sssd-ad-1.16.4-37.el7_8.4> H HtxHF_E ?*}}mjy q?ݦ\>oM/>AhNY#Vceebf15f768a46b4cac9c60cbc26a2774f658c5d8T;¿Me\.iͫ<?d   8  2OU\t     &Dd|KK K   !( 08 8393:~i3GhHIXY\]^ 4b d e f l t u v w x 4y LYCsssd-ad1.16.437.el7_8.4The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server._,sl7.fnal.govScientific LinuxScientific LinuxGPLv3+Scientific LinuxApplications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64@xK0BA큤_,_,_,\/_,_,425f454c2d872d61948449dc6e1b3abde7c3257852514255e67a8fd796c87aa943eb6450d0c4553bebacda545eb8cf2ad13db009e0c9e2f7e6471fd4861457988ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903b98d6debb4494c09b55e8f5c95cd5f7e1ce6a04b0386a14e7a530667ede5b766b093c71893d4e0c568f01762a1df3d0ca869181b0eef66839e7c792ff9b24146rootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.4-37.el7_8.4.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libcrypto.so.10()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libselinux.so.1()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.16.4-37.el7_8.41.16.4-37.el7_8.41.16.4-37.el7_8.45.2-1sssd1.10.0-8.beta24.11.3^n@^}^x^r @^^@]]*]@]]]@]@]m]m]p]p]p]p]S\Q\Q\"\"\"\\\r@\r@\r@\\\\\\\\\\\|\+@[@[_[@[@[l,[b@[a[Y[Y[H@[E@[6@[0@[,[,[d@[[Z@Z@ZmZ@Z_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.16.4-37.4Alexey Tikhonov - 1.16.4-37.3Alexey Tikhonov - 1.16.4-37.2Michal Židek - 1.16.4-37.1Michal Židek - 1.16.4-37Michal Židek - 1.16.4-36Michal Židek - 1.16.4-35Michal Židek - 1.16.4-34Michal Židek - 1.16.4-33Michal Židek - 1.16.4-32Michal Židek - 1.16.4-31Michal Židek - 1.16.4-30Michal Židek - 1.16.4-29Michal Židek - 1.16.4-28Michal Židek - 1.16.4-27Michal Židek - 1.16.4-26Michal Židek - 1.16.4-25Michal Židek - 1.16.4-24Michal Židek - 1.16.4-23Michal Židek - 1.16.4-22Michal Židek - 1.16.4-21Michal Židek - 1.16.4-20Jakub Hrozek - 1.16.4-19Jakub Hrozek - 1.16.4-18Jakub Hrozek - 1.16.4-17Michal Židek - 1.16.4-16Jakub Hrozek - 1.16.4-15Michal Židek - 1.16.4-14Michal Židek - 1.16.4-12Michal Židek - 1.16.4-12Michal Židek - 1.16.4-11Michal Židek - 1.16.4-10Michal Židek - 1.16.4-9Michal Židek - 1.16.4-8Michal Židek - 1.16.4-7Michal Židek - 1.16.4-6Michal Židek - 1.16.4-5Michal Židek - 1.16.4-4Michal Židek - 1.16.4-3Michal Židek - 1.16.4-2Michal Židek - 1.16.4-1Jakub Hrozek - 1.16.2-17Michal Židek - 1.16.2-16Michal Židek - 1.16.2-15Michal Židek - 1.16.2-14Jakub Hrozek - 1.16.2-13Fabiano Fidêncio - 1.16.2-12Jakub Hrozek - 1.16.2-11Jakub Hrozek - 1.16.2-10Jakub Hrozek - 1.16.2-9Jakub Hrozek - 1.16.2-8Fabiano Fidêncio - 1.16.2-7Fabiano Fidêncio - 1.16.2-6Fabiano Fidêncio - 1.16.2-5Fabiano Fidêncio - 1.16.2-4Fabiano Fidêncio - 1.16.2-3Fabiano Fidêncio - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.0-25Fabiano Fidêncio - 1.16.0-24Fabiano Fidêncio - 1.16.0-23Fabiano Fidêncio - 1.16.0-22Jakub Hrozek - 1.16.0-21Fabiano Fidêncio - 1.16.0-20Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1842861 - sssd boots offline if symlink for /etc/resolv.conf is broken/missing [rhel-7.8.z] - Resolves: rhbz#1845009 - [Bug] Reduce logging about flat names [rhel-7.8.z]- Resolves: rhbz#1817380 - Removing an IPA sub-group should NOT remove the members from indirect parent that also belong to other subgroups [rhel-7.8.z]- Resolves: rhbz#1816031 - SSSD is crashing: dbus_watch_handle() is invoked with corrupted 'watch' value [rhel-7.8.z]- Resolves: rhbz#1801208 - id command taking 1+ minute for returning user information [rhel-7.8.z] - Also updates spec file to not replace /pam.d/sssd-shadowutils on update- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider - just bumping the version to fix generated dates in man pages- Resolves: rhbz#1784620 - Force LDAPS over 636 with AD Access Provider- Resolves: rhbz#1769755 - sssd failover leads to delayed and failed logins- Resolves: rhbz#1768404 - automount on RHEL7 gives the message 'lookup(sss): setautomntent: No such file or directory'- Resolves: rhbz#1734056 - [sssd] RHEL 7.8 Tier 0 Localization- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1746878 - Let IPA client read IPA objects via LDAP and not a extdom plugin when resolving trusted users and groups- Resolves: rhbz#1530741 - Trusted domain user logins succeed after using ipa trustdomain-disable- Resolves: rhbz#1713352 - Implicit files domain gets activated when no sssd.conf present and sssd is started- Resolves: rhbz#1206221 - sssd should not always read entire autofs map from ldap- Resolves: rhbz#1657978 - SSSD is not refreshing cached user data for the ipa sub-domain in a IPA/AD trust- Resolves: rhbz#1541172 - ad_enabled_domains does not disable old subdomain after a restart until a timer removes it- Resolves: rhbz#1738674 - Paging not enabled when fetching external groups, limits the number of external groups to 2000- Resolves: rhbz#1650018 - SSSD doesn't clear cache entries for IDs below min_id- Resolves: rhbz#1724088 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1422618 - sssd does not failover to another IPA server if just the KDC service fails - Just bumping the version to work around "build already exists"- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly- Resolves: rhbz#1714952 - [sssd] RHEL 7.7 Tier 0 Localization- Resolves: rhbz#1707959 - sssd does not properly check GSS-SPNEGO- Resolves: rhbz#1710286 - The server error message is not returned if password change fails- Resolves: rhbz#1711832 - The files provider does not handle resetOffline properly- Resolves: rhbz#1707759 - Error accessing files on samba share randomly- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains /trusts- Resolves: rhbz#1684979 - The HBAC code requires dereference to be enabled and fails otherwise- Resolves: rhbz#1576524 - RHEL STIG pointing sssd Packaging issue - This was partially fixed by the rebase, but one spec file change was missing.- Resolves: rhbz#1524566 - FIPS mode breaks using pysss.so (sss_obfuscate)- Resolves: rhbz#1350012 - kinit / sssd kerberos fail over - Resolves: rhbz#720688 - [RFE] return multiple server addresses to the Kerberos locator plugin- Resolves: rhbz#1402056 - [RFE] Make 2FA prompting configurable- Resolves: rhbz#1666819 - SSSD can trigger a NSS lookup when parsing the filter_users/groups lists on startup, this can block the startup- Resolves: rhbz#1645461 - Slow ldb search causes blocking during startup which might cause the registration to time out- Resolves: rhbz#1685581 - Extend cached_auth_timeout to cover subdomains / trusts- Resolves: rhbz#1671138 - User is unable to perform sudo as a user on IPA Server, even though `sudo -l` shows permissions to do so- Resolves: rhbz#1657806 - [RFE]: Optionally disable generating auto private groups for subdomains of an AD provider- Resolves: rhbz#1641131 - [RFE] Need an option in SSSD so that it will skip GPOs that have groupPolicyContainers, unreadable by SSSD. - Resolves: rhbz#1660874 - CVE-2018-16838 sssd: improper implementation of GPOs due to too restrictive permissions [rhel-7]- Resolves: rhbz#1631656 - KCM: kinit: Matching credential not found while getting default ccache- Resolves: rhbz#1406678 - sssd service is starting before network service - Resolves: rhbz#1616853 - SSSD always boots in Offline mode- Resolves: rhbz#1658994 - Rebase SSSD to 1.16.x- Resolves: rhbz#1603311 - Enable generating user private groups only for users with uid == gid where gid does not correspond to a real LDAP group- Resolves: rhbz#1602172 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1622109 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1619706 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1593756 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: rhbz#1610667 - sssd_ssh leaks file descriptors when more than one certificate is converted into an SSH key - Resolves: rhbz#1583360 - The IPA selinux provider can return an error if SELinux is completely disabled- Resolves: rhbz#1602781 - Local users failed to login with same password- Resolves: rhbz#1586127 - Spurious check in the sssd nss memcache can cause the memory cache to be skipped- Resolves: rhbz#1522928 - sssd doesn't allow user with expired password- Resolves: rhbz#1607313 - When sssd is running as non-root user, the sudo pipe is created as sssd:sssd but then the private pipe ownership fails- Resolves: rhbz#1600822 - SSSD bails out saving desktop profiles in case an invalid profile is found- Resolves: rhbz#1582975 - The search filter for detecting POSIX attributes in global catalog is too broad and can cause a high load on the servers- Resolves: rhbz#1583725 - SSSD AD uses LDAP filter to detect POSIX attributes stored in AD GC also for regular AD DC queries - Resolves: rhbz#1416528 - sssd in cross realm trust configuration should be able to use AD KDCs from a client site defined in sssd.conf or a snippet - Resolves: rhbz#1592964 - Groups go missing with PAC enabled in sssd- Resolves: rhbz#1590603 - EMBARGOED CVE-2018-10852 sssd: information leak from the sssd-sudo responder [rhel-7] - Resolves: rhbz#1450778 - Full information regarding priority of lookup of principal in keytab not in man page- Resolves: rhbz#1494690 - kdcinfo files are not created for subdomains of a directly joined AD client - Resolves: rhbz#1583343 - Login with sshkeys stored in ipa not working after update to RHEL-7.5 - Resolves: rhbz#1527662 - Handle conflicting e-mail addresses more gracefully - Resolves: rhbz#1509691 - Document how to change the regular expression for SSSD so that group names with an @-sign can be parsed- Related: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch- Resolves: rhbz#1558498 - Rebase sssd to the latests upstream release of the 1.16 branch - Resolves: rhbz#1523019 - Reset password with two factor authentication fails - Resolves: rhbz#1534749 - Requesting an AD user's private group and then the user itself returns an emty homedir - Resolves: rhbz#1537272 - SSH public key authentication keeps working after keys are removed from ID view - Resolves: rhbz#1537279 - Certificate is not removed from cache when it's removed from the override - Resolves: rhbz#1562025 - externalUser sudo attribute must be fully-qualified - Resolves: rhbz#1577335 - /usr/libexec/sssd/sssd_autofs SIGABRT crash daily - Resolves: rhbz#1508530 - How should sudo behave without sudoHost attribute? - Resolves: rhbz#1546754 - The man page of sss_ssh_authorizedkeys can be enhanced to better explain how the keys are retrieved and how X.509 certificates can be used - Resolves: rhbz#1572790 - getgrgid/getpwuid fails in setups with multiple domains if the first domain uses mid_id/max_id - Resolves: rhbz#1561562 - sssd not honoring dyndns_server if the DNS update process is terminated with a signal - Resolves: rhbz#1583251 - home dir disappear in sssd cache on the IPA master for AD users - Resolves: rhbz#1514061 - ID override GID from Default Trust View is not properly resolved in case domain resolution order is set - Resolves: rhbz#1571466 - Utilizing domain_resolution_order in sssd.conf breaks SELinux user map - Resolves: rhbz#1571526 - SSSD with ID provider 'ad' should give a warning in case the ldap schema is manually changed to something different than 'ad'.- Resolves: rhbz#1547782 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process- Related: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1578291 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION- Resolves: rhbz#1516266 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1503802 - Smartcard authentication fails if SSSD is offline and 'krb5_store_password_if_offline = True' - Resolves: rhbz#1385665 - Incorrect error code returned from krb5_child (updated) - Resolves: rhbz#1547234 - SSSD's GPO code ignores ad_site option - Resolves: rhbz#1459348 - extend sss-certmap man page regarding priority processing - Resolves: rhbz#1220767 - Group renaming issue when "id_provider = ldap" is set - Resolves: rhbz#1538555 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000]- Resolves: rhbz#1565774 - After updating to RHEL 7.5 failing to clear the sssd cache- Resolves: rhbz#1566782 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.16.4-37.el7_8.41.16.4-37.el7_8.4libsss_ad.sogpo_childsssd-ad-1.16.4COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-ad-1.16.4//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz9x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e939e543e097eaa1d99c2849d1087575c4d58ade, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=2555d406deeb672496dbc10c445e23c6a38f1019, strippeddirectoryASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)BBPRRRBRRRRRRRR RR?R)R9R-RRRRR,R/R;RRR:RRRR RR R7R=R8RRRFR'R RRRRRRR?R0R7R=R>R&R RRR*RR/RRRF?@7zXZ !X{*] crv9uR.FʜsfQR%zlEբ,a >}NJsťPO?{8|5]a)X^=eyiCZF7c?%?ClrmO.@*.!Z>bUaRCG[mnunBg"#Ŧ׉| ~ҸٯeV ]1xzߜ"YjW13v+y%2ǵe?:G`>so}>9>tElӜ9^'eg'*k4SM1v>k1x-%X]rɲl[JU+6LJZ|۸>WJ՟#R,A//VnZ}IB6[@7VՈLRB5m&A©SEBEO-?qEPT5G42v zzu^=aTf4̨'!rBx4=COw[<fk߫CL5M|MN`<iueQZ談+bH*hdi EZ`!/{aKʰ5bP=%(0WE盆Z/N h1+xɊ X?`a0C]y 2"H8[VDۚmJG_ x庀u8g>l藍2p cW8X2,a|b37qPe%ܰ_z\H|!xI%;. 8$4Tl?{ub8)Y;/{ uJhe /^l <VWeh{Sx75 S)zyWWk{,|6'fk4\Dc?#'4GI4 2ҩ \nA<7S6t+ ߦ~BU+)Q\|h'k< u . .{K?+,,QԎ8mj"A7gҌZs08wK5T{C> 7%l𸷝.Hf:ՃEeq$){ufFvadp% ] oy{)CRg)gᄒ!%F4(eI!Fs'p yX>)4ϳvй`1,/)|%M|ny]l:컮P KO]g+cap<0O^/(vexprf= Q`Vi_1tOF|:cӰ>xe1it?T=pqZFռvޯFД4LAVGr`%B.:AC]aq/z)R#t6Pq ZLkA>~HfYpҷyW?+C5"_-5}&l1#KܧrLw+8vi)蟰G8) 鶓DR3iyrEq&kg5H]d"bb3S}?#[>=v4[I<*ҌDXdj6Se7kWxJ h=D9Ge?jMBcxՉP4I'мIyT:jWb'$#޽CW&>cyd*phەRpB~s[řzQ3Q SFͷjB:ͦMOP@]ςJx~UͲoȎQa̍Ճ NoH!P{T)4ʢ@+/}o0u_w*֣}/XHl՜.OLGPB*;IdQ\[y{,LL@n؈ǵWWKʨeQ.j,|9.r ?i"_ (ZZKO&偈G vqYA7t#?|YΜ)Jdw U+֧\H5 F݂dЇu4v[Q~EE൝H8,V2xQ%CQ4,Lђ z 4$b6n{߽pU7V|$mՒ'iyy, M*pi]VXbt^0I#mـ̓SbJK$vHS:vhk݄EU!9 lb酚.˄֦VOcpIi/?]_d[k'e4VD<&/D͇hcDYY52W&y Lq8k/WrY ^!> wp)4eIiĠ" 粂3ERC'Q yQl h/5!2]fX ji9J'@$0:) \&g CJN^^XP9uŽ T:Q*κ? j*wa P'T GqqKY|Q>RDXB:$Y]6/%Կ ڡr7;&ʇn ]YJBmܯ*.LF8aY_^\vEd$6F'xІvXMfz_Pw˕Q'6 -ES0Gdʾ:u1Qqk +GJ 'YBsS4>L#[/XF%f٦Bh A:L9Vo9xY"o)̙ ӂ;K+oN)eY0՟$|T53Hvz7<3R~;Y{H׊N-:kXL'k0"fS2ailZ2 SiÒ/_Tyj X(5;'2H4eN9G'0|b&{熦TDH.EpbAO)U 7Y z(;&Apn;9;XǺ~9~1R=ސ)x9џ.lC'$ӞdͭoOlyA;t<8f5%t߳.F?|?˞T)&@$iЁ<9ZBLkOқU5x'LuҐUL$MqFl|VZ hWCz[~ՙE/yXv37߿Yڞ@>-PA1%kSc{ `R@._oZyϤ/w rqۉ4yΒ+꿸zRA 2|Fza,H8H&h5!B>Ώ0Jm< ~+V 3X)ꒄؙߑ {,Yc^&&…/ ۬<ڍ7eN6;NNP(IdU|<܅G0QA'1F5xbL&z4,r}0ۓbϊȚvdv|ZP5k»24QFY{F*.wA[e>>ti 7Qh>D7_ߤOlc3-ʽr)?j33da$UͪK ZR2e"ub 惯+GK~&> _{2;5SHJI4.ټY g<2泻|ȌkGbp w qAM[Ů>^٩͝Kܷլ#ǯm]Gх{uKG$mw5)wҎ'ws'uBRWd A@/EJ?&*#A X:u$K1(P2ȴ^"ZiBrVA6BM4|BK`&M漡Ψ7?btoNRXPFG`Lj Tk;J,3KdjKf\7iEV')KϯMǫȫ+O| )&Z'н#z%.h|KQ_ЫQ%) iMx3J%yRjO9 SjhiHG]!跌] =_x Mb1UuNa+]. `T8 PYHN~܂QȲWK?n@iVP*)/A6 1֏# v zjy*mQ6}0,c򑰹\7*f,EYHLxbZZ9@R2}c_wy5cOn9Ǣ2:]u,.ϬA 0iRDTMc:V̽|]-t+~lǨŒ?Hv"t~YAoCQiLJ 97̇N2h۔,z*O C0Fss 8.kU&hF`bw/S'[דO%0yJzH߄޳2PyUnS/$zS] H?XeV(䍼UA9\JcՓ`$eg2TpC&!kߴH--Oڧ_i!j$[r+jaS "j|}0&JRգIQs^|ĵGbe z!:kT[JW]{0zm [~zҏ ?U̓1iZّefp  )Ś4avWbjgӈ7,"9V|{)SMP}/ըnKٳHvHh1%WkTlQ?yys I2og=S=ZH )ho]2o$5ZWJF>2Jpg拂"K"UeEl?N'ZC*AMJ!P1{S" U?U1wc垢-^?_e<蚔K) `fY)XY0G-O(RЎJ{5ɵ?Kپg^C*4D2iqhBs_Ew*˫GG7WWEEPTylpGJ,-4囱7RU$ΩD~5'5k{"Bb\k%OgC^uw~]+UDMGqIJCՙtr[C%)(ٰá}C%-cX?DqVnm3 $GUrvEht^zM~ZcP?ڇhd _V䤥16h"5uʷ;W4TKo6tѻQ6Q{,Ф {q@5;n ?-Fj˒%=i1xؕ$=fٛ%z!]džwQf1^?s{,,h $=9Dz]IPdE'qg#N u/*H`=VgR!s={p-(>fbR񑥚TfirLKRuk%!d/mNxDwwhi[:4s4\Gî@myt>|/!ʏ˯3\2>p3¨rn); @`"e4Gg^Jyջ%B%E$=4z!#E5}NSēp,efϹ3<8Yiv \O;RSbT>*b0<1qٗ<^3`-M<̋!< Kۨ.0Wds2CeıA iBbX?(tlx!Bfo]pn;C 'U;e[W4@^C$k5]du j۹QZ\<<#\57SB[icvҬ[F?r$̠r/NT +lT_}TOd4uvܞC7KEAW٨zV]`fFY ]w:vm9S6%\j0>[Z5c3k_0;6Z8bֹ̽R\z (y_%Y %-M4|b%T듁U7% ST?/GոG_(5}_.0Kp5aBWq;g$OZmYdjE,ѻ` bfFK_" w1Gh۞3vJ,+MV0O[FG^zƇ86^&9n%+&Zwh~@|c||9/'㗥b-짘 *cuzy2͐m Xs񰦪b)cTHQ9wMz"6eDa%Mݶ(q_>,Sn# A tbk"߸:$108gBɹJ"lG3]V^] kY˸Y2Ε#$Պ?4FUMoԞgT@f EkF_t-#0^g$a< C8΂ fo^3J`fOCn~JY){QPTUv%$4+)ǜJ3s@z{RnjgVB@Rʩ|ad^La>|$(&&Zʬŏ1b HلamDGpfGz@WDhm j rBeY\ǟtT뾍%b;. {\N`//_K-[͗pK "1y蝅NoBfhL]?:CDg'Bt @y!1 Oszܤr HjPBJh0/|h{[$\|Z:#?[9a.j/;Ku-ՁNk2^|7sre)!t[DSׄok;+*:ѥ~p/6<VYfȇtXX p;ᰵՀ^?oG2BCFGq70\8ih݋=.sJ uJ#QB\l1 $`Y]G32νP1r~YGpigYjUlumѥu4UIu_3[01I+2I0Q.X[/,c!7|HGb? [-4A6εKQǓ{`Wg"-(rg7F5V!_>sՍ qX$cGs-AdBl&k*Vl,.kL~[aIh9<'cYWS;J6r1ŵS[OYZ!B~5ΫI2Lrw0Yc򒨞ugh;@N$p'|ݡA!Df|U\+v=,6T'Gd̈mpB-Ɵ;t4]o~vln6(7`JsfR DU2gm5@;g?z\:/Y3t ė9 `Fh^fPqy-fߌ"wE$SǿKd,9# y3P's!v#5BәQ';?!AtŰ>PAjWOAH-zN4eTB1mKun@VT-HOEftbk'vCi a4PU@eѐ}.Nj +1rHX;rmjcãGxwT=m/KSOHr):źFWr:X_~0acZCwc\Km0e;(hW4O/9i^u bRtyI†e&dbJnΫ Ozܗw;t6xI"FoTT\T!udX@2%^{@! CO3c  < REHTjNn-{w/K<^]KV>QҌ8mV,q3=C/o!HZTА*FE.:Rcn m.WS a aX aLHhELg;S *ӣ\IsBV)b~kCBeApM6;E3ڋYs8)&E܍zv:b(rk&E.7=C:XrуԿ,!kXr Ggu7g+U> G? Y)CY"g- u㣞J1zcNBгRYy/EUg ,"{/[6o"omp \2|ql?LtOVʧ]٧Q}уQ> =0edAaD${,.ѿ7O9Z `Oz(%:8' eRIj­d:=R tB9#JlbHe )ތ.Kg$ږ{YIr'qLjT˷ n}6dUQ%.e2J>T˪?yi:O*xcEL._bJ4L?G~Le՘pE(1O@,pZ'ӁĶIX\RC_ffJ@sHhCz^҉5„KD8udw4?Sf؃SImSܳ Ҵ_F6䐄bxvz$:R[Ϣd8ZVUq~ 9Eا4dSxс]SuWFW_lbK > RthuvxU޲2OiGlw0j4XF x6 FƟz}Ɣ@DĮ)<;M,#t'gTP(XMg`\C~+.ʙW=tzP5y D9Dܫb`$GDsj Ig] k؞o}_s⫅f)ArHԟϳϔjX mRc"$S5bUj1#As_݀yxOcRJAKKiJ> 57 kdl"7߅ CtGl$ 8 VC^&]e7ǪL -M  7fU-e駋)LXݪ0nU|nӥ)f/nDڔt:z~eTD8#:q=z@nRTd~v)`-rhH+n qHnx]l <$ Fr6>py8Î:"w$vgCsJQʽo\=*#)=F"K\qf15 r-`/i$!X(]jސJbm P&!?KSOp,XHǍTLOՄ]fJ>FHM~?ؚ)MUݑ5`q&U(^/Zl/>!@(J^|Q+'IS*CLw7>?QJ|P=m: Ύvɚ34^N &7 KlueӔ(Eu*1c,dMb@ݹjB7LCsOY[YiGU~!9hB rHߜ\> TcΆs[{pDK Ve[*\{h?-GA=CO8s_G([U_#*^կXL+E Vd9~/6!Pp5&,76=.; /H@ǣ#ń:oi~LI4X`]!n$?v#&;]VWF _En?sQ =ݰri;+CEm95 u@˾5v%5^ 3yn6H9CSWm7Qmpj5Pwk,Ȳ#.tJ;yq PNF/YV#m}Id;o"1+@2?"`:X6̉TħٞգRw10jݚ, v蟂N:DvR.̤]r };R3nZ_ݯSRc݆ꫝN-(OBsr'MNV/o9GqcZt8N yO{  4'wGYJD@)c p@ BVOu  H90)rvF}d 5?F\ oz lpyD4͉Mt.?CaQ)!QOz4:]R&ye w=맩̮DՖ-G3ȭRss1D]BDnt}XT{g1߃*MW>3>Q%N7\)s Wۺn`z?P[m[Baj4ą(%d3$ 2/Ry{5AicA҅oQ/ 41([_'7ѡ:FDwIJ #e@Ȧ?AGp1\y5DfZ}t*4^= XvO 7k&3[))3]Ooih+mԋP4F0Ek̯{1nkDm쐹<~3p~w Qb>l\NT^г2qMf ,%LvrG6|U)`3aXjE4"0HL`jnJ]a\33DPHcMvU*& <@]Ljb[ x;HuFQ?E)i#6p 2O#8M%=>5hlf[ͨސ^ݡ+'Zm>= [RfHOTcNbfYn))lS6 VREQ{&[>U@,9vM*m GV6YQ\ *50ttn48E@Xi"8\»Tawnӏl,^rq9 5S[@sK!XU>GqR QOXg4dlGKQkWO5@T_)l͡$ju2eo5{xAW)6p70,f@ *,"ʠ:`tw`a_ _pgW$cQ":%‚BxOz;%]9ΑBc ᑡPvB,LDI_Ka3:3q@ǡ#(M"n//wt&# "; TEĿ܂< Id$˷i0M| q\H8GX7[&7_12{~-le߁;2 7^5,5hKWz Yb_+E#T@drlsmw~|),?`6xP%aґhDl 0N֍83OrHKO@BJDJQoh k`r#m^(Mn򍆸 /_$EȍKBѿ-+\1޹dnλ\}9Y+n$`'YAXÏr'1ε+%ctW׮V$La6flLgqhyv&'k2C~o "#^챔ᦪNBАd1tW\פ&=; mV~ٍџ""ZWAw_(VHhU8̔&Ek;v]>Mz?6vε\j:^+v`3u.>(v(IÄY84J~-@Rn$)[r:}Wӽ 2/[y]Nj ?U-mMtΌ#A;;sCֺ֪1hTkhVw> ^ãB6yd'؃þG$" Gh2IE}|h#q6,S)Gh? o4*ȼ=,nooe]" ,i ѲI)NE8KSqqleL1ԑclD("z SyRUP]>RrKB|YZO1Ic.4'#P(Ȼ}ۺrV@LBVj)GU5s*gJqBc^"Hh]8>oy#?F0S[>^K2Jmk6SبXDX΋"rT*q ]{IwRRux*iHK/ՁSQFDQmAnH ՆnQYah'ߜr3 ! 8}S"ZqfS;\c"fN.DL]c\W8s{WoGe=΍C7YϤ \towJgѤ︼(r&E8\^F&6$T;9/P`MR'Uocm!po^W/RU/rXYȇ< bt9;| /Xzwd8f|Áӽ2-O5;K iOӽʃ!Hz0WQ/%@8faQ6#Arˆb^S@cŻi'`;H>.nCx8}Rzzm`t}Ck65jzJEf4>uS:EaE?Db;svXB'Ъ"`ە 6q|QCD㗩+uqR_cqP Yb#?̮(`w, ԒNK҉[{Ir& mvyǿVw)#!4P߲ C|NY꿬r; AoݒOTMΤ^"5̳ҾFZFQ> miZ.hP\m_ޙP%C͒fO oL&+ %oUC>_貦c#_(bt&6Rfb׶Kbwu\j!jbċiFd\ȵ$x_Qɥ"`Pа8`gQ&ubi*܏܎17#9"7`mѰ Jm5od$HCAZ {LBH!;_ygӜә,VGmS,§K`g&\vאL f+n^%T7XF7'H=5c$E[Ë) ǩ)=v]F tm\KN'wV`?¨|"|~ծ^ӕ|\0RVѽ2, HG];/1D )U ªj'6Gfjt㌜e.}uіy%M#Vͳp1Z0NԲΗXUSŀd(x.Ph\VO#F9!T 7 pV"P+\{o b[x7-:" +}p'8iy{*Lw#N^{_0ϣxgi]%ndjP '`GS:@"{JS1E/#J!iQlai^Rˈ _}`2aX i/t. #x'mm?P_vن%@˓5DVA r6 Rj%܀Fv@M6-Gg,nwa*CE|vN֢p4]HZ>tޑ~r4G ўZK7{:U3(#[ #_Fs|`(N]:a5t9ͽL8pct|+b˹h/ mr![Xx|rnn*' @g@޴p:g\Oszsce#@aLO16 ڊ;fqLVwT>wXa7qd#u7tJz VIШ}XyB-ΖN1doBԹ/A@ZQا7-KLFnP5Q'b$lyk$9{3MO̦u*'J{5  j3 wؐPXb¯QLkyxl SR|_ ea4WkN?a2ݽId/+gs~17/PԊik2oYzX)31 9^DrX/3\7NtoD2³3\=zi@m}xS~n}RڮWl&AÃv>3ox8{@vߩŜqdgF>"(]g¿ImL'ݢ#P{"MǸnFTeiFTȢxHA;,d%`wPx`iX*6;WbvjqeI?.kXY?~ n4'e+1 )duIt\|_x:-~<@1Ԅxg\BꙨhkZ󷂶#j Uژ`xuuβ_zC@BLJC%%6`\tSDr Uʴƃd@k bCs;Ha\gNvX+/NٮoA G$ f'{s$g}_Qadey!Lc6C4=`<mwᖦN?0H^ofKu"#e݋hqSԐ[K-ާ5{M xͨ]yߪ ǟ~DP熉Y;d5<4x:?`6%szLaΡkMy d#P(s}1u_h)!j݋x:N]Cw4ne #*9o=khcNXQL.ez<&փ0Sf0WK$lZo{o_2\0t1T(w&RZX. jWW 1㙎]G52AC1̡aֲ sH2O/eltG9E1$U1S%woA+i/kW݈7 ,m 3 kclI:߇8FEL =ĻP[A|nm{ GL$)%ⓃLXe~`˵}[Dӯ!O}m}j9'۵-\ u1dc6 sdͺ_%R_wA>h8buR\6b^>- $h`} xu?e7A;5}%aITSn) 8i[1n%8㭯n0>4ID0h|K[wknIm):耢U,2.F3fE.>L u[!f|wiğV2^!6 Kҋn,o| 6v0IH항lC•?ax{ugXѻUU(brf)>@3RfQ [͞@BUjL2Bs@"EZ[ j \<[)ȼ^=32+NS t貇XmQYWoFMd)VkNO1WNUH=uمΑqlT֤΀zFۨiD2d ur^p[> ѫS-D< 's³Xq4$>9<]'Kk{W{J}^ fWNDkP{a|Y+޽}5y쏗a- 8~VʻGSDU_ _sM;Wnq{?r,172[_^uc驠I9VoMWi* MR0 ^,*>MBtwюxo3Y Ό\&){Hπq%*`kRE{j+,{RH20_㚬AX`ټ{SU9Z.FX>#WFOO%F@Ί@}x5F6r0.{JS|TMU~ߨYcdjZAwE2Fvg P{&6I0 y}YzecEjl}o 11;%ChadHqqvJ^T8)" "`r5Ojӹ>5 LPHp8/uɃzM!F#K]E+?Ngti$=ON!FlGIk\0\G׳=7D $mdf1kg_=+]ˏrlbiK3 ?:Z9UѕR7"{QZڧwEoSY#q`,UDt@J*D`TXwh{n)6[buɲ+ {NYX R|jے6ſ$C$)'l(8u{7y~C@A]KۣSo=B!l^? !B-y+۝;p 8dB??D~*&[cHn1']񠉅!b Ї\pީy4O@82k34^@C!ȼ<jR^2F;+ɱepBdC o IܰKJ6\dPxqk.NIP j7"P'|3qFi7?ES<\U2JoK֛h׳irѨקd sހRۮUN56m-B2^M5pePd >/ݬtZ%I9 JEEN;3a9?pH3ywӌR ۟3EE.b\EW˕A]ƺgѭ Ϋ Rlm-EyK/*طUM̓IMM`%AQ0-BȽ2$+rC*Orjݟw\@ ׃z,Ἁ`PRBb#> BNLg_ }E:F# c\Eݔ;wҒ[k7h̯B gǑ۝No"m:W&PZ}??)n5Wlgkyopaɣ oڟ!lm!hL S;3xB7IazEPzy+ZG<صoUlb=&v_MOW)B;9Zhڒuaʠv@PX% |yo)we1lad<]q6xA>f:/U,$Xu9 !74mӸu´֜kH$/Π .R s<rDT;Iqb> %HZۺ;0/y>U̎1Ӱ!oQ 0:#$lg1O0%!5?竰c%"sػl zq'a5'gmCVa^~)2awm \e(ɧ2o\X;Zs)^ES"OV6Xv1 _\Z_Pʴb %isxX> `@p {p1[:Bc ĸ7rR|\jݡyP"a0G-Ap\PDOœHd6gX|8?la^ ~ =zgH!,ŝp {?lQɳf3@˺L܏؍E0I!3C8)cmPIQd%^8`Cj3>EQm4~n@p:j)0%Q㿃K(+U~ªLSQy)6-r| iih4R!382u+xkwQF<5r6Ѕ|nyɺk<y f6VㄐUi36 zWܘX/ھjIGK(̥_A*4NA0Ae"0[ Vd/T D/<UebCv Y\Y7k?ClV:=Y{,R5bJcQJ Jt '0i3<2j!2%1Rhfp*f_l> ,L 1_D|8-7.cbi,O*DbBGYÄN P ̍(G+ x 0ߘn9MN XNJ6O2qNq($5 1'Nkk+` ɯHݛ] 1mBcABdu:P$BQx0oԭX4K5t۰+ O7?T1XBV2r Ӆ &obdI뱝 OxYUƿ$2́z?cn !xm@}sf!ȅspWл{xte\mɇ]MzDcT(хҳ/ȕ:uej#Aqu+G8~wklcSu1bB?ԄqQȈ ]h8 .8eݜWwܴf>6ˁ|Ƃp$nȒlmYՇwϞCo{ u=Ψ1. `ߕBͳZ=xx7f񽮽'O2aë^.tN5L4Yޚ+:&x|Jc.9Q 3>ΉB[=xrzo'܀Qg0MV@~3qg1s.e dt 3mUZ$/xE5`|d,^#̟'DK rR-2jTbjH7Kj/_uFv/PdYzbƒO{K Si\QE}DJYҸ6F7?FX Y ܯK`ns GYaM&l˕g>'*ЮΨ .oZLp;F56;@K˝N_oSru$:;P.6yVɒS䅯HPߗMڞV[l2]\~d6=0PAڏJ8}-y%Oq6M.hG|̇]C$*9̃C 5/J .kK8XQ8pM}ޑ}>Bo_@4t_ȆybʾM1LaԶk.jE"=CYSK6JXN2pm=rJ㣞Tt$ղV}L/Zmi:s\)ۀ*'eq8#vܵ[`Bƶ]jC$ '%7/1`yŽD3Ub%N2tlԁkzWm[>5UEsC#CZTmw \H&̴ǡzddb"J%*9>cH<ᢒG5'ޠ_[o %Z !1'(Uq˱9oђHtjN 3ʟ Zp<~c J,7s1U9aST~k '%zPJ.?TD@=Xa!6AOjup]W zacehK\(?v{Vf\}⢯/+z֙#M.jθ!݆33;A& D,tjq8>c+0a𦧤TI5xʡj!dsgFD~f~1B?yюW5T-?G/51#Kʀ7.Hg,60b("\`&ps4)ڂq;iŖ>1b>h [4]XnψG3\N:_ i,ʄg!jFa!vxc pнH@΢pȍ^T8Pf!H-m+8`a36FHZ+|* A-;vQ/S !Z=; O]\t5{IV뺥VT{]":]dC$Bt//&K>|G<\EQF^T2}R9z.#H Jia/bqͻ0*l>\}'2'vR/r-֨ꫫQPߖGi.'vrwUs2]Ư£s_T_)KIlmNۥv U]$3{G.fI)/ie6eI1 W9[,& {)9 :h K wi LY[uYiO˜sIJn1n+ѝ wO3Do&ԏA4E2L?-,y]"ȤsNS^z/H4:҆O^GF'>@"X0(n[[ѩqO)_" awOWV ^W>B$õ4fx9a7pge3$ABA(7~՝o=~W(|~L#FEUE@LK&gE\sA)L!kxi!co]ʷMM6¼䨩_M;O fzȒDai:KbAgZ @<5'?7X^jSl-9 M~>[GlYhMN.>(Ct"MgkV|{`u&&w@Vq3WkУ)owٙa$zlRt{.[-Ua1t @u.7@ #&-2p,[YC.NŠD.nܐwj7JfUnƎ Ei"N9p` 4Jm2`lZ*q?>0|#9l}1xXv̤TӖ+\sc#cB'd/bU4Wl,K_h`.HZ*戨M}vg=/gU*YK.D>|UfQM/g jNbszx'uB$jlv.v}3R6z+㖶%{A ǿj$e`¾$Ϙ`aOQl;pFݟ 7: ed>fnIe^`TyArlI&|Ea1A(cj@{$qoD.pfeްoR> {]%L!JI!'&*ٓ8reYM7CE*kq 1C, "/ ARoO{.-'W&kL M {D @̍D\cLRKPxLX쁪|0m^)iGmY"5X -9" 籪Mؤ+mV(@o(y*N awh/A/մR90I?" Q:  dp*ϧq 2`J+1K!wS|MRşMH gDٌ2%|lj1/u+2Vո]"MF(#8+|m1JPw,)dd'WYJf1;I:w,Q<-R쎞*棑4ro79NPzQzDHNfv帯"/kUDI^Jk%:2<52"օ}m#Ϫy7 0Dj?Q&FgF*BCjr4p] tCO?A'ޱzZUo nFAt83?wD _BH*Ԍe*Ȼs29ꎠ34TC,[sWMnP|2ɝ 'Q]Iڴ ۢv._i5?!;iCإUjK-67sF#vK>v>,v im؇!cz:ʚ\á>qx+ד8{-2g߮I'OMr*D@w /[i<}bj$꽚F{8|!ܡvэ6' 󖀺:g*ڗ>5թ,LQR+5ʍOa tÕSO2`|L~,Ŀm 9+%3 $} &'*_vSԠY.!3]2/^Ag|Gްᚢj?،= fEdV }dpǎ"rǃ̇mPV";ɘ8%G)u\϶Bi1=KwzSwrdԚfR+3.zUЧs:*Ra-:K)mhm\r'e|T9nWЂ.97ZX͔f4zk²&w>JROut6+6RɱƍS\4;pc5/`h$EefA=n7DF|'iU@L+vҬSH$nr,lu1@YV3fW]I:~q3n YI-&! XS%g#[UJ29 ~|SշS( t¼,dknۖqaErV~J?s}#sKKiۀ$'$ 2dy`OW%"w #Hr<ڂ?cH)\;W-0y˰gzS'Hau,E 6},-Y_:070u d꟠yuc>GELJ| S24s_EyjNAVqH*qh]~ߘ%0ڬWl7c6a^H&3x𓟓ͯ:j|4Hp_c.OBوWTFJoˡ0S*v}? Y=Iร.NS@0Vz"`7ROO5Wf+꽦Q|/0EHeI>ug:4{ܝ״:è@Jh$92i Ovewf"o^ ,=xI9MMpRr'bj+'Mj $n z5bRM&޻[>v@H6׉aM.NQ9nSDY#(T[F#3GTvucوlďł(@$<-ߨ1tA eT"!Ecf~=Wg>a[Xas$hOc&E3\TC-ݜ>ؐx/` =7av;:^g5\ȟj.enFc9!L ٌAQ+^0~ژ<8M9I7p-)WB3 7JLS&V_U%9XdR~@7O 1 [hK=j:-cM~AWۈKJ;Nq1>$/ 3_.E7 eu*p I<,_IjKƝS'wQf39g  {.]bZf 9! kQ~q&!p'^FN轊nGf-+N1&4:yOV /|d,7:e,\:G":>C[/I t*:{g|GZde~0u Ρ%`Ȓ6:#L!e\JzLcnf HKC!\>͏i9L 6}%ц~xAi{o â&/\*(bE0 ',6T/^t*iM:kfp?#F  Aά$oue񉌸N&־d5Co7>iF[hOӱ _`d y51'p=)k 8jor>Ґϼ+4>ԎUIRib߇MY!:x<5H|q:yF48P&2 B㱏!IQ yi-u Ro$i~a(R@mq~KF(j|q4ܫqzRgYBh4%oo9xԑA{Dt&\DW7RQda?{i/%ZTF}Qa -qZD"+VSXæt,ҦmxΡY4&F͢C-&J?e1e` okh6rN3w:8aŃyjI=^?>|e՛K-fzG>^.YmL* *OEb)@$?R;Y[9{z3sDW7e I 5(sv050UUp8,t}m:8`"=BЩWJKe9H"Zm\퐞^ #Pӹh9eg g`LFjBl+JN/JpQ9vTڸcW:SE@%Sǻ?޶-zM֖o#x8G\GK>?lC-+(d$aik t^FUL{ڧNz4 }w;)*(ٛz i 4s!"cGnʇñx˸f\{ѪVX[q%9"oJWj4q^6Jo cXvyL˄ZD XQ]L`5ʸw,j5]uÔKeW6hη1d;VPYu/SF#`ȦK´COPlB k]O%cp^ hxDMv}O'p$v`qK^Q5|#ҭN 75bRHUXID1$rz%e B0/'xFdsB lAa~Q6;L(N*J4''Xњuh"ƀ]`,'!]I UFU^PQLSBafMx2dncflNж^&5t4HP)S4F~A5|U"jAny!/f@О-嗤f5 :Dze6 67烈<ɩ ΞP1sƬ g,1I9E׭ll޳;@ss7Gy+}ߝkXt+`ѫe4ooMJ0G C˅p+ flE0o< ME|Dw>w# *'Ѱ*&/,OO/;ʛuܕԵ[&Nl' PXSi:&|p%bOCB(E4kG%˪w^Xac\K?UwX`bLӟMiz} D_s~F,  i_ٮB' cCTٹ|J_2uva]RmӚo^D](y&GF[k_mJr6f2-kR E}N~HV?A`?wߛq^:a.%R]5";l-kxrNX4ػK0}zЏ"q6q\ʳ20ϳ/AVF$"ҜxW~|f_>A*@nGC0+|Oj iC@P"ZJ,WJriˏI֬޷.Ug4Q7-<^.NσȔ̊ƒ+Yvy"K~{ع䥔S [YXѡw9Dτ[^*t?6`rFk]2wwuu=OdL-zƕ-SXPG 0$`wVjveթ"\XԦC {U$Wl I $3 vc80Bȳn&ȬjY-9Zz{mZzB+plG]~v='{T:|Yŷ林 ]2LE4b!fey.0K"NZ:Rqi2̯#5d͈f_4Q(0X|y 5 ^P#LϘNL}"XhT~*k~ILrX~q>*VjL=fijxeZI844xR_ҢZ̶BN-BI􏻡stQ$s&fGDC{;̏ЙÈO6QUx5G3n) U((Kk;#x)cp׆Mg1I2./ *x%!' nHއƣ%$Uh'Ë xkN}/DbOaWV+!6P0B[C`jIj1Ė揹`_@EhH:L|4$.ZfLF&[d+*/vlCp]gK3 :.i33J wD"<3C0 >Tt!:ӫ-]Y=4.ܥGl U+}VSM8aq)eL0SHQo2ƊY7mg:О}(L$w#u2[b]ڑ 7v<2k {mJ@>m yZ,tf߮epK9$ZqM{#lP#`&oDx+rİ&x{p᲼ !I{’ܟR(Ue n|2; WwN2sI4lJ͞Vrfo/$AÐӧ 4ӕ}jHaݞ_A`w)9gѝ8Dg.Qv v517XYMk^,]41|z9޾ tڑF˃N9DMo X8=yHAv8n *'K Y_pJmug!E:~82x8Vk#IԇxZy:LXqCJ W\gz xkZ_DJȼX Ӏ4"0OBaE `tM.ANQ;9̟8) t'ETOB"֋6P0 OUŜTtbeQs kE&5?{,JGkHjNJ\CstXh|wm$meXc5)sf;|vԩ4盲!&wc]̋zɣt'@o{$j1zXE8uY }}~'#69f6SCOn}&.GGn&#KF2(&-xu҅>Ҽcg.]v9PJ˾iƿ(R(9(afϨ8Z͛ d6{TGu^iÛpk5Lw݈KcV/yom=Grڃ4 \k?:kL7A ?E7abX37wH[g@'[ "^Sv[X奙ˣj䓿)5`55 &AZΒ=tLAOЯki;cd6qPpU6FWdqA]2:ž(]S~E:5"e@fy=S'hzC"]aSqVfv&y:Y-&06ޡ0X9KtÜgE529~B!ߺ1^=0ubp`c <|[ .q)Bμl < |i9.1?`oE<󌭗\ʈ$ǽvfXӾ2[A-NfGB%o\ñ7$]W=쑗8K{ 4d+HXxaQ?FenTNKD%әNr'.Aˋg ]&WemTU*%M4\n %`;o:7r'|n2c{V^Hc5@j@5;XFoƎwÃ_Z[:[gOwR%}¾}V"Ï)|/x.m(ϣEb$H ڿ]$Y'*ގZo h}cOt0`NS,#-{uhZn-zy(gXԺ`|+'3rgTۡrB2@D 9kɬn\hZޮfwّ)b%gy:_-|DYv<"]κJ7`H]Ozf[(|>g+' 4NN"10n(p#ge"ؓsr8ay9Fq(2|.96 5]FOi> 4gm +C܁ sbD ӈ眤[&!0r=䖾OG]?x, \\ˠj/0ؾ@ͧ]jgؗtߗ^"4[}H8$;gl>}o9c@ϩN.1Y'])6h 2ZOa|l_niae",&Ez.o:f /,p. vH%W/Wë믈[84l &l7.b(uby6굗Zqۘbx6z,\+iM d|ͽثv1}L}\̄ hmIVn14aE$c^$sy$g")TA d7MwH(5걌i4SC jw 4 )ŽZ'[|fbvmD_s ,d# ?:2)ot3qVh.9 zv8Ϸ3Ҳșc[up /Htwd GY @ުڻM#fcQz.:\5~ @qۛwɩ#)t$+R{H%\ؗ6AcN'V~`2Sqx^ىLh87 {I *>w^oI:`Ml]s /h.$E+4_{$H1o>d] hnjؐ* дl9h8ˉ&O ʝ~fʠC6Cѷ~9a8p>n=-C*ﰈ8m =>FS/M># 9C#~+6nj|nXSu)qX'*bf  WR3Aп;ClC, klKr=9fjͮfCK2 sK5i*4Sɉq"cƻl#CXMZζZIZ5]Ty.t1-yW7R'{7cvr/{wqɞx{Z >۹qSlig1ڧY ~X_FX55u72LCP^K}tM`H·l Igra2}Ϫp$A!5 #U˲Q2S%1{SYv_A`p?YMFG`w im!-*>f+G#p?q3:)ŬwA/6njf+DB3z$}js-(7]"OvΘξBg\֟2J= /؄EEb9rH.)c Y/t{ 4[ÍE>JSga ȡh}SϵKR^W`=z̋>R~uN'ӔHA9I6<CS1HsXOä&һ ~)X[ zZM4{F*3> #28p5|.V6bU^O+BP+OLƙ'o=(Cqܸ' mzsCr[ dO])2AClAws6/\ NxfwD?yqV;۳&qcQeBC?Qke%_F;VQv3ɅuDLXlb ȝh&}Ll<`0T]\{ůh=hRZR.?Dq:̓-it=߱GghFnM*ؘ?gӄ}&ѼB@em[ʀx)<׭m)ǚ9Ocdp!wHSk Uy; &K懤/pz2mx,$FD Ÿiҧ"Xdٹ^Ix!x!#b,| 8 d9x X񍂯r_ RvlBo(x- S 5w|RόiH(>Ol}("NbT%~`ٸ_D}\\u "w:ݮNB_;!H2v^9٨Gq:)MsjECD QG-C6:^vZHSR9%bٓitqCpxEw{ʧ Ȯ}8`">UV3ɼiERd _#8򼹡@6X!<2ʪ*0*fIBae~HrI?H7-]5;?5$Q`5 xnL6G+k!Gă3 FE_mwd^ӗ,ߡ^4[A ʕjk1\iPD)NTA7qmd얐aR]OX: cCsRO Bv]䎨Nos] H*N23w_ӿjN ?Pγ??΍X-in`ب(F'ëc6T.ZlqgM,!ċܱ;>1 1r4VxP&XHr񄒤?z%``{ѷv iK Sj\, C?V\0|5=yͦ$6p 5+N/aɛy2͈qAΪd1;d(|]d|-@8$WOpTQ'&gAe4-l4=^LP%ձR¤pB@KZ0r[IWZY8ٚ!h<7c ˆorLu %̹RHFxا2I-! ƢAyW.ILn),A~ܵd.Dw3cb+R↛LbOZ;XqdhJ)F[7q^L> AK_=XR7L񽗈L3c3 4W?Djy5nDkOšP'fm{$jɊiHpmi9:$¡-c-PgS_P+P5@n 9{4tÅwN'T,0^RTM}X2|!1%,aVXT钢=jlhY'TGW_m9G e^]7 n(nS$!+7u<)jwȬ݇kU[cS7 Dw٬K+:kVƍfRH#7hlEXF6nwb~.Nl}ꢸ wLJ|k _mh1/.h _6降AW"S9,eK~qk4-BtOV+kMt}/#XG!=i!k E9v@܌ kX@B?=n>BCK)~}W0{vt[߆Idi\jARg3⿼%ʆOjd'wiLA^y *'}|D"bcYN;U>jy7y˫2'YOp`e<7Σp55>t$^%Cݗ}QuF@jFNNMg}K~vVe4Z$Kk:v|YԠg;7BCsD)eEQ ·b=C EjCV 0BfToZ&8>,V@UUw=@`2rW%M*䴿eZJd-+Y&6f6V NB NΕ HQUeՈ/iDϯЎ[؄]4n (B<k5CQWݞ%;.La|ypsaƦoWU`.mp\jB{k0YwδZS,pDC9`=2)&Ƿ * Wo71%x1hp Kk] .#o#wMI"=yHj..` -MPL&*K{c]/i(ܪ.ͅ +W0!o]ަK-2;`[ eZ^.7݇ΒJ5J#drC rܞe[rdNZl%v KO/l3T/cZQpOWR&Q-ymPRsi6NRsV&beie 0EnLmH1M!ЗgFB26zveà;ݙS~ fHx7*u*ڼW DwhEi%+a`ҪdqrJ ¿SJ} _QU>[gI+X )E`hm9=CNP#oLT+rc4z;qk2/ס|6EW3t7g7D0ҭB#ZTc'g]3>=xM9H+-7<3:X:6zaby2WmD}m&32T97h7b c||Ys@8}iɵUfQ VX*iR'lW_t4_Ga]p@&OuOG -ؚFSC9+FvEgJA3ȇD++ LPdz7dگL+˘͗}\"}}QfMC mX]%ɦi*m‹4hi3p_}).}X~!,7&Åd/ 2u+oZT%oEǙD1f1y454w\o\|d*`Vۭ>ݞћDƃ{-x{* 1qRfxp>=+7 ϔpb)7ݾp+/L%{vn!hA bh"hIHu8Bg}I@48a b%Y fD7(A|EkV T oTj ՟X-F(v{ w2[%! W5?`N G]Vzx,MeΖ1(;;0 ~9Y6L `B1:k߮lë$d^I;Y/ RFz ObN`yfk_'< -wq6qs|=St-?%Ut:)h /4FO҆Uj1lw2{k\ [a+wYq n$qmCp\u^ <%=)r)LsõDɛLw(y1YQIlvVs8 9#䀅/ctoLj!hj+BwQY/]’̃Q=W( \"R\ZC_4U i> '[}҈dzKo>f_߳覧oÛ@FL։ga+27+fAE"_Ķp;>l8^=Q{z$@ۨX:]HTLGSo?1wHk㗓7uթ+6• bx= !o,@muW݄r:G6Cbiqöu(7ﶱlܼ?SFZk1fM'm΀b4{O BcWl3򌪕 '`M1E6uD s*^=M=B>W\uVp/O7 }&˝[IjWKJJa!Npx[GC0aw$ppuUpTԪ2d?h.·L4tЭ`2fts|&P_DłM )PXȨ-虹>a|0h ـ/y^]x"^jMCK^!b5TmvTO UǾe[P^XJIaV贵+thMdޗ|ɊyMVa<,Hue׫|gWacv0¶)ZPUu,d]ڬCaa }Vb \bũ"#w) \$SO9* [+VI++)?"_~5RtxZXG6H;c:PGea׎t<OG]9_ݒ/39ј?^6ME=%G>8,=mXLV :3lTk:D $浧 eGږ@JjpձyP,>.S$׌hYE')J;Xm?{=Hhor4Q8%C ]ENS__#poiDP)£kć.q.8 (/!12OdCB-྄A!/ke0`C`{Z>z6v⺒Q,tTo Cqc]c_QG{ ѽp\32*Ҋc›=za#Xʠ(e4wN+5lR,{/#΄;J*2VD3jFsD|("fzBCKI&Ǻ-^X-;Nq]!#,%kn슔? >:!.jGİ+ƍPDA\2i-tg:禫 ĭNFU9A怘eBћF !k#wHף 8}Te<+^?*YakH K2Un %5 om A`y@kSz%b=ڌ轍g#2 !x<=({+Қ(AUO)KcOikr~ehF?&LB9\WvZIk& % s{JQAoܛ@(PB |sCc;,6+0d:hrskEjI#P3KXp){nq3J#mcv}紵kP>ڂRϊW͵]ttb\=?ePQ_$=G"ZUJ'[7.i#PX`$yE,P.Eb! Y؃W+.[a2Džfy5[6 SLL[Zn˓*wNЄn2fn50hTFwY^n T, q!}[IN|Ϙ+N?`I9f+ܠ{xY5֛&uv,E NmM$n \oJvxbt95z ՌӉ_bŮiw§"(_,s\گ% l&gHdʓajO@yYG.sP(bӽn!CʬrG lKERqڅ*=v\@tY]MAoqW膹Tbi%E&蘰r[l5r Db~q&3Q!}XV5,L/2}}L/T!VN략~vU "jn~(0?9qXDRLPJPvrY2Z 1y0 ;!WTNhP[X,g,y>Α?ÿL,~y.rtբu~6j̲b 7k7*̶;_J`Zے{ꥲK28.4yLGinT9)d~&l cL]g) EY{A:?d azX^&8 F+IܱvwF;#=ˌ;#J~%]ID*ƙJ\&ivgl`<,6iVqCR)X7%S SKn7g#Wb LEEԯDjX)+8;X:k_x*XvE_"ۈB-ڸ5Shi"}+n7vZqXľ`GװEDTh0~qޥ`ryjk\J:X5i~A?nӗa;tD\ )A$2-XZP^EYzY,vpݥژQ-R*܃!T|gsJUSWqt^#1f} d=˫( t@׻?[vCJ\8# x6NTP/Z, 2]mZ gZrV٤΄k9Rzت覒X6xCk9cbXD>QNj] 1}&0~W ˥@[_ok4vϦS&'i^GޘZLR!]2!Sd ` \gb~I3 \vd^Keֿs`: kҿKY1\HʫdZF49 ?_#ɝk_#>rItڟ oHb .:litkT\ C_dw"!HYUl9(%&YҴrd5%{gal(9uPt3Ŧ%^:(&Thxj=~őe؃/pu9W&_%p!ފ{ݧ{- ],1Y gفfb;wF2w0cOjd6Y8Ҏq'R2o:UD6;`L[^+mY )j8fKVR*qfkB4F؊ WgW[EW+MCH M~ci0"<em{=%L[exfL+DE%m6h;1ȏ>2nN/t](~ љ(rf:"6LL (̀?Hx4X RfS': ~6(^|QW\Z:0Q.J G-Y7Wtj)9dY mD?\4t~o :)B/Z]qJp7nGYЧ.y;'Ydh߅ф [󞦤gAC,CXO9q+9MwfTS)S]t H;<s 0[a^ґ7`@}ܧkj)wo٤H@kG͘E2O{VĢmZ|D xkWƫ7\>\Byx@ 1D1bfk)t\ f>ߒm?VYeO1۫Xj6#m@Y>Wn腦tQHp%rٳwQ/#q N+DCUc&p_W7[Tk\T>w9i;JcRl^sOq 5>niX `WԤ) LJ%ptX;gt ?$ DXUwR7! fYr]K~X<{s.ν}df;s'~#&ӧEj1'mw2 KX뼸]SqLpQ inrfk7gA }s:~T.w6-%{+ʊSLATŧD*! ٠w5SR,.^)jQ*z\Obv!* [@1ȕ CD%tgK\z{s04%-XTyoρ@ڦV!뇅,bp'XRLJぜd@ɽ{"r|1a@QÇ8bVSlq.T20.%A*E)3؄ 6~Hsk9)̲M:nˁ7};m%>ǣVRi vsu! 'w;s]#R+XX]oyv)$CFYax +Z&I^y v{Dch!zn[MJ )#WvН5;0EX %jbi<nMZ>On.+`[wȁy Niu"{p]_ F!NI{r)OM-]> VD'E*$OX?Crm\Pg4> zs+oaؠzX߇ 5ID41Չ#WE쾾?% U " _-P1CQ{r2ysݓ!gx;a[΁nZ~ϩR1,p_Z4uWրfJ"OfU9PU> G{??O `(Io=V^nT2wV^|ppinSw1jXh}X8Pz=j'Q6-6oA;Gn%(AbW#?ưP*~\vMe %Nׇg^,_ym(Xbf0/4[oBĚtt+I':_Tywå4*L-Xo"yװ OPb3/>'g-̽ ܧm$@9P9wXD9sЋc^j]#_c ޮ1mFNB=tGp&}[CC8ٺ>ߥPτQ.KmYpqb#Msi/>T&.<<Sș}Ta܍JEXs&q l8e8,W0zO,Ә? tJniWt/U=^&7jv/m:ܞ8pl1h0(O^}'BuvbYk8q\յ7jZ49jnQH-e6zU8nǺݡ0릅=<6e9E+.$\>[WKɛAKT'¹(:I{lq\oK1U^W@:LoIC9׮\\TT(`TP J(P=z^ VqJB5mYz[kѢ\H(b ^'g jND;a-c, o;ktRzj|O%/Y@bb怡Bt? dAm\p& n- gۆb#olY+KvA ybw/+S &8.W&bLK |;=NyoV2#)q-&Ijůj&@:5mjVApXkؘ4y- A'a<[^v%8H.eeq (1RHT (wIW[My% okv׶N |oi3ĪXɞ} ؙk[Iy0 vg$ l^OЊ>~TeHyU `JdUaa|dA(`+n2i'ip@cJ+-,/ks*"=Gހ^,C}d+&tLD\UJ3ueϝ*"05Gi'`M@L!Pv`4Y l=7gME kՇ7y/E,k ߚ7%*% ݸ`7FZ¨J6nFD߂]{=g;q*B-Jњ`'X9WN-G<3V21C&u?go r}!<0w4%/ mbAQq%n#L Kw}bf\pdg.Jb]왉c=nzW׹r ٍ6e2ªKj? uWjVr+$ BX A&;pfȚ_`NoŽ&E~"~NRǧWN-l 0\ЏREO:QT~y[ (YyݜF(g2g:/If+H]J1[|.#5XȨW6bӐۏ8 ߿:Κ__@-H u^*󄬴V7/jL\ yQ;sk7 ېx5~~ɓ6܊4K׾)h9ZjM%+2X?}f(꿈aJ+oLe\&`GxSVk!ߏzԃ8ĒSL/C! f>hthz2U,A,'Up%Y('TcW9OƹVq9KZj9)fHmBt蓮 mahG|¬RY0Coe|"OJMU2>[4fgןpX(,&Ϛ̙t E\œ"G5W`e!\W)ra )c0aA~ŠBQ|2K)U~YbLPbD9C2pg@$0zz|-8o;t5'낰j\Y-4lsdST՚hܣu)ĎWdiټ ڪ9>}R₅dѾ TڎjDX-k΃X^O Vg,S`2Sx@ïPcV maȅ* eMPZ~X< R7="vc8ܪG| OdžOzh!y#BV47ĸ?z="ڃgG5jPbJX3~NDbdn'ކ&ݏД:1i‡b 7E210UF Avo_m>;c( <,Ed% +962v i'68LGn#ќS?y⍃ddWhZSFc!u5sqNpe/3.նtХj'+c*Kc?7QrxOJ&Zu>:pьdu&s));XqK 3XCbYq5Lb/^jx'{5 HɚAˊ0z'%?kYZi8yHϠ\1g,[é;~s^?ݾLvtTĜ.*6J^=(u7t́3ǧ( au>H^ 9ViޥF/LHl}3Xϫ5G׆?7⧈lo~\ǤidZHcXxEG_ѱ2Ld(La$c;/GD?wf( تr:Hqoiܘ:zxu(6tPSäbِ~2E%pYcjaT5dCiIw } my}jX%%SۮI%).D|6f(71)םNL!a|x;&# ȑ˚!o5h,alq%- n&)1Â:k82ָP=gFFqs*5XrYbչNK݊ELH&DWGGm]VKF8֣Kͷ/̀,tՃK`Y 4JX,hT9L毳:Zt@S+wG@sokMDM*1?q~jpf1i {l )l~4th@T@@"FprecOb}5pƽ72^k>H5-;w"_TIX,N%ehowv!׷=FIĶz,Zw~hOJB4{6\q-'-- j2G}bilOY){ENR/Bȑ8(*BN>)יvwoPtu5ڃA w1G7|T'6B녹tٴV+HoܕJ}Ӊ8n:z^Ps1•8 }>2Ff/yBL0KmCE7G]lgWY7`B8#kg)7aZoF_J""4HJ~!&,g-|)%FsfK>O:P]UF#LGacT0]&ɒ½MUkHP\EqY?(A|X);-o%3ٵl%8X ȝuTpwi!QJO@fZ/<ڦgs{lt7a(N iG vy-31ǣux5dSi!0SWYkBJM3VBq[}JcWiw_2]1(E6Ur2c9qTj$qϣ>ֳKk4kZnT^HHF 87^T,dIAB.}z/&xWh`_L34iHVԦQzPڟ*!_H  K+YidBPTƲg`qL둮J' A[Ѧw:REhmVR* &K,=@\GfH,fIER:{qSBEW?^["@-rtQyupLN%cuf{̽Y;zJye rNvݠ׺r=jco5X|7O~TN5z~ClZE]?'i U6Ax`NPuV61w+A52;a88I 녻vGT3ƄJ)%fE֋ʯ479.ʭ/YK!޷aAg6-ztx{YI|.Igu,W&ҷŚHSN~(s_7lyěE_0.ALN^A*2_Ou Q-n'+4'b+~&/ɞe~U[\78q8By%qqK4w]F[y^kA GໃJT #ʘD? ?;5_ 9A%(W{sPu5 'yp6}¿]9M ]c!*5 2RciEณZ[(G|Y'?n4Rx&yVRacڗ4u5Bȴ:}bZ[u" gE~ku)Aُɶ`/7aV t,~b˴#~7 <&, |] Nhkx/RxS%݉(ژCU]Iҕzrեx#3ya\κ5}UWOGpƾ=S1N g_֒-OlY!Z󽧉GP(*@0#NO~[W`NM{[%dKaSni#l`t׈rt}]ⱲIL:[(+ĸ͔@J+hJ,!LbUAQ f!ПFHIT"s W_6*BA X5, 3h6 ^عd6oE0+.\C "v}bˈy,|ڏ")'~̽RaS?7-! . l樧7 +Y9rX顺3)fʫLx"TF#aIKA>{),ZVsn4ކ9b*c}WdaO`zZokd@`bOTSe\ݘ(5Bѕm@Ee8D|V_S6I<б0DՔi+U ӹ=Z=UU D=^-y@!q 1R3vEj\3)9?8oM.EHU"}tu* aW<; *Bp*`ت~^LI6U̘(R,BK?P#`hVa橷|}?r4%Q8ʷB;x;`g.88yڷa*Br2t#" z ⍈T9Ȧ7 MP855svqN8d;_A|P^vB$$JwBˆ({H/6MDSAC;$ خ;"!uφ~$W=/=i!)q\+Z/siAUR jeg4N^$;Ųfҩ\Cr&)k)RLd_cgMɍLʄ0 Uynl&( y68;Hy74=*) G%bʣb68ǹ:_Vkͫa<+dB>CR?Cݵoֶs i9} ' p!TC[V[hAyݰPv٘S Fw7&\:juV`SB_ Wz4Gu'u2d-P*QAx봁(j,:>dQ+XWz&r]<իH .SG`C$va*>ZS[\YrQEMް=9jG-% _p z7z]kodeUgLj;518@`4:I<^eCu{>#ڧm`rG4M)g)( x!LDS\qu6LH#4 dk}k~ld1MA^:r*n&iMX\$\0w5 D4*w>`tLAԪGXX+XJAo3]Q,L>L$'wH$[HAƈ2U@uqo&QL14,Wv9[1*5gV Ky ̓@QMDT)]Ԧd~:~W : Ew ɺ,aߊ}"<*t@Քbjr;2Aό2^2tM-!LWDJԾwz^v_ кON:n9߃>(NnYubܤ&9k-Km7K# hkgIҁ4!˷/H”TV5"Qy#U )[8tq#Ї;٥`J,WA]Q+ld>to(@a.l6 a}.^xDYPb L3%SIυf _ݺxf{x7؞^h%"(9,}WWɜ9r+ME-k7hȈuwқ8!/tR՜It&0]Ht0M/ldnpDOmM╄l|bE 2;6$CQ֞z!} ~50\ 06\ta^/OAdkQIs3whK>f)%ŅǾX,.h*\a1:ayة)2 Z5iW^(hji :Pb"gחiH/#lzV/qE)\@Ȱ` Lh*ҡUr8fQi`w|RŬѧ7LNfV* jt.הߩFabU oUJJSrT;2l6z' p2IYl6ۅ0e-,ͺso ׵*sS?)~"/g?.M2Ɨ3 yx[ !4xFt\n,m¢2;q7hsOx;FZHW HOh|1QєnE׵JSqC=K K8b{[?f&A!Uv\nIWU=@(a)yg.<_\U)K}nT W<$ܷRVCF TZ`Q k`/VwF.:a I@/+3UX6bu`].ELkĻA_ 6-.y׮^X y*5)WϨ)'L 8K ]ܕg;øQɘh '+@E Qca@B28M˵P4$#8UK)dP~m#!wjU6 `%%ʟ9"QleQ(I B~9:LXR)I=Y@%"SyVG$iM֏Fq\: C1H:%Jik}duq<#@(_KraA Ða-}KS&Ł_LjFNKL]>#qQ5P+v52ޢ="YMq1,~:Č3𳎧ɛUW;p32[bo=֏[c|(QOSlǻAERN<#t͜)I+$S2Y`R׀7ATZ bUVDi*vCIID"yLr)zSLSVRݪ_9FF:~Bq^0f's⸶ ౗n|.}cm 5KBG=\^M6)s'ֽ-i0|oK@}DO  ?B0ie+1uHPj 3 *Wm'b8B;{9QkB\rɥG ־K\؈S,^/hs אhte;72.(LڐuwA=)vh־\yi SSqM35k9{'L'b~d ~'ImVaa:҈~y9Eeu`Aܫ_Z^|CW=Vy`%!V!Br< 8Rd/ńWHzw1G0+gEa왟vBߨo{IM{xߵxA67ur^WGlr4%Tji(;p=s]>̫d0~5:5 PRZ5p6&opY?R9ç:f#}iOc[gCo鶒TS_ p܅.JeWm<0ϊ3,CwÔ>{*X囫#!V |~'huHeÍ9dg~aT{V,I0zL#\gf}? ޭYbQ*R_fY%>`(B^7sG,Zj]'H-\(2- bT&㯄o>AϐJ'u*XY|o\ʿ'%IP;`.? g7Y,W׃W F@9r/¯6=led_ֺ#[ρ .5&ǶUhh͟^M @I}(Xem⪤9?n0;UcM^?ƧSz.k?mNƂ#ܸ$ 76ʚYwb*σŭl8LQP=\wx=ʘ[=^׹'4_b>?Nl-:ⱏ~p#Za]D'0~L!ɔ W`05Hz9);whwX;88M7br4%X/1.FZØz ) -=@Tj̅hE4O&<vPO`Sgz%OrK=kY(ȕzi@r~^NcIA` OPsu9F1 ĉ34j՗UXJ"Iɑ;GhB|=Cd9uܷ. o !JrBf}DkD#Exv{ y wHPz֓G9y'ɺqG C^Ky-3VaW@"nyЬאVR=/yVK1:?Xx4˕()=ܞa\07pAKZE4'zw))V!)mOHVM')su%ƜFg>5U5LDgV)^s8e1;|CW{>_ro8[iPvxϩǭ"м%4ĎBP ܍\ZTr0P2"Tg!G+׀ &ǃ AOb)ZXTbU`*)^y҆?X$"3/qgY;Y0[r -m21GVI">׼N1Dr]}ޔV2f8 4=TOݭ ߘҩtk {}Wy6'N I 1 H[D"cv'aO,p>h[ *sTM3_#2tz un%`>+aOK?,[+tj_idt!G4O1,Vuunm Ea0Ig ,'a*_i` bH4ʋ^{g(F?21x +L҉J(#br>W6ħՠ֘4S;'hP~Ǟ-/#WF ѩfMkHܜuY 2z|{$o7qQ,AK% ߬zW/OOu e젏dt;y}N/ZQv"z=wSAйwMp:XxQ{ > R0D ak H6葹yUN Ѣ x Iߝd3$7]\URbλ)q9 rP]1yzA8Ңm=ב,uV P)#7noSP yJq Z{Jr6svN!kAzw,HCдh9X| loW;>$[h-7ec`WṞɅ6?;ث_YO8#ihf뙃4Q ?5bLf2ŗ¼nbPk#z]Y2e`ף>ER26?lKP`,q5$]&]d*ŞY*hqqQ`,WňkPҼ_EYZG5$67$9a BJ1u8;v'UFcȞESj@@$Q@'231^ Ӷ *i53K_Q~G) Ή^agF*/!AV LXP@)H۪!,2M{d馷f|"lnmXu  H2WaN·.鴳֊^?{lO#~Xu+X}?܀3"rdW)@+03pBQ<䃶"E||)GUv ʮsEKcs.L}.;uRn@*OzACG]b9_J1 0|`ftml92>'Uͦ!/9@RcA̽1@j#y;w+iAZs `4Vt/r,$”+N[ e{P1-F/_Z,3cS$m>tč:9]PXXXh> KYZIN=" hEv!ۍćGfWK֝װu. fC#,l7W߂,o1RK%˲e6GP=cBU~4ـ9,@oW4ݎka(nHJ@_epd[_ㅠǼܧ![0GiuA!>9`t$08%{wk wּlIU6Ke > 'r# AZz<?;XgBa ׀sŁ!װK튤O'%W;):,~MwD r؉$>%mR},YhnPW(KTW]&dfaCKe;i>$E^,],4b5bӹ!ƫ;W~ ?kdZxr6*q-o#lZds2.XHLȱH+ZMh:+,*<2$~m\K# 7!u%|~EN./2@nw"eY&oKb.}8ZC0ƣ &C0AŵxGJ0'"u3]妛2[jn7jWBH&O.ix1ף 5zZY+J|b#IA NTXʐBNoF|K ĈZ+ PȺQT鉖y'l:XJ%} r[ߧPuNùR4> 1hI=Cv*v'![ǔ8yhVg%"<<1H}s e +mmiD)wh'__ Rk"!1هrd)+[y.xil[^^at# dug[fQ*LOs蚀2zi[OStKyiڇx5K`c#V6/3T؝b#ټ#! ="?s t']h82W~1ДJ226l$n`xɦT ^brR(z?([w|Xq>j;L zm`@A_Z@frQvB8#3bC*7U;G'wERwF@eFP5XGixz%[뢭eR ЀH ׎ee1T\ԩ!Ed?_3a_W_.*lKnB``X3Da>cձͺQ,.ϋa3]BA+q۽.kVo| .~ XՉHYYpmPEc@bD6Wp\: N7꧝c@Xs!;7[ ڱ ;Dktn86 TIQ|!icv4p] TDZ3p<O ""GT7|9iIQO/+3=vJf7|mzР0Đďr=ӻ `ES4%e0P-4 LaSYF8lzvo @^jnRt A>Vh|ss-q#)qxpG%jSY' k1Bԏ%W8ݲsRti r*pI?z.l ء-)Qdh!a9+K;씥m9`2{$^sjXXa~(+DFjk:;\Qn@xb󺔎VćFw aװM5(:ŝҫN^^t7 FF zPX9Kl1Hued` i!2QQ3gW]zlB$g慪/ q~4jzkP`kudUL@YnTQ稫tަ} xo011]Thӷຖk̊n0ףrv]xQ(F3UP봬/NR)o+N6IJi@ .~?OX#}qFA 2 y֬vM3|ɚB1IVL_fš  YXrP\Hk({"\𿐴FE\E?W,Z*XnCPb5ӷUZշ櫐\#JsfY5@YEjjYKu \bd{TpJ p im_##`D<{4TTǭE9_t v!ށ3%$Ceuq"OaX!𪁬Eƥ0qF>)T*{XS=U8_Ys}\Y0f%&\AAhfV; N >d2;r$GP~J 0ggH=ۯ @iXhgh-}dGK["՟hʹ_=sr(Dyz 'eR{A%=BnӅ«ن޽b>{}$GX9c-@b%v-v˓lęŗL(M yGw:)#ֺ_,MI-BmA$o(+<%uKp:9A -J~\iGy@2uѽQdg(qYn'UwVϵoWo͸gŘr6 v0nqo vY޽YecuJ)j熺Q5+*|~H1e.'L  qIJe$?׶8SjnA&>wDOwR{TP::l? gW1§k%W!/u맓(NЧݳ34)0sUe&k~L[g>}S,`rW%M<)g쓡k:{G")UEB[d9ï(s.8ՌŭQ̻ԃB )c0!BVMfGd+Fp; ~{"_lASIe8ٺ춦#OZoUS[tJ͝pl>itIXm׹ae@ӹ{ զapl`CC^a~3vg;K]zOn"ROE0lشt|FOi[@u۵t0o (]u%W1ު2S%y5AZxe_6r(+7 OS~i ̀Y8/zgipszN\`t|hW4\ܿ\@O7mj37QaL7aUKm$:U`)a-O5l)@2XExuC]B3q8ˡTW"W{1'Xk΋hp(>ip'/.d=,Ժ3ZZxWVT0/,7ˢԭ6v!3  Wqؚ [V/gBhwžX*3thrXŔIwN*vdF햳ک;r=.}?t#&%z"CKrkAANeDف>wSt2a?^ͿS;kHdAu!"أ|C9}X!*mI#*mzK(tJUym| Sj2Rs[dFq4=^ܽ6gh}J+!Qw\@]&zB(9H8nKV]5t;R~Bkq_l7j=fGNTtRmupݶE\iC/~ O=Y=E05ƦAZJA2 CoR@&4Gh('8lQ,hKP@u5ڹ/CKeh0y3#b^KKs{z?Մ7rG -BxxU+lDAnSȣ 2F /dG>WYCV- !2waA^z9L^eHia͘_b咯,386~3U`ZK"Hh$Ao&d%>lȷl wĊhfоlk:zoz-d}x"S(uۥ 6uKHI\_u4P&-L|o!0JH!C._WʜDM8?.jn޹j|C BCY}cڼ~SnoX{qrYtb g<]wJP< Jݸۙ5ܱh)9˛)=HOAQ6&, }?  }a MYN湔H>RTֿŷm$m})8;-4|K B⃼ U@.ʉóR#_MhF1 4_#<]_=C@BV&E&.H_" /wmi#b.+kj#GBu|gdC<*>Cb9cNG<{az 3oBsL`bOSB=29J j2`5%Y܈_ !3rdH, U@j4=ݮUmjo wP`]k&>BFf~45a$,9|lJQ$YFCAW:1[F4ɎAh!"5XW¨PZ|+`>V1~%~K-j?)XrP_}Y10Sz G"SiGd( Xg1Q)֢,EvT`W ]Ყ"RkA f܄h<#c\]`$gKg*y!Wjm q4kKOXYbbJ3rLKWEyJr ޶ ,Efmz14Ax 1G&L jP}7ڪGλsNI`ڎY}+ǰ*#q,I}g2%eO4+|l9o4[6z% FV)N ?Jy|^ĮyZM0Jmg,mn״d`[}۴Hp~ |/ g>ZcY=8kJ;?`D1 ե#- n\WmQvbcTvX>4>0=a^oɐ]_\ݻ|T'ʋrpF϶F5n-s҄镻 ٯ`❆\wU zM%K/8WFp@ے7 hZ2 L5QN$~,'tv ^+ׄFڎr=hӆLd!r 93X/;UM)PJݱv[wIݭH` xW2.H¶Guu(jUe=)PUQ{ؑ.1[5 KIYx9XegeV8!>;@@\#~F/y{{v:D kYTђt=#x30EJ|NWw٢,jmZK?OtF/Z(xMil5nn[o#mm~W9xh# ,S{4ps\Uڱj7v$ k \8ĽkIHf, ,Tx,ٴlÛjd78r;ʅFn qJёF([v\;8c$IR60N~Ȇ1_. ڵ[OZsj4vGK+%Pjܵ)˝mj(SOZLzz˵>œ!-8ڠż5 ?w=rc¤~ nl/[ ~pb&Esa}(&WVY-Dh(pӱDJ#`V+Px(%Prֶp(MNcqbO>:V\?%.AK:ڪB:aA'ψ'!34?FZ 3, @P E6 %_%Pahwpa@x'eBJ_)Uc)d{K(Xn|P%ei9ʯ!@n!ϩQy=2~QbQKLUԪa^#om_UlG'&_?NGGb7]8ZAՋ֪[}/v}ܨըx.b3e?3Q\(K?"_ݬ])o.h%hF @i6օ{Z&PbcVƃ>QYq1Kd.ς"V qyi25şZ*D'W# B23`moZn8zQR2/XE_,3iIаL(h.B1xXB[6ߎ[)Xu荱{J;;MCDA.wPq mffQZ2546_ku7woD3(a22" 5ZG':oVWÁqW)eg8d89^PmHHxn+gуWsh3\_<h=2rpQ xjDl0,XiܩnJѱ1Ēw#2)8O=jJ)lA6 '4mU2vs|!1K'ͫA>ڭl^gbKvWudLj;^ZWu-陀hQb߭͐v^iG#`Ol)5H_&*6\ݥ2@E$Jg瀖"(Qr|wlԎLzLcr++gm@8IQ{J >v|ST7}[{I)Нfo<ȽgN`9S eC47{*$.OQM`Ϸ\&{qnF{QҡȊDT2, u=>xxgS ]p}彦>ܥ8"@߱uPxɜpmDDd\$__/疀ῒsz"/#TmtOq&׉:?(=oleA[^jG}p=wZPN$yWܢF @ƿ:ubJ+OLKAiWQ>-.U Qv-,O .nD>MZ2h abC2lsK}YC[Bx؎+ᔲ` uڞzx]X1#N2ҼMhCA׎[fI$j˼@Xԑ4x*0z)nd YI>})SS_`3DbK3o{>}Hw/l/f`AwةL1E-o~|ؗ[uQLBww :fqO[qֻT`yd ĠA+%3~b G4 |4kGg[vL|$*PItGb۰ݚ =h]q jҰ2HBdGb!,d'ȅ L|=}^Mr 'Gc/>;aB7Ix u_) Hws5vYq\MTߒ_#n A:HMm b 6<`uɦj_(b1x)鍜j3ѧ+8|#1f! uÛ5j4FsuʴAf&a݃PQ~(b0Eyө9ލ(zd0DkVPpvL:r C=z_MWmLdMi.Œ`7R^WcM^`Ah\ cSI,!g[g5)Xt-*3MVʰۿ&N-*#L_=Z.AN'|:sПq%~S6~  m>5]7LCv}aZJCG}/ EɤlDWVnSctl s4h>9e ) ! ?Zj-:•M۪̻cp4Ο.wI{*"r',yδΆnB4@q{:Q$i\G.88G>;I6q$ȋj,4&lm#HuOKڳkIg8TPʥ#aCbm׍ESBnyA.ZE3iw@4 mE؞O&WiUwÚm_6A=Egcc 1Ja.9>  0C&:5s5|d.B֍<;8XpbdW@7HqmW, Uq ( ~ǾJI<$0ղIvn)0{|$wgL訮>' z/OgC`|%] Xя 筥K)giS6aZ%]./tI:}mգ%5>4jWj3g;0C:<^hє~Bm雵$kʞk"-0QG6Sᱢ?Kdr| S=o6y1G%JL^ck͂J |'mH|'$gR}/Bi;Κ1‹Z=C[ }ʎ bb=f֫>wᮅrPHuL5W%5[mG ClD_GOɔme?{R~L dSR?'BvZ8cB@HN4 .|``n(t.g]5ER#{tAM T]_.:#F')Rn-򴊄XZ 6a!58[ 71ocH@v"@6AаbM[ 5#sC!`D 2IT/;>v2hvɟZ04µrE tj6\8X'F{iidFӪq®$ԛFe_4U@MzB/-ZF*  g_c -NuCiK%EӰRzAfvHD=5$@Awwb*XzaZ3wݜ~AfI7os /* 0!֌/KWx6O~'w [^Er4bv/Jp$;͵]yY!'bϑBfeHyc^N%pGǸ+էN`3o9_NҜ%p޻c #$Qm]#.^?EN]^2JPԙ6+zC~{ -u'D*>e bUHrK]/VVu{&i_p] d֟XA1W鼺f?1y=v#)(-U>Xu cDXCS(n$ԞpZU?H3WO/ 7lxCGeV{D躚^|21c?fBdL͟!lxRR ?x2}fMBvm}n4/Cofz*1Ş㑈atкV̻߂hlIʲ[𳰡khGzdƉ'?4pcgnnj_yӈpуkTC8!` ?V+#ݣ_A;'lL3bwxx:i FrY{S<ܷ-+%z)g A'wo끧WT`^O5\<Tcm];;' p $$3=F k,nxgrCl$vaf3,)14,5=V_xMRj~ނϱ!)gGRUH8m S쬳}ZS;i0(Û!ո"p*4)7JVwҩ%_o3{-PlwxViؗq']wwq]J6G dxz }Ҿ4geN@EUJ hd.h(|Bɍxs:Y]$IO-X;H*Wn ?fEӪ`FoiZ>쁐^E?0ʗNFWB-JRS5W7w@M^6rM^tm0<ɅحٽǣRl,!/O~R|'*8 % Mu`F:1:ZQ6&Qt21*WyR?D!&sVs%iw5;{ t[RQ lPՔe =D2>,(9d-Ꮬ8fE'SFb Pڼ>}vT4s`7NsCyM [b% d0) QO~=m㱭$싿WKöW7/_ѻ?hR~X%N]/Ze/EC>R׹o†ub(1U.ei”2Hh:æ>-1uOL:VaT-5l NnovQD[Tap5Q_l`FRZRgƜ#=8-49ԧ62->=-'*ޢ">)ĮMC=?ڎցQXAO8.Q8֓ ԭvOz=*_BW~x/~ 'sEe \tHɑ`#ԁ* %ic*b,p jmr5ceÃqwzEgM91fN'†mn()^_ 9>9±/nD.=ţj4)-z< 5ͭb?PR-T4mI91j>ڡРvo=$Utwz&]`ߗo^>e%=U'`eZ˞7fvJ;*{%R y̶aFm-4zZ' AtAq?~,}' ?:)VR\]mBήZ WAթpvZ%9 I+q\ʈN(iE 4-86ƽ+/_kWķtsԷ*b/>X>pKH–b%_rNH1p/Mrv/^7omGQ5p\n'Mjy&?0P63J_VeQ' /C5)(A%1e |AJ)X+oyWSYSG"}7âdr0(L8z|6#p)|ԅȜrWܪu;h U=[tMAM&aYJWwSGyHC, V#h%jޭ/cN1;$ p6Hנ:J}+g6+u8RH2pF̌;KREq"0@Gm[L,93N>?ejz|5b'5[eXʰSu<v\QD4. K n$Mq[rO?zIEY2.g?^@`DՔՖMN.TO␖l'>Gߎ5Sc<@Ԙ|qy?\/ܳ4hFn͐ad!}r8!ud9a] w3aXW<+8VƬZ̜b5-ɞ"Uf$ZR.4Sf ]F ozR4=G[9׃6tXNi 7^jhU*xYM/Kdڵ:9qKI4+UkE@Hژ<+~2ÁYg_&kd_: XugMfiGޜs nɉ׵K.=zFqX Rφ_|7) xbƃwv0r5HԽ k]jM-vD4$<A;;sU-0UO[ JF,؛HN`< R­$)Ňyo sYSP(tYIm 3B~q&V>ॽ_`,@tE۬wkWw':@Η`cu%^`v$utd~X2Oh6_>LiɃF}LEe-p=:<QzQH2iO8Y׮/-?jc9oߒ1[$:;EZM0ze x2P6z%{ro~XLmÁ|!&h;,8dPi6۹lU29\ÿr~c\šqv|/*d19r1c7z?TR+&O$w n. Ne./|aC@M)1wjs&-j)ӈ4ܡ\-3gaG6֮730v7=X͑//Ae!(VcV} EA amXR {VPfYK௷YY8kHsp \?ΈwJF.np<*hUnt*hmc6t:*B/LL+H0e)߷E{7%¶0$Z/9$z8NdKɓ3 < c#ۣxz)AMnw8J 'ӈ'/ G$ :WJj{6͠HZ)p j(!ԤfHu]OM[đM f 8 z6xR}2 DsrVm,,śg#.O`ùg7dh&X暑k5_n#\D]C6 . 7R4;Q_9]ETjS jODA_ m+G[, {~uޚ呉ڿWՉɐ2JgdrPY_oJz}RKs7/52yYKpA`_l4Q}FײS%P"96X֬ao$`]8Uy/Cub?? 8׀5>GxZCSн{o4}vi~\EO<,N3506=SO :Z jXTVjȭlpq1I!Eͣ$ U|nRIt+2j^ow0u_RF?`) 1:6K+Rڴh4FvBŇ*',nO  c}qǀ%~+  ?<bp6q"Jz/6U¶4Шl|*áY(N9SB\L|v Np { ?7sڢ(& EAu8j.QGٚ'a1PUlK݃/p@^[]m=ǩ?JdZU k@m{v(xĮbTQ7^DΫI 5): nN-ZAbL:W pښn¢,J\ ,;8D ᑉ:>ӀAG,xkDex>HYT7WOjmtޕNAլ7dhO!adc[/Lro<8} kJz/`CX?g o,-loTmZ$ \y|C[ȠL١E+?VL"u=dkA*[n|oGxUe'Y(}1ᄭ~k#Ո4l(%G-[eyKh7FdfvXSȤo+P}~NEr\hnBX~du ~qÒغԦBfpC! E~M0-kx8P9U 0PM0qƟ e Ҫ¬Px_/VФ(EcӥUT]K>r zw9 "t3M8*G|Ջ_45&VVXuhQo0vuԏ=ha&׼)EaPyY4s"+Fۤ˝"X&K&K'Wv=0H{̣85<=QreLz? _oRJ1 V\ntKQmnJ`4FJ=*m(m;"?_]>+gXo 8=/ߢD~Pe[7͈2\[R_~>8 WכkM72w 4+y-e}$Ar6HSu^X1H9ѮgCظw~}P'cSHh oFY79Y&VQ'VSy'#bg꣚cPIcӱH[XPvéUSOmw#˫ 걙rG`՗ T/[5#o\]p5zR4sIŔCҐ$ Z͘ hRBlB6zUj 3Ç%MEpHB$1h{R+SVMp/[S"vKvĘ8PfJ>2q%`Э[4BAG1۟ttW|=4ϺꭜoVXE34c0Ͽn.h+1K4 vpAP5aQ 6tZ!X ܅6h$f50% @SE.]eNtfES9j|],)'"ڕG] e|}h p:Bk?)#J>9+}/Sp2T_d!lxV+dT5E.8+靎q" (TЗrGB̟rN;54|w%ΐ]carZ?\m*_r:'E0Dg-Wnj'#{ c_wqY@j1h~8EP,ŃM X>F&v %oEp<]n _6L. J/muNz ]+{xk<`WFn9_bhWV~=@騙ԇ r]|n"puT6s}Z囔"RVuN=yDVnv0puM:cgvNOϮ/-"R֜Ͻ| !ۋ*؟5]]TH$ؒ"72%ҙ&|ܬߺ-@E?d,ڼG.a-[Dqh-~,C@vP%|kn"՞hu ~"7:F6_ ]AT,Tլ#X+_ )[k !BG!3,"hXGxQ 8tT {^wo}}7cBd!FPh"0a.=gO쩛Hk.bI|h|[ Z5qEa>[ `f ӵ0R@ !x;‚*Cs@!d0f]H[>]qT k-k׫"EIHv| lGLF`귒,B]  8!eaT狀3O쇻7f?X/rm #tㅹ i?٢J.m&[|;EV :wIEoUv?C9[Ӏ GsD}+ͬ,Ȇ5D轘46gHTC. ^2Ѫ6F wUgm(n&:GAc5*\R(@ksq l  lShihgӦ1i9j]hۡ1:/^gSQ|Dc!bSxLaXc c;|J;` -`ڀ$gB xEپq]H1R ڒٓmtizCt*؃,5n@}#ˆR,1hF,VY ;MQpRْuK<ƍלStz~2Lz*I[d9#9kI k5znKi )|Am!%m7U- 7d-v$.A' O\#"AFШG$lq( 8\3kG7>LB]v!1"w?Es'Ƶ)v؛HS4`eȒI҂Pt+O<o>цG) &Fѫ-!^&,bcG"ͣoZ䔊?|x#wT~4׫tkxgYV*%Nhj(c4zw1[ʖ$zA@m<\^4* 10ƕިp\O$Q8JJ@d=g:c"_;RbImqdIoi/onxۋ`V@&T&SdoP'p(~t\^ivuHOT!VrZ;qЃ*YW?ߖuV}LXO)eb^ _^^Rʍ,F` ZFa`)|e\9<͵q6t.mĺc.nE]g"HՒ3%h9aB$K_{+_Uj5nCEk;ʣU3\l]p?S flLųv*\r@MLJK\L^QDSn0lFA<ܕph9eu3࢑^6%,Ix䌈Qx'_R$%ǤIYg.i O6dwQaQdURg<3~9, 3+ĄFm i4ă 8qڨyЌg VvZH@S(1Cs&\@Qu5ok>D+Țɼ yJ/-NoY-8 WX k8Lƴd낚6Ҳn0Mx}8!',<;XC!5 ^5g>NuLDCnG)&PޑtPxRhnh9":Է0o߯yE K 1b )qvf)ÇQW@g8k\5j_^8ю2j*KlM}ҹV?km}thynedwU?i…MR SM|] Y`Tg8r.aKS H@ 9L[ZBa?gs?x@7 EMj X:GV[/-'C ceOZBel;-mg1/Qjb`9HBU,+]JSCN`r%Ewn)P9mȋ.2m8t抬Jq,OVI~6ޏ 8G7eb@NvP@8=ԭhNF4~uS!%mݜ"R\ohKy׻WBm1j!6qkGf\VN#JILVPO5=SBDiae6h.h2y P2me/C{pdYBZ㈸ +;`!"U%J$߾e3ۗ 3>7YjO}KǔǸL]vyb-nj3~ rjӒVK'NH_эbe\F[,I@`?l{JE(A'UR`]Jv|ҏý֪USQ$"8,uf">6<utKC7[^tgYwj39!͹UJh|c ʆ٬Sv#_b@ fah]$0!d\G R[Búww{Sc]fjE?QY.V׺Őp)G~Iz"7"6q|_ en(gԪ:+˾dp)P0g|; /q"BO% jlJ< 7+dCjtPh DL&z8Jd.oxEQ9ӸBCAG=v^t g yhވBS~A(ܠFMa%H:[_l'q,Ȣ)p =QhR#Rf=ŷlF96[%O￧uAC]w H)CI2R:u\r,QUMcﰸPRY h(f#WH!mzx;KX -<(|q.3 pP. b޸M3#x攀 71 KqWv1vuƭ' kze=2n<7zќAe׽8Sz6ГE pB: IҒŎV-&x»{ʼn=EF5"7BN:t3Е~D)79:pPfGv`4!v,7 vo"+/Әf UݿQƓl?.!^@i`a2E5Jo漰iK"mJ&P4cJla+3Dm.c(7b._sf vnޏMYI#4jxE"1U#q/ T)GF*c@9$7#g LcFEwtțYoק#ĥ'zg_pO9B%;cLnH ]$T:6Xo$dl!Q^~Ijs#[0dTRWU2y}E3F6jΰ?Yҹ.:w*$dX(CKg f0դ͐D8< \#QE`,c*d* 9u$"N3^t ğ@<@N`xTJr\.ַʹ!O\?ud^ e.w\9r'/2_x7G9m\bu]ٝ^*blm-:nhRW-ZVJ#H7ONmηGu,C k O(3Zb wߟwri 絢+D]eU B?@ Z6 ,y΅,NExk#XTI7*0aԻs uH(!ZdE??VSj$ YT5NT|IzloRMʨO\N463Vǚ) 5s[CYBtYy,[-U$JG32fO4{WP[\SsELk7y\ׄ=c8J6XH( >)9*oVϩltsN]k@,?VOm<#`qt7Lǵ\@#:i&ל+|ِJ_5FZ$5#TDfӫ }Y@1mO9Б~Th k9K%=06}?qeaWIYnűKZGU}X ULxpqZ;)/{R]7b?d)j9!M>`Ed,#&|v;VGx߿яOF[E `J:M>_5mfTJs6>OŪ>H1yc7Nf8HFȀвӒТ9]$)S ,s}rM>;%x7ĩU !,dk{pH-!@0 kmD|p+w+"LlF/b_ hF}{@\[(:&/IPڎq p}~#hmf>]u`޽XGM$3=>1ʺ/e4JɝSyiAO+vvuN`*#޺h+kf g1pjEtL) fCe+fhC͑9&@fCL% oXnX{_6<6:)́"%ޢ#0߉]:>i^SYJ#HȠIYF 8rzI./HUI;yKQh4bBD!PQwOX~u-å 4Ch,cJl7F<(1 թO"/4z/^qt?213댍k@/rr&V3m";T7c6p%!4%"B&ˡdxA|M7;ƌ_HMJ\e}{(A>=7D!_$BNÝaښ4yϊd(ltF8B~1'J;q፯t~n胑TqVt<؞a+,+q',ODoWPS3HNSx6/U(yEa&T my  ;{d-QiMSZzDA)cp^1G}x܎I}g3K7}m=*BBWqǤ|R<1!ċhdgޙ 6,^w6YJ ;?\?ÿs~[S ]뚔O}}3*=m:6@R둰krf#n31i]mJ}Ώ\&V]+jyE5{A% gͰ% [(m7_;XR8Sq43.B>Ä\\~¤ʺ~):c;y~mBee^l3\QH 2pOUˆj@MWk9]C6U 񮑎D.>"ұ @N2!Srv\z hfqRBbڸ$NK1G0]g]ph׆$+Y~Ka6WHWXBWI˅E(92!PPh1z_&~?(ηgL{ءx찕 3FXS5\,͢Bv2p3M@"J O&\2%Лu3ɽBbcpP -5|X96Ya f>[MFDh"{o%ϔ<>wL WbU`dM2EN35X'h'hV'ɸ83ozZʌ4;u9HEeYUm];kG芽XDwi=iֆdF'fOLvjp+Y9 h.QNJg{]̥B=@"iؙ}_r%uW;ގ =U7lpFw@ٲzi]D _7kk L[Psu՞|}Uqc40_sʄ3tVF'1 .цeͬ!h"P+&{ #[oxh*5CFw |Ndʄ-i>)@ǘgYO΢E/4ǐiX%kKAjӫVyWz 3=5b0{DӸ)gvk mkO_Sw$"q54Gt&߱F5R$ߡM-[i@ a4c7'3Z0pzŌNsChz5[<{]iy|lJUFH;OYY|.0¯( 6c7^ݏq""o}~(i! ?ҺN~ QxϕebU DDxP.aQ)O9i fKTogK%W[Is`oY]b:|Jdl< *#?mVu?}ȷshZ}ΜM [~vY]Թ6)beY?S xeyba;ėUUfv2jE\+cvzBH}3L]ݛ&TjkwqO-&h~a#ͬ?jO[Fq/gQp/uG>Q>Kf#pV](jU^@iH=.TʔP>y" TvMC?,.ں1*G`oi ϺIvL>q1|Й+罢$3/5MIB# թ}0Q~"2X"]E4DLKA8uX`=8u"o+_0ᐔVNyFp].Z$wkRkv3\wjSϝW weDLhJni2( Rv}s ۽Oi;( :ȼx3kFRRb0E˪5Fz0AnY3ECV3gJ>dXmuhS2o孿 7Ƴ.քXU`^9ȝ! ]e']«#L[/1>^&uMa,/njp;4ry)|ojvۋj4à Px=䨅FzEȇ;ڟT)IHե(௷C*ْLb[PY9.v3v$׶Uyă{-1'vΡUHu{yaH$ќ?yrŝ.䇪3мPA:%eJg8*HihaN&U4zu/}D$Ofcޢ2Q‚R'3mj NL/1Yۓ(. '"q3m1COnHaA6ӄ(WVBWZwl_Q}n֝6߳v->Hn \i0/cn98\_~{2GK0.agCFeAn7/0n.OD"4(玓4Iyfc:U' 2OS'?*~ėnj:8#WIp[I=@ :`o]/0%;n\DK5ˁ_f]-4BSŴUd D\3```X"GWq`JՔ NSb 05CrT,tP>6=$I2rÓ"mT1fy{c,+iOXid[oK w֨ekĴa*,}d5˕& SY{&Smj+\-5Y_pq$U&sb{QoU.BnpGf U2ͪ)ı:+_r^W&/RmྋʔL p4Sw8` ߀=L(sZ([`yWs &Ē%@HV/QJ Q@ ^Ne/H ۔"Ri\`)Pdf~m7@^ ͜Ӫ#gZ;n>#m=CrP_pDAN^ij1Fu N6\^}o ^`4 lA277 6{icWĞWp;.),U;r|jRNCZyG90I4c h_GD pDOB|1-5~la&)Bg|mF'&.C8knT#?ӷ-mZ/p2݄۴7 sQI0XtZW(A 9$M=dT\e dTZ"ۜK+U\p6k Lv k ʍ =zb2^C?s53tb:|" 0hV] q)́M3f4wCq?܃GQ5K/>1G_"fiZx#M:OR}g標;3oC[d˾/Vzu.XseLE3;¥~^4{0_Kӈ8ojLC5-Z18oe$]l2k٘٥έvb1q)c̿VYOXM_pIR?wWBvy"_F5g/k cXvE5~V45FZ?|] IƽM8XD蔔|[:;^^+/[F whvFVcEd܉@ VGXxm]$ kѽls/]YTs[v6I݅OwcK7DRH&\}>} zZLdo;By;8R~q&12Qr `+5njOES$ m<@7%CsU+'_l2?QLg z?ڡ0[/ŕ՚|Χ`/0't:&G-TT kRh$JiW_!#႓KYTe#d6Wi L!sw\1|QرNaCpOf\EC[fcR0]fvV[{Bt>]lEKwjTv%̜Uc =F|U|t&leΰg*~kd߹*'td }M>t,ڞ% C?\ʥFCElׯO` d8"#Flb%?^K@tk #OyJ qmp_j-rtVj)ʡIVFth%1dz<&_w\ !MWKٮE,_RK1b3qԩ  3ɳAG7d _3O ,ce2F괼41sISᤚnr+Ѐ;K\#g/rr Z 0bn &`3#0-1g±]I~(s`߈i켹*-(A*:\H?o,;dk8YbVRAlSVŠˤ4P<.Lr~@cie.5ؒ@*ou,3-͠Ѓv2_;7oX&M\'V->m"CZĤKycE(~ѺQ}]GY`o{]'b!N'=>KV: β+h tefh ?_PA*!g'o#;g1_8cTD= 8&FQWmS'X.8"+xXڤ#?XayШG˓4MjVH}g1k\5h[sYqbm[Me|16>o.8zt?zl".ik;Ccf%e&F&ݩVѾ+ L̷b+@}'xЊk9m^S8w*Tky;6XR(|^XҠԏcNW5i=EjhO{n*C r߷ЩHW@Ҭ rӈ·{xtNZt/dfT>bjisVbKT KȈD^0ٲpmvAURi iTXS._^*5_m P HWR{Ůo zcTI{̐lW>ٷAQ@ixDt\DĄ%)79RvF<.g6m5 'TM"R[D Js6E IxjDy3lٴZ'W"h3yME&6wMb0A%f.獼;iV ]\-:eP@ n!{0GcĒJ>}[ 4R]u QQpZojOxP&ւEogM\iB@ʸ59bF(k+Y 8eR;`\`e6QGUQߡYoJeJ6`]̿5@qYC1(pDsokt W)[J5+DHG&v~`|_eGH~}E^"B#5_ n;fYk2QޗkLm Mj i^L=@Mҽ4A$!:Z]ռ6ubꔻfXIl,*V+vK9Xـ,N DFفÿAXhRgȐD<h76qy$J~D/bkv_t5x a:4~,%{PFoxC4IN`8Ӻ,dْF?[AY3B2&RgcUG9ъ cCr$:1SmLٖ Eɒe| M$ 1s^]DsH^<#=)vpѨJ% Xg?ŲPrI)$XS=cԂ]*C*X%߰Ov ee֌.%*݆/-l/Q+-7VN*~/!V"`LLg)-|87\ERZ|Q#'aj;ݐ%г<3MlkCs>1nr8M!jr#aIz9]BbŚȊԺ!:8O!-sg%>>-mK?=ef~ZFY?tI~[e5/+=Co91,S1g*͝rJ>͎ 5EaY]%3_H8 WD A/hYfB Q*ǹ@ݏ|L9F+HH,2pd%)UAJ-(=#@ٍ?) Ž_vO" 9oe; s|?>pgתvn- ̮I |fahc$ w1q )oE sDrC~7В'/;|92bi`+ 6|D|gU~WGΉъytEk4oᜤx]7+Jx.AI864!*PBum3$ͮ ( 'sߚbiQ\ˠt@<[cnwiBX]<‹q[cf:NU#_켐;줼QDuQez5s~(9W$k/;лN=ݦgPni !@!]Y)fޝ r('V=52hN{0{gP~?'̍` 2Tv|U' ˿Ӷp9fm\OiU9%qhȗ~M: }8#aڦ dmX|6o?.P7{K8X6%J uzR9VSәV 9R&Q<Wr XM bX7-ʂzi^Vxª{*jf]DC<`JɓeG8}-GQ(?ݟ&@{Wd&^ˬ8\شmWiuw $%q]Đ.\N2`U F*Ȗ$ $Zj?L|&p %19A~e/JW>1Wһ7f?f{Qs(3\)eUzPpIC9 MbH$^-<RIƬvJ|:E5AO'/9 RdNb-&M ?I}8(w/U.CFC<}|xg=ɆJ`zB n\/[nX 4q$j RYFY/{1UOMSc=Xc31|3\"~7bGHF->ӍcQ$DZ!odžMM?uSE0*)ƿtq*_]ASS;)%T+!c;dy#3x8'YRQ|wHQNcsŔE %5ėEHId=דlupԶ7pERaWvJt<6`%}{scƉ$oQC.OSSaX'0w~fOY8,EMc%{§5kTVF:YפARb9UD4;0YbzS S1/*x(XRb5.+dۺAڟEuFCbv̡a߷& Τ;Ho(R$~)*@_?mӞo06)B!xs".m-! \/[>VQ>pD@a@kx1L.qPO^QZϤtVDO5z,iV Y[󑨽i-P5L`X|jg}UXuP`.T}!CC̃}K8ی6vHծL nkX$WDQ:թ6R]"#;F/8 |>u ͡`_C'hec[Pv dO v<{7t|DILעI^Ug7{w~! qK_Bxӄ+!N&Ts4t=qĘaMgU |{ϟb8`/eJ16at#2|rʘu[K%GkىєF3!m҂X6?lIq!f!&Dj )x*g31.ϝ6XPg4Nȼ4I nU,hx~6VFc .n@% N$~ᶥ@ :ξ)|ut1:N \2Ÿ y{ֽ3-?:ƽj8{PzO*@ "~8}VqeRf0x`7P|94xU$N[9V \MRbeW6.\CQ{A 9@; ߠcߢ>Q1GW Z䥾E_DDI'!7`̸zY# g8. Pw̭m7F8M_,4jp,kGۑؗ(Av߫=q6j!pp|iGQ`";ؼTA듅'B~\7D_oGR> Yx lHgjc6oȟ gzCRQ#= }TI!|IJkkxDSa>8x\7)Ot"Z$AJʛظ=E1'$vo L=i E$bHVF"Vؤ+F9+܋Da+7= 2ZDy2 *Qq5_"ioY8H&4 YRn[Шj&:Aܟ|PILotm,;Q-T| HIL헇P_2ōqzk1yZ*C=fR⚗1 eJU#7Xןkd~UGyֶ)$q_ 7⇔=Yu^/+1٫vClͷ4 S>@ʏ.ϱj$w}a|W;.ےr?X1sh\(AAȎ-?^KZ1jxi8z@֏qym1 Hd@sh# *aW;j @ "4?wpQ^ʷս:G뛡UUÖ1pZ/p#"$vu7g\|[?xc=TFޗ^aLڢnTGfd~g)َMr wG Q6l2@V,?d'"6/n_c{R&wlم ͣYn})xC6&F]ޏox<_ J\Ļ"x Cykw㼤"f@L;`W%:nUnesZEQD>)\eq0l=Zz W}K_TWh\U}vΓ2Ismy4|j3,_ XM#5K ҅s.~<᳌0Vֳ=ׯ<Ɵׂ \--m.Sa>K3޳F:>~** &WS[%ͮWJTs@Eb/wk豐~ @A:H{:)G[!9+B"FҜ?}5+B3X~'(~ n<[*}Y jd+N;2~7#-4 gH~3BHqGdl3{!*pAPhZ!P2VpV53x>627$ђ跍OM~ t5h'AO#ȄͪJWJT}P䷍0r/P4rHVް\lv#PAnȜ=#a$r(X`[P]yɐ] I/`;thOF{ϟ|{bPh*)O™/jf^>_jE2h'/fgULk0swfgX禥,O07070100000006000081a40000000000000000000000015f2c1e86000042a6000000fd0000000500000000000000000000002500000000./usr/share/man/uk/man5/sssd-ad.5.gz}o\Ǚ+L$١- ?u{N{vo[S`;=͍ƕhժ7NNKF7\ƭ4[jSMN2yjԔ~s)_mj u2z;j:]H=Q:P;jjkZQP|u_RWʥ2<vt>47>}Dtcsީ\ s$:/qԬU^k ru3jڋG8(| D1^(䙩W_yVsbFa~<ܪ'EuS0>uj\:yzJKq4WX&hW 鏏"q+*Ƌv-|U.R3P帚ojՑfX*h4_Q+ExUR5U7F&Ũ|pi+|-6=sm6z'G5ͬӗΟa͍GO8\Qh P{"qn4]h)8ΕqALC`/z}Ցg@H)<:}x*~݀aj8SVhᇇwԢZ@W"M5^ S{9x{hdn kcs?zj%[0#/e5S`?m]=χSWeokuAs-̍/ <} 4q>}^Cn<=B;{x>4VE" ^.:|өC½4~V_9\ۅm* /m'ӿ:\%é1a}y3Gw@ Ł]@%A>%`f"b(t=݃'jR853E=̻x8Û0>Jji{pfjm:*~"x66%uHaAZ1jF~kvv\=/^P&6No.P:F.N^8H3B't'4;9^Bܨ5 .|#AeNTwhj;q`?Z^h*^Z4s*RzB!x1_Txv7⋏÷jxx&]5.1h&&X2tk30bb>ɘkhJ.9BR+%Sazi? ~R8P z=#Fۉՠ+揑ُA/,V18}!-di8P rU jb6(#pQo>|#@zc G@I=q0[yxE-x_W La*:AK2P&~c0d)׶掚 GQ|{04Hu>vpnDla3"./;J2nBКa$j ǂ,c_ง8m>k2P&#eֹJt D )ٮ̍S%C|s/}/tT>UoV?~n+sn¤NC9WPx 8q &+,ElZh]1$zۭbS3ZX ?6CF-7 @KSD/: P X9[xjFR1n/C ?'_*W%A10qс5Xol]r5倻$s8plk~A]1{;QmᗊfWԛ.\.>TX%H: >AM~GE+|0귏A EuO\&E稤8G4jo#s !<>(4\2{9W!$ \CNoM.ȃf}dU97213<21F&#@d@Wz,_n#odb pg$g\ B p)_k0~e$RHvXvy-%KGI7 N=`T^hYfc AqQ[ /9X#&`%jBu*dwYcЉ4b@mCu;iMZs\58Ko4 qe,G o!nE?Uzz}B}Z½Vt~jA0"9d1i|8VM`\T=)0`)[{@VRbF2~r+~W򥽯-UOP̚ *q uAX'[xf-I\>rU#eEևUE <7C#3[jUhvOXSE?48.IuI:] `?!:jJ+E#wp{&R|9xhO+AqO7JxL" ! aRIOSdqφ1G|u,`iE(Cg8_Uj4?32:iPY.K9G& z&R8kZVaXW φỌA_5#8tFUZh׶7Hqޑ—A;!:a3ƅ+|p|l@j,Ȟq|~As]Xb/R4dH ړ%yc ] FIW l#5"h82"{~pAq0}+g3x5 -|^OZ%%eis$6b-+ x94q#:?Ojx_h"Cؖ-":&39tr'{EKpIg XBn!k}AÒpW+Z)0xK6/D.$!p=$d&R]A+v v&F,{6(E!D&?) H'ꇵozF'8=,I1x$ptk ,G ZI P18˵fA,P-:z]d^c5Mj8)ZL^"c􅆂[/}-Y2?D NwCT!5Nǻ}r Ǒ,Euv86@;ȴvɁ {^?:_-8 G]6zk~aU.㡿H<_6盥Vdb 2B& mc^QPmsa8)͵͉g@tr$U2 (G/[ q ë-~Lqx<VIO, I^Lq/lQdaw\l#l4`-3< в-0{Cd,aV߲╔fR\)`DkvG.ʭa/eM8Z LTAЍ]&M:H̬=NΗx`ޙMY4@(:` X *[̿1(Hcbn$oJK;6ZCXZ'lswy%c%޿ww$EE'?xP<5:ȈJH@Nr.~ٕ )T!1@XxLV)bG_xh0H)>7˅Dܴ +9'hkr޼={y5?-6nKA&! sצF$ FF0;LiψG6a4 ?" RhGVDA xlh|4RD'=7qDd$ jNafqjŝ:iϜ󿘾tyuoō|u}wӂYDHy 4wA]8$N5n"n%{O/j;U!)i0Q$")2UdەH5N+-KAMNh+6I1LbKvM؆Z U"}\[ȗ7|4ķΦ}N7H RyCe%!R yY9uHphɄ1u\4t-KB!6 0G[gD'7*i_[BLfZKG<&jg#ѷbiaRwٌRG/IpvQQ_fp(^Ea do?_״ Pw3X%RD\^do6GQҗ+gJ xPm4۽wXqBm9M$+"^0=HoBivaі~k 撊F4@b1H#sz Yum 9n@@(CˈQIǻENFuq1aT?%MA>5Ql\h7HX.1BT4n(T:7ŶyZDN. &ą>5 xVZ3iDOR&05.uc9%ʻds2Y]iKdbVU@TG뺚y>P5xݳGH\BuH#xsuOpûP$6 S8>RN!Nnde܈~sǍJ,q|Ou0*) Z~l'ҊH$@V4FXE a|`mraP JkjL1[{^hKi[;DwΗ `irIH.&ιgHD8uFlqѾKvTb6/-x|ύ.Տ?:ٛ2ٟhą|(:5qs~7Maٺ)d%Q#q&(qD!'ٿgֽDJTzt[>MHk,aka"1iT%N,>Z_.URԚ/՛L] z.Mf_h&AN0 evR}Z<N<'Y=׌)9p"g:!̷ 1!T'3!6B7ǒb8% ez@24gX}جu&"d|.׳ C̛H,t]z"<+5[X!9dU_jِ䜣JgI4ڌ j9S*9*UZ4{ )`BB7yR W"z*Ѱm2ouFk Ae&9#*0leSkX:x ͕{#mF;~N^%Av%FL)~w F Aaw~jA?^?) TzM7>xf :}i1K-Ff_cY7ZqX9Aڏe1jxͣ=<ڈ+V+zVLPeu1_FG3L4#'Zͤ,J&HH׵/,E)%6(+RDAܨ|96jhns 8+A}@^ l8#ۅZzո}dӉ3UhI%vL"bf1*VjFZކB ZE=R`Ig\x-ݪyYAVV{r5 Yu?Y4^WY΢@6-19gR-[bQq,7H+\ŚM(6TaJޑͺ dn4wf)k`FNڋi*^Эʜ)ڜm1tߜ*~e6j|yVo5*Kf1l )"Ȱ6d] c,\sE1dĵߵVF p2GĜ@E$]f};D,m7_="xԪgjh.k5Ųi;d-Y-E9貓 _ %^{婩FOa7t@d>y&R5#:]Yqz1գ+ѿi*BJo6ؔ.1pUIYi.زu=q֫[vޚ6{-]hW%{'UڊPњXFڏނTmы}Lw%?GGB⚂uSÀ:_4Ev})5>Jy2Kd"4U8oYRXbm97љ1G~] U={? [mV? qLvͶ:  gtuq |V9Svbu0IbVh J+aگ ߸tR-B 0]&>Q qQ"13 ɠu8N25VCOPy8bj`g* >%*OUq\; щQ[j'R16jUj~4z c@9o-6e{e> CNlE86 `05g#_\S>7F\&[li8tYkn{2!Td!M%y6Gr㉁r*z;,0!zC؃!ޤ̨fQE]-E=OduR= EZwN-F~MLL9Tj^Na@zejQV6ݍ$i0*Sz1xSlWy`#\6cB@v~PG LlʀI( T - A%xUAf\9Yѱj-x̵7E$Fl#p \*qA΃֙p-}],W[jj%ٺTe<vkyNO1DB{M@< ˺E65d<F(X6tt `^Zc6t/l)uLt6 (M,E@lfijW6mϰm"ѝZ*\GR/igSEߺmdp nE$h?G>|3S;)Kݼ♢xk$˳qI8$kFj- k:H;Rpd.A[,Xޓ%5R1_Ub)!Ef>ԵVM)Zk"hh/6!Cs?`}FuvOf;6R+5J! GKm>pOs/r(w.05(ԧmIb_,X t}$1dB#O /=6Ƀ\L96/07 6Yq&{Iߴhm*uK]zk+: cc멹[+lN|Ov<[$M i4ʍ .2n7cjR3I`Q&JJ\_ojMcKo>L~CDZL :5\Bǡ> ]wHҔi ,zX=F/;Qs3V쒘Rjf,]+xp/S]ɱ$\ :6 CGH-J\Iyz'TzjܓͺLCS|c-G)cWdQ1b=ٓgˆlmB-մ'XJ4}.yh8`ʼ^vM4/=ٗ6uL *hvVǧ)ϼqj~\Bu>Yx>/SQR?֍& g4@B8(!kWjUc(3]ǍB^E#Η+v8g  uCufYXcK4Q#^TkTa 1ͣ2RCm\*E9u\r!q;Mn2R Saxdt!s"&| {Z\1J˸ah: g-ΌDϵhdem{WrF $@s3lĈ.1@lH Ǹ$`c0 3M;sH"L$v0{"Z ~rn~ⲜqrAn_yNRNt"ѫ0!lwezNF2UH,apw*5wa}ϋ /AS?j9O<ᶽ 2W"gT4Su+1#:v 2f~y툰ؖdJ\:x [e;! c;|B2`H,0յ :5t@=wR }@al\dUuY`4]조b_Nj}slҡ@ZX\Ԗ@> 2Ĥ|NMh ]tb R)bjFɀ3LJ;Td1+]gߩ5<F* 7sԩ:?-ʅ ܈_d9$G$\'sSp 6-RS=edrE#t\ju}#uT8OrmTL(?Ȫ"!j{{Í tNKhhUgרŠXwc~Dq5GAIT 8 8o%[5iUm8n}Z: ;PAQƋ5ialtvHֵW(86%06Yov?5rW6UQ)|5h&hdJY)>@ ̎α#@.˜}MgV)I <"uk=-U21قdbb2RSZ?Q` ӧ؎Wb8 NRZ: 6͌r?14t8&!Fi࢖jBSlW@{06Iط0b5jJN (TԾ6NprBֺܑ5S2YZ,xN !^C1[eW:))f\%p0 @f_(XF5uLpvOi0g2`,fgFό郢|f~ܘ[J\klJnHiH0\y^K¹fώi{Yb:G.vr֎S e?wc $:pӋD O-Δf1YqyOJ֠v;ȿLwU80&sͅ rpiu:6Knᅤki`g7 VQY$ ``DPT -دV<P b+Zp& ^}7AD-ˣ) :.%m BSЩ9'9o6Ks:;@„Iܱ &kzTHDX [L(D!AF-~p3SORN?+-)RjO*F) 24v8+@SJR XM t`6g]1SugfE3c+M8?("G"E3i`h&ETW7s t|AUe&yI^:jƗÕzm\_ Z^% _&[f_S/K2Q ?8,e G!D)|\d3l50|X"P?9=t_SЄ>UzJZxT,@b/U)fk"VR!q<ciB9n tDR@i(*=@B$L5'"BNŰ: ,)渷 A[qӘ FVč^3bhVT]'ngoF^}픕M>P &!C]NZ.'N{ ̊?>VZR֓.\ŽCI te!|xʻȵyu9KؖZ-i`ɿ%=XFdڶEvp]5eM&73TxVɩ0u/wJ75C2VSCt,,Z׍\ʾ/ '^T۶}c$C0d %mkxn 3 d:J}ESsضNJ _-FdW)jᝄmt2ǻd5ĩl̶xaL̬.¡!|қ$DuD>Q#Gn:c->U%5E}ӎ/G8:k]YOjgv'M#tNⶐد$!Ȯۻ$>ZP86WEߏG9նF^\Y+oӟ=-xnU$w;_@xTy}i lv_-h҄Ř t(̤MZOA6 ӓ##N9MM%ݤϫ]}>}DsLNEٓxE uk84Y洹ʺ)Cr:67-=4*K8ΗO婈 # ?#L;:J`3m{kMZ(_o5j~ƛ|!_,痢B#_7#fӓ`BXZ^u G.Ru%\z{.J;H錮1tIJABWHzm_]#迳NNgb v.M",JFHѭI7G#{٤aus:IJ 2Kou pKS)8E_D$*cBHCo z o#}St8`8T b1Ǝ-}.h|Rj' ~~/>ks_zyɗO>}rU  Ԫp- qjB!X}5 I<2y;: 7 Uj"~3W&= % X:}J9t]}YѾ;%q,2O^qc #/H) az0kubo[A8H1,Y2!MOeIG€YW#m^%~wcRfӒ'@qYג4[̢Us u[ZQ3n+v7;.-VT/*|kЮOt"'e*8U) *8z'. 1[K]!n 8z[j{B9B].Es/n%'ч-ƥ΂lQZXa,vP֫!-~Mmߧ:b靱A+lCMvz@uT%ޛ$ D9(fdGhuR. &{NݞNgmrPn4 Ę*4nRLr&N$nv9 CxSI[C#g4  [ Z91\R#1WH2LdEͤDe5;) rF6zse)Ī;䉚 ק8+{Ȭfo;dVRVGq:)F0= bL<nm+k2X2 "dT^eH" ]u#;͡$&kB6\y̟#S$(Gj6#V+mT+ 'np`SW?kAV{ "N:Qaw2pTmߘ d䶭^uDi j˯iir}x5+^-Jaf aXF}Y"Klc- vPd#MqӎsD+.vkYIcL/Fx+1 B챩w˴ 7q^)#ǻYk B>b C'}]*KUb3vSDXN 43 ]7E3du-^B[Ͻ N] mՋ Ou\#ffcaשV\Z &:EZsð :[VHsEALg&PS@qۓ|,/sb4ε\?<+3υ^\toΜve& |JOF.Mt#SwsTxILl!5Y=LJV"nk7q[.\{7)^l HZ`K pڐ:wӗ^Q(j+!^VFgO3e'pQH9/ 1rAFwLezC'z,;1Tȉ2dp~5 rIPYlSд7)Zv$lbmZ^P c:?Bzs]HJ LC/s[ <37}#Q)L~;ڴInya2dN&{v|jx<)Zڨ)ea%BpE1DpaL.TrmH #b ~go:=j4Z-5/H{?rΣx(TbaK^vj]qfbKdaeY{ZGbbGqfVW;WtT]rGrb^*e6˵_Wj(mxc49Bma,[~q8滗fǧ]}+Q>^$̏^˪4ՉJШ5k-&x9Y.-4򍛓©SODY `707070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!\ R6>b/-PL3*G`%y>" YZ