sssd-ipa-1.12.2-58.el7_1.18$>[gy^99Ԇ`Od~>=,?d   ; "@FM   ( . 4LjK K K P T Y( h8 pM9M:QM=SG\HtIXY\]^1bduezf}ltuvwxyQCsssd-ipa1.12.258.el7_1.18The IPA back end of the SSSDProvides the IPA back end that the SSSD can utilize to fetch identity data from and authenticate against an IPA server.V8worker1.bsys.centos.org CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdހKrA큤AV8V8V8TEV8V8a34031808f86b7699df8291b14bff5e936970c1e1f0b709010238bbe772263aa644ad6ef6d6c3a22d7f78202c792c0ac36e709ac237401355eb33738ea1bc36e8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b9038cb4b836154d1be9edef3b53c3ceb2df6952f33b42a8b92ab68a2776c266e64arootrootrootrootrootrootrootsssdrootrootrootrootsssd-1.12.2-58.el7_1.18.src.rpmlibsss_ipa.so()(64bit)sssd-ipasssd-ipa(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/shbind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libipa_hbac(x86-64)libipa_hbac.so.0()(64bit)libipa_hbac.so.0(IPA_HBAC_0.0.1)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsemanage.so.1()(64bit)libsemanage.so.1(LIBSEMANAGE_1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_semanage.so()(64bit)libsss_util.so()(64bit)libsystemd-id128.so.0()(64bit)libsystemd-journal.so.0()(64bit)libsystemd-login.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)shadow-utilssssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)1.12.2-58.el7_1.183.0.4-14.6.0-14.0-11.12.2-58.el7_1.181.12.2-58.el7_1.181.12.2-58.el7_1.185.2-1sssd1.10.0-8.beta24.11.1VqU6@U@U@UUUuUg@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.12.2-58.18Jakub Hrozek - 1.12.2-58.17Jakub Hrozek - 1.12.2-58.16Jakub Hrozek - 1.12.2-58.15Jakub Hrozek - 1.12.2-58.14Jakub Hrozek - 1.12.2-58.13Jakub Hrozek - 1.12.2-58.12Jakub Hrozek - 1.12.2-58.9Jakub Hrozek - 1.12.2-58.8Jakub Hrozek - 1.12.2-58.7Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1268205 - SSSD intermittently fails to resolve external IPA group membership.- Actually apply the patch for rhbz#1255442 - Resolves: rhbz#1255442 - getgrgid for user's UID on a trust client prevents getpw*- Resolves: rhbz#1255443 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1255442 - getgrgid for user's UID on a trust client prevents getpw*- Resolves: rhbz#1244761 - Relax the libldb requirements to unblock RH Storage- Resolves: rhbz#1232130 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1226801 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1226180 - Provide a way to disable the cleanup task- Resolves: rhbz#1227772 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1214286 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1214286 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1203365 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1203365 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh1.12.2-58.el7_1.181.12.2-58.el7_1.18libsss_ipa.soselinux_childsssd-ipa-1.12.2COPYINGsssd-ipa.5.gzkrb5.include.d/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ipa-1.12.2//usr/share/man/man5//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0x720d9912a1d81787004667a896e78a116145d6f3, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0x31085936f670673dfd5d9f3efee2b06c066b835f, strippeddirectoryPascal source, ASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)==PRRRARR)R>RRRRRRR5RRR+R,R9R@R=R&RR R#RRR*R R?RR3R;R:R=R&R R-RRRE?07zXZ !PH6QpI]"k%f@}|,p35׸+!~st#wȅ4K{f8{S J̎}j\h~m!PٔsjT-%b hj毕~&E{uhY( ?s@~!S۸AD (]s4}@@ÇW {'R,@{5OoWzIw{,_g='wzN3bpj-n GM-Ϯ[uAUJ\7 W`~qg5O~I5Uxb3_ #>t4P"_/EnH.^;lLY*C+.i rrGXyNn4WԅNF&%97J:Iඓl^0CxʼW얹 BRE]ҷ <JԤM7!?8 ON D!~p Mf\FM65``{pHtJt$" NWѨp\Ǚ;urҼV5L$|I*$c*8H^esnhJIcs"#P*!Vk+PrP+>--JwQ_o;=#߈O9//Y/nB?~;U=:h\m_"6BEOZ 4JM_[zFF7t~^m&пt7-qZ(+"' 9R/@N?hQ$/(\}/1OJM'4AF hH8x]}lS-I4H1aI-+mAk]Op }1 *{J;>y ;4' W]G4+70ZcAԴѝ@r 1aIwq20+M@$%"]Ͽmtţ4l/OFja3v7(<~a aiVȤ 'RQ77{Gm" S$g, kƀg^q2eV%֢]O4, J~XlĄGbѝz4́}c3fSR HE;Մ| G+Q9<:/j2E:kwۙIc @9Tip7&CZ_;Fd] UPk3n;YM)4pZD:d ;Pr/~MBv~̮ocR*5-E;2;8o_l.qaSW€Bw- \D*# 9^:q+He `̪Xqf-2C1)7\I6ݻ;ZI}5+omDv˕Lo'Յs1Ыd.[ ߼! o#Ƙ%>c~' Fg|.RzjPھm`8Rq>E(z]4rBRTvw|r2qK''*.F e*MM,o&CgCu_HOpSmf Ȼ9™.N:40ڧ3&37)BE{])aMrmCgm u8o1vcJ;Diڨ>`_4@[;(|nMzy1EP)&a^H#iC7 Lm dyy$83+_*nLgx~("9}kEΘ\TqR^'N2ؼx@,Rʬ #EFY(dPBT~BxxP@%VPmK,k ]kn;H쎺g"d^eA7Ҙˡ 6ٴj -$bzڶkҠ?ޚD'mal2Wg5$o>#,S7nЉk)냎AdyZuKFؑr!dOZiէ]+'>ݕ'v]u>F0.` V19 '9ۿ{ OKx 2Q y}ÖPďS|#i;KJtߛ# t/]$bs9ﶁFu"P /pvKi;@%BoSsGZ(KN=B6Me }TUF~rYy 1EJ D\UMܫgBS;29^8ݤwmt9;PzX.Z;s#>ȷ$iϳNɖp<ʔ_ U0isBf Xt' r m\7 w@^/gjI8cZѬITnf-&JnAn>0Z`q<`4y S j;W7v/!ܤn;q K8'F; &Ɨmx[2`vtƮ4:w^H$z"Xo]h 0|A΄ر??hlcŲ\$nUhӶJϑzJqC+t. u٤Ag-t}{c5t\Ξx6eEt,m3En:(I}WtdԺ| Ob1:^emR{9le^WF&bhEI:dǖE6Z?!6 qZ*ch>IN _bߐj*.^J wbSbeֿѾCieFEHޯJV<ӞU^vÖo-<gB%WY;nfO2>ϳNO-Ք3DrdpWh+/I-z͌{tYTj4sIYʖejcʫ> ϲ"+G<};n6wxdq=JT! Cو_:K9usd0 Zv@[O⼗z::I@RN\˃͑To> Bf99Uojj~-F@_Wy땗7̻Δ͵V|Fծx°FZ@M%Fp5>g ;m:/.|S&Qd`niSՠap͗ߡյ[= \SΠb9J>B'LU]u$/8)dI^J<9F%pk$1Rx~wHV@mӜdy"''73hQnOpIJkpZuG1.% 9OdO.qiiyҌ">嗉Ae3Anb#ƞS%ӼUaESHA#9^mGW-b,Xn5jZ/WkdRnuZ8yJ< ]WZNIAXhՄj2@=Dn_+*1eGG#"盘x^O"gonrH= > ECM~H xwI˙t&; \yX{`_Z듧9Pםg7"qx icn{} rTe`Aq XlEB1k!s2h+3IjFUw/6؃sW "h7G2YL\Yyw{t1 1.2QgIH]nb ,ʼ!`뻃!lkσ< ׃,հfS N~1/_U1>dccbŎPŦ-Qx-:rx5 gRiuW11< 2]!݄OgeTJ Ph@{98n=lQ0}[aM)p}G?i$H^<Hh*x [ΜDH+\A(9-A`)O?Pp9rIg_q)Qz\c4sY63 ݀20r-Qv n+htA׏Wg h ̿£bH0DBd{݋[չ1*lXժv*qjyּ|.f!_<ھ?4A<@9֜iǟKNf92G5U"SE8"QP]p_ԿLJ6}1Yg/Yv?KY>U4N0 _gpyػ<Iɟ1:eȧc%pIYޱҶEá6O#IU\:*;5f-Ϟ'F]˕-tṇ sJR,)+R?G;wTwEk1W)}*;_d@k.m&>gb(2<]RaMu4?4%̠DMjw9>ΐ𚭪.JRX۞ ot38DgJ Z *ծA€'a|\Say(O5d&sWi ̉JQ/! [7\蓤vׯA 5JlSѽ#P>xF e=`:A %|m6uk Z=㦺`ݭtbd6Ev͍UZL2S)+[$zoA2_Dl RZh0RH3J@>+ZF>2~8=.9v4|l@ݪvt>)`[\nSΐ6??\ʫ}įmGSW,9;'4sM]T͜6' VĮ{&?ei=h7en3 :{W>̅.dwɍ&bь0̿[|Dqa:"M :Od4M QM)>;mI/{+k(J%O2u:th p/O[ vIŕ),=VGBņ <<7\C2^ڐ(3G;QڏSrWuj6Fdrc"Z;oU᏿gC5G=kU[8C30ubqۧ..xNA&U/ xBQn9UEۀeVZ_ W;/ . `miGvQM76v8~f/C]1jr0"B,`tH2~$2d='ڏP`0`JRPa]Hotc12 {BwSwM7VmHvA2{If[ qä9v{2%Hf6IV=GW?b03x~"iSc : -Cm  1]v(q耛t}~AJH;y@$& +ݻ ^р8JOȣ7f5< *R萏e$90f(:,)P-X{d^`9:'EQ \t0VYub/dQlp1ũe4M2}8k'#\JHnyVC=E2rVvmS 'Pڝ\RбnZyPl{کu53\%$WX1jR2e%"Xb١(|Y3PҚ=77-D(_ic4|_4SK.xJeEPJSv,ԏF%mvljEّ1T?c9Tn>%(l fw nvS"2sZ"ج(rA,כg1s\"d4Z~q2)^/ڴ@vEwt'/pD%Mf5"2߬qO}>,vĤvQgZЎ . xUkHIvث5^6PIZL[yܲPISY{ %~DKGzK]bqOSo,b_vb/)'笅${Vīy#bmH~xz!85WhtMӂXRӟ:O¬rfctԛAȹ6Ø Jw'[:wbm&ӭDM}OB4$_lF9?Ax%]Xq[SZǙdOP;ZkG_ .MFktzɺt3+*ouW sSДWтpn&>>#MxWhGPq tCDMuπ{ViR!moV[RWq4;}*xH\۽uz'w|WbPD+$?m/% \6K]P ]k>WZA{//X8zvl|в0 Ql#tEVPoc#KS?TqVr2Lz(!8 $!u;"W^َڴ[4Q۔K"T{kY"e) ՋVJS* 5yX&{d!#iN"$ĮiMb4}ۼD=NbdaWqv]BIV'1J3S7&檰HeZ١NC+*ן1xY;]Fٺ;pYbt+ b2RepL =N쁰e"0yW,SEn4YΥ/Ʊ'a2o@LmtSZ3[nl\j@&|-2+ʦW'):䲃n$En(5G}R9WjS!f";%31%APiI:Xȫ=ygzd{>YY{e-[0P{Z.p\gJ Kj|@1g'eח2j;> ֜ AK/^ɤ/%?HNFD Д}B̌ Xήvv}M+by,#BTU7L)|Zښ%Ֆ:ħڎ|"r~`K7.*xȤÖ5pI]Tmi6bSASS݅ Zаܓ'\L{~^R,_}hs $t=0%`8X&M-E@J>4֢iaY?)HDW3v09>bEٞ߉_ @V+ TT9.'f~?YKV֫١ӇJ."٢Wza- E>,ݑBO^JG%ZYuyBTی*2kjPkPeKTq`ΒљuGd<G`Qqu:=7w>Tva*¬w+ҧe8r glO|Z2cQ5ݕPH보+U1|ˣuX=Iچ:+Vو64b)|ҳc^nLgx80嬦 ϫPzJtԝ xܑ2|v?iCEk4)|GEIwΫ-.<-hįC2G{K̔np)IUBA449 mB dqmU؛L)6tޕNI9`ʇˎa7۬1KLW&J=7fY ܖHz߶)r.~=ܸ/'FУ#3 bc;(N}UړEMi,~b!>OM!9,jИN|gҹ0KC:6%60$4KN³ϣ*%\r  ?C6{ !JakZYHD#VKuij~QW땒*/1r+>M>21YM%ۺEo5R[;j]pԈCY^15Grg쬆6G/6g5cM1Bgm#7͝)R-PE&rtKf0q).pMkdQ\)t@hJq) O!^c3%'3 ˸e*b{?Zln̤V;:ײLfoەqv.Y1?x7U#k8ϹlNcm`e>ʲpyB䫃efv/o9>x 2նoX&ʌ&!~C~ԑEŊiE.Ȭ?f 0v:<ŕr_cmωlߺZCm珛8CG*y׮c<:j0%yrpXoG`4ŷL.N ;_EWS"SeȨj~PH_Rx^=-^L$f0-H pQzw7(\wf-ns9y:ԣHr:#FZ?U[z6*<_ʤQ~ث;wZ5W_()\/ݜfwGf)uZƵBU!}a-qo HLvan"63*ƽm:m{ Z=Yz] 36,ڐ AaA YKrǞ-RN*3A:&Knc|ꆫ[ r}_/z>m_(P9T@&eJ |="]pT϶JeBL |+86# ]ۓmhT[d0p v/'ܒ`n qo֛K'u hN+!k;N .uD9#PVx֯OYrwXsiN!'j7U&@v:|w09l("^9{#uʳLA7w9 vQbd >Uv4}n4Dh FvC“ͿX-KUkw+Nu2%i~Y󉥴$ A5۫ϰ:0!M{ }&ɗoRp9twޢ%Pb̮{~~^M+{r~*BLTHJq_z #-AXJ.볿V{ os\>bSŸCE@U/Z](b~B\)mVJ Z& 9 md$^խUQM.=7={ٜHaUV]?1k{EoZF xM&+-KRm3: 4`|Z?N DH`Xl.25uce6m_HXUD`==9nd1_ XU7X B2?EnsD9nj $_}S0sC#C7G(shnA #n,00]`o3GLe]]婠,_C ~ƪیC4H*iF۞eV Jc1%$2 ާ$%s7ÿ.=yX2ͪ)IA)-7Uw'YzB4ë4"r!%yw(h Kb45䰃66{&vOP/͎,3`v:X6yS[Amiǒ+vB,0ɿL+B^R8?Xݡ*Mc!`U'Ku瀏LRl hdg<uD#Zn:ІΑeV^;͹ = W5-3lo'ȩ0rA5(F\|1fDtiꩢ6녰xܱ+P`C4{(..>29(osi욫 YZZ3#FqWOVJٟc7UV|{#;}Kʥ zya 12{1WwW4Pۑlgk/4++"~d?_.*>v4(:'(L$M!Q18 [4]-{StH. XdН>cFkqQ\׻ۢykAeK՛C .%oN ubO*7'o|MJs1ua>̐~!H$I8+[]W1"[THF-iGB*GZ~IZω:jGiCe~UJ$?Phy.hO+T؝{%MW%HZ8s{ Fyg\X<̓ȍ9ّ>x':7Օ!t_9pāCF:M6g"};BYkpؕQv-T2 \EM*= rZO]& 78fɆ,3-&#)&7i.]9As6 3 oTke؃R4!<]ח0a`X>@C$F0eZ2Nvϡ:R9/êsېIO7X_n{I-<>3ޡ~frUl!8 r4DGDbBKF`Gg vt@JI{ hYf){'7 ?4L7]Sʆx_c4JN*[gt*pw0Gw@PD_;h/ ygcaˢ+EHzs׉4#wyl0.N [ fR@ ;x @rB i֯IhFTzO30t0Q4 i]ląN]{OnZs!q97nS.t{l+:X!?eБm' ]03*̥ ys)7m!fU\.IRjچgтT<~bX4 v>Ax/[ӃbRxy[~dʤq{oPɑ Eccvshgj}a}Б,2; B#(>NȶT!@1x 5X+jic!5v)zO1u^@]og 2NpKjˆ(qaKsެ3J$7"L9kh{nhE Z%[*ugŚ^t헂`?v4&27&*{ %-6?Yi)wܬ2@ BFt\.nEZwq_=K]@=KYvUxV5Wa V83`$ϖӬ:leM#ƍ\jz=r}bd 2cj^ξd{>Iq.|~=kEl-~`*݂cR:RRV q+W! e EdԖ:w3=9d܊:2,C*q:G%^^6Jx9(C7Q ~0\w'AjhpA,*wPʏ$}r6ǗI?3r;O|ad:´3!Ɲ|FZfe͟@ج!Ts!*zk:"wp "Bݏw{I9pLZ 9P5#ӣ3Gkh朰sa/&'"t-/:f}Tڟ C4.ӆ|7@x{1Q6ML>%bր{|7DZgFɣ\=7\U4m200Y}T_VBj߉^)-'^4 m4c k#:kg@bT"~(tD:n!>icUJȃ`~Ke󼶛 jطK$ {stx ^Pr!'ԩ-Ub> 7MEgܡ2Osm&N̥dR\Dsħ!?kF㴇*mnJLC>P*q?#7U峛GY/zǒ6/*n\ 7!F W+ScPR„8qpP[f=%!u-S '#E*ee1_$ЋX2ů)g/?bB~fc q}o[@޶P9U?EL„‰N':S@m{Sa?iQ\ʄ)O AfdyEmQ~ kL e9l)4sslsSX?,-8SZM/kzjfDH`6jG &#kl#_ʟ]H&J$umƔS oz3Ia/E(Aaq/F,I0{gnh+j8|ڃ49:V#d=Iu.?@=Θ<(8fҋwFV{4PK!.c5WEh'@=2'G%Zږ3e$yv[Z\bSzʃ q5;3wtg3ֿ #,b p%^]lBפ*ԭ&Eg? sFe#EAY.k^h@ySbߖ"DW}?K ;=KkD՜ ٻ^R\43MqP(!S=jZ_@G0Q Mw󽬇(%VT̺EtSA h>|Aqݮ,NgaD?X| )@V^L[cSKEkFyhнOzӍ,ruC]J|_5^k m6ȔS`K~al͂- sYro'-WɡjPČ]dq}OseC J9h]|e3:ZX #zG.Ee1x$T{-uKm Pj;@PT?4M3:6)RВ3,axe 9}tG\Zюgh R$IB$1Su] 9o մqAoaԛ?V j20m-@I7ϽtY׶]wSĴ;zFWYulFi1Kp:$/o1ŝ(F#u>܆8sӪ;ǎAxۂz,ܟ$sz!0Oc3Mu2#/OIup!/,nd^2_H+ެAGeMj{n_ZCoQf(?1dV.-Lqrr@Aǫe#M`[Y"Ka(sO6B{VM0R.Y˞B  2@,y~<5))5?$sZYM3NÐI w=3+Q]u ~<  r0j}G 2]ɥ$4I $PP*dJ%Y[C8hdx`28)ylPSi|BmztF*A[sv' ,bllHG`/hەH_pFU!Zm9@wI&^ku,\AJ[ u2$SvSv!?b*i=w-/X:4e20w: &:`\ߥ`uzh[ }˓irz($hRѽ߶\|] 8C!Y8 9Sx c`Its%!W7akX6$#cZfZf 1#KHӖ*$(,|t0"d(o?Rzb!`嵎itv:PɈdoch0íc3AgޤUZ GތiD _OehVUA@+/"$4묶*_GXqYၜ}3OϪ=E664ہk5n58TLYO"FdÅtb5ˌ+5mݕp;uWR2!Z漏xgD!_?-^sBM1ukӻ'.0}E-V*/@uz~v^ZӭM taۘL SKz>Mm2r`B+ل0Oy K}m֠>w+-k -s,֦">e/D48u`sfqE\:Yo.h48 jWi[F_Dpۜv1?[uq>5~2I?- pt̺WZ]Yw_g ~hzȕwSђ P':SM'3PWro#ՎiuS1ƌf<=jVV{g054@3 x-To ol&m]d;$Ώ{5`eii_o!,Q 89S׶zE#hWܬ* L¸nWzo X_%'_3'E`INҧM}? i81gFx|\+g퍳]b{/taV^O쥼PPf B.T.E| J/*iR(Uv^[:XP$5alqQ1jG 󖛧1BmwSm߉d* XL4{) W:r>%Vx@)P_ * ͊{I#@L~%R z 2UYIڒHDY& Dr;y_}W:H'bo̯Eo+ASvʾYn=7m[\ &>bmD\a qm(- $ 4tCĚ; ꄓ ,DDsy;*MuEDgN/~x-(y:G.؉hdי ,lct~D'Xe|jm7tu`W/8?s YօP;w`A?h"'g_ymY ƅk14 !JHPQr./c <*E}<@`o><|#/B$s~n\?WϚFZn7s-xNE x0ѡm#h٣#\mA1ܮ X蛕w ֧xT[8{<i/Hj4HusF!D4ܚ0f׼ڇRo4cdg: pЎtK:'aPpfBRv4腧AkvZ@9O@1v@?cpeю\L3TLX`-Ӫԩa+`cHxR x$Y k Mj.@0|-[WK!)&B!0$`L{ 'Bm17 Sx} |,ĩ})'$f[;0*+넃Xt3UEFZ٭2 n2mZ  ֵ39s3/<0VF9MGx20ҿ'$*ةAm+kbۗ]wsnƮvi(PT<f$ܥ,$-gѳnL:% M3tBv~ݭnB(`|%/jMBg!qIk p|˦u"@r U]L|Moma\F_Lz_A*$@0lfn+UUҐTW++'**] 1V't +Ez QW5& ;,<]OUP;utJrPӅ{M5:v(kׇ"=Tmz^2#*i &ݡͮû5hp_XRshXqC]&9q?-2I)u6 $vޣA#ԄLPC#-dlޗhρæn#`=zHԘ &H5`7Ý0ޔ\s"`Ϗ2f~3Kp`VǼL*Gԭ++1,'V'3H] OA9oSXAll ;z^[vf^O9~(=&Ð{h^LCS+kG8i8qD(yuO"'H׬WGAv9KvH ӑdwq|q$*uY74.mI@4̟fCn<'^d# N@&p_*զ¾Tt:)8K\-|3>Ac& }ը-<'fLӗ}|` jVJiKbN/G_#}HTE*cJӄt 9W1,֚@')(ž%X"?hM s_mTR|(<.w RI[٭4WC.|VVYѦ`?xО}z3;'N~\BckF -yDlzB6]6ԛkmBfHS<̧Ook()gC?0T! ! qXӢmy,Ck2x$P@0^Q UږRBبj v~ȝ7i%_g0 O6*:+`/V)}5eOy;͖I X:&Ԫx/i}_a_aH!wD5釞 63Dy{)k_P\,*kڔ]GaCu8@e\?QbQcQl}&g$]vִȈ=Y[P| 뗹=HTOL0 WȾ~퇴:ac|؅Ȳ&w0yQQf3|IdwwȪYe>mң]jSmd?]q纟^`2u(ʲz'^[,sX- k+f˺U{lMƂCwuoTߢ 5/Tge*d{ VQ@$PK̦^ؒ.E~&b`5FL/rfP)+-΋{*fjs 9ҕ 'UQ)ves91 &G֧n mK֐ )2?eU~UPQ]Pd4N̜%T0Hǯ"kXE1+Px38@>N@~ʽ6X-}msu6بEk:D?k " |3Z6L+ :<,'}~e-GbY~+%Rgo{|s|7IDl80O֝Ej_zOܣשv>GsXFġB=KnYfp&EM {AN =/h1SuJ:p.v/ ks8aBO9 A 2E, ;“ɦ b^]tEd:kp7}wO'i Loz/S*WV"'$vg4 'Ow6(8 ^N(S7AY Ǒe΋ߔMGGI߃B6ݣZF5qj\`ʃ%IHKA!/7`^0g-mp7|ʩyx :p]&P'WJi_Ы+l0~f5jBkYY+AȾ9& iq}nZ@r B2|4^eS6_ܻF7A]4m :SlX+Ad٪E!}ʔrP$*J n)`Bӂa R;v+W*Xj20׹Wgr]v\]u'I#$'AՀN8#)a_UL\"-*`WUH>NC.nJj7}!z,ސ7k| ^pqX+߫Gq:v6q@z$I=;0TElK?eOɆ }*pU>'sP#;؁4D *pi'ș_o&iFzrzb:gj.@]U-=pgU`$JV^zjTXTkS8LyXL%'Oݐ;"fe n?3`A8=qo":GgJջ &[dcQ~ޘ*EMf\d1w|vA{wq=Kȍ#jj I!ah| Fkl; M\Igwf,=et\“sLX>Pn,ϳu =on]JnJ6 h:+|: ۚ9c}'HOEj_pT2 |WMѽ >}K#|> tR5/MLw]_9f;SEf%<9R:9Ӊ0yBB/$Z oäR[[n (~,f`&)dӰ}uV 1+rE5ߏ(~^B`&VҮIv(6| r~jBΕ7n"9|V6V +"XŅR[ώv5ː o|ͤA[yIWnRF`+>b~nT>[e^00@-3*mJh݄qO# 8&+QeSmʉv MMfK^tI׳[C /P#y. #.u6x[PK8:i{>8f<~Qr$rnV?>Kq F~ _]MKF2|ܣSRF֡LHza-7_o1 A䄣*;2j$Ga![U벙NEO0W~9`yA#L+Z8[ \]{X=yjG/U{2a=qR?ۯuey8(!,,/=e]IFjL'cHŔL3čnn&\T;k[#$L m >`հ(Z=8A<<9 HQLh ȕ'.2].X(YJ/0+zRʜQ~쟗/ڱتA){<@=ҽѮeFNtLGxzp; 3U$خ~$v9>*E,^C⊀|c<0Vv<3"`p\}P~y~lA4Ix*+bśYKq9Q׋'BhXy|$~cNݒM ZmYSRoKxܪsHX˹a("dAO9)u J:M}6tsI/s43uNn }N@7p:}jc}bb]uιG>3O I])U7#͇-, ګMy1tX1!`TK'o`SNu `Ex0t+|s Nʴi 6hۉͱ=2xƪ]Ng*ꌢkwSGUtSqbFұb"2j`plWl`³Nnx[ڎ }>a-Ե26wn)==,CHk.46-{YםzC܅^yZ@S);=uFԣA{LՍ\*)o@6 u`P-Tá~+l,/(65pQ% Z7%ާXp 쳌[WP0Ąt8D%l !gnB1fjb0WsQ,0(tciyrYza 㩦tVMX"@?qtw5wQ w|"{b_nD@Uc}g90Fg2j @ '#o\(,Az>Px8Y[0wƯ99Ϝ`s bt l/ώB)DoK뙉ڎRjy3ijǫCX+]Yy~{rS=$@i ≺x$8!ro}ܧKj)}Z qG*:\  !|U,9[<2VT4PoMmPm Z2Kw0YcpJ8U c8c QF۳Fk_̉,-787o@UsgihUlmpW~s~F ȦCEuqkwCW=WA$|~̽;׸k^KVR5f-G?4@|t FF}җ5/$pݒtMwv_l()<]f=B{RdZW5SAa&0"g\ ZШ2w#UE13:[lZ1y2.!>T_ʍM7F'a[EU 7i[P0@(n|}h?>P ovSf{@Q`d z0ꊍ-~'[M.,5D]lC=;vOLtWFj3'lѱj0n[k[B+Tpu4p v "iRY* 50,j=E ڟ|`hntXNNNO8*Z+_&hYڰybqS\i;edNx~X=.+(cNbgs(U 26 %3N@L/Caj`a&2Xt%c3"n.OZݠ=ATɪl)C؆quaHZ ^-)O}M<4ijXx\<x5՜~rFIAe*tz|%nO8膙$xxO b(Jg(?m*{ "yC1n;MEk(9VҼR¤ʳxWg:q̪SWu}T޴Tp+aNl~>DAzHkhK0DfT~.Fx'EG+^ )"T12! #/%(b[: sNiɈ.YhVwf_F/XJ:wtSH zP1^B*r17u=d$،\v}Rg'QOe=NtFl/X1Ͳ( %?8ƖV):6\Jl*96 r/u5j Aݹa#~_i}/ p=> #*knN+}IE͗P_>!$Z;{-ʺb2FM׽Oj~v1i@ fӵ SvX(r}S@553Zi _VӠ]\M&\3FZ=jǨB5Yz T# Wgm0KU)M 'C-[~do|N &h7;I;ާ,(á"Gc >({ D_xˑeqKyWYKЃѺڊǻ۠" NCp6?U&c<8 kbedΰ9Y>O_α~SĹ7;0G"lDb$bMg1}FNQ.2^4] ɥ(~ w.K᝾5φ]j*`1B$se$tXtңv8Q册E+ĹCI$3'XX Rahy"wb.G=XJv6Z+79->eBGx\(R#'j+ؐC %aHHsnMlh*y KRzJ.~'Hy{&m;tdi L5L5Sx9\݀Jh!VBӂ{^ p~(1伓UXnzy(Ql<5iq: EOc5AzPjs՜dacv&a/866NFo^S'T 9 LkY&ZFq. KM&b޶I"nFhڽXB.<"c`Ɍ43?"[/+fX6뙓s~{xS,p)CrQ)v+z=WCoZZ.>c~wD{F>i:8[):Hbc" jؚYꀻskI ꕏ{!#֜y1x`?V*﷙olc&5ڇ$ZJ< Jx#_҆])np#MjNGߟo+IXF>7ne3ٔ saG%p Z|J$`-]+Y1Tތn^d an;PSp^=Zĭ/mPlvh H2z1;l5f7n+tm dj/ 0_Xh1ƑD*e[(dy+I`D1LX ,S 캸(f 0L:ibHpX%A1`"6sŏ#L9I$ΔAob𳲛W[?9S'ɑ> <=Skɠ1"*hK- ދΩ,9|FxV_D*5 &Q07s|>W"|Tc?ΩxV2Xm? f-^sՕ?vM^9<v *NZz8}s#0qYZR_T#cT~HYeHںrrh_7:.?pJzQ)g?!ʩJ:}JZxF0aS73ʢ#dAmv 8LB)oMwA?ݸq)T1+ʱntiL{ޙuڴ[w)[v=k_)zhc I%*{ejh AR!gjUUׅU{V,a@\]c$`7dD+H\rӓ-MoA9-"sg.gϱrf/Fks̳U&j%[|P2Q>ڨ9haRc}'lSj-n ѥ9VmGw;LV^h c_Ӱi7Tc'G{aLb1\M> dA^ϥF36yBpX WaE]&6՚j/.\Oe=䟾0ɇo{A6$8(Yw]hNVμg ?e_2B0ZQNAMwPd)kޯ"2JHOҦ/I>Qvc9kQkL9Ծۙ, ?ğm[eߴfg!R )3U6K`X9hҊf`9!-Es&IŢ*S˔p}>)OG[iPjTQajku8X_ݪ7 |s钇3Q[roK(='!k h*Ťlݝ5"' |4 )iļH1 Cy(SqtV@_Ngqyt `36'lH%Dgr WZъXf,`+!-A {(ے`tg_pUYgx(=P,qRjȔV#6Ox}}R.('}'7hbyQcð'wTsg%ިz=T~딊P -Of,P.%]X|<:CAgh3˄6I Ktm#T/9S0ofFsppwx `"}?:F78-ȢRimC3b@"Af~"A J̈>=;72!nqF>dZ*3$#A/ 6G A\_9.\e=)&&ƺPvim&aV: r$k1̾װ0T], do> !l`U03;z׊2MT"gO"P;J?tF.zyn3s.حb25Ț$IEe< aTE|+[}6[^AN &2!% qGı6q9c#RRǻ-'8c ?mPbgg<y:/tKl n`A^&5ƦoUZWti"\m[x}  0~tVT 82=55\KWδKyI ~QP˃1pq<t1}1{&'6 ] p,(4 (#Kll7a]z@GeT-4W+r{SD\\HȚ'ɆIZ[~$n_ӮQE2R(,9l|O5 x:@po˚G/ h(/alT{"(@CwFP.b\ec Fl99չUk;@%q3QrIٽ6vTVG32)ah;\L!z-?:[HW3 i$YABuk7IV@1䲖7Mdwv0?h3!U3ؾMY j8ԉWURG3vP|a΢J]1 x|K Pws Bԉ4vS ҍԡxJ  Lt^oƬxbGaOuנ'V܄h2|AIQ)he4S l2JM U%N,wMJs}s @64e`GJ;Ŝ'IlL(f %4Oa7 xxR$îMX̠LG}?A{hU^?X՝ry:K)tjgZgz x?^*x(i~sG!5ɖ{1*YDdx߻ ƴ-ݟoiaOdniSy?j)H֔Stijwq0?KЉLzI8`Lb6<8Թ|K6ϵAN-}y28 ֨QvmN,XE .Zq.AɵrlƯQ?jRӽ k($Y]뉨UY*TZܝġQcg}ֹ{،M讱R cζj5ʽD~7܄xyA\Lq\ȷd̺%Vv㈊GfazViŁy۩~iof$:9Fbޚb_\96y!:m@DsB#j7Tzi4|AKCa{<@)# rAo]eV =ʚ(j-3ȶCAiL+aP׃R6?<~J@Ӎ12mix}&#f}DJHz? '5ot0Wd%sݪ8e>?>H6޴͉˲*\S'aD1Ռ]eM+eK5/9J"XO`9<!|yg:SMPceńGUHH{a4ȖW.[H.F.20)Ee!^W^H$5o>? ɺjHp~D;,YK R Yq<oe$44qS-F 8?(Yڤ[%G *3z]'?Κ]h$l1tx=31gՊXD1/Ÿ)M:5b惃&`3Ni^z-tQNBO9.:3'ARa~hGXc5WC>Zk$;ҋ+B6Em Q$Utn2ky~\[ jx @-*n u {yDus 6|dy q\$`VpCL̫bE̍tfG:#3D3JH}T0^-@IWց/t:#2˄3K  *B9T)l{J Zg,Iif%}"4]D G-z[V<MzܨVKcb0zf}v8>T;\445k%KQhȤSi>D{Ӽf9{U#s8|UG($g,B==e5w)`wbh`ҦZzY<ez-]/ءNYC W 5m7Xcn=h5+ѥ ӈA# ĆpG!-SI@tɱR`Fs" Q_ ĭ OZ|$ԭu5 ;_z9X1 ~Uvi[20OA퉤d*bG䞄TD_?)Y;a)|\lKՐ@6K$.X>M'; WRE6}ϣ\9dyoEZz3 '<[t}TjQQ|Z1ND52dtAݫ'Ɵ|?Dt70F xU}TQ0$ҙrw8;v ~M cg> I|Xq>S&X`;Lެx(5KlT2ڦG~wVI@X}sElz{28& _#Iՙ 1*`4fPwG/`G!aK%ߙȔ|09':i!Ksa ^MV/k=w׾9%9Z7>谥EJXC7WPi&OPd98=Gu\et%grN(r@.(@|yĴ"u,mRݼ I#p| $$cwoވ^!GXU` ~}Oat؟}vDF~lOQ8h2tA ~+*fEFyz u}?H ML:@0,/92D&\?ב?N-NQ{=g6hg|bh2u~oZ)%Tf߭<_m ޏ5NX+f!*^ieM"[2Ogi͎C76hL]%7 Ia ^5zk=G3[i.-1XqwW^t mOÀs-ܦ<#n=?X߼Sޒj Zi^yh&V3J-'\qc*ϼ>Gߺ9rut0T8ӗWib vQ]?8؜P8ߊ>V1"7+TB0rÁwM۶oޕLA8Y> Y*8dO6pzl"C}?@1Fྜྷ9g!~#z۠AoFnQ6wTE,Uwxvo jI $܊xiEHѨ\bR!F i؎$5(`uCޓwj'gL˟_ r _t+lXHX~AJz%$,H= 6>Q( 5rNCث_Do߆K.d8v%xPU?n7Z7DG|W=,1Wٰè}yT Es;J$:L8,2}#H72UDp;#mU}Rd2Jw2Axn EI(k(goڀ ͮFc*+&$(ojt8iY[4 .9DAQ<dtUş2v@u@MI Y׬ieFgc.1gU-#,WW?BJJW r)*ikz:f$+stswgeZ&YV&s#Z 2׷~xCOF 5?!F/_{a4A%Helkf*5k_sXVKyk1!@iC#kbe$xkoC;nHض[41p&Ȁ;#{N}7.Jufx*^/!_Z'<rnI!qT4U8/WR }@d)d^QyT/J잽$uCx4ecXe&!*яkN[+;=F RmZM6;j ~8{;5{uC|r-LW\|w0ݬ&8Cd"zˉCespfzFMv»?Ay8EV#raR7/$6aX-fkǵ0'm1:ӯA: 6],No:iPMJX~B[hqO۬JfsZpɰP蘪\c!bݸ☑*^ :󥝽ܚyuW?wɶ\sw'^⣨YWTf.^K+S=b:ydxN1o,87pG09j1j[# ijȧc|)Q p=-68 }J3QƜc{SDs/ Unj h(ar@ 'KF+Q'SUZx?bEGwaHphB8Cщ}_ C6H-eЎd#jSatz!Z,Xa 2rEp@[}UoC;f̹,@ÛanR6OsǷt-'$ywN,$$;HmENxA S2- < yy%6U ]ՙ̃9ʌeO[c@+7Za+/;P>MȞ\4fL=ʶi"eJ}? )c8ݝgSvl-M8߲ d4xY[z[;8R&0xI;KU:}elvjNw2}ymlCq& !?Lw`pňیNv8&Mhj^ϼ: (wIV{9O}BDSp=~&2I15KU+ e̕tT~}+x+),sO|ϓk:`bCXWݩ8fJ* V}Th#PiJ#"RJ.i.u%"&ω srQs0)IVfHHmA# SCE*,m%67ۜ~otHu*"pߠ{D|e9 rY% [_ )\_y$8$b,$&Z0^8H3 wJCW]須v)YY@:6-PuJBC^sJne^*)?UHB lay94i:JޫDH'31L8bveH@|"Jzx8/4'[vj; W eѸvg{$vwBK4 ١wAS=jJe{\I ¦MIv}[; EqѝZΦ\l;1R-zT "(Y|fa^РsΝa Ao VK&qxĴZ'W.אG5hx-#{&v=OsMh"&NXAȕ'>s`qq s4GDn_h8N9=L2FMmRJ MgLԐkj4jy%fe1$΍=J9?}Z|;xЏLe7_%Scy̰S>I,]T퓩F`4YcP > > ;YovExi}þhcC8EohFX#N3%Zn6*'E*vR`0, 3 ɡUg2餿ry00apvRlhΐ>2?<׈9p]uXҋs^0 5']_zS)1[27#1a E, .̊ C6|\d I8ٸO6y0-@MB: /m:C!^38Mn)<6h)!1[+7u=G5W+0†@ŁedtO3ǥq@)"™ sc -5⫩ٖVMNCkB+d0;z;P#lԐ*|BNk| jqy/뢸Zz'yc"(Ly|R, K E`5犌8O`D #lm"=0AfQ {K㽪mpɿ*8,s퀙(yTr L Fr%B *nDk}1`lQ$2?50 B=tpbnXPsY$MtJjyꗂA|? vPMPͪ]z6SXIkx;xHtR|gRmƜ4Zp͝m4- [0ax6,$JPn DpMO۬_>N{cl>*5"ҭdc)U)9&|<,#U$bOK0<8}/O-EǾ MtU!'5.׏S^kr2@88EWW]bMXEsa>I{¿VCſ}!%1Pq6tԦ`?cr_G787HZll3Є';]i}s1u@h՞5i:r(\6HXz4ᩋc[.Eyye/Y !I,wl6qZ KhuQ)l7ŶХA^E6ԧ9RR?ByLl4@Qi٢a6Y$9{?90 =|eUx-W n+$ Kl83S[M$15Y6m_ږ D֪DCigߍ_y+ݫ8.})\d`eF_.ӳUGN_ڵbH4+laقI\c68=%UyEXٙ]K٤\j*JI5w@4cGq(ScQB$wAe#{Et:eog`%{##E^RkdC>5KVґ$_~.  WRچxE&e/ʆCQӵֿ&N0nsٳ< 2f= ϓPya,EzT}U 4oP!NK\oqwU4H"Uxv:ٹձYVᴣ搮}` 5Hl(!y|0Q c)Pb(}Nbdt `Ϸzwâ5JgqS$\Ŭh# Lp`6P YJe@8sY:eAlթ,f>"60(֥ltm2fb?y){<wB[꒢F1߭F>I״,v@^Ҝby"p 呯(d\y/rށX9Y? !])Z4(uKKob63a+[+UZY]l՜0JgXR}ņedCBKGmK8|Ur7Mܡ HesbJ#8]`cGGS:݂}PFڳb4AXKlJEvZ. ox PPqIBDzi[g6'Ճ ARO!PA{a=r v;#z( >G4&m9ae$i]',=33nduZ ɉxhoc7(^žUWve[ - S@~m[dW4DHJ݊}iPcOb\b^(4ъՊ/ԝq~a/n=ᠹűҳA}3wEbY^`1^%fxsLR`z)ʑ[6.BѬBDH};yC欌sӲ+J؄'yo=E֨`a-ꐔx SfZ1Ժ eȈ e7chQ:[:F(5Љ&k)ugڳ^[Y4ss ߇a T7z{yt%a(x"ӫUket Ruw_g>Y{dLiq!'F\T6Q~T9trtqΆ=NZ)a:$g0}bೞ7y-('8pwʂr{D>۬*`Q^z#:w.mYQةUI5bӈ8/RS:p(5;xް w̕*0QPefRsA9;~| )ADEF0S`-n5Q  /^oW:Kg5ktRcQgT*qd0z}  m㘋t,#.f S6 YƃGIbՄU!6ޭtMIȭ%HZLMkaT7|?B0[Ȣ ?1s1.& fF-2Z^J.NCZ~nSi$ǂ8-WxV',97y\nE#Ԏ=&菼BmpB-?GkiymH,N箱n/ %b=n>ksj1!Oli5J'P[X~^5qTohGes -ϸE0vTsG姧v:0 ў4p@2Y ȁåZۭ3AX2p;gCl%s&x oa{ D:\-V!'4JD̻.WG̛D0:P"|yݹ&U fNJ>p+*\;'Smztlw#(01VSoG(qnMN>։ih㯶`pXC؄z̑VT(ԡDI|$n"A״7YZHB̂.4l?DFqt(f̨ٻ|)Lw29W{6lV52:6,G ]5vX6Dkd֠Bq_t9&IDz8) rx kٽi<\Oɷ~B5-9OᮽeD5%(EB}mndg"sH'Twd{FV1Ef#G 2[|TKnw$ bzM/PjReuRr-(2Q/a6"I˂Z2'BS:[ϋ0ECmT΅0vQv,]^*6N $0 e@_O9ofv)_pAk>;&ʬ V*Ի.tEgǥounwe P7M` $tB (-h4ek0yW?bz{8*krƀ3d=>YRaQ|t!Xtp3я,Y PSolpor,b|E;;cg`=L%WNpp!b$[H{>7%' m}|^eϓ ],J93Og;" nʕ#=34cο˗ aXJbq~`#>4p3U^rmh7mmCpTN=O0dt{\*KCP=W- pچ)PȰ*².w]R_mT\IT!Cy سn ŷ~>9^oZ:op(0'dxd3PbAGl"@2d S(ZLү(X Ge.7]qw5b~D:w}F̤#r5{n3K*\uO'IO[]E3V1ȵ΋D wKőc?Y ZTȠ^K5&aR{zGɝ)ނ 1ڤ/D3lt-IO G*Q E G9o[kQFOvUBxɹ3EZ.*im{])uj#䄞Jsg yc ŗpIwYZރ?n$@qՒr׮2 pE>!_KGEΛ%D^;E1,H,G &7Cr%T\z3'ʨ&6 1kL5 er]'gKyrx݋ {i :"ėz;֋8 }?IxF3J;0re(Fs-`5H\M^!}9q沘T1spN[U-P92jb\IJkPJ%bΙɐ[Pg9uu6ϥx^e-|%㊤# ; ,BX$ն͗,PCǰNz|U)r{w`mO%>:/ڌC7pUs OXRzLOaؿBٷkO6/=m0Xn+i!I^Aa^ӰoZ'+>y[5`xi'o(J i\aBHӶ0j0 _϶ECs)#ZuPp:.:^oYd :T1gmmR{^]X|w;/Y!RBt'C!sӓ#E| SIPjC?zv PGղg6TBx(r`?]rdQB9ǀmӒy^W[dh;܅j2#b3KP, {v,+Vx{R #_j8ee4ϪdXA>rjnbԦKK+zo$㛘8??MXK!SBC-d`ACo|6&TkH%_wyV1+M Rw*gG?O^wX3iyQUښ+z%N8bRYuo`#Ҿv6ܫX!N@°@r r1ۦ>T*D]zJB`"؁SU*jG"4|Z3X |Smœ)9?8bC}'G]bⓃS~;ؒVKI[$z y?gY]6JЉoZ.7F1W'8/Eh8%R͢^rTTKMY/ c]r> ڒOj wWj\F`0\ΕH*ܮixnܭL6 #!3E,W >om}' gVv~ 0 ۣF+JnigŜ lZJYR jܖO+<5^ASk4rKc7p)"A0 %ňz ,"kL=54CܵWһ+@~F42›ܫ5"LjAFmǎ3صSC״&[f`,]Y2H0䊪mM Lcsrp xdQ SBpn*žUn)-*eʰʮ @#'cH} +gz秪rj)}R[-PU2Cšf&\hfbx fZ`PcbeVƽ*Q ΅i[`39V݃uXhc D֒ -OV$m)G;ö%)Gz vG}@nՋgw_dx'31wܾc:^"(4VT`S,3؟ej&R@eRlՒ{/BmD2𞛸r(Vng 8q&80ZK"h_zybGEq[g :OB Ϩ<VZ*,VK'/DAS܀xdW{}GHa3WRO6ēS|ե?xGVFqvF/+ @|~BNвq*J*XYNy^oBcR]FIʥ*dlޖ}4ͮK|jk>{+₍DTk^⺶z& S RY ]eh})'TbpE%elM]C~BUqnЉtp/"ٿ:_)rg_9\z^*A>Ffi~>0 F>;L.|H>審I7g蜼hORZ\P;vSګglRva.}xWz&JU@+U4Z>]*.EJSyƩmǕnks:*J{ZX_lƝ%tA&/T7piN 59f;a\8.EN']_'&ʹJ`V[╍fk-ck s&y8`ZiqRdLU tI %I!%ƑOVᫍ(H ORxmCEbBzvT~ 3ՏD/˿wXqk.;to>tKUJ ʘ‰Wy "C̤RPu Kz&@BQ' nu#ã!'f[!<aѼwX5, a= }{M5{Zp)P}tg̫ѐ#$\jj9jz*#cpSmϤH5\JDōflD<XI V37n΂;Ȅae$Aꠎ0"s Q4 h*%J$Z~?;-\?:-VPF8x-uA';%Twݽ( RO=@\z:s7٤+0i~qrrrǣn˒|QٸΤo+ss`q>s * x~ :ܭkb.  $[.v:rY qJ֕y?MP&R:]P"Zf?iɂ_]ѿ[@㠿A%+?~d&; _$J9h/$SdRpzv XN DB{݀ժ eXoS SyK/U+PN =ގx*Zo;<|gi'6amS t/~@*nW$րq|}mejC:v!UX/ĩoa,6_z2*P$@SOL͝vUi7QG^AP<6陾Ky'Q γS4tx?uBc$1'au[Rԫ'Fd:[bm{tkbyGg뵗n 5}7DLFIW4BKWr{ 6ħM]jnӾ҂3p_eaZ[leu[p,QڧwZI(y1#SE/.S7F7 >wW8A+Q"J!2%*晸{mU$Ϛ ͑ 3UD`Z?\އFD)tKΏQ@Hݤ 5 B-ӯq<]P%vQ@H00rS3 }l |wU!qՂTB ye|;v7O|}4k] UG=Gl!0P' |>* 0Oefğ) W*KfC}&:E0 ~ 'QOpg$Kh]{>tڸwD_Kq kEK:5k)_Ih^-7 :.Qq~]E߅|8ȉv❓2~粶?-5hu&_R4/6o{DO⅚c}nf!@M\$L如OtX?#A8ŗx:gұN *Qʨ$G9>䍟c*i;as F? ,suLj${PnmN])˖ʭI8bǶ)Td^a?/vX.p2`nū( L?F"N!t>7$̢n@ W- )36Bq;T<׮?,N쵕={#oSۙleh>3歨Qh-c3 : ("9xxcs^t#/|)*n0ڔ C DcL癵xaӺ L~嬰U^\}pV} R/ƎΓP[.TߧAXS#TLnm; *' ZnU=߶x1܇`fJbsу7 cÁ_}hDĩ} JBCUwv@/uĶlxkӻSO1W6н5 [:=NnԏMP=*1_.,oًӘ L}(tG;>-+S/zQ4tȚKHOcC-3WH=Ks7#mޙS6/kKBy'Aw㷢|g-qN31HK݉VJ@KHa,eYyH Ze5'ty]UJi9cle: Qh2zf0lZ#L2U@TnRF^{syACm&uӐH$D&!CŨ0]27z44U5{p Lk"(VG B $-mC LSr޵̓Elqq yVyPb^Wdnѱ~S!1bt5J YZ