sssd-krb5-common-1.12.2-58.el7_1.17$>PLd.>=x?hd & a .B`fk  ( < A H\u(((049(H8PL9 L:KL= G H I X Y \ ] ^ Pb d e f l t u v w$x8yLFdCsssd-krb5-common1.12.258.el7_1.17SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.U worker1.bsys.centos.orgIwCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxi686getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdpKA큤U U U U TE4df1dbec9dce1752b815cf0e2126f824b0ecdd9ddd10effddf77b66925bd11aab9049ba3bf1c9338dd0343ef13af136f41c68d67328d258a07ce01e343f10f3a938e26f08f2ba7404e364b5185076f170828872e2149b5f5dad0b4f3c14afe728ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903rootrootrootrootrootrootsssdsssdrootrootsssd-1.12.2-58.el7_1.17.src.rpmlibsss_krb5_common.sosssd-krb5-commonsssd-krb5-common(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/shcyrus-sasl-gssapi(x86-32)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libcom_err.so.2libdhash.so.1libdhash.so.1(DHASH_0.4.3)libdl.so.2libk5crypto.so.3libkeyutils.so.1libkeyutils.so.1(KEYUTILS_0.3)libkrb5.so.3libkrb5.so.3(krb5_3_MIT)libpcre.so.1libpopt.so.0libpopt.so.0(LIBPOPT_0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.12)libpthread.so.0(GLIBC_2.2)libsss_debug.solibsystemd-id128.so.0libsystemd-journal.so.0libsystemd-login.so.0libsystemd-login.so.0(LIBSYSTEMD_LOGIN_31)libtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)shadow-utilssssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.12.2-58.el7_1.175.2-1sssd1.10.0-8.beta24.11.1U6@U@U@UUUuUg@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.12.2-58.17Jakub Hrozek - 1.12.2-58.16Jakub Hrozek - 1.12.2-58.15Jakub Hrozek - 1.12.2-58.14Jakub Hrozek - 1.12.2-58.13Jakub Hrozek - 1.12.2-58.12Jakub Hrozek - 1.12.2-58.9Jakub Hrozek - 1.12.2-58.8Jakub Hrozek - 1.12.2-58.7Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Actually apply the patch for rhbz#1255442 - Resolves: rhbz#1255442 - getgrgid for user's UID on a trust client prevents getpw*- Resolves: rhbz#1255443 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1255442 - getgrgid for user's UID on a trust client prevents getpw*- Resolves: rhbz#1244761 - Relax the libldb requirements to unblock RH Storage- Resolves: rhbz#1232130 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1226801 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1226180 - Provide a way to disable the cleanup task- Resolves: rhbz#1227772 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1214286 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1214286 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1203365 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1203365 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh1.12.2-58.el7_1.171.12.2-58.el7_1.17libsss_krb5_common.sokrb5_childldap_childsssd-krb5-common-1.12.2COPYING/usr/lib/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-krb5-common-1.12.2/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -fasynchronous-unwind-tablesdrpmxz2i686-redhat-linux-gnuELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0x88f82876ca9811474877426741c9455829ad1a5f, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0xb37bb80cadc584a8b0cb6952273304184822fc48, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0xec54ab5813967ce5b3613e212d90b7b9eb8f722c, strippeddirectoryPascal source, ASCII text0PRR RRRR RRRRR RRR R RR$RRR R RR RRRRRRRRRRRRRRR RRR RRRR RR$RR R RR RRRRRRRRRRR RRR R RR$?07zXZ !PH6ՠ]"k%;eN8\7e|FŌZAD"ڵ2IG+tӾ'TJoV UhTx1ՖK~ )[sؼ W&}&P{F+ME֖3Mj-]@*va‹zϹ[aacɾ%Jr $YDW^Bه#pp0D08y/ĠK/ Ӂ4 @T *mBt+of>poŅ`d9 $zD渏qE*M:L . Q:2~J)r_#$@e H"Ώ՗P(fa_99DmMe%{?19e6\'sZo>^ uAqcnVXpvʖݰ6X@caZLTaaBQ-`fJA]DP45D8 (5 6>L-jEzszI=aӊL[-0![{0a<|OnW5 ՝"D&HCWtv?&Y E3GJ,PVk}{>ܻW-g@S(&㋆Hs!8%'|;/DHzdaZzNtvS 4"߾WZ:e­:[-@xIPgSA]n" OtC[Aúp^5 eC \QZ 1Ј 0ׅn0@&+WB-r-& Җ](L, t-||G1zzRM6,2tFωQ%H 10UMouG$LȰ 4;ݳl4_ὴH\y;S.rQL >,rRW&F0z酁$ lWݝ#e9 'V%v1LH G&NNX=|qJ8+7=j[[Wlɧvf/-É/{knHU-Q%T<lA''v \MIfqOOLC(ТM 1H7 \DV'N߲"F7Mj_mݫ&g=`( p%p=XjPQOӄ,I?{zGwZCGXE3?8v Bt3g%Rm5d*$>I$R@F{y8Y(zF%mʱM~p?KTԭ*_\|K"í*G ;^h MܮΩ@M ,PקBM޲4쐧*Vۿn01wC_Xl5rgN צ{#2)+50QWoJGx `%Ucs]|=IUgv4{b%uI'b]C@A:*g8+qC@ЍL!0p|024Jb4簑hfE1fGZjh`x Fx[ǣ27q}+`qOP-bf< (T<-2 cA';tyK>(12텪FUjx1ԣ9|}Y wF0T]\S,yfWA)B,pO BqH镁g!%{=cFBދ-PS/ _ 51Aђ9kA.c`A5R$SqӋ!%)Q@\j$>\(+&ɷ?7UKj3tQ-ґP}~ExKsud\\tX,IJ|]`{k288pi1*YMPE"ĮGLMl۔qo-PqIt0@ rt񘫢0:L~`ϱ\ a&WҜr*HC ) `Bijn1BcdBe͔f6j:Lœsx%H! 8 AHh$E(]ŗLW2 a`19*`ׅKr|bgm]v@ >FM֐>m<;=7BY{ڲrϰnjbc}(k9'rD咥dH DZ &]L]PCECh]`U]a?P^Aу^tqԨɟ[$s4Hԉ7؞D7;Ut:![{C;ܘ-Z+ @[ҧd˶;/||Ǎs  kU9H.2 \}}u} kMyz6 (3.&ڊ$`EGU~-]6ˀx+8ǖOPRS&2I 䰬zea3I .SoJˠ{NlF[$n;BӟT&1QZ#hT;,@\Ys`q ;ϊhS➯A8~ڍ =CJNəa6/$5ڃ ?u`9Q[ J7d^Њb~k 4:$+nDɹZ^/?M0:84uyvv³ 7YFYvŏ3=\/^)6m "y{ɸ,7 3gNn}Jhȵk!637tH@ltLmnh8TXOhb 8IS$@Rլ@U>JK6@=WM[Wj yzr˷*vW|S)z=&(J?ӽ;s?tnZfx"/,8}̓&e'0y3Ӌ'Lizʋ*jJK5=Gu2h `QS%dAg??*KO""rhQ M#ۿ`gXgݝm""ctR<>0O@0zŲO;<!64^CTY (k0Mךk'E,͕i8i,,aHFE}S"iDkH9G`duWej*I0m1ɱZ`5ޚ󗍃Z:m Qgx[ϥНaYY 5 e܅ v4}G n'hwZS}ﰳ3=X4E9r!<t4fA>/2ЍSv:fNz`DS>zȆɜ%ByZnEi'Yw$q*ǥv f+B2V?u:=;(?ln}! N \vF\B&Y$C(ߠwf,Ժ_aiLƑ_Xd[_l}]y&l2ot-x<Hu+E6A;3Jn6Cߗ7j0\%s)!2R~PO5V w b_.~H^ʐ *v(YJ+]t'(] FAppVt+Kr;J%n3"G琈 -/?s>-Ҍs+B":)F?7Nb[wVmKSTpF3؎N PG*Gr wX039"UMCI)-GB7ۻLf:x:*8#pI 4%8S->Er k(3!&)&mZ%VQ{kXXLc,"x(8 {0Iq09cq%fv*athEN@Jڜ_|xCwHtUDŷZ*wD3C,B?ZǞs1W@+AGo2xg/%_HW+ݟ~W $ϩtq9)@X@L"DiuL-J6W|)_Q {瘋GmuXݼD#`0 B]lf_n.2uv#0ӵɳ<2|؃*!ͻ4$l7byqݺ\gKCm牽VTh.p3۸;Q+dTxȬ?bV77wقIa78I̶]Fk]Xs@9 IZS$V.Gn%AWȄZ4!wwAf(7] ޕ7)wBeJmfQzCZVP;X.o}%X-b]u 0wưܰ4EK]â.Y;W4}DV1f%t9lxd=-S a !i{hōoZŔ˦.;q={]Eܭ>ohߨI̔$oqV_솣"a3P !ΣծwC@2o?s4%B ?l@Chݧ0ysXR'v͐SgAֺBqk3BF+ +Aը'?B MRa?1bkWCjk*뽱wulIERzWS} (0asn53)8./[^q:VT y"τ=O+_h<em}O ؛w앿fBҰoi璑oBo`^\a6WfD ]GLD,+SO!M,Ib F,Q#DGB)gNܮk0U_T^hϋ"+NhV a'쁪E5Øj'tb;Lcx7(,\Ċ@r:եo 'Tdaj27Z?Ha(=FPֆ!z]ՖZW<<5(Y ¼[h@dfX"b hҿ.;3l;+kRp1Y֯+\ 0_ .Ywg-]V PNϒ=(,mͅ.s]]u}9Iތa']5PőuKJ 4}Ȇ,]^j*빗ӝi qZ~hpSY]7L,E@7 tˣq՝f}1@[C(je@XGQHY_GӝP7JP'锼a-RUyXG+A Wn+Q!9:^{wt!qkW2BYeRϘ'{ɣ _b'aO+WR"1/mlI|]_3t |ZCYqdT$kE`ERIv '5g]V;~3r8x=s8ґ}fPIpHi:_=gbD||⾸h4-vtI3)Vx~21D4ʱRPb3ws^dS5P;Pu2[^EY&Fxeä46Xp~">IFi뫋`bot>1AŰg8-'ƒIG&L)iM; @>'u#CX*q :NMֽ |[ҿY'k8pQ!EL z\;3(uӔDJW3a9f) m#y`@ @nD pJiSr<~oE&gY4YaVs"ԯ{:o ̊8SÍe2->R@uc YcKZfrΗz,b DSx|U1kJe- i ;SbKaaV,WFTV}GifI>Tn!FlE 7 HsJc\cVgTnTMSEâ|D0+#$R܃! a 7bmQX63xNo2U̍yE)b zU;&Zv^HBObB%YInc =D\5MǪ;#4Ԯn/d_2^S,˳kuŜ˸`NW!N 2@O<>}Z6K5{LzUc+{vc-Xڊ=<`NFhrHpŏrN}w|N'j?nQ$nTrn_{ ۪82czx6B')E9>ؐ\3[rB'ǦY`ۃrw;Rg:B1#N:=3%HDVЎ, zVS6 2%5p,.&ĭ&{)]܍ɁVL|s$Ar(1KC{N5Hr#v[׶+Dy nE7GѤ)Ma!wYQ,TSZqehjO|D_!ѶWWFT]6u mqȇ3vIntοiԄtξJ<.Fo_qr"̑О'2U=?K0h3A4݅C9׺ ܕl8o8|ˇH>;V!? 1=5E@;$CJq+:1LqǿѺGWY)kKc[UwᴱPjyۙ O`|U#:p/u~G&?EV ݡ6 q2NyP!C8dFR5T~f ӍI7$$ڡT^N^uŝxm9Y"5»$.܍&]Y^_OZ{=rrp&`Ř ! YUZ z>̅ d  T?Ei"DĸmE=W>!hW!o~^liV`+<'s0~D ~ jk*f؂8d Z8'RMNhNɭ \FhBgͫ,lѱA Ӛē0! 0Iq3ҁثW_ۋ9O&ѕHF+@[hS38a(;v؈%ƽ@J?!Wm.sij!&Xæwǔ h}{I}yxYư'|f{EamtN-ҡV&zv]^GF"-j6Q *X̱)#b0?rQ C2]ԲfЍ}X:LE7Bq-,_68ͅXgٮWEzq ҁbZuozAsQG#]!GGH^eRyWԎ(*so/[F)uh}!lOGִ0{8F#bT{cX@0HKQ> Ý C[t.i?MBn&|uH۰UxaN;;ԿS-ad= w\V6ok:1y;׊#EdԀH!NVV6{t멧߂%nVxWrmi+|봗[Bj g? ,ԉk-UiaY)RV΂hK`E:7zF`:&V u0h8C[RT ^4eeqڤ(A:[i!cNoM/6Feu׉q2 4j>1.T.e=LzTU 7L>Վn8wT.t>9nKOwnHkxh xi#6%dU? ϒ~iH_4ܫ7.rR֍I+$y٩ج2VfhL1NFZcFŠ|MԤ5gKL>p.)fǐóͿ tݲu O=C>=*6,||jXWqo^9MԵ 1OhR3nb`12Xs`gG_{j/w{%K*MmthezK`8k_! XNqd+ZgW:NzK$چ N=hR cnPdSo@R!plnzIw|>*ʖ[(8޳o^?UmI4X6_K G{r祓и2 ~vxIJS/vAyd"--!^ٴ䲵9Oz x1zW.@[E$ Cs!!e1U Ln`ᾐcѭ-~%"tKp2DEFZ\1wg§OYM>(HTj2"_.%`WiWo37 b}(p̀xۛGQjLlaߤa>@T zld'ꤟ#]>fDVQ1kg88d+NքZr ϯ7gܖ=&;E#^/q5+}wLL%Lp,ِQ tr{8 grm@6~u" ]&],էP` -hNs+n.FiPod|z){<Cuݓ=iLXAЛ6i͆*@9s/ۯN]P+.^*e˧K4WgM37CBEN`_^1Xwg5|S<$LKݎ8 Qn5uu$#x%Vqm]7ˆ'B y^I;F2HJ(pNa%Gڊxh{/O$̾'AX`zADc/@57l 'dPn%86SX n0p5W\[I[.tG}\1t(QMr } ;gjq)m$!Po1U2q\8Mg ^%z #LwVH`\ aQڈؘd:bLJE^d j3ϔEyl]%/o^ F:k^{vGp2x2 W[vϮROqt_SW|Zߊ&kD2 TSG\B~y CqPK[}`_ې6.C:d?x74`oX%Nr1#C #LW:VwdBCR#3' ߔoW.`=ղ'^&b]*@Ein#~?\k %8wGã2deiPʛ[,(zBVF u80̖ aRX^L;Q-ִF!ͧDV-<|\I3"7 BTF&/ԛ>>]`sЎ :,FBJpQk"K(.Eb :jWG;b ֍>Ɵf9B!$rB0m R=%ر~!1B1#}'Y0aV ]Էim༉Vr2BT# ZJ~z )XY2)QߤNώr#lejS-3yc.x3IZ氄3`BݡF0 YSm->;~,f[Ƚ+ a4\`ܼ,2qb;+Txճ͜Ac 90.(@^@=Aec~D%=Y^&_ )sd8wE07>W -w `k8q ҵF* T9qpMJ.~QQON 0zQYa7[1҅M83< #M'A(mrުnh }X=(sOKR%VpYCQ'*TZMFzrqZwTb b`N ח*"Ct(Xe_ipC@m\CFEpɴ.fS"4.o|chUXz W"F:q!V|As`ulkh]ڗj{{s[X@ưP–Dl( 9L~@AIĐ^TU.CQGxsnEjN;^LQSƦ%C8@ m^fwƲl*|FOu_ORG&Sm~fj5D^Őg~L4 L@Gw];mlSE IcFs` [ĭ ~W#.5rrO"=4rN>)\qNLǺ-/+F[gNZ$uUlO[\(hJ?sL6@u+DQ +_d zw٧: ƻls4ܱղ%y^mmLϦ;4.Wh^_EoaiUbxgk}I&π2yBH KQɎ3iTq8@6YVi 6 /sV㔑 MY/B,q%0OACd`=z)l5߈MT4'2vb{`Uuw=+OkadžJZ9T[4 V^Ӯ[ O)|aWQ,5V߆.񒄽b5"Dٴ ܟK'&J[\>|e$ii u|$Iz\ߊ `drN9hBX/ Vr oI =@k=oʧX\)jwxz*8\ E T~֝"PܐOkWsrrNHQ/@vzUWo"k5/;Pr|KFKk=R pi# <|[-NWg(^ GwPƉὖ0܂z|R;+rzQnn=kXdL2 C<DU YM @ iK*5\ b=4T/lշth9+w![hFfKyAbїh{2ņ?EAc>#*7>Bgqpt)gx7mS2YDFIZ,_LsLW/]1}y7b{GSyGc[YhM/ LB|Lv}LW9L%2d- 򼔫ͶTm@UZ{ %tU~f1}`'؟ D7?sՇݼ# G%Isx*$~P؝<#Vm-/>3-p1 1cRUXu@ 1Jo~޽l;Ƙz֧ >>vzq͗jX0'4TU%I>h5xk0โ7ְ .-0ܮcnxafmȄ3d o$6r~l[?s>b}T:ݭ*A^EocPZ}TIo!R֙" H~[{"Cf;<m HQXSf=O罘S HVȀMS_U+xyBXz / uЉŭ|Zi:! u1P hqۻ02M9۝_g{7$eQ/"w+VЩ[hZ/0Wl?xIzƶEB)[Dæy;U9:CQ< {LoˬP_Sa-\=䙨]>LXh9ߧ Q0E(F +w5z衺;ص註%}(;*AH"+^kߧܪ^2 bU[T8SbHm=;W}2Vvu^\Ηo7׎cuyv~Ōt. $D, KC o(f"{R_*\xԺMG'/W" tQ9 b$dKrW,Pcz,Kz4>9<"#zeA@>&˥%'7x杳dq058VjL6Oi0z12}ʤ'<*r/W'rN:/ᘚ|g4?"<ٴ:?O![‚X⹱>YOLH`&vI a7YEWħDh 3e+e5k 8)Es-.م<>+P@[vHo-Faя`U̫"haOc9?}V)UJ3jO9j-UvG$xMzEWzXY<\]ۢ2J k+vuW9v!v{ .;>WSD AYvy5ΩzArJmA2\T ^/֔P;oa$ vb 3yO4" qqLW\ٯ?CPR4[1PRI0XXCy0iF5vAJx6#Ťx[k.d%O"P(|%FS;`IhALztq`q4s$"[Kvp\0. :[/nq"|jy3N<\΋#Isv;LZHp1![e1˜M+"PY^F~WB=KpT&skϛOG;u3 ˈ;fA^zU/Oh)WSV7G*qNY? . AuQ(h7+ F 8ss:'#%2ά=_:Vҙ'<6t|%$> 4 4҄"^mvs]ܜ1 ,Ӗm/-8!bzNB/QҰ@Ip\3S,™mȖ.sX1r9|2Tg0C\V':;pR4ZX<DzhIp`]pf%N,7"N2sR2󳗛[#ЈitJ=wzݐD#@M/\<&]4 _ r,ݼ^aNNZM#h&Ut7;_~Ϳ&xmG\\/͊!K-Nw-KٱWylmjpojy$LgLrBތ0PΩ0dz6!({aҊG: زyy)oH1=kjzPJߣ9Fׄ+'[%j T 4u'?-~L;]-PLX)-3yUg30c`-[g|>ogEf` 0zsAv6]UQ!L̄s@ [vc[ТNjD|6ƀ_ANfӘ1Htdt˸>1x=?_Nj&34R@٫8L\הLm-ז⡩` LII!g/mn  Q#>@a)V&g1U -(L\M Z$ԠnR Sir.1,#^rxwѽF}~b~0!a:2kӁp lpYni sUC4U<6̇  y(Ɓ 2.cGƀo)y[ 6BPt!Vh"[P/[A*e?AT܀Fuj\9 _^ې V.r.T9[78JMBe0oHǴI͠6vF\مRGwNWwT1Yq/N&YxTv(Zִq=.`[ZIK w3IW[J_8KU'}ezJ' -yZH*/G ;9Է"G\Rr̮?BK9 6rfi(\X%V4eѴ0 Hq QY=PK]DMRAS~/Tڅ4*KJx"VN!zf!`.[[4";Gv a@\^Ċ{kF * **ܵ !,A[OjT Zd9Ɋłs``ZD~Z)VI&ıKop;ϼV<+&itfɳc%jI A$*Ptx XXDq¡s7ta&O2G>AKN* D  YCӶ0FOlzewuh-Ǜ{܁a \= >ϼM&O2u'gLhM.7_|t+?3|{EV*7Te5pF 0Mn[H1rwZkǹb_[VMqի݊mk5Ru4s|2h` 8۟ѢV"tbK0I&r549X'k>Koc,O,.܇** !/_18K옔sc6A#$ hd u;܌?](}]SJ.IQ7t+OpF3T[mu俨p:SX74d}65*&av"72젹צ 9a5W&\&?2'92գ4X>|NŘp_&::4q֪{ѥf[¹t&锸a §t(vtv\Z_ްG5kM62{[?j"Hks ¡{?$[#ki_; 4:L @kQ~FeLt%ɨjL0clEޔ>#-j&A,M=Lj˺$,Vxvjn.MTXSzߙF.!}' 3yh(a[}ܑf\W膫oQȖn$gk9%@;uDEŋ`MVjqB3M|W;a\aqoZ[ԘLvZ9;T3:GWF^IDGz_fieDOn,D}‰4X,CaDw&H0}%^n={` !,$Z\Q̰ %sdi3tʫ!}9}[9u׬9&+1{H";OQYb[Qew}g(8EJ}<=WӐ':Ss$RhoYUF+b;ȅO]Ѭ6ϺakOuiF&@B`GOkj $y 7Ut_d,߶]n 7cW*<02^uKͰoGsIAM'EgjDH99F,ϋgk9wA(ڱJ᳭(RwMpb]5L%sZ}cH']B^ Ruq"/7n >1+BZߏa&MyHvFbҌq}w#@Ɔ ϐ|?#S /Izn4xvP -pE9]*#o̒^ƔF(O5SΓ#7k^Qkdg34ܽTZAz&o66-V phڅ3=말 AFqX ur3{$͋A9߂k:=P.;omªKGHAlFӉ#\^7uZZ]-KK6#iimP]E֯xf'kJnEg@T@'Y"MC_ ( ԼtNc ߏ97wD{W*.bkܿ+pЊ8)~3vOxA͍//oj e|gHbguDvXx?{ XÅea]GJb;\|QeI[gnKԃ ],G_$1^ dn -EQpM>U"P4;QrHVBVxxkn#q:8bbGCe:sh?҄k;$$҂Q2X=ZQ$:/ky/x5\ _5lF^fWQ@!QAИQ f?hʹH.@Ufly82fY+ #/:$ST~6IgwhDOf[:5$?mh(zػݵ\jZkZ/aoWY笄6KT*)G[c ȷ waC^d{},mGUuQ̺Gk~07hrj V}I-]1|Y<C|>0ä)fKۚ}!T/WT\a"p."[`Gm/w3gyKY6I؃Ζ뫳+G8@FUl6'^>"6 G15I׹ 6B3'3(ڼlQ&#dIKx (1?hۓ:cPhv涵 ߹@٧sTAEcn[Tp}C6$_VDBa-_*?xc5%YΥ}kԗ;Q4\Om ~r>Kz݃ލJÎM\3L|~GXbi;iF5F,Ul~aev67WDso%#pxG#Hk#$R]H9X$A #ټ2@AH?q#W KMel88>Ojg,=CT2]ͺu谥Pߴj(oψ/`YVzYN[ ];gYKy=1 e,q!/ IqJ+bhX)mh j4&alw_vՐ࿹;,O(E{ҵ%;R-(  @Ĩz(H+ThԹv'[ ?nvAZwK+7ԔM䡥2RyGYBD+p/GSD,e)(ws;q QTohP/t)!u"-\,W~Ru|m\C NQ]&-3v}D`ơ%V;C,ʷ݇v_XQ%J0 _(3~+"fv1`Lh][7X[cZ-^xxT1ŏM_>Y \%M3g%^O ʬA5E!,%=d1]?q\@Ɯ?ޛ}7 簢bR<, U_?tg+BU8_9e)*"fKJ`?jt/w{=Džo~:Ny[c|%o,v]]q>iv A*Vv qZadejwvf܇{`c)Ǽ")Nf aߐ.X\AE7MܾqCg*9Ntsk LKg.$L*F;f@Xk(|+ aw`9nlO,Ot1A[bUv~顰֨-9K4]"lJ?sJk q-Z $b[;6okcpS* v,hf yrDN:g5oEZͪ@2{XgِqX*} 7 D hRǙ-mכP%e=*@BszDtґ T\`阗5R×EM>/=|:YU҂[U!Z/Lm+!d47SHC(E#^œ"%B\_I{?Gp,ʇa3u*v2> T9xp?`Ny? ܗJ ;)#04!h+x{L) ҽ1%lB Zy^S{=ϐ !Yb\/8/wP(k̝r'zJX}&"d~ə[gՄ/&ØbnDp$'i>ͽl&w 9;L9z8:ȯV;hZ镙]f(I~<bǘ~~ݭ݇Py)Dei/%KiWk4[9$tJq@ l~"m I,i jIUجpCg y rܝPP*R㋵]T9do@ ]tOrqm0^2?oNۜ*GP Ǭ2`eq|ɗ<}Y#ZkUMړα\;lښ1H%.&uLyնVhi$u\r/cR˗a1. ͆|#:k9 & >a~jhMlF +V'?IX*ɢþ#<.>}0y^Pe Nv!?ɓUR*fԼ>S(; [A~¿2z5ƁPRK5Nh .Gk IB:Ɠ|y_w2_ qF2 L,NG<@}G"V{e=p^`Z}BT6 =?ju~(ٸ0Z"?yޟŸ_Z,lD)Fx-W 1UƹLLMk<ƣfAdZ"&Bc(&cә\Öt?1kLw6޴qM<6<(s - K cz-]@MMtqTBƓi w'ѣ$i+ 50.;XK$|xꅡX7LR/,=ԁ6߭F7t𤸴,\x܏ .(Hve|a5~^*0d}CGL,a )jefl-/,AQoײWah:(Vg{0ܮZz2 Fs*gż~sܑՔ}6*|<-uL>Ӄ5˱'#b2[]^KCL^P<_ш6fWfoX`fD9W&>*F>)w_USNhrV|D~Ar!D1Vi3XkR?F#&#rTFdZy!`%kE>] y%_ѭ;ctͅxU%6~ sK~L`H<ʦw)p{˥Ɗ=ˏ74KokFywY'.@u3Z~PHxu;aC4B;t{ JJÓkS:wYlU+K ~t$d{ot BX*w]Ë{fRU9>X֟rBl#z!gCn$@N6V U ,+"RTWt* 9=18%E4wPz鋀S. O9Rqzs^ jHWߺQ-*D H6ph0 ?;S|:YP-7VGחߴ+)ʨk]~0.0tPXE_lu%e,?l?id) E!~bջ+mŢQt}PqC>}Ryb yş)O&1vSЛLbq3d^N ?Q@'2rl (b=@* | KpbF=64o.Au; (juX1E"  : }I/5>onF_3j|(PgC''#3zB7 -^X J0f-e .r嬳Tl2Ւe?ɧ1:D!3=@llLJ`.w'C44XQ/hh΋z|0qƾA@>g H/Bu(^xϱS)YzB*`:vBmĬc9V, 8S}dGRuNN[H'ֽpX፥sm[fZ=Rx+b[J*~b4[ -t:4`ڭ|tP; oA#: sY bw*?g}*z [<9a]DhAk^ʶM$nC; !Ԗ̻@^]0q>#6yt%jAqWϣyApm¯G79Io b8K/>]l72L;LvvYxWJ]P΍HommSmѷprZ$4HF13bH\ubp1!wjh:FD\X.drEmlQT`^+em*\l\uciR\A !NSR }C KmSLv[ SE'X|N]s5Ve *Qu 3~UI9;={iOb(쨜n[P}E,pX>a(أ  0$Byse$!KZAd#~H.Ma)1ؔՄwޝi>ay^X!;/O 9i^]CEy_Zc$D;,7e&.ztqT1X/07pܢ6fkn89j| `#h PO~K1BLX4fklv EǗAT@BLÒ2'sdl˩uuئi&(^lbjɶg`x>^$[i ‡.B诘_K8S0_n>9E# ˤ}ae06H (]&v U+ u+'WϚ=SK`WeO+?A'Ng"gAL 0ރpK=, h!{_[,ٮnFqp P%\p-d.dacS+75rm#XTKqiÇ*8ځx^9Ui02AٖXhw)a"ol}c'Gj*9]ww)%yNUL*1QE ٻ X׋10Q@B!9#?hCzɕ$7$0&=e̺1p2-&{*]y~h/ɹnFwPSH Kf:=f90Yw* ,coILZ cTlŁL[Ěocj_k=ѱnr)#i=kyaM"TGZ7S"Hm6Ì{2)'fu4;'Q"5¤K≃S@f en3_M3S  E HQ9݆2Wk "虘*p>1}brߢ߶,C_h et_$ Ɗ?ope q^uЃpsٴ0ėOuc9ꈥ8`zH}Yj'U L|,+mʵoR\CWNv%RH4Vny3:GdYT3sK0CM_PT* VQXBeIS=mv斬 (=R&"ZPa}\]ÝOfa{`OTfqKoɃQSM(}7 u>Vr]5'hşS?WJ[ lpH85F٩M ':c qwP-2&쒅ۚ|n|Ni~Iqb$q6 r^]D782MH,74]*@8Ոd$T OXixNj8;'a8gM<.IJWlD+vl͖ܽ7ZG >˼Jm7KTD,FhA2CSPS\=զ(L lK2@,Mo~T*0S+V:`1ɔ^~ja=ѳHzlqg5})I:- rd)9 ;!A(.N+NJjE `]4\YʦT-Be!8(]FڗjンO]`LX':,oٖh4H-s{qk}ztQx- 7qéYhB&|PHxC$oUʱ_oErOZY%Us,7[_ȥrB ₇QxcJ٣>ٵ6ˊTE}OhG5uW@;L,ӸRC%\$,:m|ɜ lwDz@=PoZۉUK6^;C[]h|Ycc9]A-bp'>oF 2z'. .1"7j9: ITQrw^Hی. e]EW_t@af'/8u<۰U"Y#spUmaihz?JALMJg(&.%uS,a 1FiD_!5هN9Kv衃`> ZJNK.hvGϭI!9CZl]\!h,OA:aV>yO!zLrb|V󩻃~˩792&8ѨC=Qm6H]"<i쟛"MLBe> fpt-KY;Q̺-ҮVDt"ed1̖A"H'ZzW;I`$!ܫ(fǞEwJR4^Q`9M?y%J?]\}n)7"8}t' zlzNL"b?aR%ɩg+BG?!'K(1ۻo#g[v!dmq/ H _Ջ >ϑDIGjOdE vt8 [I( ݡH4r4xƻubܮG#k$05j>/*Okwɚ|306ެS?RCBMfuR^o2 MN &uȪu ! bE]fL<nW;SUQց7a!ci1ӮLR/8[ XDg-N|wD7e@dR .M^mz#0D&as1ot.ŚN7 t*q+XOmAmR*ȏgge_1ngq>Ʊֹ|hC&>Ih>a dm¹wur~vVA 3qDC႐2qs.#'Wcs%Ljcثͽ-oLI~H)`{KlykXnB5웡uRR\yjbз1vsKhx5օgH$ 1Pmqjΐ(Ms?cUS\Պkal/;?Gҍ2:xGvo5եFSQx@xz-,ğ>6ǽ|A,lQAҿVݏ.b;Ƞ$\Fp+DK.|3Au9+Wo;.wz8YuPlw쐾#⇏-bȲtYǓ+Q̂jCzUj%iֽ h$Gt'oÜZL6JDsˆ %c )I֗)DGiLyo^ґX lBՏ`?r;HhD Loc[mHܣ4X~vG?G Ke?eô)6ev:ku/^i6)abIբb,pBݵ8pӼ6Dt_D=;C3Lޞ.rR%~ 7f=ޘ.\> k1ӟT+ IoE˼Cʏ=.vC̀LHȔjEee6Yjݯ=l*A{X¾=vfӉ9)iٌ8S'hlq*<nFҵn`fp6l}HӀ}RL _! !Z ,N_*1; ?2jC3.bb)`U3E邡ۂ'P6#D潰]u#Y!Hi<R=+ݾ-%?H6op$QCB"I a rLZD%QL9) ^V)\i`gavxڽQ/i,Fo)jH~͘;٪x.dC!1dbfʭu˛ `4Tzi[8R5!x9G{Wl!rQl/[^ϩjj:2#SΗs%GL3Z δ2qH3E{QrgswHk1,nro8gw,jq,;u{K/  TOBd&k]|`,W2'y5Cyq_ݬ8/].lJ`w/wp|juN;w埬''p|xr Mc_%ʷpGgk(<;Z0`6N.͓:[, qixC:`z]<DZk 03/1M`\7^RXH3^ }}%EQo*9@5"EJYNݻ|@DCm`Όϔ 4C;|3`DEnT@4SC8.xzHյM`wQ8#C+[AӻxS#q" +氵_8nj 0be{I@iC/.Շej]./ mZ7Q ρLq}UQ9΃7UqFulʌ[ p?0ɓfdapPSK/\EC"a H*>)IaT*tm;mdQ*t̤5L ;3V69MgqA͓s*_,5 V͓F\KqQ=|{XrO4op0C0%ׂx).ǜx1sEMApUAfAm>{d$@a%@jgR}߾Iٹ*]T"~Z8Ҙ<Q1 7 /5PZT.nc]}1 Mi'_sbտv41S\qIM4<:,QH>ÀfA xÜx%dW * aQ Č 2c-9GudD乷PEKY)t WB,"gvء@,5>:p?_RՒ% *XDdY{/Qi9[Uj>1`5H.4{ 艥YoOSTOfQdvo .,W,`! Em zf9vH]©!6W\(|5SXaRօ3h 'PR 3"0Sƽ91k!{Д(!M(֥D\ᶞ9?a{KP9a͇M6UJm`atd.VNS4?r7 g#>g1dT@}"zCocV>P0AD="6iMq:Sl\ow!x5*,I{J;7R"$_ھd/8% 5_呌\.(dU96+| jo6~<帊yz5\F@|` #RckTLQN@E.8,A Iɔt>Nu|;܋o)1/JdTJgPW%d38}Gۙ|I+?X0J*6ɠt9A"^ V(R~IE)>`[-D6QERu'8\#ӌPIr7݃𐎤U85ä.9P !cUWoJQo/y~%\}%! iOڶ6)BYʝ`'@/AVGe젴?{zvXr(ahD[EaUk>8)k>;R^4@9s ڄ~^^XlIN9n;RusጎD SЎStSt~:0|p]1ګ.󠬙C^2Tr=b4ѾPbz43-G" /ɸgYHP-2<ʅ AT%0Il$N=L;G~U[ړ%,MiG6DfǬQ z抖!Ǜ2)U`U neռxR P"Y(#E GK "6Щ\z-kb2s!oiH=x_ED(v|f*5=ZAEm:p }#OMFSȁ ZDڠ4!K{ٝ1J:+p2*[k8W^x#.|LUp[ró~2MQ*#JJ6_4xoO0jrY,c9Py",ˋ"X@PUЂbkj<"N62VM$ɴ)&o*b_zXA/= 3!]DK>Ft5Cc9o4ADLބ0E~9&*4TKCgb8;

וHQOwhfC27ݢOL a{Q3n#yfYX'WCl4=vfxŒ< 5WzL\fQ([4uNӛSnyY\1_h.i JG\"J_ӌ%NTw= 0+stLDO?:B;ؕ^yݪ(ܴPmBQcH¤ꐚ;/~rV3#Y0%gc@DٳW'.ڰďcO柩1xcB}4}wi& U v“Cn 롉^)1OUO]KysNְ:u<]DΗ0(V#v0l1>!q?XtQew@tDڶ<ݟ=uERMu].h)@sAbί &R+5viad9!P cEPE7^Z2|+A:yTl?NFa6MZو"ۃe^F66ڦkZyp`;sH4_T@+ӊ2::pr;Z0]pu)6jAE]- ori3+}3j 5LTsOºxG_`my)D16yȎY <(p_Ȃ}#,|w5\~r (0L|Z{BuRͦW2۸yT [C9xm;R)T>Ef@V]eQ"= I_Ywc`%qp1'ө>v~Zì& ^fM#C4z8sV0}ߜZ"Y&Du[\qX0 N-ːa;,S?\u;s-(Lĕg|az\uJP)$L.iX˅MY6Mխ8Hwj K0&RaW ՒX| K#H N[Y0IH`{ebmR BDV"+6$5nbm掃xsfy(^˗ )ktذHD&/R.Fƻ&Tm&iN.`=ʯ$fLU=lIbs&iIjn"H 405K'W b[(8 n blT:^W DxV8!-@G{t!ۤa!z@{+ɦ?j. yxI9o oE]UF3., I/iN L`/lp4s<_j՝.o4D>~k|&YZdL,(6狡J%X0%kҦzdVlNr I2av83J>ܕoj1NRDE-١Us[1ذpWQO"zVmqdp[xDϘ铧xF]>XB82iڶ[5 te]NH\>xFVҸd.n5Ȯ}{~]nG@NoY Wd:l7Ѱ,kؤ [k:Ϣ uΊz)0T%?w:x juGj,rn.hM6k f_`/QN =.uF<{r~I#{]nDZCOs 0{!M\#fjzx@ {ZT aȮULlݠXYly Zkp: h{NDuK?NP扶&sb'_||SJȐ-+&s5r5cd$ǭ}|VD)am&8;ss^kw&"w+J?N mӳ-у( @ $TQx~y4Z6Uk\IkoHEdUC-xH5!^V|SY=Ui.RK"$ŜN-3PeMfz].',]?nID8sGg$v:o#~p{6$ӌwnn y9ʡw9/졒w#.Yb2R :Uc 9 j}n3>omrygUA&UIucV !X_S)ZyiٲiBR.bLhA$dSsvL7"Ѩ[2!?O՗lN歈" Vo>. $' s؉4Zxv*9sf7C-ô~q޴EnaK2؃^Jy Z9I;w/$pDZkCH@rs0()[rǓgOȭJYhy;Cv&TnEDl{'Iò7z bbRPM ADž۠DnqV3@]01Z'Et`)K| y6 6_wKwёO7Me BlwqY1 6hb 9 f wȸÇ"Eןqu &IJ3 B@#>r|0!:=̖&*0>u=EGr=ǎcMm%H|뇴r`IVƒS%Z澎=mMVڹ}WTe|(aoh`c hF#[N7N"`Dж e3q!w.90PJVA g\m"S_8Ҡ9GdPϲŽw=Krvq6b3}PKSPlae퍣|aϚ"Le`D= 5!Ar$[L?,">r?|~N˾ǔe6hD>K]kayw84cX-m4H dmUJ({¿_Pa Z+,_iw0Ȑފ es+.&-ۘ'ckozoZ++ zU;P靸6DSݦTe\p(_oX G5[3ۂo!}2"x6x%/b!)J6Ɓx¶g"~{LF KH^/UE#bӒZ[,Wsc#2̙20˙X=[F7Vs¯n,e$` ѡZ٭SгF7sf:쭷UeS+@n @ԌhRT3 !=SUX*l-[M- zQuYH?틥)73Z< pxt m"|»WW١os}bfƱN,9[-@bB][O#wՆ*~țbKn(ٔ}|jkKjCjH ;ĕX2;*+B+A:Wa e)Kb&ae~9b-><§;Y'}7:dZ+\xlt3j:.FK5Ko#G{4qWybXn&f~LS!DZ-P܀*g@x0Y?cn~7]i۠'gz9@E:M짊WοTLea}di7壼LЬKa{*\ ȏ˞8w-pL;b :x|;G:z@DK.zQ႕0ɛ@ Xj#2qA)fܐ6WoؐTcS2\G[c{!RE 8]K9͈L˝w+DžƵpAZFU1pf(1 PXঘDRb-OKMpK5ňhL4û̟rmмIW@jd4Ÿ/zЋ:yv/PѨ+Ul@*;v/2~k_!֠zr"Ti떒%Orp"= BeyO Yw*^b}TFh;912=s IO`mlE缦j}6sds?:MlB͛ͻ<ͿػسC `XWsJ7qMHG mqMw$L0 7Ә#Kdgͻ&ăJqY59_HD2~^ [ze^;eP7܆^(osw?i~Z.Y@2^k4,Wս|dAqUD9;~ժ#䩺{M5UHW#Y tj hLy~<YYr?|P/|k炖h!},X{}I] Z |Xz]T-uKkQ(:F/RhD ŽK}#6e5飕fhxME;pr?R5l~3m(.(`"U9U։^YPm{b9pnY7o(UDiaA =? 9?qaJ {oUkz7lJ΅2OE>VJyb,N'nSo ԝ9(l-M\ȦǠ `ι`k^AnMHjOׇ_\,i_ZʹYH/b^/7vH5+? W^{pځ٤ꑼj@^zA:, %]/AA(Y3Ex!"_i^o\q)1 (6 J*.vN2וKPv=ޙPcL^Ї;ΜL+SQ9KuS|Q]C OgcAD(%R* r|rx2)IBd[`N=YFxБjgFqZfT[0%YfǠ?Z(*_W!Ꮇ]طg2OR_|]2("<9Jgesg^u8\3KX+-P2dBҟԫK=C YZ