&'Q[-' :8?£~U|û72L,~dRqVT+ߝ( l 6*F*c h):m'MOJl=M  DY4ugo"qR-[& ;fUpglY:mF{6ro.ޚ>kjhme5_އW~"ʎ) |/Nm3G ~ ]k]UfLpDΎ,|]sXL]QRGJValjTҴd(#d1ٺgQ9S+Qd?dz:o:WD=%TsU*ߴIi"fhavI+2IOh6UgRm@hfh8Y99,PYz9VqAz#@ұ8}oW54w]&eq^jM&(|rZujk`SwkfNB\ dרx'f8u!|=[hr ڈdLOn[ ]yQVBnjbm(9t֋NZ[C׎w͔H)CrL?gmVbuqb <]:sMZŒ$6rEXN""m@% &}Cf:{n ?s|:ӘAнt៑g{V>[ŗnAmrJY">8: Ȕa$ghK`A:!>udƉA!Vy=i?sh:Iju9pi#%O:F;Gxo 1rmsn5f%,r!AKH]ӡ85r azlQ5U[<:KJ\*Oy$ʔג#=?\t>Fv"VMz,Pɽb,n,3+ޜY){j23‘A_а֮O 짜𥌎'q{emdf@xFq98 L_℄F`"ԝEe/w7;X1N5H6hk_To`8r!1myj,Ȧ(k qKydOC7|h'#3⤖>='5&{" 8N5QHH1.2ȵVrZ8=ojSKfYgzsA\nKø\%̗*v ~e҃rU}y4cm& !f*աaLtOD+XqjeWnB{>й=]>x!dKrIA: lv3'Ҥ%?W:`٤%#/e3< `uJ>-1N(gK=E6(fܥ=Qmh-&?w^ĉshVI 0&\)>$Ny'JC-L<~ P%EMDh3U {.,U}_֔n/i8.زͳ^sGUPbFc1Vourϒ"@[vbfX-b->2JX;a%:]y\SQ~y(Jmya87wGhF,'sFxQ F|=QzRPlKU .4Xז&5 W'C HAK kI7Gj|bGA#yEGyZq]CCJơb;Q9/\J~g7<2>[ nC, !Z:pgN^şjx*Fx Xꂉn݄6 T :p6<殜joۓ h?l5RqP$dƂȀ ^_W4&YGEF3dEmIhf5i[Eb 0 ? u^}YE@6~ߦnw!pHtF[.Ճ(WXVJ-^J8 uSw sN?] YLVZŴJ[KҾR{_Hta$ ]!ҹdJ٥󃯆Pթ?~H)y\o9e"}6w+ic%x|E10aˁ9ޒ=AD x_܏IFZ;Ƥfs?XHA?a+f/} ~2Y޽yv\KH,;jQaHk2Qp{!hbBvG *LOR^tR=\5ښ~F 6w{q`Q*PY`q蓓BZm8AT;m1"h69.&q" oLH}Q hƤ65b);$%_Ąf~*sMG00_ 3KO~!;B`VZ~%3E jaRbfniJ:ixch!u(JZk")vDx'jJe]?տ #:O 4o&bEd`om؍)*H͖~^s]AD vC"ʁ?6];tcQ0x띐+11o,txR y~2hH#`5TVX}`_BMLh:eFA@Ap xs1U\6{K撖xMKVcz Şq>`D;_fKaaA=IK "b\NNؖ6N鰎thYW:=n=$!wRd"+3bP $P|gŇ`NQ6//M\W.vMB:r;CEld3a oK`7h1s:-@oDц G'CI10_GEJhVHCQyf΍hxx:"ϸ3i%ȉ)i!:%T.13wNzom<^:ߟKx.̘K;RmxЉV~ uLFnpbI\2!0pۢ=jEԙ0%nd؝, curJ=[ #qIāឥWҞGRkq ;J PKHVy)sJ, M>(r u {iRA$,uՁd[" 8+!\\)FP Wb//ģӊplk^pV2PkiBю#RNtg:YYtfzd=3abELy~#mF= R [9~S\ǓOGQ VyPپLJ/-@779g M~!+x.&䁳Ɲ`yR$^&n, WP \UMʁ' Ro"^&J8Va8"J沈hu&Ympw?;:2vUsnn%"= U2yv@ O@xWyq݄%̪*.]=MZ}ڧ -G.O< 0w}2vCR%UuK<0P:W*ޮtY>M5UfF|: ݂cJyqpD3}9)&zf֏dv)H|k˻nm b)PM[+a43HSwuB$,SL%rkO'0j\t3i`xc/g Z#z^1x LO/|6л"?ԨG.6SK̔ Jni ѯx8gYJWFiGjuEt[ȴ8v*d("Z̙(9*kZuFn-F%1aܦ8p-O 0tyPuqq T 4p,7-!?SF0yrxứ1>g$nĉZK #pgHe1."9zONzqi^y8I &Kxaڪy tNny6#NƢvLv9iOc mjP:D}aHphvb2j>;jji#lsOB0&ϭ2GlŌ`n%el6e,]$U_xfSy| Q/\RTD6&x9*t>zaDd#ؾ}ěς7}az!ۓ ކfǔh?ī'JsoXU t 6TXh_\y4 dZ؇-&La_nx: W{(ڈmC5oJu?#m,As I a9Ag8O+E}1piܖΟ/_}ɋv㜠^yo oP0#Fl%0-CH/$Y-囮 vPn ihWC陘eޖs,x$zaN>K\'~v|(Aq a>-FN\gܳYrAA,p(GiSYW[_ww^,W|3 $3 [Wm!*e+ 0Pg sXb6+ ]FQwC6:+W! '\|n_SceqXoYO5I+F,JW.@I6ճ @4?0FpdJ~¿ ps*"d ~{-""h1/RIql,vu HNyBC(MRPqjbn+Rt1}˰MF򜸂v(×~+dT8*9@fФh'ǴǝDgŹ\%3#|V.. /MP$ͭ fRwOfɄ/T\sAmfE0JZT-<{g<i}Vi; Vl@Yuҟ*JԿKw4 s,5 dykN~IXImӕ0rjsv*$Cf M\SzG n[4* IK2BhTbg#=/^m4~pM~;S.1 0qHmΝ|(, AKs3 dz?WkV}O B|\eWJBq c6gBK/&n>E~fV2OỴ_CՋ5Lj2IXΔ'@G6 ..9BGH75YV7S:GLZ`:u O RbsS#vM۫Mg:وq#74:xA!.\AUKٴDY]{Ђ -FabQƍ5}]l4*ʖ3GS{GѓP8*|WV6A8%#F̝ bu(ϏqT? 94Bv1??ݗJ$jԿ[LbA![djUaXE/-I_9O}zV ƌ`~=]Rف`=?̇ i;8M*uXdΘ^\Yk}"`NR+)3 n:Qf Qeٕ!RAeH;;|w.dqhB z5jrzUF!wt{;Q ,3fj%AUl`>H,F!:^!G[sXCr1p|^uWbD{PN!ŞL#Y;{K|tmlc|(\I,Vi|n._c惟28LsJ 4.+/,@Kpr]eJyR6OWG{WΎO7E"z%N,GX%7X1h]RIT!kumGt'0 IERS.WЅVX Nj 1a36|y؆mlDhkjX/B'&)?qrh.:%J)Boe3g9`Vnҷ_AmAk@~Z]jɄ>DC9D 3Ng,EB=[]\b95fg#F?5[!,$T>UXٿ5]$Ifi9L{=IuNl3JhD:K DY=Gnˏ=lzz\Zd g z3}L!yuY3"zs61#Ȋ3$_5'HA~q.6Ι>?( 2ike wpSŦ_L߆ȔZi[W%..p;PIr7#4HAeHT,^4m-cADM9lcnBd#[*ʼnUd SEGmTy(՘e8\7OgfA)#JS5Qs|]li%qZf-܂q1Js)1{kkӳJނ MOepikΊjl]ς@y+vBB/J G٢D}vrRξ7YԿ UY"pW CB'肗~tzRҶ?4k&S'.i7>%dܑt>|%Y4:Fg|{DفHO^X'^fb=.kyfܘ+sC~+=חx-5< ,'FHIܸ&CN\^i$:Zy&5cdZPP4M?WPHKKD #.Q6@gا2+aw땫o&6|2B9G*T%GYZ,f]$8w27Q,Zvif~wgsddf[+GiBB#W>X*LtH.@EIxH2~'ymkgNxnp99_ń)Э1(ۆvts ?Q5𡹇g"wC>4<`&?Ca$r@ &d~Ѡ$d6HrfS09M=P_EH73JАV1U5f\ϜƏxSD Dhnc::2JP>Ϻߓ '4Y3ӍqK85BwRYRaA^?)2]ж = "%ߎ~ $NNf", a TB Ae0fTqMeܳ8ƻI0&֗@ 9z% Oi)=%ڰT5 2PK$FBM#g(^Eg"G:ΣZ^J=qe@Z'{BlXEyoz=L ELkLb 0H haG@B4d1ne wll{/D@4 uL9&.=V'$(b+z49$Zm> d$9P3Rl*Z7 66 l[7 ˢ9j͉kA..oڀd} @џ-* /ok~S̫)/}tS3MTR)H¸y,X輒E4osիMBT©״d (Nl7T^{\b%1Mcc >QQf\cI'Ь}~;%\;NLrPLJC.XLݥ)1 K`Y/@O'>kV܁LRL a/ņYWYQE!0wNԍ:CSL@@B?gJ~} {<6 Z hy/Xr!T"xJM +k$ ?S5N-xJ=s4<`d>Qu oWlRAh՝pG~Lz=i,=OK'QDݡʃbU< *4iB,S_ͭX'K/V&@&[(_<+W(#}&P\J=*rE=eI}Ͳ%4ߝbPq`L}wYqdm1(Qlյn q%0ҊȣT/BZ@o"g5Vϰ{=\e>ٽA=#io^.r[iPqphtM;NODBnZ>ؔx?<]{0JLcVDž/_B8n-GbMZh (,{u4c"bJv ELǝ*u:_/t̎N(>M-6˜&fv1~&nw0vz|Gx܁@hGqe2%Y^ܬK#o}ӕC&2 YoFOPZC "!>6,;K &t֓:Y N'ЋJ-!)ŴX1@QB'j6IvVo-HCȥ,kj)mU<``0L}l(Z1éD7a+E")3kcAaCi"MȫMkě.ƎUDr1~Ɯ/JfmA /a"2A4޵ 6 I'0+{ݮ `@Cձ$Z#MuAդ޾_>&vsH[l`BO<$TyUc㓝-(?76K-ys 'qw v; =e{{z~,UvC 3Wo3E04xܦu} GMlyD|Vo.ҺN㏞SCH$ 8&&!"^O(hWŠ|f5;1N|ɁXBd闹= oؠO9SZhacXLkaʜ{?;"[?:_ y SH5=hG۽|vs F*y_*T9z~_tjJ?7Ll?H>Krڼ²]tqr)۝Tp{ֈ>Ghpt8P'!})}b>}Fs w1 TV5Bxag:U0u 4+*՛8:!oc=k"TJg3o6Z6ԍV׽f#S.x)y)"Rwrl|Rr7)aEvoI)7ԯ]hPueWni ܜ$BfY4}<۱_ 4p0u?Kį7_O9DuF=^8HUbsVOLێ&19F1 iUfH{}$3aLjOS~ eZg$z>|o q 1Cu=ngȡpgE+&Ղ(!uf21v5bq ) AJHc4=-6TI3{d% [ ̷@v'2f<ΥC dZu"Jz :8oT3LD]|*dMEZ=S8DArX)gkwm)!@E1~o-(m]ܶ)-,=FZf79:fht]”U+F)†Gδ1SW̮UqHQ2yug3dž 8 _u N/ |q EZgZshW &.f gCshiIogTDٔ/1c_4|z8L8ٕʼnAO>zc@0B~G4,P䦉a˾"M `f6(\FGɂz̓wC1f4k%{e~l-)bIMB:.:q{B6eXR׮.ot@paV]_8B\ퟩUpϭ',Hr'tݸz2D^>b(;yݺTN)=j4K2z F,.>ofQCܨ׉.KVe֗7}5ߴm_7EP ƽQQ3hE9֓Y٫+^zq T"_<Ukky@^և1:ʯvG@m^I犻NC%/CWoqN(_QYi|?*YF)V 8[Nߠ#h"it0pNs@~aPM)L]`[ J܂2~vKZɎXu}j:\tϸlm}(:oreV+3Ӿśπ~\HMJ*0fW12 &U)zTloBH'=۹ksZ4N vJ=AQDÃRV@H10d9֮ꅥ#Ԅs;t"jH߻ĕ%.VUHrݘ:bV_. wkZH s]ߑoaH)iwfg h^dDJ ;N0*KBW9O x|R±.X@AKy ŷv]>`j>i 谗O/;ƭ)uIE eOFx`yͩEGv^ӛ4u}gܗMYۇ#FPSU obuƻ|_,At}򨘬QB,'uWN%•U9f!_?JtcEH+={JctP]"(#r|ŗ1DUby|0Ӱ)@Q{nyI;r-(W Z{( 3/ʍ;*셹ޥV zR"5P1NxBxɋBW{0|kyMS uJ f O PP鍹Q >{綞)N*P"jAH]4-*=Eފ8zq L8F9;a^Ǻ$a5g ώg䈅Z?徇s2AAҺ8vJdO9~[4K{ktuO; uq@XPbOlϸw.d;"ٷ =OCMj촉l=? |U)2]]0@/U<L'DzhDn'WCa9LޖKf*:j_WSqW+:mP߱<2?YOnTrM9'%`hP.@I"dǺjt=A=8· 3Mi48Ƿ~ی_M lut2bU<`{$19mu$,Mfn}֚eܧ+S#SPO~%}239[o[6@.жxlDt*T%EFT-Aނ iθt]Pjϣf:?C%2g0}+"縟r^5?`-'glA_٦ +΂;oEkGXҌ=au$ȯ?% qMhc:SW d0RȊ;V~1-V Vݖu7x8td=/!p}v}'߷4I-͵=աOA 䔝vgȂUh]AiG^rZ)bHڏ5cG63B֗a\)fEoKY.ӼgbgjBf@xjf& l&"V9 /YȌ8Iai -I`nH}zBH4<@I({vQSoil]ۄ`&v301!DE-DyϺݧ i!fjLP}>jYg /,B4K\Lң2)^;-4w-sױk,*Gז!hO7v@ t) +W+=If+R:?B}6: 3QғtZi شyrKO'fG?ts+G fT|Rn8f9š~g1"_n#3%B_U/a+ !Vd6D(ť'b`ˎux5wuu?o^# qHݭ۞ҌxpO/rrsxHoܿCHXcK ŐܑQ r\A.8XZsw~ }pPK#oVk{qg G4K}kCĕns!;eDA4ݜ!ӄƪq+dV_BɣKez8]JjVH$):N{lM`R 0q5Op^N89iP3iWR s3خizZ9r4apzg5]w!uBatUN:D%ɵ$Jۦh|BZ*u$A~̐ĠPa tFOWvI(;z`ʚ1؊CLjNhM͕Ht]6<ԃCJ6,vY/$p{9Ugo y5h}+v16^@!Q }O"G9/\ˀ! S9!6-7sKz #,gJ0C݂54qUٍͭG}iГCU!s* ר?]8ꑠ,|+A=}\]BUπ鐗 Si $;jWxhl?Gv*r,`?@%uWgsh$3`&W?zk*Wٽd$m㬕ʪ?7o(rO/ش'Ӟ1m}W $ .P!NNnOa1燷~Lzex@B<~$mZYtMHΝX4i@;\P"i}y/Ar*Wq#=\A0dH8){yC#%I=ٝ;ɮZ[kٌcc$b?RYqJ'ݝP.pN9~8z $z+8Q3G纓6o1]߬O_D_x>I^ 4;T_o$HQ#qDgFkpe9~_>hl>V沆՞oWѩg]UJqC'8UD# :9 4qyj Z_'lL9T&aU!R f`PS[9>dQ.!~еf&gucj88Q.Uuu(W6'2v KOH,mGO vk c3*a=f{s:Ůr#"#-K<p^J )k8 [7jw58PuaF/ɁK IeA lRYuUy0w_[:#BbDž@]xA-˚ yo,l嶪NY JjI#/v\\yh -MeMdt fiƋ6^9,7o)6"3{tW-Vgχ7ޖ7uˀ nS2 s>Iw4+۪Xn=k8D`L ׇFuPN_kvVzZ7yJ0Zߝ[E&w}xjXJ c2o$K(̄澣:sFU` %RQ]T,kyds/r{D[F޿0/HN䍻 鰹q WE3AmgUNb݌8L jx`W؊RY`5گ66dMeg/˃Q_ j<5NECw.kʍ, TI?tnyYgdD{HWWoꛬCcg9Y:T蔏C;L5B5mrCD UsWAɫ-y#PԚ h,&E4z Bz֏uA"M@2O?؁mX 7Ú2[M DyqyES^pcŢgA.|oZC9ֽCEɍǫ3=hjS&O4!&*͛(,]J-]1- l7nHCww&r9Sx(v(_S>m Kg3p=='l9X6K{v4U-|ND, & %hbh-h3\&]mUnVx)7#AQc֩: X.=ˈ jKbY5嘚ڰ:M)\z"{q*YKE%7M3< v; Z\7QrFCrnQMG~/TmcquO5":G<+JeOW}Mpv %d1ƀmvS0" _49|F[psb' > \g􈪁5.^8~.^M"ŐMIb3YZם%XW TrXX >%-POJ{xֶLxg+xqN"z=I+j491$%l\\pdlÇ0Qk4Cb4̵tryxr}9=Gaۙ՘!h* 5ẕބNh%A*ĴO>ޚUW}'&wH"t\`LEϜRH;tDu{fW]VoepCehw}\BC;MożӖȵ ۿf~Ũ!@pa^nqAGV]{Vиa96:-7 r)UHF&; Ĭ0YnC~fc!pr;.׊"uz֒,W\Iō ND;Dt*jJ _E!-ѦZ"=;W;*>~.ePշ$70R`yBn#cLu.Kk"2VHԂXZl2j)U&mSz= R'X[WD{$sVa^7-lrg-!˻9>}$yE\?WË9DL_#ĀPyY[}2({:,r$\I] =15y~:^6Npy25y~]e.#_<{t>{iC߃J{Z 垔SWZfcQ"qܾyb2f(Q|;2%KrQ\Av\w޳%鰨<5?᪋aSH@$dzL-c$vHft)ƫe '#<б9`F{BL/׍z=[rhE8;^3 J'. gĉTBՏM5La;5I>(Q8JƆgHK[p$[WT"YlްZ(-v`41BqHJw Xc~" CZ|0`~~lben#ԩ1x8-9OVT߉;wS#ffyR-:aG+V n} G]qKO^', YV'υ [?K{K1r|VbPLxE0Qlh澑TYa ]{TAW3y1L9dfБ3;awhsuqI̒>C4?5cPp=CPڞG(ˇ^ZTqIm( dMSE;Q,FUun6~|NJ'I bWi SkP\:%̧0ka}nǹxأCyO =}K>Dԑ zKx'&i__F)( -E[绁3tuty5AS};.9@NUrˠ!x=k3Zv7an"E'  8Qֱ_<|BF#7[>IW_~ |^xk7 70̬;ō 'r(t 4'wȳ]ad-z p\_} 1&AWFϢOSq[jMT5&:(m{1=F|q&֋s+fG2?ߴ$9aL]@۴"ԍBY:,*5Ӥr`}iO2 =mfFf:A{Z& C9_!TDD5SF~Ю\eIK YjZ]a!&eIVa ,HkSV͠LHBDCo#Cq _PZR/.5Վ]pU8[M*q%SMc;5SԉrI)Ɖ5m#LƦ2̸&=spo=S/ϣ$ɮd ̷-|k_cYXxqǰ{=gP}Nr1ș }(y]pr]H"*H3~LߖMpa8*̲*`l7`M8'T})j(%AodَޅFlfL~&?f1P\"ֵ[Cecy'Bˤ;r3y!:D^_XQA)>H|_@r B.-L58$ktɽPȎ}v>]P&VjN;u,.0RQ!ٍggm᭥u8d́NdK, G"s'`2V[yn)Xaǎ[WO95L4 tj es 8 E&_wjEzE -Ƨ^b FIh%sVU~kT jL~6AG8}9o9#Ltͺ/ ΀y5:P2Ff^5쒞tEW4gEA֓뱇C/`:T #i.*-]E^ȷK9>üdzԵvm|w|{ R0>+y: +uSS(,>N!D GtCUW>E7+]!\?múɱ.{V[6|t]y|e!A>KҰO-uĜn&裭rہLE%քAɶ]pI%)ː1lUL+;(f+}f(ϣJlWNuiF'7m)RȐ49O&UsqLE+ϔDiކN"UU^Bw2lZq{/ºomKm>lx'G%D,sa[58BD/kz0eʉ 9)Olh+F֡ S.&~xt+gSyj$Y QYjBca8" |J/MZ2g*Y S+;JO qDmMZЅ >S2 m<' CM$>F7/! =<|vq Z ڽESBzޡSh#TdYڱ3gm"ƾ)19v/u/_7P-6'x WQf"1Okk=GE@ 1GuHs['h` #qh<;>9#8532&t!$ܠю $1ż'W$ZOR0I`+T4 Pgu|! Fc?^ NJMTCȉk٤향_nWj뵌 DR/&׎&!t[6 Jw'޳ӎΡ_yDh+tdgٍ?#cTѪ_~K WRqϷ= PG*Jy$ALOp!a032 m֜WgG)KRHW+tW[8;v ⣒;qj=-*4bքƚ,`q/֩V@b/QxnUMQk"~FD)4&~55IWf/g:aς$~'C[HZr4/`NіZ)V_C}욜0G?Y4~U-ד*b k5`w Mʜ"Mܻ=&-5̕|mJQV4@xd98 R 7S]{t *GE,J>[hڗ(T1";߅E4zp#ؗm_a?UoL|uO;0@µe d4~uV V?H3| D+:BU#+bqˋv[⩖UjK5u)HU|'ɀkEN~2:Rȓ&+NPJg15}T>n/K*\ .uEؖڌ*g" 6'q6 ^eB^39aky+;i%jVod;]rvot,p]Gñdϩ.D7l2\ԶrojJKl"P8R,0H]}Z%morcہxEۭQ@Fm#H^tX5ui i߻+|͋Lźd*_gM= 6'@2 FU;LlV t5x[~Xi5B/.mFĴQ]Ndk3o ieMZj%lR՝ad!Da򜛿EY/wTB|}w$Ri[\+]$OUǩrн5l-oSt̷ J&H,QW}< '3Ÿ<`TU"%I0щh2QsV;_WR1Y zy6 D:cFYKsF| bXLm g'Dҽ$p1Vk!,+׿oVA]n I\ qV@x9`ZKv(*fKE̲'i~.e5$pF{ xǃY5dr4xM%^);6mc2VժCz0ޝ39\h V 0@'eo 湰>;|KS}ŜjBz1#Y6\q@]+ I{M}˞w׋Q܁U,_N9G ٸXF_tC1;Z'R t.13Mxjh=!5T=oX0ΣQ]d :~G޳8KkAuߝ9 mi.}(~?K)і5|nOyt4ԼέAtFP+խg]Dz6+hRw,Ĉxdt I piN_4\\'ZA'&W3Gao, 4² hi$o\Ka-iK1jUHQZa`r +Jx?B^,5vkثYhN@Jq|F[:yq*_tnZБom,.xr^~Tq4NK`tI*!rs$P^jidfߕm5S݁~hAyY]u#+GN$.zr84HX6+lN>}8MM1:FɽQmYr -{xXcERBmxѫ/w +B$k-m0q,SS^  F=ɮ3Z7sRcz`!,lmip,;6Agsizc70$J#i'DVdRPQcXcNp6c,Wn #먀` QE^fT-laHrދ?Wd$svzsί z U--mhr=8nҔ_hW)qt4/@;\a!1f)nqg!U6^ !}}F~y`2u6x$=z"qvhe1,ni_B|A`/zesӊm1>RN['<}h Ob&|Jݴ'~/z7^Aqn֤:(\wx县tգtZkgZ4\pU菰0ތ\@=d? '0$ջOR.T¡.l)Ò D1(MFg~:IlZEf_k~Yo#{E"dnKYs _fc{GTƟLgu!hk#"J5٦Oio> weVp,;!AAH(2nSg%&N_٬ߞ9nЩaFDLCE/ʲ_y/_ X;(`WVӣS.-TCjn!$V$ B4@xچVmc<([2'4^}:Xrnx!LL O0E|,y|%g zNQr0:ۭ,bܫT|zKCWb \F;QvtGt(Vq+_#gѥڶin.-zz}ɩ @>ePa&v״q?> eiÝ-y-ωl8ƕZZ"˨Po(Z8&iʽb59'u$pFښNa U3?Z~1Jon5pvMSn׼U ^$O<sAzKk]CuT]^zCA[%Osn(:p(EVx24-~2` i[jWH/X;Tw %kGy2]A9"'}N|A|Nu CtTSJc NkvWiGp/ seh,g~9uQd ^G9Dk [v qjTz/hj4][f˨dt1h@{̵ JomGӀj".p"tY‰f*-DX]e҄_-7a`A.FeF,bïiݳqʍٵmnuGALw>+z rF#b@mȒ%긏rF %HNQ׍=gvh J8AU!,700ZN5x.CP 9uښ2AK\K\L܏nrՑ8n\Sg8+ZT 9f5;-buCt-nUh |"Zo,t' 6NSr(@e8ןuA: `S`gvhGVH>n{SAy:yY:kHz4._?D&QrKꮪMVW_I&:%n-!ߛ{l7&ߝ\Nmkpe}Y:z-*FhAY`&1ujMȰo$L|M1;> I3w,EUFʱ+W<'Z: nఅj{h:PtyTADZ*Wi_hbzlI3h0 0؝?#)(;@\0H sv/[V1ceWAF-kbp-m=įl#ȱ{:7}!n4i I8\Dt3"PZP9%$MZjx&XOYޭqrc+|/<]L[M,690lƑu0F򦢎Btwݺz6ȿ94lШELq!7ƉԉbF:{z qQG2pq%G/DF"k!Oc.ԐҀuPzNb3>:=M;+.*G(ZO{jg/DX!4iiXfSs -aȆQG LS,Km5sɒ ?Kg;4.{쬈Da{y\FBmsr}!m3NO<3yg'/{u?Ļ S|/\H,5H!P<@"Yt/9A{[Qݵ?Y'` gOTl|U|#"!Λjq#w$ieAJڔJ٥|Y3QWƀTYGN)d2"XX&;&@)dLel*b9 OvIgŠ]҅'{bntfKw6bۻ*;cӍ1O+[ϞiR⾖iy1yRsAEB7jd%R%0YuWqK00} ={Pf ߉8\är]$R ~^&^@NkY ЂnիtB6&dC}/[PT׫ D7`,u7/>ϜE;Mi,{5y2RXyr(PKEW%s vc'yh< ky6Y?=dQQR<6؏iW{Gsꜗ|ԇӛ[ ^uSi-w2ѤR)`adz6}q_v|yhzA0&hppJniASh&V8OF ǍV6 Z| Ҥupx{I-=1PiH19?1΃kTTjBtc&ؠk5-Lr R%.YJo@1Ng9:)&>K]|^gq➅7JjKT~\>}Ľd9[`i y_lm+Zr=I\a C$ոH4'P|M 'LJNT#XUn?g'B[ºTRK\r#R\ Tn`\2:$\[9hy'!рΪOF8Դt16le􎿍&Y 5!l4Иu][1z A5lK7zŝJ.GcFDۨ1g&Acp+ʠ -4Եۖƅ;cEh]$> tbWBOES7H@c J iE!;'xJz}%pH^qskfhPμ%`@SnVRs4xլ .{FESށH8D j&DN#S6rjɦ| LV0+Zj|YUJHR-0oj55xz cj} BqL2h=7gEXG D/sDR(LpGxfM'JXD}QUE AC _\FkA6¦uTVG7x,Z.:rAu_S4#1@5i˽bA嗙xH>O6aOdn1&%e,J_(k3;\?35@>` Ծ^ChAv7(՜v-Et#," EW35w.UFkhgl7~1KW9U՟,^l͘\&^{ĹW9c φـmŐJ5)V2#\uly8ae텚0Tdd̄oϐ|_u0_Ρt<\enP$m'h3Ń8|hp*TXCbؘ< ,Vgh gV\aL^1s(;꒩Kq=TkA5o{fǃo 4%,.[uHF&yGz$©F@ 4*:h~pfLøO!LR(lΛ~2U)p lTk 8 &%I.EDf-` 3EɌF}c°TB|4@@VE-jZ+(ڿ‹q q3 9+0$HYpwȯ9G~wuhB:Z t߿8a㨷ulp/2XGW/3aM=am:îܷenV oj4q]pS7piH>e "o m%JUMok.'ܲ]AL4G ˦::*[RճpK4gm%-ooh:KDJӪb1xblf_F->ͼ. W>L]dpT~CZXZt"46D*5h S]B E2e7JKϺapjUâ*w^ GQѷvk'LH@̤~S[ܕ5&C0 po,sxVlY}9X$ Z{xK}Pc&~hC{Y'SU&B#$P$"p2 ե5ܛKgh kG&$ˆ+Ծ Lx%Xg0>JZUe%הA$xE; tzӪ 18">LJz~=KX|,v; $2AtzÓ*S9̀ԬtmH֪dK&+MsוiqJӍ*WvGMg,6in&UԄ|ex.y֨&mvϰ1Ǭ:]%Ho-oQ=fb8. I^^?w>lp8Ԍ9+#gQNNlOg|NyZ&} pLλ$5HLQ,Y zfU3g%RL p,O.'2ZۋyIYʥ;SW-Ƨ TS-8>@ SjML5-~`+bAQ(;1J+E`I5-݃uyuGp,Sƿvh*6F- }G\՗Tngo5'K{|W) on~SK۰.PSWx+:|tꈠ?HGҙ+PS3=~i&gŰIf7n:ss~띕>N%,H<%+C&}^8=L-js3drt!J!M(Eyɭ yI0 ,4b1X' ?D<{Q"GurӠZ4Tܴ ߥo3Ea1?l(sE(LR)fSeW6^GczUs;H<_ rt3O;?_:BwUwpFB%MVs@@ #ף,P=ϋ@Lu6A*-w#&l H{gTU˲' NJl?x0h:Ǘ̶qRI+7bߩBwK{PpQ^!YQk}y<R[q0yCb̫6)_;~~A8ӖLK^r; &tpN 4Y)DH0G3B$? PM~,i 8FnK# L:Α8OvP?D*"Yl< ̂=TVP7BB0H t406n)lg/q`+ܜ5BA\3~u(AOʎY#S,.WmdU!;$H<&&_v{V=/tJL9zTsŜ6G jl2E^ _y3kmoVCB+֣U+lBր0rWP+Iѣ;fEav9w  P\J`T2:&+_ye+z4%YՁv bY$y,T z @nz{um-Kt|yfqaO3WKJ3jn ,nmsCQ`HcgS2<+ v4k F5 jޮX jϬ* ^A`}ȀՋOcQԌ +-|e}L^HXNd"_"Lk) -V71+޻4ys7%nʒ{8¾l(Z+6^F\<id0* w 6ZMAQθzT,h  uN=W볒, 26|ƔT6=#CH6:\>ZYlkZmk=3z)|K9xn [Ƨs/Wpi,bALĬ=VP;%3В OaXxfny,}ͼƗ OkF$;,dmcsNGlI9ᑂ2.%.ϐ,;B=%~G"DNY S9q_6n wqzmh`xs2Z;o,).lvFUwv\s=ͅxpyVtEFi;ԗ1zBay~(|wu˧{\|hV㓛DdCD9v*+-B"y'Wn2wI5֜#wǜL7%ө@wcoK!fލ]uim#] qzT!@5x@`: FC`Y\[`]AJ]2+Ǽ*b㩦IpϠouz9U ʉX?UʩƍF (v ķp:5|mNx~(H7NB"H։Uq2k)'w2(B"?~QPtXz/`j[o Xn\dZ4 _fqgIđ1mk>Z<։aA[l15B ƵHq-~ (63}sk]6^m30tvFexbݙT݉=ˑ H}N lϨaZJdqpUϓ@I9*4SeȽ)O \)Fd2c_MejE„2˪OLPm蝁M;GĺݷA2_FtiQ*9j܁|~(mYǁa,p]p_ݔ9kO뢍y#*lbÂbZ1I!m.>S"uc#>GԲ혥, dH8uc}}@!X]= ݔ ΂cJ=J9%'\sA2P;R %+e\x^IhD.ܕ %wlAlok]4;QaJp鋺y+*WZ'*dʟ9Lj8R!-ˎTP5ϔs53HDA'8{(_iRL y@{_Y&~T'ɢ EpnR{.H,_,`#MPhNZ}")fD]iр(proSLR'Þ Dk0a`oM- _腶TD}zٳh@?Wzw`TBaPKK s` GW8A%zt&G6Y :|0N [p}LևXp*WsԥL;cN/=6^e?w'3bY<{r3Y s&Ⓗ>ٚ@ji{O]ZNDuɛUEs֨MڨLmMC Lĭwħ rFAK= XHQ.Mɗ hN廛{SP&k&+|VaGƸi/bD%f-Xg #_^2 C$ڼ?{0M,G~1kR#L}^vJ|$/\5İ*Rb.нu9< n,x ą_<`Q@>DB)sed9C'F`yFO?6@P:?JcUyO8Puh;3t%Dә{W3A.dЛg9qa -"s\n:kkUaR֔sұ T˖bfRw[*Ζi- v{c1񬷰-Šw{ͻ-I[<s7ri֠A/U,3 J{s/d aN ڏv(y^"8[;0pX:K$1I$UvGAov׫JW}M%s֩ Oz%ڌY@Khtr-4/^a( >*6ѶӗewpaD2-瀑kqҴ\>7;9:CH9q(‚0~nAxP0S#S_Mq"zdgg/cN1GO zyL&Uy"e 5^T%t[vweF~k tdW"Ȋ,"mgN{g|ˣ. R6KfA3톏q.zY=3F i݌=}IYgc tƾ?bs3+Ǽ@1ݞ^[MV5jM57\Ft}AN}`#8!B%j:S) 5"B56kaf5%F`-H~PUFHsn,b{4&^ QS -\܃ fmc/ a0.StYB!C}oZ0t[bPpH=&S6nI7.H)c2Cs-EgR(zD__kԤuHuzwW9r+*by`ܪbԢkJ$ ]n6sXX1 5L0`.k7ҢdS A {HH@2tsPm*lS ]] MN(.-}:I1GJТdx1! H Ɛ=(@O8^ Bݐ?5 tSn|e a2 >^:)rW^߱7A.PqX@^ gm3ZCe) +'߅t[ WaO152 l`55~@Xw֙)9;pwj̛ Ϗ *m;x(lh_Xa q0fk?9Is]/e*@w*DMgWDzh\}lC%Bh]0Mx ĐLF2frZ<'D5xp`|HkIkF:^H{sUwpj}V>s tj7Bj+/XJj?yY"ѐwƕY=i /hQ}ƹ4𓳢::Uy t!Q+¿7'R`VXKtzuXe@뷼SN>$? ۀgȐx{p|N33)=Hjw{_t(S24?D zYgq. pbG//!iP2Æw_BNT(#.JlX*F"A0~HE7.}Tm`Ĝ7$IKT_tW⥎?8֜ztZ$lI`NOzm'ބzN38fvgVH-DnEX;!gSH4aR:bXԻadm|#{0/ˌT/U0~HF` E,PY5K. Z,4] ˜:2$1qMR,١`eY!V:/Twzܓ-h=vJOq81x-TLoBR'S<`4ӨڒmϜ*<+\Id"[Fvb:ష=_xޥDl-Cd@LT4| pӈ/'Mv0BcK1沱V%P\ZݢTp-#ZO@iy?ɵbr(|eb _sq֨d$!u w蘆r434ߊtWԈX1U:TRq)iLtl*ȖBCyk{~d^MXj*pg9_^N/ntaS΢Ħp:ڠnFPF|F\79ׄJM4 Y/2I1- Otk( }ANmMiWp{vuDeʲm(j qXbC$̲d@pUj5d^dkЈT uvHj8t #  0<̀%܀Z^3wlDo (`@V^^*,}@a1;Fl!Ud|䛐2>l=Ѹ̪usN&{>xZ7z^y*@Tzd~ l4{Ŝ!X.vR7rdA܏|֠8 _WYn6,jk)%&qd5Htz,*=^ٵˤ]&//ԍN'7 XOrbCcxE2Ks ڢʑ$ $+}<"97bCvq9]Am ݸX!v#Ғ47O0g^c#k6I{.mdK3KgM~I&#[ˡǟC(!uqLHg7%h9 Snv=][mɅ ZSwOlD[&tp \6cH,X8%>3'5"?YW@UnO!bэQnBC+\Qӏԥ LMNP+*k[;wtbD䍻|8kjlϪZ1*>otJ ST3`P#'Xc-}ј ,][DBcG}y!jt/KD8x^B!"My?fGc. ^*@%W#B!&*埏&.GtPS'~_I`M; :lSxG(fr i+j6+za l#?rz2ԃ=#cw'PI> i (P|yN(}?yqbo}PD.^AJ}07k(j;8d >;!%:C}$GY(14u ~dYU_ruI+"Ouk$bq_+"5{Qs-n?#:'K]>R&pS9˷r9@a%x& b/ LM8-x^ `JN;}"Ee$Kwi?5_) G~Ũq^'7_+0˯AVs"1Xms |ERI.g]l eo ע rωXRf_~L(ͨǁ/Z2"ЈaEz@M"&JQnKAλRɓe9)1&DB79Q}Od8`4k/ODX<-(%縛E1/LtSxD;i'YK?82+! 1\b-0*tmZ“kzNA^Z3zF:~>d͈'ih: }FqX-KUh'Ȱ1)g4ӽ#Ov\L NIAu\n=8V55'ym* %“QZl ! $O 9=#1_-ꕟV{OwN5I Yqp&vrSOJ(~Șh[c: .<#'Έ41+Hh`ew֞qy#&򰋧Z0cE#. /E>X;3p~'mhj!0ͲfZ TbmX~%gRT(ds;PttjOy{SQ+sfiV=y"Kչ= zsDb V70( gL<ߝK>F؇Qhe [$cB:0ޑ V?]=G] =2`O!Pբu>B_)y.pϘ=_僰zX$GۏU]oil3(?p pl$v7pdx'mkIDfhRL*gg^)뫧Oj3MeힹNŁ ['8'/@ VbavKlZ Nw@ Ve1AjM l ihZc*am c,5NsG<iIbߒX'uX' su[:oto\??b(d2T׼j=;^+uO`\-', }<6|%,iy#0~4Th}XBp/gU7(m^bSVq 2\fwP܄㛨RNmf|DH%3DnaM ֓ՄDh<]TD<۶JL-wb7@q$ ͣ[? :!@%ŲqšZ4!)y&z52#aHB*§o>׾ǀu~d> *љbE*1K_w􆪦R<ժ=S `aEIEzւP;d#>g&bA YkbK~kd}9ԝ<7n=W4 pMEh<$GzqVJgĩ5\jbCW)nMkITw[[+Usc4;~V-cmՖ{X3wu(rʶHmMcY.`BeٮX3M#_/d8}2,;6|Ge$gLJh.j#V!<^Pׂ2|1S˃-ymy~$1ć_5alo /uMPDnKX+m)K ^<1~=͗F:BNdm2Օ®Ԋh Gjk kB1lE0[8S)4)x1&O821TL `2dPQ~M^=fXE($Ziĝ:h$P@\.x Zr㑹o3asdrw(m %%œ4ˡRIҏ#.Vњ|%yv"4aZ =Ug?_ Ϊ&d[{ G%̑'9`fD &UY7•+{)?A,JǬ2s뮆d(+Z>q/)_V[f8ųK;z, 05Ǖlh[6 A8UsDƌJf2w=*4I0&R. ݇Q 첍üJ5'h28̬[/U+pnW9L̡]pMjF_}0+@.1drA!÷Cwqޢ$0Ba?u|Ìmat`dRoBs:g'L,!mEЃw 2Sr\HjM:8]xڳuh~F(sT+1d[m l- x5m"L(JxGDzcD6etY" W2.-<8ۚd?WΉ?]DB9$.`֑7}qž|9t0X=E< UHlI.ukJ˞dGt"&M-|F_ _41 &>h$t\<Eqܹ" nMsDM K5/v4TO2(}܂;@xs̲4}[7vv!bhmxŻ]8;kG |tB0Q1^;oa-tǑQgtt7Jop"x }?GQ實u$IӞGˍf ~,<܉By@D(kT`֘8+'V/ ҲM"9ytEAQ󵂨C9cnvCu3ڴu2_|nC!3zmDxPt#BΒv2>unr7Gָ+|Y8$G~f>%T(d`4N&pWt%$3))~8^9ŽQ ?;g>'%beZs+niB 2WLq Xbs* rރ&%l#IosfJ>-LL(pu%%xh-H2@fF>~XM }F!ICV΄w:Q>p=`Exn4ZT{5|CcZP"vN> m \D4?3jHԅYKHY/x}q{@qSm#jvaK զH> *ߌMN5bh0$lELttXHP~h91JPkr\HMBrjnI*EX!xlȧ !e;'*/svvj+msGs)82Ey -2 &VJ)\'ĺ``<{&8SYY;Uՙj|g*g [r1,9 8bCn3:QBN;im}# SY!YV^j· 饏AC'3MG-#k"h3 e ħ:6eE^`L|Z-~ڍ- 8%#*'Ƕťg}4m9z`W aMUb0ݜA?my2@P4LWR57fr5!r e"RwJ!ܽh+ډAmOPT C[jfx^6[~Z{˧ڽomסHE9<NH6q͠^R*puf?d Q>ưy)ݽd6bc%83Up7-8ʰE@kR#ݖ3맄}VV+f^ܮ`WFaOV=[Y,"?)KjqOE#z90sjhJ%Gq}(I-]ӸeX'3 [8 +{P賘p|Mty[ኑDrڏ9iҦy/4k"~x\֫9 1P-^n+Ʋ҇C _&0K}Yj qZnv.ԻV/s\o_) a+xgu<x7ИVV6@5u0!ɽ%y%өh /ΰry@J}׼(+aFsSR>C;׾*N WPr T.b]@*1q`[uA= <+j;+-ݔ};W66}LɽKf#TD#nEڮ Km:cTIrNcs63&* 7>.TC 2:s_ o2<ΌJ.K`4+QM%dۘ =`ִ떑5 @Dh &8XAqaA $lq^xᗔ+#ڕ/7.={šʑxx/%8"{ (z|)>[WCmoBm*-ep|;&F+sp"ۍmǬʿjW~ d X0D/))*{>Wŀ4e4eGRY-)סU-@f"ROݡj=wW{_>a@"2oZEGro~['89!*vA( (J$r+)h/:;aߊ'n-=` nt@g왉/r !3)oE4y2BINs'9ē.ɄN/[#RV`Hck()7ožạ̑Wyz$5K믾FJpi}\~+ײM%TgOʨ7Eoͭ%^:h8W:$>>ZU40*lNp7.9BVVdEgG0_2i CBq_-k6"-S&e;&^"v(zZRXecO$,KpӋbmYŗk#.s9E G./VV?.0S(Ϲ8NVw0eHnmZ؅[".D_˹^?A"e i')XdeI &8X{oI%b)rݔ]v 斢 lXCybuIM&2!M*)wxlqW2‡YAB#2O<Mp2㢖r PG6Y@BrMUڠM E/*}(r F yTb8+ ,鱞n  /^ taQڭ3[$jK;0 W7sSB5zoFnJm9NG2Qb aʞ*B>]!e~&&vyh#ܲɜ(C$6k XJQeJ?{aBHw$V ڑh w_֧uAʡ D1Yfu>\$axRCju8kŸ9~r~Q4،%ĩ\LvբJVe[oydrhm;Hj6u/RH K.he߸oJE_J*VNo@N4"?ۖ=Dz-EB祻M^Q( ~R @#,k;|Y 4 ;X֝&=:QAt/8Mbi#GEctx)^ 0E^)v/kEiC0,_RNIzWHd=%H,~sf1fۦdO Uχl Wp/~jhA)hm{&u~\ pvHY($}{,VY v) HlC*$L ]@Ce>϶b4!GT7 ZGArup> Q37,,ƯjzFa౷^3I_S .6!6@w0E%"ADRո zC!`|r |OEJڔ=ieUx]j#LFw柴:*F(ިj?C b$X(lf1D2X;o/[◲q$M:V(*1#+RÝdkU)^b2`.Rv@$pȠ) T.5KJ]>4ೋ{,QP`exL/w9\4M!kVVҎz;QC!iҲ1hE& $NUX$^9&:f\1?.8g9nu#͸ԲÍV?K S-op9xJ,u3ҏN!̜]q4`VJ`|߈^%],P=% }%m(JOS.n1 8S+)H w{5a5hdo(<Col@7x~Lߌ}mnP4Owc5u#z_AmF7Ճψ"IYۢl%6ZRTOGg]vG5d+p1f8;#3𢡊 a`?^ %ՒӰѺf#.95ܳ~^ZEBf:9OK0 .?>Bo_cIu]'d9Z2Qi䕥p<me@?B\Qxnj!7~dcLNЕOzلWǪ@z@RlPE}zRN]j\`T>A.د~.H3 Χ=G>H*[^,%Q=H<˙1& &1M5 CyRG]㵔3e  Lӝ]v053JYOG!kLvu-0Φwe۰P׀wBDC|N$zYֺZ*jQנd?2o1YX~ނktě_^͞/dלw/Ga%8N||'ZyoG0TXRCR29mqY0vL<Ku[|9w*oSNv\~h&¹mD7 m[z޲ +7Q^y;ΗYƎ:=/U\j{"s#WDϾHBlY8`B\ρ^WWMԸX~nDL^}oN׿#[kB.V2pX܇A_e?3is$q^ݱ8%6߮c<-`] 2%MTd:Y.$gj.LjrhJ?K SVnL$ۃ&_w ZoW֖yuhNkcv*2mIޖ޳(LjcʡOmQxt؄ϻJ.V&F3 tE P,RXDU~\@f.RvO3zuL}md0VMg]&P4FH]@,BPo J5411^S4C$fdM6!tWmVQ5_oXANmdfv!,<ؕR|Xǰ) ;V'=4FzzFM(, ~HI1}jl*d%ᛖ>H1yYWGV{Q ʐAO1(߲&+M=;mdĪ "1NjZ/l3FMqoö??Ng3D[ԿE]D0L/TQc R,>vbF帛̎rL/fGkI,qotn4(s:P?$k]?JCL;7R`hHb[U@+CI:K¾꧌<!/Mӽ=K7_us[q"`DGS;eQp囲 ±11BK 2! Ay7Wy! 27jY)cq2] M.,;D@y`~y ʡOCڗڪ=r<ï$1=;X!$J v @qx_:CƱ !V=,b.r_RIaِ-U]<JDJVϵ󘅌3'ÀlG?1|!`SzǗp:Li+}A??y 5T4sNT P[>3R\ /6>xg ŞQ[fo&n$rѾPuoGw+:3=Y_' `rExj}l SYbp9;.;׽ўDs'P6Npw*` M.!GAM!!G;" yoc5}uP_D~vu" X53+,wz`!poS{˗Ӕ #\]֍xd԰WA1"*\اͫ`#b63V0"/5XC4£EB|[^;`c/e+gTEC_&>~bc*/sF[R [00uA[T$d P 54AWTa׉?Or*-وp Uג7X`Gz0Į2U$R+bG. #T&# rǑU'*2궡=b3 EN)C5 [tQX^Brhdju}M]8\ZH3?LКhX4]um㞞Ģ2)^'aȤf6 sgx h0$Ǵ?QQxtv;yx|OyH4h_NάUٯ%&' 0|A6XِF2rYIQE0j^Oi߫k -r*pH\)xfS?c-%2XhO HxDL $ *npL F\ HhDK-r`D]p'ݦdmז=޷d|t2 zYbFqGXӀG]M!]om !3}ls;}Ƥ܇֛ݮy?qb*C1{d]S2[MZQkRoCD,mx\4l4W/,/,66[t}ZdˡMr?'|kRQiRͯ?A5/4- ]D{_0Lê0Zwn]$EzYo~@6@\"Ŵ]Me'~}4D-↼Ql5oA nc K6eTTAKL/J6ZX@+sc ?~A\ L n: W4&xjDmDNΆ{x;?t)QmΜ5/,YP6|AV֥ - 0h>4 lp$0P'ʌJ4[.Aϵ\D\v}ȢN9Ӯ$[ Ѕ#HfHxs/ Ko `NO?ـQOV77?v;ug2c6T;Y5=*}Heh4*8=Im]u(;)JSƤeF2`ډоIT^'vlM |>7g(rxj(U8z˵.MنF^ y{F6l (gqL^6ر(#mx䑏^f,UQ6S9'\,²jc&%̽&_`%؏s?_Xe:Ө $6SOrfx6<[w% #zG\0SƥQ&C ;w|贈'jltpTvEqd&%t;LaC_m{WJx`dQ[6N|E&d'V_3 ,&'"ʾ*heFUlmR{<_22{9x4"E1W%me8 8ydRtx'pTzMvK&A[&vt3rqp:\;B[7wz} G'b*u^0"V Fν+-m&cBKa1BB#3^׮:9r.\ IPW op / V1cpmUp#tݕ!gxh ;lhGTN3aDژ($prY.GX!z9fCY]WO>=p>X@꪿p$ҕjWE͛\N0 vƞZ9j>_G⤦X\^O9`(!gc5; lE6BF{ȺEI]!!F{Z9䦊|(|6ξh} 'A+DŽMA4C~=Zx6M6|,3{y[^עoSV7cv! =,O_ " US$V/7TQ-`k /V5.9) ~?J WkzCsjS e 8{E5wiR?DfaϘœ3F N_ID/AwdnD 36':wnnk i>9 U0kkztDPsMh`N x{op]dᘠ =kmnn0A$.@1HhQdr8M3hljH@K_YBHw|z(KcX#TԐj\t4ic;ng]+73f.4c N{xD,j4b#q6l\JϝqٜoT9 GGa8c?} E.ޑ~)™@LZ^gDPhקl6v~X&3K(w+z_ !^c!wp5#Hrߜ5 \n,u Osm.#-bܕڠd㭅ҦVlr^?̢;}&~AB)yIkuiF$9#.#;tyS#Z)Wwg+OXw i4H{Ov4OڤҎSLCj:ǦNuG>,bS Lf葒0JÝn#p HUw zpE+uhyj'+pE*^~׋϶Ai q*ji'Ŝ/8AWM+Vj:խ,[], QԫLOF!tSMG+KQ2ْ8\Nx37Â"&G@ !Y氋 n$5|zu`驆c<̤`\eryB I(Uw_$=MJY^Y g(Z"XB rСv:P4Mcmsy& P!jiWӯ37ֵf,uc.#%QRra̽Ғ5'Q()XVPǔIe0Ⱥw94;qp TdjT>Pg1^Gc7\0Z H_(Wzy?(Ż8 ٯmc9n$B V-YKIS8QG?`K}ݾ&%#Ew䮁=[1s dwl|qqtQJr_T^5Gɫ~8nZ9+zNƚ΂pE6%kK֣[f}" R5MB[f)Bb _E-{ S J5¢l|%Je1 񀷃|e#R.G;]vx4W"A u?1v N9Q]|?U}E\7&z[2P>J$^%ByƯ Σ0srXa[3 EA"\Sm•v>XMig ޻jD!JZE4Db|꽯d;\pS5ʟR2l)._E Yţv83rSr[g>b<mķvЎEf[Q^J~ ƽ{}dpݸt!4VQ'sϽϱT! m/nuўW)ԕ/)SV_uɽ,q95s,FlR5S ](Z-!Q`lT?| /^]8nsgJ#۽[+̳42V_A7OŽXt a A:c-m:+Pb(!( ؞Op<1 ZN;/[9˫q &'!a-}qE)D*Rp%jVፑ4tg1eE / DZ[HSO>OPu 6Cz94UO-H)ȴF#Yh~I`,]8Tmx6&GɟlUfovH4+v#}%!$uX;QRm/y #߷|bIry;PiWDw v(b$t>;puȲ|_o@?Ęvޞd#"7^~څ׎DVt]\Jծ2Q )t5e4{sF ֆ Xve9¦Ts$)UW]KHv,SȊ8Y;2J /je6P~kcg](R])x h9"fMI(΀vH&du:U{f.z[⠤EQK&-|<0y tF̟z ՝́1>V~C= c2<hCN]RSn,3r%.1eGoְ͕}&2V>>O(i&ĝT&h巹'ں`&W);ڶC<%A;@dW},\9=*u)8QЍ@ ?278qq/?BK Nņ,2qKa|)odz@ Ok@, \\?QዺلHH36Qgs=Ea -SjWm*{u%-,2sӤ_o-iF:'`GJ;V4- 1ƔQyXHe`w@qܹko˺_"HzX:dgIgfq,XozO#Y_|do_EG7%|@ZzWeb;xI䯦/͆UtݶLu7t{vx9{Wӛ`eREv9!0w83&FdM IwgyTk"ݏ a%GYQg4/1}ny"ؠ%{>Ynk[ÕGJ' YΚh+~1>83HpCװ@ׄFqJ쫃SE9F"!de+7 _3b* ֆLRqf:n8mW th`m b^ik~ .zXJuepP5Kz" EzA BA-rs-xK6t=Lz S/J|s~AG#~tK^sSg})T(N`N9+ۑ8;0B7\r] bfѮRR}f 9/CCN&Sm2`Cu Z7߽Oڀ+<3suVƑz*sf4vз#5$}kݻ=IF6*ht]v@V-N5-6%Zh_oʐl%ح(4xO8CB*BC@*?DxZ*tHXu])mq[||O>TĿk) (:$CQMRU2=Jh УQz).hK (=mRy?/F_hDCiW8]׊D+r`an"W\9]6&}ppjG *t6>v%_&LV28䩺 :y? ҵ2,C)yI #53RvxG_}<wv@8>=آKⅉ> ?=Á \D`1 ]줕z gOwYluHfPn^ڂ`7ksIbenX06ƹ+nD,^/\UN4}nA(O)ǐ hm,ÄUq :Մ䣰-P"JsÊˮ&r,h osnޛK_]kmw^^9T֣7iT嬥,`l#Bdُ.'rSo!*%^?0vɛ$eIT]7&}sZ:c-ޖU(6G3G9y[='ZNZʡDP4p%К5l2ݤ9FK3 }~A\şMP5Ytb%{P!4U$ =|]7F+ދd&u㻴{gD)˒ >gyJk,?i2 7evO݌4f{' K<mQ>4CutK }F?1bBuzFRfdMO_HU KPkXa eIwPH2@_7 ̕CŅn꒍(MC/?{Æmђ 4CRV8fpxbş$?I`c`SK3jLK!=$D9? aV4V!DȆ)}q<`x#t\)T9MǙ63ExG &&>2%%&334)FFNY?A].\]<+#H2sA]"|.M1>\ MXkq Z[>F܉,.ArZE[ ̺ԍR*mNS"Kт &y/Ez -6wkPWaZZ[DoS =Le&3̔% e w߸ֳnqLe3B;6(W|<c^N-ysI>a0ʥc)fϳ&)(L3fthߵPE/[Qui!+kg j=]UT݂Lwib]/єYixmtʀUD{#$p{tgm:wz%*K2;nMh~%(;q-̞CB&P#E)7Ud3LZUpĵ2kX~.*A+iδn5Tg< O|#v}/ABłʖ\U;RBP/QݿdGFo,~V:vZGATf\9N I+Kp(>5_,WJ&Uec+F%I[nTk]m=}l'ױնld,Uk@823@SQH6`Ɉ~1M" | 0#-T~ڲ(TLbqa#+}9Q.~s`Gڽ%pεhIѐsy>H euuhLBٳZF<^Tn*d=X8h)(QdH=gB”rV(elDaB^x<3} #ճ%wȪeE XO|F9C#`(JEVzf@S~ꨪsSt?3zNJڇt-q,#YX "qF S,6Phyಅ_Q>A9U$&8yGvMmj#Ncu"`lvpC^p[-Rh2ꀨ[y\EEw ,p@3ym}݊2B5E_HR4A_7nG>7/p??5XG~s/b}΍C,1u1s`PQ#bzq!(N8>x 2fj8Rb1a_CM.] 6.־R"%?Ig_ w*_^*L1[.AYFVYsw/ՄiWxޤ5.4^WrL8j3~*C˘ECw:鯗fe8Up2=ubjS _RƳMv*rf}Z{V<¯0̥fzG`,XDF"+VY#IԗZi1 |E <.:F;|sӨV!U s=] زI7sX/Y@ӛ˸{sffWc܂CJOzO*4rpG^b㺎Ԉ7Wh+}֣t6̾w„I6qNșq[]EsgsZbCh~YI*-|jC6H&(PjĐ`IL[u&} ;1 HR]]+ʋ˝&KXyB]J^.a寊,5!mQ%Za${tvxz6"w8dm^!`rއLR/N+uan<? VkSger;#mES VlAD@إp8yERM|U2qd)DfOh^j<_̦f G8Bi8[O⑇*S|Ttwk I=6I(XC_w8w¯v]3ei {*QN-5%q#J1l7Gk}mQecy[ovVDL,ɣ8}vb/_H}y;NjM@nr11\ Q̾_4gZhܕr;ruȮx力i%ρo9's{$ P}FSK(sD(}D"#ۢ n?"xؗHPz,>z>\l:|ei෉45nzGJ8 fcjݨ4{pl'M0O1MU\G4$k@h_ tRaf ?WC2FNsAIISLWuv摕ep7BY#{2 4`PԺQqn?`oWn8T IDw=7!"`zU uuhVra!8ϳXzI}xľ.jMni$dQž |hES<#>R{0̨">+ϩiP:5ZgST2" 1PuH ƄiM*C^Jh]'C*&?Nt-Vn,x Kl=[AI*I2raS63f:vJ>q`v=4/DTT!O_]*㹤M+Hz o9޷A0z _'*ƚI*]Nͩ}t4:]9'ƁiFsP;b ZCDYoĨl0L<5y?G \hW57&ćHalQ\bh_"DjeJȰgh':w]@skI5t\? nF }gExO *EXo+!^ jU24/牻O7 [yԁ!B|j GK v(e&w$)oHl  $ s^JWBkrM;'>_CF% Hp>{Pۑ(-pS1 `l:*3ĺ"7LM@,ۭP5>jv_eQefc X}TPծconbD+s',C[byJ?u J 2Lu-M2m]LM齟 9jzbHa϶79.e\Bp~m&PyllC>`~YH29M#9ĥR" /n*z(MG &M gD褙+ 7M懌FҮD)#n떔#;ЫV(dW\Ǐ Bw/Xh'9N(Xt3eVƬ.[܁7d"3=h-(#hLEV֓"eQ<"ӌl&z݇HIV~+swo՞}tQj|-A</j҄f؞f5 O R/}J/kс hޘ^8~Z^^kW@gP!̗%Jxk˶n^rN΃ɵX'Psd 7|Vq$ 9;!V[KP6=i&8 diOD/\uaz"ӌH /<6PZSSV:P^JHil2bڏ7sɷ+2<@D G*fZ'0$<;ӽjP|F:>zZ.y*Bж:R&/~?.bz p%V[,3g}vpJ&K[S]?Y=E8L6Xsf7ڲj ؅1ùI~Foa{]7{v)qmK9KdQink2 .1voo{3OSbI]`` WpDbVbr D Bd 쌔nW;xp;ZRŇ'FP$t'hc|P)zm׾|mz/Yk:WgvDuWDkjoq&mXccB:ϫjs_.A}fS3.B ;Y PG֛3{q~ ^ ̮`sSV~P`" gfQ 7ٛH="!]1?ԦAkY9ŋęf]?J?IJl3.Ǿ 1͔C-|'ndq~7wV1lZ8a njEPq1 -"nG՝YD1a88Q-t jf,*=;)z0(PZ*3A@E~y 6JNHVg7b{`0E7~b76̘fn93N*Eڦ{2eE=]0t?M] f1.3፸&c O42-2 'L~&s-##+f%jL|||oZPlb '&ʍ.3A B3=m. d,u' kOA,D7#?)$J ,bV.de>n'zWGN2t!>6NnιOIlT1o-]Ίwo qlmÂh|+Q n]l>~َâoHG?دwmͤYc*C\UT#L [#ؼ}R" 7Z Mhc("q;4 =!Ϛ_vR_1[u8Q `/fE/uvK$H |+i%ǭ^e 3G*i=UY EST)-j>Ff 7n -f'L]yrԷzBtdJ1G;$ đfg{rRA-l%Y(9}dӫt#eU:{EW\U,[o4 ed|R h~?bץsT5 ǔ6+X-td'c2T8ܰ6`f xF䈲P?u:ȕ~689c9|&h#-7s2hR*AuZ&k3EǡGZIݵ3\fkuM7o[Eoޢ.j,z]ޒmF<.FJ46o:aL\YNYD/%,Xxp>cpmjr2Na-v(iQ"N+iwv~J0M¹9T$N? [>远HvcLlIqL*\fL2g1QGtjh?죏[YO%̣/2{GkG/ϺZVI/ {5Vyq,V.{\^&Cl<zA/Vۗ`4I]$SwmWr Y?`) 1q*BiV8a3!Qdroy fs m7O];`6t\=6Z6F&D4E#ǥ?}5۳7+W=:qbu?<lf"YLa vR,^_s< e!iT5&(0 ;5>+Eg^j Q]|48kP4f50g$L]L[UlιQFIַd3_Bi,?v`ſv[e5{We+H$>ksu ݥgQ. LڭLx fS㜝K=2PqnFf>?\rI*bb#]<~ ZQSdS͵ t2%OGLN)ʇJg u5TytQCyc9ӲrXM\jDHbz ho >l,+>fN^QFl9`L_Wo~wE+Jbu8*[;cqi)-C[S".K n`ikUZGE1(S嬛`4X)/.:hnu`P@uI^ H=k[mKY X* kavz|$-|9_xbò,k!^RT>"y._v68W+/s.7|.*sA#+Ujݏ kD4 1,-Ŧ*_;p_Jc37B;W_/KgQ쯖\=(Z\@+ˤI(34mJ7@Xsu))Do셉KnY$gW:ԁN] I➕ 9F/Gזrk+JNI540197qhC}\mliQ ,]4)@$𭉙°/-+pM77t&y6ƬnDDBǺ!XK?g>cEyj<&W˽ pLֹW ^1K_#9KBZxH&n(K|Nb|!*kg9py Z=T\#]{z7ezOIfn(@^Z <h9r6I7qD\/ ƭʜ(&JЮ3ߊ1;Mr exQx \^gKސ=d=|yr#mW׬^SWqU`d2+L]ino'p,LKl[_0&KF0~Rx@'XAAt+dcG\ñhܮ"_3G` cu^LK(9 f04-[ƣ6?cЁbjBV52$4 W w UHӠFfY`Đ@ 2Fz !bX:BL%Wnh*ξxq{GPpg+;3[y@gl+jۃ'N%pgXڊ3g_bd>muw@k-qu09쩤Ƒу>j EBIs? oq_ ІΟb|s,(hoWC lHS))gJ(Cjּ|b=V^ad(Z)t蟫&y+V.]z^AM=_߶@b}>-F5 &z h GYdzym:CCr_E.L*j>{!֚-CN8 ˓yFB~5}nl[#Xe<&Y"#w:&nw]G /;7,8EEab@(SjŋS -U,]С%'r> & \x2Rx[T+mc0\p1\߆fWdYZ?N0 ˈ M;E)dP2ɣ^/ǽPZB+ }<2Q0O1tH︳?݅nfÁY{WA\Okswdw*t;3(¤, wy'Z7](պ&A7͠f]'ܴ^Mj*tk&hotSL߄z p`X*xi-UE+*O;X|/meOǦ&R<_}{ 1e^P#^Zy/-Y+(`?X|j%\∄"lƒ`dw;)SLl۴^L5u]?] B*5t&N`=1aבgzÀAqY`Y iK65~4G F_<͋ e=o<^2y[^ǘ 0z}f,]{cev6?ݖg0)Μ[XC" sH6C)z0pq=p1.vNb<[g\:NLkGF* azRϔa9x>6w)8bxNFc ZRf2+JL=uk܋;RWK'ꫭfxq38{Gf :\]nkΩURK57wCuR0A2R)CߖGl7ѳ9dnRƼhXPN}V)F#bc2q n1l9OCְN~([Z-_NER>QM4N[$e4yzϕRSɨ(T) %T7sP.Z}\w ld=ˆOƕ<@3 Ťι/ ߚɁ3٫ B+1ldJC{d 6 GGZm8:2݃^gI|*ӷ e@m36*H{v#@bZ w4H eҜS_0QṲZW}f'42"`ʯ(NY3"Qj2+\M@"ePKe]v75?f{g> `nYI﬈AD~ǂ ' c6IIoM"\7#3RQI!iȋmlA]v9=)$ZZ'rZ9KH Ѕ~{(4HW-&f<\}:ʚ.g.W#%(0FÞQjbsRs߉Ë= ~ .CM$xvX?QR7j hܧV}H+3>#p(@IeP=B}1脈T"W0/xZ>z г l=L~AEcW0W|ڕuw@ŢTL)=zj.ꃬ)5:}BG܋`I)dX ܄<¹(a|ϡ=fYu0Y ^i#ޛTG =fKؙ*~J*y;>d*ao)1}q@*-dt΍ݐKP}/ a՟$1C&kJt A,^NsbUbe;Cl*Po hK Fz=VUɝ6"dW*Ķr~]sV(Aa4 gOZ\:zI<-zhHn Vj{W(,u5fPW=Ith ] ;ɢ_ oB;qMڶtO}M _8bE"{Hg"@_6sLg!%LS@],>õmPL9o*r6T'}G/LR)%gluzcj^y*ڶT|}7HG!ȷl7y]*x(-;!PHYa~4=zKv=\] {,-A '`>= )IFRↈϞcJv6JY!3`,})e|+]ι0Rfe%[b,C/E NͦZ]ss%}oZa%}b)VKZݚ$_a@ 1G3M\9b[Shef ̈́C .G&nMR).(\grNg1i(^y*Ks0~zL2jWwp]ν߳$h M`/nHDxgjd uOJ 7*"HMK1oq}^xMZj'[,OQkncmbj [XvQUuY]o-ҷ 1x~l>,RĎ6dG`(r dιqc=eG|~GxJp~.=܅ʪ? mBUct=%DݓjQV: 2#py _u/EHBAOfG} B|埈=+Si]])cmU 4 .0@Є%yf.#C pͦ@t[BnI׆ |.}&/ "*TSP^δlTZ-q4t,bEgd -9R& .G/Ia,Źp^ΏgtܣJmJF`$ҥ 6\2 >Uĭ iܩa'w(]ZC4Uҁf+S,N!!YP7.*R*:oAg;Y"zj$z~dt7UY `Lʫ/y63[5ֈ1هѝ#:ЌiT6Ld= .qo0Y5L=L{p o QP;TP:lI:EaaՒSKk ROԫ7hꩥNS|s#,Wz'l 4d!"Wh26O<;SqEZjfh$0r] 6ф\u c#H9,MwБZF!X>rstpMA 9v?|(y{DBOTPG㘽%6TP+. sΓc CY:֥>e4itvPץ-^5z &E W ٢gHg)4D'EΌPod[Ve JcCΙzWTIC-/FJ$&_NaU:Ǘ:7ʓp֧St9%QJ ;D nX|\ړp%O$Fχ_g7p',͹y ;~2 $9;VҀ58DΧ!CƀF&K >kuT ȅJBŅ 8R!e} tiߵPrd/ BW^%ij5/,{4p Mf%g.i 括Tc ]Ea_kʾ-dE9ڽd.M۬G0e9l0 H/i ? ~{պۡoJ?" 1Uٜj櫴Ջ /+SE?:8Ǘp^ $k=>EutQS#}ZW,1zG?-Pjىűm1\fuѲ̘ =? X>h9Fh\IFbKL1ӳе5#Xm{Yi؅ >GW-ǥ﫲*aC  4+]E0&( 41?tg24Ea+9KL}qk5O74g|B&s%7\ˡ 1k3R)XIP^FkXqr}-kbP`Cw(NTP^3]tlTہc_|>QfBŞ&)J& 5uE-0qŽUopx"BubRTVcH.uS%2 A,󣊛=£pw0d&| ΧUelμ feꔄm&Q&cv z%}R]<>ɾ˶;fQg.Q;D/  [:=?UCrپ"ڂ$># :-xjtU$ ;[}Pg{jg7|Uh5S.3Y QLvIS۫U [;KO؇/4]ؗ*K+˵ipO2[J~JA=/[4qÈ` _X:#7 +%`G/FĈKKK$UXBnpQ10#t]&a|iO;Pq@*.ҔT 0 ̓wdNqܴ>X*,~sw,S0/F?Dz }O͆;UP-*ƭF_5"YՁ@wț>Qr4:ؘQPI)[#3wwLUİh[k澂1oxetZ*]r߬ZN7~@ʐFֲ0[Y!36j`>[U^| ^8akĊ ec4 3b%-أeU ob4:L;Ds Eխe^vmޟBGaR򇮌]Y W@܅)yj͠䀰%v:K/JV 7$ސ3zZ^5d>s\ś [{qwG+jB,Ұ Q?ׂÃԽCy邟*0@Ru -!5m[NyqDmz%E`kܱS4@ "=CwVIR6RN8 ,Ė;P멗,t.viDt/'Yd@OH):\#FEG3%Y)I Pķ Og|QN$,y-}s6&,܃ `\ĕ7olLWy~`nvl笏 X 3iT$z) :溛L?ViGh _X; eәᛍ~yR^Cw!)s2ȑ &[a7+}r%J8+,سs}'T6inEbO<~p.\: c荤7Eh6.Ah(sƑF4_`tI)$r jmwSk`.]kZ>"79(?K*Yƹpԙז2wP(EJy\8ܲGc5%:/A;,f9H$j0mfT$njqS9Bnv\lEO<&Ǹ4B1b^:C<إau1Y]GgZ[hA2NuBz@Gg[?اYxjB#_~1hu(e~0?ΔKd75XQBPF@zʋ2$OFdzIzCS퓿=q wk'i#.DhiBFMmGmm&S?BtX Wn㺗z#cw/iU׾34ے0.@QpCx4o(xbzڶ84unМs4.7V~Ҟi.1XRuʉӫIUyPjIA#3I KQ5)Z2YI͚?X^0M@`6B O@uYtc\*l.ѽ\e[yڙNn~mBdY}(<[JYƲK`O%I_BiKE3DoS!%dEŎ0͵iPTdc7H@EVU ˇޭM*:`V9%Fx SHVxGwi ?RgyZ!&oN67pP1ME.e#ic)Cg s펗L[ygIyIJ(ζ@g2.s!5uk= 29-Ŋj5T8khP2wu Cq ǜ =Zi*Rtoawq6 z/X@W/0ƚ;z &]k[_)٧4Bq7C*{mhTK2 -Bg{U?@(B{nx + 'VtI7v)a>|Ig#ЙbAOֵ eWw/۳fj+A VRCCk-O#}Dс9?5pptgV7Ō4-|wh]Bߟ'8{؎#5ee>uRwFedBYnq~'L5nfUu b%!6\OehJ~K>K*S>6_) q!|]ITnc[-ILڝ+2`t-Q<֧7Mm02Mq(!%ֲ\r GZM!uPշ^[c*%q_MPR"4^OЩk5q.VykyGiRChQS| c4-cRM8bOmΩܾJdUw_l$yFs®+C?/FEtʼLTphIrUh۔X<"Q$ÿ->~_gj8"*?Bl3SG}#qV0ڸht `@!wpQ'3 vSb_Z{m4^7A>T[OHs)2 ppf5ǥ0-jw/#ב#6v` kiѵo岷7N=S|BN vELH@z1_Ug ̚qzb\7R55cS6m*@i{%[c3{e xb_y*X͌fv@9GxNuzw z!ۼ:lAܧ)y_ڱpe]z? :KGجZͦz8G.`b4哒Ņ-Ns]N}왞y{_̵'+I^ t&*)fld$<`;@ dxT~/v8G$?a41}MU<ݼތDX N-nC= ڄ{퐫mEWЙ}:z!4md,3*2y#/i'mrB>[saab6].6GQr"dwL=͡O#OaGy'lZ6{=Cp.yҔLu;1BF{ơxHzy[ QZƆZ$,5VO67JoAZBU};QQHkau (XMta}B4a8c$5֟ʺយ_7gu [6&^JلI615JqQO<דe{P,smΠ3Ԥ2Ԏ8rO-GmZ\6g;,!0V 겻zI22|L  @ Ax'6ʻPO&4aU͋lʔe&[P@L#b%ԛ*z @ǂpC9meP_$K;iWO\ 00HcCFsJ}I'fXlK&jq`%NO|F4us0YQasAR)7[]m7)+|B44y<ԯ)"xD&w?9G0spFp|\^EJ\Cf@-s= ?|`gDzv!Wl3g+ѭp%1ήD&hΕy81-aXELNGTLV 3*f+^þ[Xv~,J aMx]zQ'prp2ΓlNg7AN[bc1;";4k+CFlp 8N_GX5:}0q7;nabfvp]"nJE^ h5٦|?cwbYsW"tNUoLj4 &bKyKQߏ]H-[VV% (E T^ #V9gv#tp^&Ur& !.k(dÛdBvLԢr +- QK~`DrI>8ƅ9^-mXWXg;1`;QZLX"N&Mt`p];f16pњ̧ #v8wO'aIk[}#-"+E Kd3Ct1% aCcͱ>yiҿA* ·i-7a ^1UZAxj n\U67ߖ1` ?qca//s .w$=Ù#TXU">_ش(( U L="4+dD5ٸ#Z \pUTE7R,\t-ǒG4ɇ/gdj\(dxoB,O~6|ˏ,yp* o,KbQI)7" !u$e:C@5"ݤRUTPs8#][٤W)h X~+AM8}z/#s6/h+`PLya5tKڙvVOD+ >0D) ℣g+ǹd>R8y%i }יf?Ɍ oBhAڈAXRk}IĺLcOOȨm9Fr ,slN3 cZ BhMcr*@v|V>S:}&nl!G-f$}w}U0TPJ:6 iJ[aFoT/~(7Ho H6pk*DH*045 p&%wTOB%(vVxJsw!wt(t e` %I*;B #؞ws`QH=9nת7j}1 U+ u>ӷ%ϰMGRDPMh_גZKr$ >u ){FjCO辚")}9 /*{/FJZO9O^L\<,DAfhȄN ϵ`P4ZJ@S}N{ߔ(Oǧ!0>r;}BP!xrk7:͋t)+Wi !7|Z+:B$_xbZ6ZNHBb:HAb*^ qZij ̿p[kq.d=NyNH_-BP4lT54\Q y36Ncwd ~9K+>:m?,Dﲚ]o)PC)&rn6~dM@Ѯ&oc`.Ehmy1yŭ ZE|K2XpHTfP .L8z(~~m{ꀸXr/s} 첄̭Cs˛O'6#ԅ]{@_v|,@[mJ.\/83  ^)-ʿ!_.vyWeZ@6|weGv A-oGX$~U|['sM`S!2 s@/ۜ#DZ4BYQ*-Z8͵E$o ,Pʡg*۞g:_$7i%l9kqOh#w}ǥ{tޡKݴl1"Ԧݵ* p_G hAʱǕToJuHv䲕Ѫ(@ӌiJumN=YiAw0sN#ozt^Uc+ djaڥ~O|fvi΄3\G=δ3}a:hW= Z],j \>W4&khcӕR bn%oEZT `lYGNqHp |2@lO4ż#lfCAt2ۺn#bLrCpy`} GIzNi αNJڲOh@OJVG̀u 0 0Gȳ3~Cž tL=`BCK'M g*M}yP#FWi )j>oN0×vcR[z]R8n=Zz#ayl4Js<5P>1|]7Pg0r)xEЩ4/8x|-IY`?HM:W B>_B&#<E6TF#ϽMK~'t{Xj8ס[{,)4g<=.yvц^\p 3DpfK!87aӦ^Yr+ bƋfmA>*K!zpNniQ£+"CSImrL1.pzN eENeT3@@S{,:N8lbx)uUF ך.00;ϲٲ;W-nr˱w N[xKB/drI)J)+/a&qS2왌6 .7y=n{z3[0EN]{ 𶳘{0@u[W̜mX~ IU;*!Dr{k$#ODk8tg=a>)Eۼ+h})$9/3Ȓhd5RWb;$V79U[ZS*j*ZhqkK/5ycznOd}(;䴘;v('KG%.5ķ$6ۆH^K05Y[ ȇ1{!KAo_KSM/uc׿bJ|;9ī v5&'7mښ:J[ mZ_R= $ҎYưK(lBTGv?& 6s{9]F7z5qaSH1,bEPZfuZEÇXi~Y"6) #^nz19'繳Rt+ -tNj4Y֥3\ f">*'bա9~ 5P;O$-6 /Y < -K$4Řx}([o7& jUY,%YMdAg@/OŬ:{Rd%öE6n2O6Ds\ 'f~s/YkMIG7eĨC uP\'<82ZQQ$$EH^O N<ud2ǿR* QmeR]VQ B_Vn wzTs gs%#K}N*QR8(@s}@Pɏ7k">˴ΗGBX*otWWdk; B003O3YA (Ow9R˷O%鄶d7sCU%oW܁i֥n0Rp`cEuI-+\LdQKhBL4moUR :E=,iIk3@Q$X$6=wksuω=Kb| bJm(o'M%bvAr_j[iګx* 1_b{@Ʈu-)5X