sssd-kcm-1.16.0-19.el7_5.5> H HtxHF[2{ ?*}}{:{OҴ-v^5 [na?ڬ?ڜd   H  2OU\8 F T p  ?bAA A(w89`:t>#?+@3G<HXItXՀYՈ\լ]^*b֤dienfqlst׌uרvw|x٘yٴ9ژCsssd-kcm1.16.019.el7_5.5An implementation of a Kerberos KCM serverAn implementation of a Kerberos KCM server. Use this package if you want to use the KCM: Kerberos credentials cache.[2esl7-kojislave01.fnal.gov,Scientific LinuxScientific LinuxGPLv3+Scientific LinuxApplications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-kcm.socket >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-kcm.socket > /dev/null 2>&1 || : systemctl stop sssd-kcm.socket > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-kcm.socket >/dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-kcm.service >/dev/null 2>&1 || : fi 큤A큤[2eS[2eS[2eg[2eE[2eE[2eO[2eO57379ce106ff8d34616b86ad46e92db25ce1ecdbfaf855342b3e39d2ccd8e254d50c2b062a96fdc50ef141b24132b40a62b776e14ed89c824f51c45e7571ba10103fad78c7371ccffe408b8af4d7269d7b19a08f5fc24710dae07080045314d0979d566a4db1a59420b5ea57ddd2994b7d141ab8103fb784a00e543061653aab30afd03782e87b6447d60ac21b7b5e86b7d1431262685872c99beb527a369e8291b30e576e05441743fcce027767650f498cf10ccca12ce0bafe8505f0e87b6frootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.0-19.el7_5.5.src.rpmsssd-kcmsssd-kcm(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libcurl.so.4()(64bit)libdbus-1.so.3()(64bit)libdbus-1.so.3(LIBDBUS_1_3)(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libjansson.so.4()(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libuuid.so.1()(64bit)libuuid.so.1(UUID_1.0)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.16.0-19.el7_5.55.2-14.11.3[[Z@Z@ZZ_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.16.0-19.5Fabiano Fidêncio - 1.16.0-19.4Fabiano Fidêncio - 1.16.0-19.3Fabiano Fidêncio - 1.16.0-19.2Fabiano Fidêncio - 1.16.0-19.1Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z]- Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z]- Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z]- Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z]- Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z]- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/shuk1.16.0-19.el7_5.51.16.0-19.el7_5.5sssd-kcm.servicesssd-kcm.socketsssd_kcmsssd-kcm.8.gzsssd-kcm.8.gzsssd-kcmkcm_default_ccache/usr/lib/systemd/system//usr/libexec/sssd//usr/share/man/man8//usr/share/man/uk/man8//usr/share//usr/share/sssd-kcm/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnuASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=99ba89468cb728719a8a7edd780bfbd60e7d0b33, strippedtroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)directory9R6R2R:R#RRR8RR RRRRRR4R%RRR R RR9R0R'R"RR RRRR&R RRR(R5RR-R+R.R,R*R)RRR!R RR$R/R7R3RR1RRR>?7zXZ !XU] crv(vX0{󶖉 Ck |ޚiA3$zA27hO`#`bx5뢭 %nu c{qz$wzg,19Q>Π41x+6h_85Bg /-kB{qlgp4x]0C MH! E #˘4P͙ 6kxʬ Hj&1q?!J:FEL3&ɴ`N{[vW~I3yH"cvݎ=xmQ5.[\>Bm!B.xT;0_Օa7f7.#֐2è#iOUeT WĄzQ+ _LA;VLaع Jt>mcrPg/:xvз xR|ZZ8 [J()+\% ?mj 5T煲 rm8S?)*~?Q'7x|Vj*0VYо_ezv X#7Κco DXtR|)892o;񔱡dJbNA-\Yu+BTW/QK}a}+hLǓ桭2=R`݈eTNg%5 烢52q*}(b~XEOGE2ʴ!+ hU^w8 T@a+wq`\ 106 {)2jㆆpׇ͐UlJcBY#_yn,GhY!)񋖇d\ h#hȪкW r(='u- i䭒S|&䱦zcӕOAUI* Rj sG,C r]j[DrRU k98O@jyb Qvbg7 inLɈMTp{%n K,ЯŤc-E?r8 ¥t|&m^DRj"@֯Hsnj# 5X<| xhTXl^!`BvaL v0;oS`x*V!n#vv\ZXu՝CbG0DSiŸLn9;ܡ;e$NtD ڲ|,*CCg;&5e7 š@#q %?QpltNA'JߤOB8ډEYn6J< x絹u}3ᕵ)'P=#Fݵ،v̎ Reō+s Q'>l>ĩ`4@W:lmOk?g5J:cWKYenR ]R$WAȷ6(P+(DKH0cLt6O7:#j #өĚxc‡K EZr[} nt1Ef?p覫bվ7j2iO)]qKm=Z-e:NrK&kŗ^̅s ZQ`hy>!iҙuEG|o9T[s~%ޤ cۡrX><T@`dڳ5I ڮ+~*%u;{V5r$ך}Cf܄4f9A*yZ_4-bN,LRA{;ˮSs?_@p/`')~F+Mz| ҹbCo P7ckӪ5¡vV*M[w¢]]3K>KfWǪ۰47A2JUo /p{fVI?d8_š]vx=t||8 ̍ӎh>鱁"xtLB;HRW,8RDUuiI'{$\LC;<YЕ 46EFDT> @lϱB5dpQ*!sˣu41oH[Ջ)^EiS?{m5H3l *^Z؀9N p]5 RR QQ`Y;fjא4P@ P帽Mh HϠG@ϤT>!X`5z&`?-|v;8X:KwU wi1+6Ạ*57&kwl[>.%W*>,%:$t<Ѣ' Zq.-ada \ ~F%wc ~YWp\ d #^ǩ0z߮{i[z@,,6-^EeQU޽#D7!)aJeXK>Itj&x!O'о@HJOZwgzn!hTmUx9[bo*!~AY_ptf8h.9W0qWkO ʳϙUoaB6_c" F5Y?{G`!)TKa#4ʺkJOjS#{J{tt]3 dOqX+g@ƞleGh%6h; Œ$ʈʝi5 K0avtj^5|Jo!:6։CGsnLUz4%cAC ^U矀.@Y_YgH?UE= T{"뷵 ;I?j b\൯NI1T&YNJϲˢqwaS%&K.k4HڍK:Y|z$ʷ@ž Ni0rD{dx /=C{q\ڍeYT-C#9`45'}Qp :&gE0k7Kk>-6@0+4Z S:RK)*93W`K9-as/`T9ٷpHSPk{iE| 12@Omwx79NU=i~7OO]NrIw-q&*>ޙ\:U $">ºEyd㞻~.G@gY2Ax$"xTDI~71e:dWQOܭvҢ?i=L: =aNeY"L=糧 TS 4W1I[8̩#ov4U2O?,r{waCOqyYYmUy6;xwҋKQ.nSwmR=MڳU`{1|g%n.a\ (>\TaYBñ5b;1R~KUaf{}3Qp' ,2OEylD ąXIjA)~hQ)eK/&  ~<1LpΌ.ZH"{Odf ˃l:S8yUZ<$+G_1GG lgLd;Zi]9.ï'Y35^T>I,Z~!h_G/ M@8m'je$"ENi:fz3 --U"W 0Xۅ=͵ O|2 U1zA$u:QVWsIGz ^Y FrLDHOcW>*be J%Lf鑬7D}@:͂ (o%O$O>iVy,_22QE)KG8qbƶH{`3>zN5\|#gܻM%Ƅ͘o8X9 uq[C=pk!Jr)M,iOnaժ6/3oG֖` o( (ܥuY92xmKTrP{V:b@&ȗܚX%"D&GqrZT*W_l,~s&vyV놶^$'BTUQUx9\W fv/Qc1F_ꍬ,rqᏄ~[ܢr$Oj츕3'&I/WpL}%~&S2Pϕa[U&uZ(vkP+a+atueK6΢T}R$-WPoB5a, cgܢ\)'UMtfS_nTZgmx9f~w㢂+>(ckpcqq`fjO.#.AC(|_0CJᩎ(ۃ{k~-E)>J $V ـeiK5bKY~ ݫO+2\FEυTrFdB2%9 ʭ]ټhȏΗVqz&y10\ewq]r)I0EG& L;5Y WZ JeWgEٲ[Ws,>6XI]`w7xE_mC%$< RI&iKj 4R(]AL}˷@ngo1y躷Z GP̏%ʊߜ ĀaAp/(VsA ϳb;6 P-vN5*&gϧ[۟K\ (Ul9+ĞxsZ,c2' aK7P[oIvDu a[p<73USgrMyR^^@_IժS}{(*+*h DR mA`t'fADSFz$6CZ1C)-aY5tVB_Y7mө`iKΜ\L*6ybRG*I#9p!#E3[W aB Xp3C#dkM&\1ET4VK g)>ي7>ލ:s)䵭M/[lG:Yפccx5]TN'*9k*F ؍Mt2#9Yv.2 $¥Yŝ+8+Z9搌*5}orQAU)4uv9ҿ au9`o)AwhTP S['"g[hJH ́|dqy 9@9IuNe҉a HHMaW笱myW>b6TS?PO*|'ŭG/yWe2zWGt83[Z.Y.D` %5=d R0[T)C~Qߒi*gk;ڵ=fp%VY f#r4l#D5^ -:wYQޠhАE![;Ѱ Nd9l\⬯.v2%:,3/P(&5@y^A :TtK[ 041((3S|;OTvT 3vrQ d0[j[w\Hc5QlT:I NꐚD_+MAV9 DCp=.k ^8}Y?B5п#AX#Yn5}a囇x=$IA.E{!L5ͱ"C?#F%.5 ;58oO9tɗ>ۄ4etw5g| ;GqLV-ưA:T.Ӛ4<]0mLމ\PU|{ #G]{XghO>ϑ(m=J; ڴr2Uj|O8{d j[w ƂqQX;EQu!5NG8jonxYO,%k#'A,t-h.1 c&i /ı) 9y;ʔe~k}ku}$4_Ql_TcxKR-.LZv)F)v 3d#W8|,TY3|;x?:߽gQ)|,=:i52Ty `p򽙌i=@iAbhj9hjVuQ;B"3C9>pnʛ0t+Xx{>Ē-2iIE=u K'MnpAݕ8:ڸϋ{T2 ¢Mİ܎y1tm;׻icHUkEU~ڗ~ )XK) zyj#%%YǞK/o( 4ZVr-!)iM#LV0ɐW3L&2ʱ 9, 2Y#)I%r/WYcs9S𽋊;!r\Q9Ƙmp,9L<[6J]#yɣ䲊VצfPsʌ!f]M se|ZO)uR mbSD#䡿=geR=>dp.* i}#Р[8tDd#`Ov6 q/q>fUmZU4!;K'T @XUMLDa2IFѿsE\'/ݣc4HFl'n~vm,A|(-;x,迶*ak^(!(jx2aVc^j79}L' 3s=?=Ec {DzDR[BG$ʳ1H-f8ߝV3YrtM}؍oMʅ;5NO7sf Q~Òz}C߭sn"Kuߕc7C3k}%|dT0 ܭjfAӁOߴ&UbeBQه'X I w,FB/"uV߲W5F&Hv |ru%+\MT&远& /.i;wkuἔ @??2˭+zGϏg $-'ł@ QCD &:>1>nbPƷLTEYwfw)TWɗr=pCAt4_" ”$ܣny6GUaB!=fp&頋dvJ[ӆְܶ:61?dA܈ δ ǖ:6#x׭)7:zr}#ak& "\qZd[/VNICio]f˷rIįEed!]H1!'UP8кIEl3gIFefGnmexC# @)MsagpiCܸ9'r"0Y~&Q~W@A3OPÕo eayb|ΖЌ@+h/L;r1ty_DL%d͕1fGp/2oGYŚ7q[[9WDaKZs8>|#TK(Unah$nKi8R`f=i0~VFDŽY7Ney9st+CwU_s=Jk'X=VL'EesO<:p&{ahwd.!MP Lz&yྉI[Z Yl5&W_#CZ OڟF_wF`Di8W^dYM1n7 .5F,ae]͑A"=k .;s"6W ݾUo KA| |ǰ+ϕ7,fw7Nl0)/p^,uENcxU5H}lsJA/=ߥ4PvA>pyL3/e咍+=Vȴ%xm Md^CX4ҘK% i]02N'0۰Lϸ qOo61g}0Zϋi&[TO iN*=x FsakMuHoQ{ngVW9+R80PŽJs^#%ѡ70 d_ >NAnmz@ڿ;]3D'K)'eML>F'+>{`B; sD({klHD80w8qt/c53 %4cßǘao YAJ}yP|sqE"|T\ #?ꕥsP4~(nPp:>Ϧ1I1|hrKR:w1Ǽ/BV;XP/wG`SF!m|'/oҿjjuh&1q5X~o k,3ePwi8#Pa&Ί,D*į}@'~#6'ǭbK&Rû:>|"(4AJGJh)n8~lg-h1~O(DV /$0 '/J66f -¤ǜy:q$!5rAB8M謁 % ilqq穼 ֓h19e G菑^Lby廜"4g*ZTRԭ_,j=0W[#z$uu{иC.@ؗLI[&bY5fo@Iԟ'5a*:YX $ǭ%&QdiU+x6N<7底{VK.syuRW H0۴6QKL߭ =q6Y8Z yf\m^+Z %s1_~| ~%*;Gf]y*:'or8:6DdҍHJ\UuJ_95?L?hg?9qT#E$sPS|j⪽;TgOWtyPdCG;PVoa؂@kޥ:LPT( 8on} أ >_;8=2HY'tPwWcYdz{D֬RL2]X;KۙLùl״aa^2$T=Rg:L"#/8VΗN~JX#(1Hc<x^^=aTA so%pA&w'Y:p F" @ P節c!&$5VV2H_:N,ӪSS^C>P=3Os1{nl$ȔćI8źp&sj ;G/}@jwQEĜoEHBӾW+}3]qՏ,Qh:ę3Zmɑ"*1wvVrMPstU$(N݈8Y Ѳ6}!}3@&|L[͜M7UwN/!T-cjA{%SoO>kʺ9@,l.w)KpTZ\Rx+Nkbx8 _P8V:Ddyѩ3a^ ѢXoi zc$_5'&TFN˰9>DyQ~">N$0䌔E_[Ě+DN@$ъ]ڵ_ݗzиge_ʳJwW\DW'F-p<[ztG/jn}*%[@EҟO8/ xp703.e:cCiVpg!li1Kly҃j@F` Վ u~s+Y\JN¨.-wwRƼ4.wIp b*@^z=1'`qlVˢ `%<[T]ɷ{O׼Cߧ&i4V dO>Gg9P^B9 :u*yx1q` e)O!r\yހ7eط%_[z~R$~/d~h7L=Ǹ @Y|>flBl5[YSB^'|#Vj 2Ze"ɟ-ّ|?2Wݸ{?h;nj=Ű>al |f7`^Y =O ^ iq1EG H$! FhjXܘrh䮝0pΔCOTc "I5Q~Q\ Ɲv&h,+<Szyw l#.>_UECS@gYVڴ+y/`Nd7bc?@#lI)9 UYiLh`E-q'ӗAɟ<.*sHѾȌ5G͓(4>ZͬRb=N{1wǼ~8MlقvD~†U0{=Șf{̀G̖yh|ėeR"4&y⽣S̩Kb\iޢ.Ga_>3i>% {5vc}R?u&I^t$Hbܴ SO~8Ғ?m.Z1QW&T q#;TbIM|=dӀH9[vqnвigbݥJ1b; |C,`Ǖ;h@.ZI~y*LCD^HH={Cg9͇d )jU M,~ռ48bˣX&u44@S%̖͓QJQfWz=tuzp3Tf&Tx{>IHWt&c1#Iݒxr>~yc>Lgl@R\R6$c1KH-?uD'ӢD$P\񂝼-+xEt uFUPa2yE?ba"]NI;"0vc\(2$lP J7ucc ,Wi* [6i efýNBkپ A",?8/E_9L0bܝvyCyoۭ`|b-_0GQd BYK =r`" eA0SAWGS_T 箆na ;*{`kt5;ĎzG`Xn:iL~HTU6B?IĽ`Њ]I1KVf !ƞZcugyMuo5~"m@cTAփNw0c6T9dWZ*{NTP}=+JqU,Y4c~hUHm.%/.3ͧHfrlH2"q}V]Vkn,H} Ohw#ZJ%Q%}}9TY'cQJ!r].UHPlgGv'_P >ęE? mivK5Z 9Q> Iӛ6_VR-ԻPԔy+#d۸-sw.7O٢ l73 z# _Px`Dqswx^L~uSrl h F~mdBG:=iȈa_tTJsƀV4ǤJ 3UgO&jjMƲ<6h$ơAaqg4{.Y&iIi4J_LxpDVF. ogm~vWKΘ`f-rGmj @[ʘoQͤ^BY/Dj̘}hd 1X+D%ls&-L/ܬ3cq ڧ.]MwfKٿ\CWcA4lXV;& N^{˳ A/9V)JKaE?:4%wOڰd6>Xq!M?F$D Swa)<>(e)qw$ H3k t #Y*~:nñ|\Qn]$[{%==Ν-a. KVCRڴ,mN5 ӖrNwIFd#ɠl0#?E,~̰so6vlm"Y]}gs%^wXυݎ˿:z6B⦰I W'Ԙ> \ti0HX*F; ld)K&2Ź!]D1.A|;P:u2+ ,v&22m2: uy>Z^-S D -KnwTڸD;Is8vV`^8Ges[Rf"R9|~yj;rOoX+tl[8 :N. #m-Q_pzCj@a]Gj}+ A9> i6慵3,(Bpgo-b& x]"lѽüMk/^!e^4 E0~[۱^AD.šm;ڐAxohoB NjaoRUpf3}Iq25q,\;)?[* Dx6l2kTjŦPvn4yDcq%Dzo;\nfvfӧi5ÄCkC<%p.N2.ʤөe`ccEe'J}Ħ!9҄UM:>OrsJw딢d!F>y/Pla2HލPGO2U*SxQ J`ײc&wzhoW/ z^=(XLڦ{"[XS,%N$|MyM_N,G/6cr:1X 9.Ebk.ĺNwl9Peڶm]e>u<)HLƛIۺ jq </R[P +i+wd+E]F7VnF>vMI pAݭ 927QGL}Nv(n^fIUoUp'T8D_Ty%\\y,$6#\ϥZJ՝DOSV6t9a/" L ŋXAeP$gSǾNb . $ǟ'xeJhd%fޤ[d2!{c 6t;?8|eL񴽒6ɇMmT1U:UvK2ul *e.2x?iXi$Qr1,AQYHDՠ4&RJqQtg_Ĺ) p?|~x( +iL ZL({%hB9;v>[_(!P0a$0vJ5Jp"jxQ?7t})d$!My!imQ8½FbĿvĬs򇀘C+od׽5:ZdנWL!Tȁ?cݢAa~Pph[a8UhgFyGB찿> 2S9,r8f+8;!4T'[xTBgIY )w-L&Нׂ” jʍ_BU=j?lGn-r\#kW#QbgKcgDIG\]FEd6pคB_k D̶*܈@Ze5ow6Q@_d|?G" n!Qz{g$ŷBLS y+eQ/F:-ul9ܕ2w"1ܥ4J\+M_D$vEb-U{_wˇ6 n7z|YB 2<ׇS*+=?W&l#ꭹ]:(y0A2('+RyXxKP|KȲRag`Z=Doj6JC)]=K[qAKoKn .k^YN̪ռvԷ i6sމC 8NuRsFzP" ܉lb,Z+ Z8S-rA;<?;eK[ rU[eAwj% U%én# 7JsItF`n-v>aft9ֻ5,,,M5r髜ћNr( xr\݀a]5$fowկr&O*1&FnVfN^Ei,|bCx^}OFbf)/  u u9[?:L4uyO6Q?hw#Ws$];MlF`TK5Cz($TwCgtj{' beAU0iFO ~,h/!m!aa;e7ˢyr qGp. o@7FQ?}0%,Sͅ%W/?Hz7򪎕Ռۺ wg['m0F|Y4D@h>`ysF'knc5163xa)K3!Vdbk^~!^K VMJY*ox.UKDٌХ_hkfYcr_ֿ@"5s6m5K}eS~tRexs9(Y>peFm{PN%kPi)1Kt_棋({0C^ͼ'wb"o^Rp!Ԫ/ԧrBbO8`lqt&i[9 E1H_pgY l;҇IH7MPzmHmCP9ڷ:T2+VnFÒjxb_zfmi"G݀OYM`>y+P@ K;<.3{<Ϧw_aO po!#rS&cPAנH}ua8HnkfTa(ZԡwǺ=EL\n2 "?穾N˞}|0bƓT=`z;wA-QĿr>RR0-s.#AevfD>Sx6Nf1.-ge ?@U52HRW ^'~-鍀.؁*kx'TfGD>v诐#Ht> o ӭb7 \`˙y_TLlӅؤc6_Y " ^3Sr4 ?AVRV@ {G?/ҕ7C~yHwMW\C- 9"5 SP ]7%a>m2i/܃`!B`GW^&܎Az?1m73iz4l`0g2v"0H ,#4҉j Lc7r94Y +?*<K-*.Yq,h^'E^gDW#{R,iHԦ|jk-/OD@f<7[!ɎV?[zPmQ-]h>7a<֫HV@Xy.]O[%DKVڀ'f|yZT (c0#;V y7}+PLj]ʮ5wة~9Ȳw5y>)s';犥l L*CP IsXnժ$ ˙{@6)ȑob]Ṅ3 WUځPҼ"Uְ:#mxz\=!cyhw;*]][mwZo/\I=EB~3diĠB6,VkupgGr?js=eƉMS KBkjK:#5WZ7=CHi%ݍ %ҫI~ú?f-d/oc\o+΀ۻRhPG"|'egW"ks9IMq;vwk ۅ_^DO=N]P7G#?}7#g16٘39Vڽ~ƃ6}P tR‹T1{H`_0wZ҇T'}g̠&W;ֲNX;4f?H99!x0ѹ'B(pMkLCǀH|Y9Х% h(DI9Mؾ*& 1[z8V5A!5뮓e%L eN~J& X)O>]7Őg`Rb!&$݇,29 /M8MV-{nS3Nv7? ʾ':3?-wkk}ܨI=\10k W)q̋-(^7Y3Qnꊴ݌( ZRV<`jijfgxQ*>:$䟚etkGoab-o H qB&Cwˬ^q9^DCR?TXi}9l<+yvlcĹBP /}&jV\.1YM.J-6ч*X>?_k֩sH\Ͳ.0[2`jw.x!)|T`%Q \|M57ڊlA<.ӓ>l8?&9 >vUb6jp Oe ;drŦ8 wqhj. f2^-)z.iqǧoH.<$+A4B .-h{!!Q71mX>>cPnYz57̕캓IeĚ\ߧ[Mbtȁ#΍%{g&tΉH_j΂f€+rkL()#N%)Ćo ;4|Osvѓ̖sE~ Hxo S1T;ٰaq! = Pk%PN\9U| 4$ 0~~׬FI+ Z^߳#1Nvg8^-1vv ;wB pft@Ӱ<ǩaPMpO, Rd,;c(A}h-FLHo> "P^MuX5_}$ȅGsƋߌ8oYٳunfWwʒZGi<KD<@;),a% lr lQK@_¬E|w Y)is <7] 1IjZNq>ǠR҂>48l9O97HiB}~ ݤYޏ{Nb3r=<ˬt:_sc ikugҌğb25.SPHd h+:08@L0UrX'f4 |箤 M~cjJAhEOI Ik ^쎢_ 䗖rP_s/b{po0OnUME'G~ZI'.0{wOW$l MTl"h Nb3"|rR'ap)Gq;$ж %eɽ lkyq.P3CP8('i_TZg!YB>+Y8!`.^vYW~!+'F%R$Ü۠ >ۣY}sOE83A]Feh|E1z{PV&Kv.h)]zれY!IܡF!A3A.:jF%M1M \й1Jӣ]Ric*,q m~=3az(J nz Vj46O˚9!Wj}4(r; R~AkZW1ZY/]q-ˍO譌 U7 ;IWBNϳY|EZ~3a0<(+XH-pE~4ط%2ЂTM3vQYdžlKM{\MOK|YF?S1j~em'o(i>:V~w9$M7T jD̆S*6A|O @NMigǐ̦[ˣёIL%u\o+|!Slg Yb]]ɂ8ړ9azP9.S(T<}1dZ,3Cc@:_nNA;`7g4KO|8i;0{(UL,Y;#MPN8if]w\xŤ*Sʀ>'O`BE{הZǶTxu{Ha|Fq)>$N@ěvoZ >c,6U(H3m2VŐ,73䂱dl('llidf)0<}"'ӥ ^L轑^<`=V nfb(_\ux x;KgzJw5yyk`6L =p4U}FTLU5DٛLwviRδ;;64H$t& ϱ%&VM$Ng YWt JJZ}08N!E ^frKuc(\#b4mpHE40lDYbɘ/*C~Rwp hez]OnFLX )L~SnR:pKV%"s\ ˩z@@R.Ģ k< oGms=aNX J*p1Ӓ-Vqs1Z##IHnN#ա ^tM^`-Ԑjؼf@pIy^Ȕ+7?21}ԚoɸpEtfk+E6+J SjX%?B8iWOл2i,A?t7QIbl y C xt g%Kl%rKB,s$cƺ#G@_>4snrGwpo &.%=%v䚶C̰-q*x+?M{?6y" װZ%C:jǡqHWvZ&V՘U@ 7%BO>80g| Pdc眏uK6w`QDoG= ıw`,72_mu1Y0kUOk`&inyt>}H1n н ^1mUO̵4ߵo&g.\&_RQ1z k8G0y&˒ɩ"8M}=n`)7\u&hZ"(JS"L^R& q5DC KHLU?'~Kxa$NQĦfjp 0,IsvRM |0n@; sƞ-nys|öك v1֊\T{xG w_N&~QwVDH$qSS|Xj1e ь{K'`_r"M.Q\\⹰%oRkwެV\S(?]GUVyiȣrLєޡmY4HV81=Y|2k4{nNw>+;o"? b[ d$@4L'|ܥ0Nav1#z7a<\9c][ eH5vٶ R M:&sW7B*̫ 5Ɣ୧J| a~`, %nӊf_V>VQ0O H1͙)aN. +J ŅexLT,i5HZS!C]bNijWs1OzS)~"|90 DT{._«z{3FEr4:dcCxgL h+3,OQy߰;m,錺*՗HYI[ꚙqI@k\)A+o<w Ks? cƀMUyyYq vFB_/Cxտ4in8W*U`z8yp.q"86wvwkec3kV2Jh(s?W&19| 1c5zhfKT'2:)ꢱz^*j_PsE|*"쏲X߰G_#mc<ٝ ˂i&}N'>V*[ݚ;XiIiJ8>/eJRE[Z? FI|@uSAFx![Tl`CDN@&8'[,mD=cg,ݢ*T'~y:b[fkS$.+4ck9k-zW\jW¬d=b]ن[\󓢸F4%TD W{Ӵx,6  Al-xl1βaD7zq ՝$ E ko'|+VdNrBͺXN&Z5pZ>*ZY=Bt >q63a"r%v uP?=%b}9zw43iQ2E!OSV\[!ax eyNw]y\1=o8q !fr*J5@u#ND$lSMle +IwV ̊ܩz5PϨBӓ+BORqGǑ.늀Dց*ֺFZD6zKS(b%#\N]:PݶT6\:vteVXwBRtfVD=NEb<G pvJX11L`e2qKnبcV+!61B2cմC89lϺ C6q.9BۏذG2eNk] Mߒy*ϟhPzD 2[ 8K 5oi=KjsQuu\4tbjMAFhT3(V :9MLpwI=K^ڭ ;#FCde8Ի&cvO{$I:DV=HA9/xIW+HnȇjnUԵ^}11V&_c/3Pu___*[ TŪ`|?@G*SoHxjo;#̺/a]Vog4w fPWtQphy@~ T\3 BqxgQ0sG$J Q-'00@.q&&]B Kt[aw3޺y%|>xnIފt/F@BpD;9)U+>QqBM#ʷEУ W6pJN-@ o96: p#F_\%85SRA WɑjG'滲X- t-wo|6AunN8֊JKLIdP\6 NL~tGLzHNgP0r 6Ѡh&ItOndLPho*fb}V)ظ["[uLJ- OTO[Œ=,gC~AunE=O L/7q9;i7vs /n`mb~Ah&MR6׼}Qt;.J!/k兡10P!sD%6c GJu2*F_깉OkRv.;TGmȨP:&)]_CW,YHGq"0GC8jhW7L IDh  yK4qA8w7ai<ī ŗ|Ko-8r;10P\1y^GW oZBԘD-Mt_wghupaT, $L$=:%yol;(XgO6+ &zjv2q 40q'6ޟ\wjðÊVyP;;O 6V+TjkFk:p.C^}5uAVER@Aa4Kގ`dpʢ΍\=2d<;(cǫY|KU6B$f?TtȪMŒ(OrNQ6r_D[ cd]+YFC*#ܢ6Ig%o-,CkjjnݕXt!3 A h j~5h"6XJ`\Ҵ'v.erc5SG)ڨ#u(أ3G+W)(W]c+QE/N͑Xsm܀ zQz%u@f'QA-t E5$5Fh2L^ۣZx+v]]-9Rs2>Nw'(to~g(΄RP- i}}}`k8ρV/ep !&IJu:BR1{<@olxp܈havh~zvwvm@e6t#WI[ ŀ$ <%zX 0'=@BoŲ&^R">ւ ?#N×{=v(SdTbTyla{hp)bx]$(?1\TYc7a-$ ;,rn̈HTd 8מlf),vY1TgKelږ 3ȯhJQc?mR\hYhHfv~b4"j-}3S@_d+[eFH &  &s܉C!<;U 8 CB*ElOެ* e?Xnlݡn:S OJxxdDܣ kQe'RZuNZ 72=;oV׎dv*,Y'vY3) 6a\ gLޯi~V\Et&::سزd;nB'9Q?ܔmp>3pn L = ;ەyON}aUFg{ʪJ:7!`roP]b$? =PRER.bd[k镗D39v,3ndwr#xY}R4ZpS U9pv+jfΡ1ҫ̓$ߍ׃lQc)O+4echx+C |!Χ0g13cJ3rā=吐Y#W0iv*hb8 #*:uV]0W臌`/4J͎Fܠj޶-p;FI8K+8د7P* l&q@$wJetOwʑ((~܏lɼpWWrF\oኄ&1;^6'BrNH+濂TPuB~TZu Q5ԑtUfFXkժ2-ܑn6ylI .;YCƆ; k+g_+zQ{d`VԻ,O~_P6䋮y>۬yEX/'it5O۔`S\g'N w&dԂd[I^lnH$q;_dL[~t16ELaW,6Z=U!P8=k!`^_Mo/#Z[TVTvw KN??c̀H#WYgb7&9䴣؍{/Xt9d^C{T@Ҏ aʹ} ZV C}I-tET>j?80=8t0kk2<#~ҁĦ x.r}zCJlsm^$6\>Gu/Pu\Mh*y3UCX6UbXIev6GYEiάu&|H4ƈ;_E\,M\P38Oy^G̈ #;DYN~?(h4_9CȈIl-gZXx ]c26(2VKc?iCܿ6E]lVPB-7xa3/eʄ_ݙhMe`vTR. ߤwogHkD\77OsMb'pUQQa٩cNPr55s+|PVOFp#4ϱGyꕴcn[V~ŞJHy`p[^:jbH:jgd ^]2@5xY;SX[nbČ Q?sSt2sT5ܲ!(([2w+M#Ư]^A-0J{Y==>ϥJVnQpOX幾gy?`>s?Nqγ@8ɒX_a`XEIjDe?{nbQٺ}S\YmztclCxB$oouE@uwW`nZӑ8*_6!z2FNŽ+<'h=MbJ+ʨN٬%woe(=Tg;Cx̓[S^p*X?SVF~P7:<Ŭ358OgF BgrYO=;Y7snͺ>^ MD1tj\,7Ϣl&)[؀9\:,ҫDX\a(5L&6 ~k1`@4JoUrRM-_ -j{Ppo v"L0$x;>5ȕ&,AQ˓R޹_X}m!ӱGqu fGVFiyojZYFYF8wqy4 &$i$H =r9epuGD'β&w\jOo=k_oYfDԺ^u ]i޽Dy ԉhM0E:3NQyؖ{7TAq2GiIbsG:1z@Ⱦbv_I;!4p:hl7!}Ci8_)! `󙑅f01XYR8?W˩^8YDXe=߮H5?f SMћ3zd+;WnNǾ2(,J)VQMNgD@‚j|q Cm@QA)` ykkKH!fk,Pl> ooIH?RBdyI?-4gis` ,h@DsE7BSr"2h,j! ,9B+[]Dɝ4D9R>=m D5h9_>W:̒n|9W05d?=p\SkݩHp%۲qWr +?DPTI0u3:ā;&= 4 |q\p?XwM53muW@ 5;@vؾ$L}ZJ ^/O`6͆*rچN)r=+5>oj!8K>?O<ݟ` &hѓZ&=c(P$ Ta${)\.~C9+edHp 1+"wX6}Ƹqm\vX,߹y$Lk/߅bpJ#?\3ϩ'/:g^'=m:pM|Xr]͇8J#pԺˇG(S?o9Aџ<M 7TLd& PV氎Khr@w-vm%>0cos4Y"VRiSJG0 :bԨЛI)rKPmx/"䒕 -I20V+<emVFag"p9f?[=ɳP%_Xs6͔D'U+oB-D 8d gV,6ۥ3FCkϏΐGky=3g͔8A6XdFDX+,TDX|ˑ]hNY>٢>z-UKd~+7ͮH=HC2?|iփ|KSc״z1Dr+SwNdɀ"O9=PETLH.xD?f-(b@QB?(P)km$ߍ^r*9*aPrxC~}QVn~8yvSv޻⣼Ba'LH[z_-Ƚj&q%{.LZn/Gr~ADG!]Oj^}jL;sEʫ:vRɷud=t6' ?V1"x z G]A "8%A+DsC`eUsKq>,{QR:v&hNoʬha0?7ݢ/HW^ =&<.]'kԍhZ* &¡ Q_|w ]D)C51g7l`S1 囊, vi0AKk8zC*!c/nRrV W8fo"gN-Lэ1#br={x8$E3neeO@8<r..ڝ'6Ms1i5[@ m&tGg@[:_ޥ7:XT?${ʏN KגGYvAhi3ts'5@g dCnow$RuS|-i ?- G#Ϧjy>ռHʝ-Z%?+[`E4*Z eRa܇}V K.l~=~sNje]*?1&PқxZ˽q`7pn]s0 t+3S)UVF=2ⱋ$M )v+nۤ͜_!0GvEB*rmw8$OŖLɮ%{?pgT k'$";T/YV3y fp 5R8zW 2KL|C"#=aHz n=q" 0w͠xgf9RE<咊^%|Ψ{idP*)'^6.~O mK)˙[7Zh15[{][0?BK4VAx OɆ ItF\Qz 옦`q } {ԂJPj@H3Տ_ .Jn

G|o`Qq#k>7Dܽ=ad@oJ4#w OC[e?`C$+H=ɬ&w"o ٰȇF .'j0>GXǪ*/Je}לfuw3'"uٶ{&4Kg1_]K!wȑI`ۓiէvCRmh=%SbysH,Ʉt C)r?|Qܳl-ޝҗZ8:iP`hf|)xhӉVՉUFR gEoi\V*b`G{rk2S^qoAXKZyyv-TݚqM`R]5^ӬG;jr㘇^:}V1kZSg%^C#TƊ6jr#ᅩ*f/ 7 QQ9uGċ"+!D|^Ņ퍽"L[DW3;T?#q xП3|LL6˜9!&a9W~9J~^˱ۺ~ r,ONT \WW ˝M[-} =.@zOpZ!aH;O0]LD/'#6ۚ)n9j6 $|n(( 8*6/"9x‡L ^3 @#qr`/٥yd.9(J:en(0BY?vY~=n@H5>O@5ކ=$c*7*=mzd⸕~_GM`xPѨmU=t(olΔZ_Hb`#]E(`WA^h%⥨ͭRwk+Ő JVrƮ$W&dYjRY(e%n7G^HOb0Ẉ=@. \]d i6,8x*ÝAU3|rw[bPVR[i;0~Tu30WsCl3i 06n CVB}p6Q34XaCcP/ ůc#IS-ro'ޗm<GU|x#Aq*m0ZT\n%! /ijϻ~miTUtV+|KpSKD*]وP P:a6]EReEP6ьpR!fNzDH7Y ᫦@c@ $ZǗT3h0to `tbQ_FOMgR\Kw)eQp^t[efb>c']b2k&o_;gc @˖FL.7H>~qX1boӠv'nԆ'^_;',[S*]mH,yevވ93g}o,m\X&mq.h?zceqih6 *PhB9`%5ЅVlL<]jʱ[w'7\\^t]+}$gnU%rOnB*#®SUu < ]+.j7{+ŒjBkRYlFb5y(#/?ͦkߪ)pC%u1.OEK#1-+Pj6KO(7˕fU:u=s#-X$YkSZsno9ZJ&\%W%F/z{d2䶄++Tl͕c'_b+amY^ 26oL|?RLxNh\g^ToO&a  T %GC˪TZMcg^uJq"Z ?tAMN6 6]\աl1yqnxfi1B?W v'-ZoeHGH=ld ,VfD@r-Ƚęn3Uvȇ'6Λ˹Rʾ [gq*S"HZ09:<)PJ @KffbڸJD#ܣ/{MS ^҅ jR+rU,FK_%+Қ6Ƃ 㟩.2Y(^g'm5ST3Pw.SehUbRcި-1 F.t?W'YVI`a >1*W.:*i;HaoT% ,+~7<̣|-eNwl,`{_?4a/rbߥ Btmp 0L8l5ƖLYw/9~T"E4ʡJ&.ʜ|M_# n6̗Y8==R;g`Ԯ mBsL[:O>} ȞInM:IѝN桩?ݚ܂f)n#.^)Ո8br {$r~$Ӂ1/]V;D,I yWè2NOKV{\[툵YcC{[fO 2(ޮj0n#bVodN^im"eTsީ[9[\:fYXD =m}kEj[j VK&i5H]7w?9vbT{C4aʮ2dz:ak):'V .Py(@D+sQZ!Ͻ}:] l?x '2V/$v.+X ܥR4O4ۚ+tbU߈W%{JpZ"H(!z$𯺒 Uٱr(PΎa ǔ{9$cڸ.M8\ahF"0WVWYTBU7 m3d4ɐlkV{8D)'=fVwt a3bQHka9TB%^7EstgT9R!BI35 o;ds]v"'K@(增啒m6 _|&NFkjd菴,*T%rJ` ^sY` Iw%CU& 4*~;6Hm;A:k~MCMyPlw&k~Di)9Hʝ܃V.8 %`fK1ubch[/B(og$̷iFIm~\o3P_ǩzֿ~oȆ*=xy*H-jhoixRs>"v|&{\`)!.,:O M: fPGcwﳩ:P{Y]WÙ|Z\H%67Ck?$o;.@JQxנVaa &Sd8T8:5;Ԇ{H_әļ' :XQ'dگ'ɵqô$1O+s+YÅ51(ٺ$QՁNw# - n`.(W@f¼6=̧nPޚ PB- #ļgͰ7zK @yÔi }6A6z~v%lL^#)k՘7SW,L-1c93(H%Gp%j^ 3ܫ  ;dUD]ɕuVZJ#icR% PR6lJ4%wUs}ՕI̳{r'G}l;kZ,*1,sa^!7cnNiq]B A.r +?E$G: I~Tm7[&zZ0/Y^ @zs#9wtא$2Œ3'e娶 q#%cvABiKةSUd^-92Q|~&>-Us'{w$fmѷF /Y)SX81{E̍{ i?>x";x)VxO_Ƞ7NNA'tΘZ0̩Vnj魕IY.,L-R?stkCVlmV YeI{πQZ Ikg=!x__y隇Bm1z=9%Zo῅G61 Ýw,֤ tӖ@S[10eVf9tg8&@Z~UV*hE{Q gG_W2tڡcc 2:a36IteUoن &&#o7&Y5|+Fb.icx\tTRvE#VQiaY$.>Q`\3A jHFrg{p]G4GM7&9ePݼ7RU_w٬fWj*uU )&sM^>W_%6G@ \WUo*z H5"i&Z*nK4 SwQpF)NqQ| :(SȽ$2v|DClYgo?m@25[9{D&|oQr!N.IsÉp֙CjU$8KF.֊52,gMr~q~{f3J1Vwr񨐼sb 7yPH|;K=,UgSI()PPÿk 5p4!$Fz=,4~*:P[|T\fE ~pHvV3L|I![Ck~:LTR;Za.DLB&K d`l.c0sR I/&\i>]?NFql#{Rw +?7 `09[Ƴj9Cm'V$NɮA 1Hܾ޾ᬽswYiR6;!4!M؟2&cǘEiRYT?Xء6 1վdډ:ꐮGUTB ӶN'5=ね@Y.ҔE'+:Z!m5yŽs^FO'rlEބ)U%UX>4(B_yR۩J%Kӯ<o@w4Bc> y:aIth38sׁ[ .^a{$M0 މ4BV!3L8 eY;ylzG~/kd)wuVC(j',pEC4ͧH1>zFTPaS܏f9[f ?Fl[{}ߵ Z4+.=cY-`<33=Wf&8UY5P-l4ٖS-/΋3-MB)8&l$)RA̼8@);BX%B) ~8cʳ ,w&p}'.$ʓ6/5tԙZ]vk8`d PӚf^/h/T(2 CuLUuC^Z+C; 0(=C̅}o+#"aS/Wlƾ-^Hkz4a넟ne<}BF9ɀR2ѮUl=cTS"@S`MtU/r#UN¯mW!D7-AUA6J :Qmbzy L(39PiCgZ U&sB8P.)^ec}Mj˿$夗/nѼS2g*Eɨl3:Fjޅ1n]Y,5Bӟ%̩O_"nt7MÄFvΫ X0!Da!eɤNN uc !99#8a5: nl{})Ȧ/?[ԭ1O54 SE#|`rj |16^v4%>C˲N9t%"%YƏB= `MtID`DxLln6YG9/}͍֟.(ߕ;l?6 n6l؍^p<5G64ױkvdKih%^xy*< ^,&9( DMw1@Ӝt5[OtLmȸٲOy%7׈ JE}_׀ ̬UlR@׳a'D5g Zm'LT.) hrfϕ&ɺ=_ɬgP$ 6C-,uxe%)'cn?2R,F:/!9-?J@-.Kî)4]c,1Zc3Nx!Q3Ǵr^?GbJ߲"]u5Q1еB]9XɏXU%Ս|e:ra2 ˔ ͒n_wEʘ&hs5vQC@F{"G28 \¼1šWNJj`WKLMZ:Q6|3~}3j(+Ͻ3QMJH hV^?*Qpewkx: cȩ#ا]]36q^o2J_vִ坧 3斄.P O(rm)h:X!o9 =vntؒW(Nh?(#p {Y {s?RI#/ 0DW3F҄۾\7װZ"dHKc,paf_I2@Jl9=FPGL9T,G8{ֽUDZp?!<_Qx Q <_ GSkaYl _éF/wa +'oV3tBH)\=:/=ʧpA 4.y Q]qݤ='(ܢ1ț\&2+]׎]aP@uCͱC.cη7q _=dBD؜΃c#Pkh>;r;QF.u=Nm٦խ+#Q͑=V;O,5%kck|0 \M{B+Po"K1Mi x4}owbkϋd%pI+:+2DT ks׈LKWbkeZP%E7P5- A_tגQT,NCiwhͬKnH+ȈboYPg|"ȼVZ:ds e-}@%G]Ӭd~ ^3t:ekMOr>*ipAMftQ);'B \^K̼ ,1'.I57R)E6nzJDb&H|ٴ^ɹĎg_kAU@o Vtas͍3aa'ʂ XA;& `5F܄i w.cs$* zFB|y0B;LNOhMװ $VgHj0IX^?b]v'Q?J7Ū@_n ;Uubh5ڒ/$Ċ=BX!Wh kiW\ux"hAr(@keXT.f3hnl;GI(z? ;ZwI,./ԵLAR#( ס|5;#ki[AE{T4PU 8*U4(R˫3A=jjPĂY|)ґ'iBS7} ?<(;. HEuAX=лͰ $/K?z*L!{I“1F]Q E#2dr\`BIRE-xV}6&x\, 1#6a=`9@M5^E Qs!CeO?ŗ"4$*dմBҔ(G /Ჷ&\IA_7gn)$Ʋm9^3o+f؝mzZ~R,za'k+O@Ŧ@=ɚ+Ʊu{DWKӠyzm?O:Hcx]ߦ[r@o{KF{n˸n\Ln6j8fn0( 8BMA,]nD᝱NY7bk$U9 9ڮSN 1y)]08 Hd@‪*.8qߚe7H@훟x6וSJ&9qENI 9jW4BVOtm'9ڴ,"䵎JcMJU:eZ]C#_kjFD.m9Mh ?{B$yիpZoNӻyiYӲgW\ y֎NIW] Eztcb|OXfܮm]+oWyN$(51ـ-Ez.#,!{TjQ8 l{;vw#[N H?嬱G_{^CQj$&_I t#b'*y]c0Wr)v-zز#aRxb~I__ރ#^f5t>'8.Ѽ %eVޔ{` }tB>5 aIč'$IU@QMлdޜ~"r $\U-sxƽW0Bu|v&Sm}NɺO%a% Wv/eO4WF\OAs]` d!k2J9W'&vK։DHz|׭oۧwBY:vG}ތ +)?nC%չw[q_wSd 3r3>Ȳ9# \0Tߦ#!YٶClϰ_&fkEy dm1wNu]U="L|*1C9ݔrb~SKuRmT?n6|@+T޵ Bّ-4RvZWp|aU;@5OJ)̼}qXc#'pjT`CTTWejuDAVV{%A-̅Ujeg0]:|OCxcXqLNrQmmՀGޡ\T]s{O)W- |ՀB[hZ 9"}8`(#z)c5hLtg&UNu ;ĵLZW%9s|T̒SHH\ְu<1a!C{/S<KC٪zJL=4' d\8Lʷ߻V}ZQ:x^g憅X[?JIX ~A[\vw߂;Zږ:@`Wj|qۖO62 9F [6ShEXM@Ye/9N+M6TK4ɇ"Xթ~&F̬D7RJ%;C D08ݔ}%BruaK# ȲAhވ/$<8A-u-Ҷ)8=pInJUźjnWA+_HiLcLu=?)c ü$/3*Y%T7|~A ]شB16X/Z{O܇nQP1cyLbt5M5zu?KK3h0o!9U!tbּ8eu>)lzȑV@FnD~i'aYFy~bI{wv(иU*u3]٠'LB)oh:h+QY[kSޥ>ժ*?ڣwphD*"4u15LnHaK>!<~_PNkv]t^ptYk6N2gU$w %+a riТOÌAsޤZGЧѿ2-cf݆8ceeT0Wc592Da7|b Yd$&4IҦ k9~3J*(i@a8|+ T筹2]GBD`V)NkU`7dаI c6oQC-(jge?F$#^E#dԺE Қy;dkr=&V2PoEYiط~A^9ɁKo p*{jv!N\K4ftcWL |E4Q<ZBa-(^a1"'eN0Uޖд& sL_iWuزO7!g*E> iCyϗ׌z`N,1mͼIhK Qc.#2̦f˷)m1f^;(ru :{מF9`c]Toycz<9O cE1ɒ"hPaQknJV!qƷwG8M[ H%փ9I`(xX,zL@$K)J!YCGl&BSYji|gpH@774)a g8j J \ݳ|c 4đծw5qN/xZiOBZbؘGNs˦a ~&ؑ[ҳvK۫̾ 9Jy:il uWXft.z΅Rhe;ݸlئeUxz]]Z Jswu(E !ysۺYج*fxùZUL DZn2}ђr2&8dj:U׫ٕ9D|xMkBdM9%%~fU-;kK-ggh ܪ{Ya滖!.dj\ >[nHʇ,&czCv)Sy%a[DǎOX Eh1YX|ҋBg$#ף'i `;FeS֧?5\Gʘ+M0gu$(8,}|?lT3~vu )rh'&e@FKISfr]x0d|uN;Ԋ]Vԥ$+{!fmEɔ"8ʿkit\DZҸF$:./>S6i^BOk{UDlumR {vlNb|Q]!8KD但X}hR {ٕ;"o`duf%)ANL$ݕ)O6:rrrd1M=!OBPg_Jcw;OF*QsSnz''( Wf!Ћ8/31ƭ "dfhPRa$:ؚOxy<ۺY3F[/_ҐU䪧B:Շ@2͐?Y`}v,lE+?&JDZO>d;zpL$i`'=7Zt ƝOS?{5M\+b]>(\~=\-tYZAt֒\$jLSd `[]T+-81i3x*mRss݂̒1:%{]?Y6%r~bk.RE\`raoW[wN3x8N3WvgDMBi `gACxlSD6l5e GQ~KTr\WƸ,@. G-Hmm 9G*n威Ґ9bEx-JVؽƯ ȌYMu揵qrӳ **0uRddy>~y)^1'(tהm2~s5+n-؂وW|-G;xjE" 4A!oq7Ťͅz7wlY!3C?5l2ȓivO͔z^}ÈQ,ҢM݇#I *inIpx`e|Ad6[Bv> i^l洺"OMgg‚7a'=P|W-Me+`FPNVenФaYSyXz-=+?c%eRi"FL6N^`%!T_]أG`zm]"uc& .9d<yA#6沊;91n$f=2PPmꦶ7L}g@O5A}k9u.-\%Rj(N?.Yeؕ$_|R͘݋ oƞ+V4 T7 Y zI4)y%f⺳؛y݌T7$k<qjM-Rnҩ:]an~xd;QJBeүY@u(܂ק+av,RQ%?o!ݻP ZP ^2Eժ[h~ Ouɖcԃ KNM ikdY ZS`J͵(. 8:QcXyQ.=ssn< Gu X|hHXsF>P'|A)I*ľ_,~^rU0Vӏ@3"8!-_xL\6`IAyC|b7A#WJZAj4'@,}وjIN\.|pʏNqD7 J3EM,A9EּDaensar}rZƓN5?Vh۞{8+lR@sژg[/}<.4ܼ7LA^?$宔>W|'Cx)t#YlEEzQ7Blo B[<-;e!PCf 8JꨂHDӍ(Jӌd丣^1>|;$+#5~xʛ%v-#8#Wn^ vFU bܳ 3Hl#oE0+ϸ=X%~e^/HXS|SR^-jAHuMso͛2Tu02@x^,_epF`  l^7AN >Ug]iJxgBx{~1 lVB#6P czL?i5m7-o8>G$y` (ŷB %E{l$lV.c GxO†k0Ւiy`$+ xKxrAU˜`ާ]~c~w<ضK:҈a3`Si/GA*1qh(Aby[6S4ebybOR^q M2b/BW@g=y'`p(U}_m PMk04\V#r{d M\d.@]D ҨZX/Pq'0#K֚4!"0>߉jH="lԼzC0 X~t%o1"[[XkSaJ7ۜԦ@IxZWܑr_c6T,v smø{:i 8DZ: +4kھ+C6Xb/.>.:n4 Mn =v^]su*|QB49d. =Є(8uEHQ<WnI~kvZuO$AidI*-:?6Sjze~&1MZrtx0\&I6GsULF8(_W?r^B p86߽:qwzQO$,sg"8io fny?NW2E2NYG2Qiy Ͻe/?,7h:ds!Q.Fb+Jeo܏Vǵy{M!Y $^yʼL++:1ц4w./mTxrU4=S& bIc 6"YyŰCW .z캮fi+ ~8EcLS{-hT]hF҆flmQTbVmMZ`W7E3O*2$PHX9Kld0E<5ʦFTnV6`$Ce$u2ɇ\ htJ GD#[G1NQL˙|F=ޤS{69J(u7 ; ה>MF~R̪ap3N(I-oơ!RMTg2I>Ð. J@?q~`ѨEa=^*gU{ vÂ$* ]iXQ 1/2գTHXR ѴDDa)>4kfeat\`6Ew-ݕ{8<ISr>veNE@-ո/2&`x'38; ЌڜD#==QP_W]ư9Du/NZb~Wc}i WHьSwTw9ig!NG/)%]!6Р)[d"oMP&i_+KMiĉ^kB(%F/ʰ$%{F +y70*~7Gҟ1K'YyP kyX'%|TElffle|BEP${0Q p-0L+x{5̳'G5jF`i0YǗF+.Ow?\G,Q<_ Tsmc(f@[3yҮ ؆= =}6]\F~1i.&cmWY=~B3qe{騭/h"*x.Ȝ[U-[)7Mї]qDTQn2aeb<'K'{Tk268,#|U}[K-S(hI&*@m^}DcZ4#x`ɭݴML`]w*Q|jQ8wRLn_N#d?ힹ1gݍ+(D?%pق~Nvo}wC-;~ЭU i6!)0tkf2Ƶ}[@@&ރ+cR5(([펮R%R+c߳w\-ڎhSY"ہ|1l>x~ҫ Z>g hC_UJGI`֕ir S xBxI-o >prsp¦kxzޓ1;>^7P, _m4M`$̶p#~[+t-1)"2ؒJh2k@0Dr)%1L7UB.h=WB\rъ%7\_*޷sBz_ ,TYӄYZ@[eebsd3{OvSɜXj|1%jޥ0u0% M0~JEmQX5~ G1 ԔBnD;?W,FfX%NEm,Z&XfdVS"לrI?߿?sQJVW=_d}[U<\n;گDp&l@yݨ.hKW>Yq.QCe}#8㙨.vms.J*1Ph^̩=]iR/[cQ&Q)MSd[JyjP}\3@B`v2j*".)Ӂ4++#|(?]M,XvhXt@~NCuNrvtkr9"PnAv&Q7. a߼2̋\U #,=PN~rI) pcHZt>+Ȉf"vj_?wK%RS||`T$si?+y4iw힀-}aPL4o.,+o|xvC(vǏmʉQJU2\׸Sp7&Ja~RY'92TyZmC *4|*m JpZ(yHh/vزZl=;["咮Vg8)!ɬɘVF;Ol!<4H]WY < \_cִ̩Y4]":lj>f`pt{ '-d Ĕ"[P#',mDDLP H+R'G1HһF^!::7ސyL?K"/+bcEV6V_Pחj{/4>KXoL|X y&=sp;Uj ȌH|,,n>UC)Tv v`R`΅7sTª! J)2DG?$,ߨ/uwmlri=Q8/S$S}W̦tھ _#=~!z=#9S|9JhO/m-s70`q " 9h4cp)#8|S29ioDm)Mix^#ͱdlU5ޏn תhEՑ]6>}œ)XraAM)yR;d [Z \4t=8} R;}DV1*w5>OۑҦeBv Jgqn]=E4r%L_EõpsE 2v6_ lIX ~'PcT/^d=gьkU M z %/l]Ғ "u;,8bEʡx4X6LX<'1|x˅"r!^սv"m*:|X  S2ծJzQo@I,b{#Eyh[4)u1x\#o@@k,i+;{ J"a?3{Q>𥀎2T7ǎty7Pspثϐ+#BNU!w Sw+ɢ1LJP.]zBЍ_ʼ_#1U}xM5 566cSSV!U~:OrHnhN YQWH;"$gjK7=6*sB#ß: ]8T^oNHHʮ֫ X|̡ i55˱NтM#($ :#^ /wFvYg1,L`$;^~\^ݠT e}J9p8,TuZ hGN-x/ ( ɀTP Ш+j1XRոQ--{+!vICxi67ڂ,dyaHakf*1؊O2+դ6A^-sSJ`]abe Oa70e`=h]bob GlxgEnG?z,! D&_vS}#nxR r1hz^%M qʒ2a["M%B .q618:h&ɰEuxzܮͩ_<~v~fJ̷K>_3/=,.e+)L[.%9a3kH9H|ԭDw]:pV!6nMw14]=ԁg!^HSBxUZ^NAa o/7Y6[2G,ۗc(|s Ը]ںd4zt?E0 *O nnOV65#0_=ރF)/V`E{Jps^} ]8Ȥ|TV= _Y̡Ҙ:y\ߚfd Ow jq '$f!S;6sbŤ@|MbL?-j@8ys y+6fk&Z-Zsc#H;u3Nmgh'>Y| R9Q0a.ya ̿jlWRi\x4gׅ`~y15$ o)me$MrQZ{ve ]#V7:}1?0FD$c ʔ*s<A_HfL}]$Ȝuq7At\b&F2~,96wUKqj;iez^@AAKB—9Ys;,*͸s= ԾJJS$=>'7r6x`^I]AV/:Sy1U=pKsܺ96*O^գN╍n5(<΁;퐳qY 2≺T31bC?PRe؋ [ͳ0yi!L)|3_1,~95d@V@e,*a{^(V9u}'սXR@۰!o~ӾzI)9򇞛 pQ<ߞ$ `W"Ţ~CɖG3>O^>|hAXL竎~X|FM>{K ԨGl%/NRFoZ$ƹkT7}3Ѿ,`4 i ܲhL="wfze=Kpd z'G"% ߧ r3r\; %HclB{'l?){ȣ}#ܦ+$點PCUzClχ[\jxTǝs`5 MNàK0lDH )pLS_IE>'cJ%Rls+17k7/=߫ԘB?~pԍtVntdq(c2\!HT "?锺X{_'o"&?78̨*G퐾Z ?G+f,@A[cVf˻^Jp5 UbN4azX5Yinu4\[}Xd B0'5z~882/hQ 8NHo|UO4 Cڨ)vgJܤRZi8f R_M&Gdia|~@POHgxbYllԇKPO3|Sy{{(9W@SB0uQؾϧ?2A M2k*ȳ]|-4 0+,nbc-XDpg9C!)\_oC 9F(k`:\$^")D}3]h8 fza2z,evTuej4a RfS/c3)$_pYS =>idG3d.  *׍)}ӆ [gm(J<#X;*pmke808dJc6ܓ)q-sj'XY vS2AU,;x>ECj6Q=C4%A5%F՞:[X|:Wiį=Q| NhMhyWku\-r\7Yѡl$q 1BӦ%Nbͽ-!^qZ#e 6Ͱ'$ׁb7cE'u 8ދX]9އdo=1/~@NŶ~u_fx .e5t[7{= !sIja{Knvc?< 5<'! %oW]MZTFLl Gy@ߝCԖ!s_67 \~6CwoJh Ę8B7]9PW64^~1SKڒQUO H19}7wjDg'I 0oCy8]H9j$` Cݧ(:1x(D@곹??]Qu U'&hF|ýNjY<{~zIQ^iv:2.RH6c"]ā wNLWOJ y0 Tg7D7_$%>ډluSo \{jl,TH o±\H)c|IyI 0n)0Hy,hg0)WꣵG)G!]EXigcuˆB_IG o1]娵ug*>43vNFo|sطQ( *L.ҵc/"8N`8@h/ 28f`[4 "̈O}@ED <uw޻xʍ_l=㉟Ss!]U/p c5CII91JΏW(+3̕ p]^wʟAR/2q,^B`+6On߂4m4 f>؋ Hl$5 a/4j "e$sm<{Q'<U qhT/UFA̗-.&Xf M_֊:"g*+4Fuf_qQ$8ޠۢ+aVg>B.;lΩpv8~; K,XK)y,Gs5泅`,+.RI\Np)O\7Ɉ=]Ƶ>BK4FW )Q'M E Sh` N:!AJ ]܎n* gzaA.9"̫:jz 0gg]c *ȇfBlJ !.h1[$ab^^bSqW2R΂:, C|)F 1,&_BDՁ/:0jTo)m(̶ s S4( ^z':b)Ftoo}>N]㶶 !1`JgJal>#*4 f'?.GYlJQa'Q?='deEL7)V= m!ū '@ e,|:#!*"#ԢPL=|y.H̰9,ֳ)D>0A!nm_iUıUɲp3&! Z)Vu(~9ND>Abri.֮Iʖn|]ǬZ$tkTgFr~Fg$#E4BV?ߏxE]!'9mM944?(` 5msit/dՊq^czE1yvyϹ'=a|OtjQݐ[+vp9X8D+~U|Z8ֽgP2t6{X t6 c*9U ETqБU<-m5@WXQ 4h6$l"0\ϧ||A#| f̮X2:8.ļ&4{{Ma"R1#017ũB,X`9AoW¾Fk}nP0K|`tg[ǻO#La [ӿU9ƫYu╎f;m}>Y6t5BrR5Ki3JT!cIiAA}%PjY Yxo+G Sjle4GՓa;ׅOZvg~١̚9 rw20_S 2ol!~Ps3" \5_F$UB9: ՞;zC w.Nc&3XHd~M#p<@SSR֊o/oy+%O0b8`ߜ8Kp/꣊5S$q@՘8[r7[ D 9 tLZ1g5p|)ڌLt}i]KlLWҭ'&IK1,jN ^\i 4!v3Aԁ3^H3y<9_g9s=bAc׀t[ $n"JGݜu:y,6{^V 2[5J3~-̷\)Ϙߌv#Pd +${zNr#3-ˮ,PC%GLf]S 4ݥAF,K,յy>HHo^UJ' $ѢYL+nfzW޶fY)NZw潯'dcԲ&b}NX9RPe-S,} xHLdac/|:RH7 /;Ժ % c\`7/Μ><CFA9AS1?8(o(oט 8Q6a&]Sl)`zF2?QO@@~2hF_ 0:so5ӯ4"V82gyo[8:H;!uQ ":7s:s,' (4#1.e"|K"Rqccƾ|ohA57``}XKV4UrLDBz[R1 B\Ezg%,Քܮ@&:֞ѐFڑ5,wd&|buA$sZ6DNGo#W/j$ahV%<'c}h :":Q(1`j<0xO~?Cqned@RQWP`&Dۍ_>~ AɜKIE3*ik!4,D -"v.:sJrOOV‹F Q#_BQy%FN{]b)59׹"2?CR} sZti\p_8= tLd+Duab?~}:keˆ9?gT5+*`Ođ8߬>~=FDֆlֵY7,,qsHoiRR^ve+@ 3:f &gIPIu}`v斱R:%KG9sv*ݝ A4dE- G/>ԙ>01??/^:j/q5qmV>vzK"{v_kvnb kEEҺIT5~s-@v@0֌UqY,ovjUv6b%\X1%,z93\.a"kW^fz4X0r.%>Nn kOZiϹ!+GN1[I`. ^J&+&?at,ݻnBQkR@PIsƙs[+m}-cZx:_p/YsyWmy{ i51k- < 3eCBK6ĶYRҔZ~2O;!vvEb=/ ͞,mYUsknVbH{XaQI pÓDF_틴k딨mBc$ٝ zrmD#l!}[pOYq l,I~l)t2bo/Ti$j)ȉ(b#%#cքIvkD!UHW_ZRU[T~`{pBZC>1'DŰKp7(?'!zcVi:ɲ׿<<ڜzszwTZ>v!;~դSİIV>)-o>yu6'w',0ncpr|UO|.Imz:ewJ`@/yr/wlR#k[w2M:?8f[ۙ٦dynUE&rgo_휠n+Ѹ2K OG}5T0O)ZP7;?ңDSE&*L:XI̓inHbQ:XS&ßsLVk s6]M*(D3։ocLX,*Mڊ >?&`UM@"P.O7KaJhEMϔo벪wU}L MѦky&0mBzJcO=nۤ&WiU #-`QzGf11<3U/IB%dg5 lo7XsrE nV%"܊>t l3#?zb¼Wm쐬{cԤC:Zza !fOCϷ]3'w?\ Jbչe rV+s S7`|<86K mΩ_ /~,ErWUf{d?)g|?82 o9s(nPY㻘K$Fh1M/{BsTk5'Z 9#?Ju9GC+bqңhh>ZW iǝ[w!.lE + j(l8[ MٺLOrwShhy8}ƓY ,ĚWdנ|4eEIu8Crd^3u}//W'"u-a8u6e%F>Υ潺R,tw{D= JanߞlDdK+Lc4pr 6TwHDZK$ۄ QxW]Jdxn}d(jSK.Ϋ^?Tft'R0ITSOFչ%)w)5ý@1SdY[TzDP)=eB6R+EsK>3qABcH4[]+ۑ~ܧ *&'Y R3d2k{uȫC& 9gvm(J3Ɣ Ҫ̄& JwZ,M7Ґ~qE7h6r`l^hP7bR.5d*܋* htf ކP.¸;Wvo[ D;9~yxYH]X(>7r'nZjmV3-9oVm3la[sn]VhE dz"tЮۏMӆX^ OY_f8A *UY-d}k@㑗Ҭ %x>> W`qPB$:4*ֵO&;C xM t ̞~K ~?뫂 ʑ0 - sgOx+#CAxK츳ѫL'm@2ЃcY.` Ź#wp+𧈔s IC%NNs9v[\q|+7Z8s{#34H9FL˚?]rGn`Wn^饡"ՙS- CBE-381!\7$}4d{:_ݙW @t Yy|qD98e`g?-9G0 |WhREmOOYD(W>&7juTW:LBI8G_닥ĵHBݞV0+3LԠgB!1g|b6=s)|?ܳ yx(o unz4 GG>7JN@e<d 1^ cһLp{]n8b붗4&evd6f.ory5gȂ$P<QJii^hqgr>Nh:}jGkYʂl9AFMHhsak7rboPxm@ 7JU$A4sE!F\/d̞LOE^}bR$ї]^ Թ)vapZ3] tSTjaC7^V̴"Cŧ =.t{ ʌ Rorsz#>f~ȹ9jߡmU* {&J^ D9n`z1־ڋN^8I1hqP')+?.S0ŕPI}{v\N f@I3"EGA$N߮ӄbgG=H[;hc^lFpW@Ôx>[Y@ErPZ/d_yGS1j {HQrIZD|n.quTP2?&9ݳΛE#؝'c/Ofk9FMMaH¹y^NszNě^nDN{`Kz~[48g~+/O )0(嵐3+w@O=@ d-Yq\:A$kKWV._+ɜj9F&ND0eY3dK3WW~36SCOBƔ!!IKAKx+Y>֞R"2e oatE%W%R#GLC)qȫߪ4o@J|?| cqNmk",Dun?5Unp&T ubŜP]]XPʴ5a{"Jk$  ] qW8Dn N̲^p: < %ѻ~[$Ҋal%zR`,Wc1TQ=ix2A-ܞ!TWF\xrtP-(j0N`6#,sZ/xo]u.+ӌ{//w(% ಌ+ˆQ[emQ: vUJTE p )'mqNcBRr#-G\H(_*Z2@vC˞,thYQ&JDRi.ʮ_ŧUvw䐺SvrP_ǒn& `:1l%utC)s/U[LX8)*V9+{TRV$@!:YI" (Bo*NxK 2ʥ Vq"nD0$J>aqzq!VRLt`ŵq5c90m&HΨ ¶˥&s{Ɔ,:< (bls @PW<&jŲп/F4j̪6iYv9rD?z!da;mxuE󤄨q߇ʠQƒYQ]ͺg5h[eGNӎjvjg=cKix#=𜡿#4#>r(\Xd(AZq=}q8h+#b]86 QO Y0$" AR.ĴP@iCU;P Ъk!nP6wf p֒uX\9 /wҵ.irl;zRD- [돪 +"ћZ*h@-‰b1[%EwLG3O لeJL! gNCͥ#~_3V5)4Bynq領PIlT~'I 񏩍oQ>Z`*mJ)"5FRJl;lA)y!AdH0=1ź+{йw4?$ 2K=C = ]1 cZ8r!Ֆ#P8Q(G;h3L[ӊهrwu)y]cyFvM%:S 6[028o+\wa2swL8g J=G@B8d几}nUCxm=BC_ JV_xqdVJ!)E4tژ?ޏq&Aqp4*:p 96*XQ . ԜRG[ܢU1Ӄl`yt*xd~r6!Ll2ZMbLlHOkS*t)އ,Z4+{3&K vGJ]O-ZE.DcY '5rd@OtPu_s瑈t!DMi 7rlղ#8qNQ ڈʤD@5ZЁn[@u7B] (Dy_VfcS MI_UUu/K/bʟZ=JxY)G>}POsCGa0BX$ҧ_khû 12..|I޾7iYˆL釾 敁6ITZ!]Fs.!&]5Tn<2檫Lvolg~_xVTtOaF^4 b6_zqtd1?6֦cCwJav._7 qewM!;Pv[7X ռH|V]CgeV;91fc*σ|{l6/%MN*JKS;",QTGṼu 5"zQS4gY3|+uŽEoڬ  -dҶ&.@'e N酴 27̀ai{juRq4-iu㧷ՠLG"hXpZ!Ο5RD2~j{:'J'dOeOSsGẓ8`-mB{kw f"4I*+,޹L=wTsl.VgmXdSF7 yܷ54hgNlUfAxw֟0 q?R=` nGV'ھl/]_b\G=('N A\ʨO <:.H4ޓ-kI_ Z];,]oJH4 1ՄuK.A:ȳ彿& ў4e(ќQuZи_X:ㅮ 2|ǐ&.a++ ^Q-Š ŠdvJϯ}̠;&4&ef \^pTL L]qg((XIAdHUT}lԱ ߳;'eGAm.Y&tO .#5%̽Y@iIwaǏcT>"/=;0raznx< Gr H^}!aŴF"ﺃson);7MԹn PӅiFRKx[’p8kG;C#AZw]c'^8w t,ʳ4awgNǔf;$2LOT0cW&9E2Fe87*b$c6#^ΉAd"ތnL ܍XYjn:a"DQ4K0敁8q>ho܇_.v5?|oyE򲝛qcQ1!]!m&<%]MBs[egec$MÁfF4(4iڠ ,oXyd2oc<.ZL}*/]x j1v|Ox0ޣVUhԗ D;4_ tp C=_1Wwʐ $R)QK a)c1T"<5,~t8T<2H b9rO_^b{yRJZ,%6$@RnAT:+SKSN]ލ#9p9K_\ox40JS@%AOD׍hn!-,2ߗQLNenmIn~ѭ"[׌l[<&N'::`[p4ZcA>zM4$Ci%4!08t}OaDU$b}頍.:+xgV:y#RGwe&oSVzՂa/ LvSd\,&JvR/\y"Ez^;6=%Dl&Q:y |vLHܡ<A,XO# B(aB>P ?1)_O^w`"+Ţ^$rnL١S0FE"W#fYδ_j4n\`a?S"DG(_87rV u ^ Bn$OH! 'Fv$83YhYTBAb"Lc-HX"զخ0X72NO77ҨS*Վ$=؇`kA{[W; ݾ,>&6ryKA挃sa郌2T.MlUU\R =5+;0  ʹ]T%Q2'aP jѓc>mg:? 4%\ϤtۋݭJyn}5% P@70{l8;CiKOwPw7[ѸgOKo +g?b@1rf6{~-w-|PeQLcYå@ U,*>ǻ{ ~YI^}T(myLMg2$SԂXXJ;8ag-w8V㒀u0`j02Ŷ1 =N}&a> Y<掫ZF8MY'hs`\^<eoqxܟJe~p Xo&nk()#]Ro=(/-O`k^?'yU/?qIahl{%ݵ70蝼*v4aQ')mAaMv![^Z7?x.H<+%NV5% v@XܝN_5m]Rgab@8.-ɠwLy$k2k1#88mƹƌčViD< 2Z2_ Q &k7+URcS)ޞ9=f[fjr|.%oe]*c"f5/| y֨\fЗGa@dE$=kz0%+^?dZY,̅#F b锳~)pНo14{׹wb"jFRq;8uJ_И SFSNuKq2,SNa D $l. FQ_ փ1=d^ɒMpeOYcS+e'v13(h73}(F+w"ٻP- qd-^GzP9 D BXs}Nmٮ?BV6Gڨ]B̰(6T$N`y+ץ^@i #F Nx!МnY;I`pSJ0d 6 b#S]…M?~Qg5$;r^˓.fuV_Ș_Jrb+nVgpӉS& a[~=a#**vS-|!?a_bkeh^Q]`83nAGLd8?34BGl} jO !+x,6zaM$:Y<٥Ki#6i 59O c#EaAf QnɑN%R9bGjWJy Πr|߲VLw&he/;A!m?bmߚd9FCd** :bCTߔQh/fP8빶V?w`3l8KrIA_[wp 0=Vf"#yopưR4\E͇S[ OdSbW t)ȳ֚R##wbM#rbޞ6by@4kMQq?T5oOI=/Q>m~%X/4O&v@Vԗ˴n$V TٽUuc-o;SmR,t~Q4XdO e[/W?G]MN\%u13lҵ(j(fF p~q;Jql;V@ q%aH'^c Pd~_BrU.fP+5;*yaKؑQdBRmeǝDL7 } iSyTVկ)+a4d|&3$-ZyO1Tȍdad> ߣVlXqF/({u{k+Cq6MΣcz fĆuY3_rl2*ϰyBvaeKSFҦdo*<:4 qXgS#*y>Geː nf$-BAlȌJȝw:M8 &4z46z sPΆqI']A}8ZXB{+|uuepV?r4z+_ô܎@y@+MTN%@U'k*^.*fOu53%/%g8Ij<#ƐuH'~V#li7) ]9㹧q0eC5#z5hURGn s…§ SFi#Tʨ7@ ĹXzFz1%ȵ4BcAtW#sT,^ !$MI37~ 2ˤ:Pf"n9rKyS""׾O>Ǹ:qdE ۛ4'CQNG4b"ןDv-ۉP-q&#o"E;֌iQᚲUìPd|A@\Y{>`Ch (e+:iޢoPf>BYe Kuɬ^-s i ɲګ܂vƖO>K!o#K"[bQ-[m|~N:BL.ˣo2FvP![t׭8 P-=r{`O]1T~҂" ukn~uqPhwϺL"jp_1.[HFչBWgغ͙҅{ꮅs %@ m'^n7ElI ȫo3/"? A|gU^x j{ 1Gc q}f\d9ȏL_Цt6)Bk&gC(2Fƕby O'RBɜ[? u\0ۃjnvNwGjH -yoe6yŜ%v ä;Qq G8M[-7@'_s7:?Z4$ۉIN&%LcKP%WzǓlM\+-zSffw5gZfaBc-S{aH?X[hqcɈ,tXW Woz@d '>4J~{)k{YM24LhՈ#dnFo?95vHUIo !W-ݧ)$絏4l{%tPC6O"TyCh9H 1ROsy% '%z Th3R'Z_5lWVjr3euf}nڠNfE6+hC LȞQoeI~޷1ni7%,n:* -񲰥5PRG jMo>o< d'_WjFKHzw`Ou$o ]JWĆP`8ܩ}qf!j'^x!/GVsک )SNg&: ?q5ej̰o'9A`IMG |7hĢKz\>~GZT|ux2>gL'm7JirEhJY|Mba5+;BLәOP֯ TǎvFi@KZwIV J` *A/~_&e7 t`s7(HEjG,ed^P _6QFÕ)Ų Wv6[L5XP4SYmRg`7?$otފ?~J]}+|m1M|=q.+,@bIOςĎVsݓS4nosۡɢ0@1<8#tZH )y&IlY Ro2gTbnKzbUYZ/^!6}F1B:Oi_)l֤{;+<IA֋:)Zʓލ.E6 }E t86Y`Էu9iC* Fƙ@lY;6#$Oct= B:GA%1[:PO)dY4%Eo7J:;Lisڈ xq۲̑@-y\(d{2`89@OuMi4Mtv]uܤHF2eLðTg N`҉֏mtQi*#D 5IHĵxjb'՜%6S5~a c)v+2[1c{G9󙞫n |o`XK͏d[9%gxvUg+`aGlrDe*:o4S*?t:o8lN&\UX$i/G7*&*4G) 3V;lGu.SG7g n ril|DgӇUc|a!4'$DnB2؄5F0rΗHqwbhirx H[x$aL1A P˩ 9D8嚨CE#Bg`,Oγ;o9ygQoblS,(Ԡ{W[n1s"&4Zo'nvc88%TJ]/xRLz#=fa珻P"̼裷!'UJ/3 oz"R),. Sj!V$1(M\qh7 Ng8M{UcW4U5@@WPGH'D_&KmD\ݏD=_b̑8-*9Mk𘹾hU9d7 {tD[hFM}v!@ ?3RQq!sƻ|5ށA|A1 kT}4*-р2pP5RZjdH0f:[o >Cr--TC|a04WyZ>F)S){oa^xk/7] t1V%L@d N-eirdn//:.R(c%ʳ*1ڍ|U,qaz jSy#$@H-I#o%bR_#SS8Ϟg 4,[*]+1/|Lo j&}6- TlVX*r~@ę* QIg>>DQ->b< ֍o&w) 95u gviXH0 ڦ{㔅S WiZk6]c;NB'g7} lfSD6 o+!#$fܻFFwIJU criiJ+ eG#FB.}KLǗ])ե}>>?nastMn.*:U2/rԐ:!;&Cg~$-<={HPٹA6V39,/_r6i.,t3 } bL f %P=hRa;Bz S^jn:T,/7&^=(\bHj* l@ bo# frGrS쒦Ba\_0?<?[":IR mz0&ea >  a5 nOF \К~I4d!%4{kg8,Rg4Q;ZakL?w.AI pue/F Z[3\ S#>*Ң5m$26LX#L\Vx,4MIrr9:bFág88trLV~.isn{sRpqRʆ< R]H{H}?Fp_3M E'oX!r2n 5@cs{ AǭmӔ꾍Pyu/'h^}I PTJ0m\:¼%<_ϲwho# ~.]*'B¥HD9:19֢ikD$Q) -4^ex^TEmK-l=f8L޾Mŏg{M l56؈@rmZB668Vr`jL?} e' rʝHHk!;ImjBWQyȨil*A\2B趋Vx{2R]~?)_ߓR](!+O؞?$; IAVEx4ȃ sT&O /݌1c|]e`wIUOiAw3d_pr OS? ՞+ZL(gFn_hl"",@25~\Ji褃aŒAVf,[ ;׃vx"X_j:2\c2zNniQ\~7u!z]3j4'xTcfl"A_俅յtAʼlCڝFfz;M4[崲 U! AzUki|Ov >~U *ћ>$՘FP;!u20 Ӑwf1'7l+B֙ }̯@H2j_ T74~5[@6F1GhO^Q}۳h6}Uٖ/X;GgG\ }0ξ^t#{gF] xV RzQa UkgДCM0## ĶS`mWN(G~+⺣,pcֻ[+VziojG]h] $0ǹ8+t74,nH8]\.7t}m 1ܿj*Yӟ :!ϳj}PY{_NP 6\ UJ }TxbX"9Hط(m+*!:.X~btƯQ8C8N/]AvU%Tnr"Cm}6/t/o1E3>'Q+ ئ>-g^#S/ΕfX?A;ET<[a*RÕGUN(<+|wQ A*lA7g2ua pHtgHP!wgjFTEYdvqOCY<;?/;vcads*ck;33%!=@;7i, 9%?L-۲ze8vh UZ\:Q”Qm~}/ $!KuMR rJ^Y+Ĥ++Tl,LAm.(>},P(hA<"6dk?t%=Q7 52d篤Y3-(sޠ cۜE73YNJ_6,8c'XCiɟQFi'ݿX1=%۪̒Ӭy@oM,!en25޹9,MpOIxFL3M6 O[ڑ/d vyxY=sc븉Db|z~e.GrYFfqt=!rAVja—b%N@j6Idi +ᓧ#Hɠa:"hy;qFD@RKK^9Uоse}P$3TU;w&^[x;OK#{'̄V??Ώ H^o@30Ӡ|Hhǡ)(LG49$d'Ou#xm<o+ RZM1}k)HCz.zmԧX{\‚iRv9vZPؘt.S78$q^ ؍QKuCҿb5wa>Jы3\$3iF$2I|NoE,eebAKbٸA sɔmR= Oh󔋶6F$Kݹ"\?3ݑȔr=?ojfDoSg~6M`Vӂsĺ-'WĈGe7#rbJ.` w%=HWYm>da_2].)#Mtg$"2oUvy{穪j`wYckOH^/ svyPC{S2ΉjvTt;5!4Ұ2 KP= 9laM5w]n@\N\r?̗xN~JۿyJ;O܏:LԞ7:|}н1ǾHp3{vDh"uSɾ͔_'8q_H?Ӓ69e/7 YWBhw,U|qQe1V[1H Fc/k*B+B+j[y P 9~k5|5'Zq6=Wؖ8m~/XlTA[sgʡeY0AGRa"h)j\889D|T㮦d4_"Ck-# 1ڰðF*XSwl;_`;vALFoD)6ǾNL0`wK{TC5˂@yŃ` *C^/JZuƦo;?4{ow6 Ei<>S,ht Nc^k>+w5YcMue.-[<9I `! ? /Yگ.JUuT;-0Y>urctU2bzn= Pq.Qzس "CWS ʥrHIc0/r%"՝0d8Uᙻ!=DpϙI1pxm5,#W+o@h)(L+oFpo]{3B`@nYhI$mŬ#m*{KqKשɀO" z/}O*}U־̧PH<DA4Q΍q82@nɏW*',q` 2<]lb6ˎ4;Yypw++Bv:.%rh dO%;V.aW#B}8ϳo% /OeH́/@z5иmFJT?P‹hIQM+*B>_xkvdB6Ԝپҝ&hxef>DI\G9Bx̊kaXV7z͖ ks$;/i>eq e'*G8l)&qrt\A">` ~-]e^*}7<]_ 9Բ/ ¶%RmƜ7H()*CBf#B!>TBy?4^h JV[hV?lH$ 13&̖oyfe&'[a'7%tǿ4!lmYJpf8OY72 A xzC2amG:{2^^Pį+{t)x粹xe*hA8iF7.CD;3ӊCy͔i\Ga/ f.G2|(gNhj7"H.X'cE%]jgTXxpmY\י/E $vNx? K ɚAx+S46tCyG'у #G3oSGʓY}?N0'\jgQ$ɷ rA$ɼ^b?<\/v2 [e soʃI!spV*H*r!???m[M/jp"c(jNZfeݑtl Ș_4ѧ=[p epQV@)y#^4_'[i} y3RHN(iL;j6齊w24&~`:`mJH}uS3ekӮȘ auBmBI ݣ2B:9^&8؃N.k.ݙ1Akj2}T'\d%'Evz?rQ cRSL7Mׁo>3~|+Asr7fC+2c[kX󂂸w,0 n\;{XRz&43C|]$UbE_yL%[F1X$~ rߗ8֐fUVv0!y?Ne.3 6hE+yPmjc"?ˇQFB;zdp@1#o}Wԭ.CX&P2,;| o[9cCնC6G.Ǹa)qVI2@ٿ Г% *jKϷ)P5o;ÀJ?Gb, Z0fXVv7;rB5ѢD`:~zPY-#1'0yIqZ/=| d=7E%}f~pUXh:׹ڻaIoє;S_U`mتAf{O<()|`Rh**gD jOMT,Ƀٕn 1+uQG1f]U^ }G͚aA$A/.[irmvݿ[$GءicQh\T"K ?q]Bp<.)nIT%*A8},ׄ+ W<q=?۸]mX]CED;=D;b07:ro p]CJldVs҄)fT6pɫ5VdyejAL\Z)7Yl>d`v-j w 9ҊKK|'֯ΙYuG3,OȤ~| Ì?CrڮiGC-y-/~85Q$έOo,މt  cfXɸО=$`%.wg6ڵ Jɷv V8- ZF0_tɁZA;m%/0t<8Lfҙ F$L* }!o.Xk K_Ii aͅN_(V93߬74}+ ד ;oG$QCpq"B:tW̛(fəiC/k4 WQ&}J=\:^aYȌO"X~uxJ@0 e #8Ǹ7у]a VInCqFBUa!zl*JYȇdIUQOX#вV-2o)}#U#Iܪ *|_jiJY|ADž~mr_ abc&qҮxk@ ]*?}[]מ`T"xSSIwT%k2CW.\'K{SSe lK! uN@ku>!ou68mhͱvHm͆OyQ &W꺃9Vͼq;]f  Rc?|!}<;q)EJ{IYQ|wTll[兮F")yÏKLb1!^DuCEOWӛWluw9^gA`Vq1E(2Lka?NH«~wq0i i? `ddVU <Ϸ=m`@d9j? E4sq%tIG뼹evfs?L8&SܢiKGv({}$.$s S×3n#ޥ={׮[[+ePe%NQrw3)j!;c.ӋFp_lڢ<ߘLQma~Vv .;s={e-mB(k ǣr+IAjp4Î Fo/H)R{?4xQFTn0O`^#-1)wyhƙƲ΃ +$*|L RN'tԎaA2U[x{E79剳]{Ft{\wʼn3v}jPљ#4`x&TO`D^b/FC+@"+b@!5ֲUaz9Adiba,7إ[L^j*/q%K(~6\18mSS"K"xBhqB|d~qȍlLA9{YuL1xuJȣub,i!Ng}i n }{z5b0!b{45ޑqqFTWl}ƌk;gN z97V:7@cOCų;]u?!U`QO!DX%T \ӑ u%qꂷ =nr\CRK5A:FtfzQ!t5YٷAގ{iBU)7ÎEG)mTG| *XݖWMFܾVg _ʂ9R.Df8;裾;J/Tw3 ]vdTL0qǏUK94Iy.);SqZ+Otb$?[U_4XMkETvSl|@z<[֠ 8Օ,7O[Z?p6yf>H AQqUhO\J[zN庀 YAwV.K˱hO Rd *x2VPn}f7!~K$ƔiBbo q`Z/pL=QU+#1aުF]b0?-@/Ks5py !J}iw?uc OR(IP@&sSȥ)>~\% E)1wg:ؾOBqEqN6f"L)bSx!>3˰6bH90uoȍ1jD;z+_w+T]'zZ2<5G8ӃC#+^aMْ)ws=*hEDm*JYonn:>SD}nj/%=eLG̒Twe|R&eQG qc\95WˇM=g@"MZj*W6fÛ:,8d (we^ЁfMCb ֤A<Z1U~j;m[Y#?4DZO륨ρ㭫}Wȧ׫$k${O`#z!"W6kȲ wNCuv\2'%ơ_VDS}CSҪE)i  m+4L~XPA@ꑉ)2D҇ b^:Wi&V3 ƏϞ԰Ȭ10QDr>{u%~C0Q/}`ɗ0v l^ K0-01%+NZ#N:zz*&1^:~g+-RYShu ʇ6mti&tѴ;0;_m:.ݳ,nIè]l@yK @"xM>%};zhc~SEqbG( x wls~U^mV_U ֋g3ܼGfaG; Ef0r.axvRm)A o,MXɀ3+֗i"s7kHd۹'[W[*`rrx$`z|h*9"ėq8s 0z=]٦Ĭ\c:ᢧ`54uEΫlAgxD (Ӭ  zr%a& 2yV’?IQ&™Pɇ!Z"ȭ並ce!E G$--P$ $lOYwZML~ՏegvAg9V̍NTF;y@f}&"&<z%^#\?8ZLcxB ˊREIYA4q0KMp>uHХ< HmPaE<]E1s|)ǣ ߷,ywdN-*q(e) og 7i#ȵZwN;F=Q C +l_:;8@soF WLA c[f[Oַ^ 40޼me?'Z4MS-AZ} q׽0_ Ț2D@yןH^v~,քjK@wQW6eN5u>FicVf0rpU Y(#l6l`(lJjB3JLFUՒ}n:;ubLc{3XDqn,^3c n:W=u5= n2O0 JCaK[G+[i{Grf[Uq%YoU!:<νZW\u7\8΃rjxkMWۄ[-OickA"Aב% NW7C^'&LA)nR|tՊ6՜5 *%2C&d>V tӥHESɟhdtuW'V/꿸l#*_Z`F`E!!vuq+lf@}In[ pfՆ缌xH *^5inOb*V! 0 %+ś~ZE,3jӆLU8on̮k׺TYК](/l-Mij2f^99k $Ǧ' 9 )R+S9+:f0ȢW݄Pŷ1pLMWvQ-,qqRӿm C+Yv 8ֹ\Ȳ_x/>J l{ Нhـ^2~H L=}N:]?( `Mr-׷ ;hoK'" lUDo/*մu `.7s!J톙(/j ?9 OJp))sK\6UPMD#zZvxmiT,`Mzk{n-Q @QjnH&YIIC`c }5:^Tk0^7pRf:ο9L3N  Nnڃ (+=n~!{l`3ĵ6)JAe/|(Ƴ7itNUb]'y:Q| 0+ lCwXv2m$g}|2qN7`+*8PT.2'/a>^?VOZ _ ű??m/hhs$#e %OK= j" pC3=C/2,l~'YT2";{zM7C.ip* R95#ey"C)VʼnOye SAà{SlzXt..j0tj?ʥ2BPuQTZ "|f=!o"77ky;f`شIJ(&8;05N/flG??z< r4S(|VD&ُHDwBh& ۱\ V@Tڿ6 Tz%&$sw{B fIbDuX)/H:@6MB[UNwͻ&!(^3~'&Y|׸jI>ꄪxz|[B̶Aro&H<:Bϰ/}j^$|A=Ɉsk&ng$20 &N,{j:,_i'5;7ʙ-1 )׎>hRZ7|nS2yuF}0(OxofOkR#* Ww: 3-oZSf}>W gt0&2@GQ4cТigH~9aQ '9cQՋg9P En_}{=E}!74K!d, 6i {id"[` %PoY}~~f8?zEϦR]4 -D#38 |'tSfى3#.yኙ%̹Y7qSXmq(zRd:Kj=BU'O􁍞"|8Y_čf#-_X}5ƒ{,Dy7Z j;]>\6Q\,:K$$Gzpo7/a(&=AAw+3-D+RI ~ R簏ed3*ۻPi$փzES?q.;7qO ;&r*c)=`Y$|SGRlU !KtxȖ2vJbsK7hOˆ$GBZ &759G;$bm[8I_+=%n.}xt(p{{=w0n9d7_CEWlv$j `rkxբ&k>$TIDc}$mnKS; 4 kKH~Jx ϐ|>VCthr0fdU Њ0f^(,N>#VuqRVX"$zdʒ$ba>wZ(.6fe?Ј3P %!r虃N8 `*_-`T@ke Q#5㼲8JX{:lPZ͆*>֛ze!`; !#08~`o.x 0I*r۲$H 躉aHKCJWY]&sq7 z ^Nf8NiiM!9jhf?vHaK̗ParY`8HakdL MwƅIB}<ҘJnr6**@$^ono&JYN_7)̹L2-ۨg,mezإMU HU!+LO1U,,J$M) bs=5ChexPMlh7+L^Y)y7E+*FI0I}q<,(Q]y_^ظ _vhN ~ wU!"K~AE9Rv6}aUM< Gov聂: Am~7]'Fkb w}*kgd\#UvlI?D2ҡm+vsZN!ݬ'Bp]f*8_t ݍS 4륔)AlĻgۮGHGp * lOP\ypEEJvʾ6!M`sعto~eBelzl]c C_>r@4ovF Ҫ/T0zըgT$+U]%kW村7 X- Pި0rvQHmCu-*&hJ~w&*" w\e\rTa8xL$*Y<_}Y?IE? sV1K#shqi|'囟' [@?[o}/J7-C wӦONg=0& kwS]ȉz g{hlL=pC?>Q]Ȼ-6st3c`-$;(,jd:,4$TxŜ鐨QF#PY)Lvby/Wš.r UR\ā,66@F/; 8JI}/̂Wh:D(Ȥ&LJ; M# :Zefu-K"IllnGCX&UYˈvQ'k^eK5( 2Lf_T:Mpэ/;[&DO[{'93PHR?7:@J^H &6D"Ÿ ֱ|vY۷6 U='dtQש@QP/L.5v2lhL]Rmr1\.^o42fJ.XgL/(\@+ǨEYTE g[Ӹ8On~>p=#Yh6VLA5=QƷ#q6oúO8)κϞ`,~_.Pq-p?QzJQxnqm22'ZVgy܂fJ]uvǖ%+[ B1V5ʡ$|;,t9kY𢡄&G(^ '?F4;{WobawN9j*![x˜mIElhSc@~mjvU`X|9!#Z`i掝1s zyZЬXs)b zӭp3V ٍ`ϳ=$)t&vsW>$ŗïb\j FԄ:!lNhi3>=ߪY@O> EKaQGD\Lo];/_涱a+!Ց4_тlӍ1%'g31"_L\D柙!ġy2Oɏ8 ڟqC{Lû*(ydqx]X ?x2DI%P.FAȻT ?5$4%빇/lHlPMIU"Ht:f9n"DZn)K2,>`sHrh$ݖ:RA[֓uVufO+YlGòF b dzIKf6+!gO>8IxQ#Z8lfgܛ+s|Ma5@X|P T{0:wHvwD63SJM0{\ 12h8 @'T~<.@n#^fL̆ur1K\Z/`,WA,jG' ;¼JiL dR ?4vBO BSC  yjmXԓkO k4.jt$L(4G*|֓AP6|S!1 gbvOE451- _ʕyKcA6ZQ>Ζ8L%dU!f~]nhKδGZpGcI+t- hlqnh3_DTZixh|Ts{996EWvF_h4_4(+)C㦏htҁ@*||2O?d2gNmTvv+::USht+y *b^ ¥ X) ;P>|͠ZࡖpU| q'1/9Bhw+nW@ׯҡ0,B]7s ;7IGG'WB\͆Muރ4E{! j C,Xr2b9عBaЊ `waDbbګ諣o]DS(ĉ`!)X; _bd60>8ku(|y2G8m}l6li I6= 0֡QH6hعUFwTC^ޱ+ /Pq><K j}혼o>rblӢȝ7Mċ*YP'I%u ~{IG7uCʽ ۠'"Bh 쮚\154sqw넶LEhI[T< {y,GcDe-Tl-$ؔj G S^p%"!؇0L&zI]w`I #{irJ}d)b{寏]EwzJwJڻU &2? ߒ]o<1Y;\^0f3g0HQGKpP_,|j0 5YC0m)Zj{M׺7N#Ws_ |& a]:XB}*a6=GuBDzhB#xnx-X"T@,{*8uڅlyBXFs6/:tls|dGynQsYm3.5pT_4uƥv.M}M? ʃ?V#O ۴2&s!wĿ:N5%]](V0: 3YBpL4VWH enjQ%~@ W rTZeUK ^H\y`>t xm"5_6EPH$Ok| i`zܕg'AHsyج)WW6A \2DlZQ \qn[#Hif(=Bo!@$_yH-ex~bL.B``n<;-z9Y1 3faޯHѲc#z[E aHWwBjd&-gjCJ˄MDYT`*1VB #f9j~`ӷXBu\Tm$Mg,PD_^iDh{6"!ii2!L'Ub a-PsA& 2WtM2/}>kOt۸61(v[`DJKJr,lA{36R/yxR$S.<#϶: *'/(6!͜f5T(?FO P_tMVO llC`6B1HW`ujEe XmE3<. 0&ٞ`ُ=c"-IOvl-݆jb)h6 +'G?S_Yİ\q?S/V!NN.GSSle1*cR6O^̳/@4 1\OwkCfLdlfX!LM-,2níwS3& Qer4q5ހy@X땰4P/D2MAvf)h8b4[~4&w(nktZUuPTHkF6~9i*õ|%߷Cn双TW idK'KF]̟b' EalWBW|BPxEK#?d TJ/"1~_jMٲ;J),Z 24'ArgQ ~޻azj*}f>V\@;?Z4j$mI@| :gd!=ʙq:e\ѲcwTe~o3"נn׉F<2< ܆G m(#?ȃx?AAɓ4<X <.x"VPQIKs] {sk餀궲80## X=/3֤~Z(^#ُ0Nc< ,Ǜ%n/.){1BXb7=kȯ,+ TR~&Eb5 ˆ/LRtVFl%i s *4ԈR*88G !Z ,׃*+؋&#<YS$k15.ql ä Fw. 8qٻ!Ccۀ_Kw=H7M˄R+Hg= c yN,6<K}`zfwt`K &: OR(!3*Ҝ}HuV2ΆvX<bF{Fi/tLa="~llɩT7Nk5IyH/Юz7/w--f^y5AVT$3?B;9n{`\2޿%@`Uͺ4I L'KގJyO&#ކ&)YBN]P% TC[2˛L~<)㐔-c@Bw X>bO,.h(APK1]mk[+'؆ 5{L#/_5^˭ O~eUs+v.ZXS{$܆%鮔W>b\¬2,64'^ ak9dp-/_Gmy|U^c{h_85 H•Pi# W!ؤZy]"̥#;=ȕ6z!|<> S,!% (iBkތ=OvOcxB6G쭷n[W4ۮ#DXcOpLm_g{} 5: m{0H2"TT7ศJx ++]L!v"*N& u0Ps!PgՊh/Vh=np\@l#Jpjf߈᧘!a?ʺ9L;3?)"6З3_kZhq,ozzY8NJxJ8C7=%6$L"rE>3pn1gT؉g$TcBUUeȏ[HtEKE?VZt.f2R [45 \QιGrD5gQ 붽sH~H-щ;j"ځyK /!(M`EU#‹:WŢ\y)?gE~"vt^240NدLʾ8㌩B8U("g#J,(%T, ci;zZ~E<蔧i~da`V~ :^, ,>8& LbUy_t3}ߍ6e P[H}3nDk$Ltw?y  {C>Aj)}|`01PGeЗmز}VT 騩X9CXcnDd,ߊbBms EOnDZ$v1r?mKڎk&&A jNL{zThuyfZ̀*GMSiW8h)y$ :ݬM$ɡ45~nvʹe=1u/Ф c%l|uSP5'Wb}ݭ2 1km!lx\E^euvg: ɷJ-F?hw!%Oג6Gj&yͣ&>zDNdifBZEey…w=ثq8j~z-+ΜldO.%SU+MA뎤/0$RLo_W h<%iҎɕo.I@ /i_W) 4ȼ>Cd81B1zIuv5(.ԯˇM7-Pf7c'VYC&j _(gFOEղ2҆ZXĕ|7Bw%ZQH̯\n^5VoJ<ۢr3v}'1o-õܼno,;D[?[5:2 1PsHJbOKFwӪp<Pj#i%WC1.hU 1ԧI((;-×$h7(A~isgJ!9? 9y\U .jG+ʇG D<'gXl„'/~KFOH T~y$thcfF$~W}6U( rM ۵NhrJm)7IWX +Uzo= }^[ptl.YhNzH|y5g/RrǍXm 8,<@nXԴvrظwN G@>Hz7ę+¡k?mr3;]ڡ«Kl97biH{ɣ .oO{hJ^F=%x}_@eu\yihIgC 5CHF1 WFU9:!5MZS>T^Ш"BOD"Y_XڤXy+"m4w˲e*[ (6uV6F4OWXĢýtR0?Ŏ% u?c |ځ0([/ֶA, GO#B6e# 8ڧ0YPG jJQڭl.gZc:8t3/+s(1T{b Kl(2PP͔8/ *O\HLIP#zlUjF+`X'Ś7zE,-Rxj-"sX5lpI4kɸ.ɭ՚b_N=~5#Z(HΩXlhR :/ 1:vo◈~grDNS&@@@1VvKaGt5l$Ovo:E0"aΰgzH]zV5>`;m69 " B ٶ\힖0a$l>9A@.ğ!W #渘!GƋJ@@7.\C[x䯽{@π.-چDy Cis!lByůFܠ# X{cӞ-K)njAբ cA@ػ 3LE*Q-pxp3LTI>F5eRDܿ_:D`F.| MȋT "d H"T)+:Zi 4Z8@z>;ږS3ב^2Oΐv1JcD^k0=ۡYQQ-kی6?9k[~90M9?BWȐN?g6 esBhU3GǀzzqtwOݗ_7֟k;*6.,(G*p]ӊFhZX!lW!Bi`He>{Q!xO7?P*Fz(ģ)Jg ݬ#-xHx+U!o4,ry-JOM!Zvm)>}M\+D\iLuM?W`UfF]&HAKLVɹnlK.RAHzwfHWgsXbŐh*9 8NEiA~KmU i_] 9mF94y*:=&g7V /1oWxdm 8 3 lހ Cc^)C :;kN#JtnЉIb9t3{RT/$x,˪EԃLxP+8$cL#8Y.<;B^ 28ou8Na _u͉|i. `2@-氇=S&A#M#uTN:??(Isg=4GǼA8{BUg1̃vϪݿ U>cG>l/-^MXYy5}!O @ 8~  aSP/puH |Owq/ 710e:Fn.ݹ x,1`>5 p;P܁N`azټOY)h.ƐZB?Noz8ӥہ2H0TR+B>NX 4ZzM=ֶAڰ(/3笫pӄ:PK)ra#|UbET#Ji?qكFo11cGt=)gɵbL]zA`¤mUԷȋ難.=|1]n6WՇ:ǀva'^)_hJ%onVgc>kPS_LZCaƹRz&iՅ#E+]R^N\ԔKEv)jN9jvPh2fa*LlSo7FXȰ3. .TU?wsʎ69XJ8_b"j*P`p6=]8j[TwivK/xN%UÎKzjg41TXLF_x2+x $Xx2yY l= r}b+(>1MqQE.k܈7 =-%64'Z_=7v/#^/2gX5cEw&+37os8^&><׈roP6yޮѐ3ZVwAtr |wt An6ѥrߍ~-{<`&[ݲ))`yb x >$ЯXl4vW@jufP`W nzٹYi(j}k"א*qA z.65.7Y4aNQA SYFro\X=wp t؅]rv #hǨGw8j!\1͖>O8\[o96$hᕻgn[$뜎Ɖt*L.հd{'/r`QB)zfYhykF&Q*Da`T6|nWt(x*x@_ZZ f6 Ǝx Ow:3iƥfikx8ˊѫ43ݶ YZ