sssd-krb5-common-1.12.2-58.el7_1.14$> `/ϦG:>=?d & a .B`fm  ( < A H\u%%|%(8I9I:KI= G H I ,X 4Y @\ h] |^ b $d e f l t u v 4wXxly@Csssd-krb5-common1.12.258.el7_1.14SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.U©worker1.bsys.centos.org8CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdKA큤U©U©U©U©TE7864a6d63a8f04cd812587fe9f86a868302a6289fd67f356477c61f8dbaa37ed4b2320c09d2aa5e8281f67ca4140d4075bfe59172fe0e129c8f6268992574c4975a10ba22001b361e16946aae8b449496334106994b3a6f0332ddb32b33217fa8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903rootrootrootrootrootrootsssdsssdrootrootsssd-1.12.2-58.el7_1.14.src.rpmlibsss_krb5_common.so()(64bit)sssd-krb5-commonsssd-krb5-common(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/shcyrus-sasl-gssapi(x86-64)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcom_err.so.2()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkeyutils.so.1(KEYUTILS_0.3)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpcre.so.1()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.12)(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libsss_debug.so()(64bit)libsystemd-id128.so.0()(64bit)libsystemd-journal.so.0()(64bit)libsystemd-login.so.0()(64bit)libsystemd-login.so.0(LIBSYSTEMD_LOGIN_31)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)shadow-utilssssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.12.2-58.el7_1.145.2-1sssd1.10.0-8.beta24.11.1UUUuUg@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.12.2-58.14Jakub Hrozek - 1.12.2-58.13Jakub Hrozek - 1.12.2-58.12Jakub Hrozek - 1.12.2-58.9Jakub Hrozek - 1.12.2-58.8Jakub Hrozek - 1.12.2-58.7Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1244761 - Relax the libldb requirements to unblock RH Storage- Resolves: rhbz#1232130 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1226801 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1226180 - Provide a way to disable the cleanup task- Resolves: rhbz#1227772 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1214286 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1214286 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1203365 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1203365 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh1.12.2-58.el7_1.141.12.2-58.el7_1.14libsss_krb5_common.sokrb5_childldap_childsssd-krb5-common-1.12.2COPYING/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-krb5-common-1.12.2/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0x758dea6136a55124a148e8536c319a50a1c5e67c, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0x98f93d8fcc2abb872fa69001fa8d5d912a2662c8, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0x9fd819f4e3d196f83c7c3f6dbb361807f400a560, strippeddirectoryPascal source, ASCII text+PRR RRRRRR R RR RR RR!RRR RRRRRRRRRRRRRRR RR RRRRR RR!R RRRRRRRRRRRRRR RR RR RR!?07zXZ !PH6I]"k%>eN8\7e|FŌZA_O^2z%@^ɓ!Esh1c*vFJpkn1j N&n`:߷J?,찋?J+(Ľ\ |Xg;\ Z FrLwf3%rD`=&% Ō%9l%%0-ߣYuA*X0sV_b@82eC,+Uf$@mo7Dp{D{x~s]3of܌@F'Sl$l _[m'O\6 ѕ^0 lo ])E<3YJ KNW;s +սj7OX# 2 ^% B ~X "[SІ!T>/ں/b`vO*Y"%OHA%GFy'`ྕJ =1)F&\Cw%11 YNQ) vH_d{ MZUzt:-5c2b؞gzp<]&.w߅Ҏ@#ȣefPTՠ$W>U7m༁ME6m9l%lbZ >;@ECB1%(љۓ]SCX_ H=SZB vmw/T`~Ozk|9YX yyrK'yC)dꅚ|2.E-@Z054/0/ROFst!7^L@ߓ[E2T_˱6Oem[ԝJ'2a^S|uքJ|>ZS;\JK",đXFXxJZu18,L$t- @bEy04# xD4sShh2?v,~֐#fR&UnܸTCwd*i-e&(@4A:ېh&-'NO# ufx2q0e -xLV2kY]2{mA`h^-!tI"&81c] { N]Ⱦ Yϼ Ayo?C_RNnl]jQb BAnD"A7a&bP6<̜j X/<2@֜5$ +z66%j  c|ܤuDl򡼒:wړ`#ms ^eDtd2ufq-yTws/J搲]} E0= ^ccT} zܺFgom} 99tT5z m~ʊ5_] _t +NT^X2;` =&"Ub|s:)B4וo}QN1B"xe=Veg1 h6G\_"ƦS8Tڗ@"Lk諟r}MҬ6n6`".k'MkawL`YݭXRhTڅ OLl;U40ƅK| c{,!=YSY)L[A*J q^;C sD|9;e-`tI/⃼ 66nZ8'krV+.E i9dQ=0KrXNR )7X SQ,W"z,Z1Y޶5bDtWkLB^pYKی. .׀QBѼtcnݨodL~hoy4LmV F"F}kf93JR"C׷;bg8p%vmWد2SfnvE?HrLUa6y_՞dP⫟6uĕX}&2C@P 6q)[W]z9ƊAσ7Z8y?y2ޡ|Š:2ut4RJJ:/ s'e;ڪP=NF|^ً5XjHt\ (ďRmC+i-AA){?vݹ1;f %9: ZtKF\Ĝ;`k`Tv?] f Btf!4w̺{@nbKBRu c7w{ (UtFG#k,ސMGŒP2JhmbȒ} PXDo$^A&غ.o~`B` '1>:}]q~%:Ob{X lef9=F^މTr6MAjjBHfZ {q)4iOܴ0eHirҐ]}!P :`7<>Z|Y~gjw˦: }A`?( )7 h6Y_a5Hﮔi)h]_Nᗊ s)NٵlEs*&9\ %spnu(xERBAOitDPb{K?MQC\ܔw|X9*e_!i(Ҧ'T69"@e?O5͆ˑ_CGox pUp:D SqnuZ pc,7ka|p&kM:iOEb*7E}Z0URy+?пvCȩ U(ƖǓ%Sc)qƬ zIj8gSWyHo( O2x&uqޤqk wQHP;͙X8$|t쁁Bő(*^)n⵮ul&{\f pbq޸@ѨO'j$sa1=:.UUG N^ϪGQ5HEkU[/ceȮO槼~%&P9S$U)?,^_:T?^6+X~v, =.b}@ %j/x) hQ#l1&' PJ UzON_VcT-t} Q|jij졅Š6j 0W\0~+WE~߃'҇y=[AzV'o)[Fyas;1q!DT?tM^bTaDTo1EqGZ59;=:!SxLI\i@eQڠ-{LŢ!QU6 7?1 B55L `cMJR=.8Y˲:A 5e7iXJg='wc*F  >9e8p].NY/&:XUDf[P?t5{hf鐤 UA2@)e'Oo{X<ȁ/J%M?{ S|(OhrٔXט #~M"xo'A"-0SKK]Knbף8ωgʲZAY#"2T3*.֜>@&z+\3˃`aλVU,Ut b~lp [+E]+X*' ބlYŋabwky3K }βN.记!Ьa9e;Wi,o%#i*V]MrɦJR`&T?(;YCXRHh(PzB 랸y]/Ka$gb@81u7V ۯUDy5HbuKPsTEfw-҈N Z:\_]cz|ķK#4Y44] @+Nj@|t{MA ?.H醇a jIUeV]9ʈyAb,2a_V6lT:WxԍCPt` :Dex``xwiC~-U 5⾊cĩA9CM&C;639%Xd\R"lO+2du:Q W˶,z2J<~9(sJHcMQ$i8LBg>{T#kQ|=}n'2^8NUXwT )<9EwHN5v!R3eG߲YbEcܛCn)$!Y؅45]0ɬ< @3$X*|v# xCvr𨻨gxXUjw w IanQѽ_SK'jwA-z13%uzBG3'q+чÅƔƙ}R(O6!*0Flm7DŽOڙ2b}=4Xc'?9MWyTCEw:=~ $zOыSMJiŷ4r6Xjfg]&xt&H6l q$"htw!s|:mb'I}c"8DjY֩76^i;7Hj2zhlzO >? G],aV=V(춐g\h|ɂ܇U,>t%8?6TZE Dnh!ϿRb\ЫR|h]ʅ*MOc"aA8^چQ9W|ݩ:<.oNV_Vͤyt(_ĜO!ޮ;胪zG4XT唾SfekTsy4yFBy2|˭Iy' |E"Юҋ}*Ih^8L"kWj_3:;i?KY1[x\L }E;%ŠAz׻ҤXB<3¾_8& {viƼ09U8Ek(M!ˇZ]OUɏQKnI:Y2sˁ(F&2BMɾ؈wC{FAAҊbY숳?`x=UF()Xyf%*P+8%-`@W7}z]5IpϺi5vsq$~3ľ@$ 1W -3꒥ )E#Ϧ-(XX?}W%0n?])z58K]#R_X HІiH#HpwtҞy|7;CvUX)Eii'Gk^DO}&֏XՍ^`K:$>)Z"o%=onwI+spH9{^>MSlmSz}q,R"F,<޲1 >1sop z;J^+jn;`K{aMq5lR?7SzӊCOe'%s'ɞcW7 xC-ABgA! g.e]-puc9DR@q6hs,=TFOIIм֑Xˏ4 ' R bQfDŽ#i<9UG0U'-"'3+U_d4I #uaL!z?.R>.ot_V#"V}ԸV)t*=KlђVO*/b @\'[rhe|"3&3GxZ813nR[lg#Ns؃eh8-{A"xҭn uΑCH#_.>vӀۀzQ*W@)7yQ>=E%G'㢢S{"|glL+5.C #\/Gi[Dg2&2)xDۀ{POCrIG“D+iqoAlI -vWIGqzI *#U`s=j59fz$pa)zG0Fnz.x@XWfrgZ>2 :EY) CҭV-t 8xԭ5Nd]Ip~ 1[U\FEқ5f䞨,8۞ECLΤ1>g2,Jg"D  ʂՇ2Eo ?qza)+^ɐgQsX|l[+X;ꇳLf`!+##L>(΂O8*O{6[.DK '&v._H/^*lAn6Dҵ|o+mwrNTሖK@(6=:2D3/ yO%Ȥ^I:jiukyF8‘,g]è,ٱt'? 7O&YSYF :.Lr;&0-Ș \0( 6abgk5&+QRLMHj==&: .^|vK/ۯ PҟN$<7a[;Dg=PN;,l φ䈝S oms>+(u%.>q_=mܐJ״#|[|,$Z}py@uї 鳄JTd\6Tg? J<9A~cY3"pejcSV|ki9~t 0!%sz UafCƦBs$5J6kBas ?cI!:TX*pJ%LB\ЊOo_+&d[f<9 HS]xy9kX$|s@{uhX.X )&quf R"E(wE%; p|-ѳg1Jhtgt~xWyw` Koj!vA˚l Z&dklV ] jM9IUr4%`OmA֛T%g%y66ԫ?IHg'U5XSp|K I kOw5m&//S|FgcS2 e7%ge U w*w;:d%6qD,Ǐ-OHl̝I hJ @OMe,Ln/KBDs)Fzp5Sxi1OBP_3v*0 &B64DeK1;UVЀe%&JEϦWw3|I h.C w|M$O%t| 礄@a|#8zܓGJ9H?tIHrCRd>c Ւͱ%f޲!KW{0*THIfewE}'1sxwxՏNJSƄ[3XRqe"MK&HF~lr6"ܪޖ}[iS J9A^>q\퐛Whrz1IEP[<$?% ("n@Ę*+~#XC?J8%FME\"SuF~ -N`ΪvXdoVA8 WRX6ԎUdW._sn;[Nɴ2C#z3xg ~/A}w.TSWaUi{ŠODW34T.]ۄ uF#D6$KD٠zG&m Nف껜,$&ƽs(ɠ܀Zpn"sld\bHb} xNqi.Wn)Da~C=A$`O΀?eg߻>} I7?FY#&^9+v<8O_mbw ٠j$l%n)H̤˭jҋuvǤD>ߒc9iħ'dWE"##m-VuD =xSRB4`xz?G U}9;.ӭ`agεL$7>C8kM- NZ ?_t+!=XW *",'L{tZ#NMڋMV {͔(33{l,@VꮿI2C[[-l>U:g3λzk./WF\VCω9XM]wp6 l0+0nPPf*jHe uSN?c>s1a`@AwȟSRcqH,9ׅ(@ ◎X$˲|]5m56KγJIPl^mI uY곗*ѣ@O m@_,48 I7Ok]~.,]ԝ}%/]0\uKmĸ knFJ6b""wy۔v[cb ~u'piӟ)/x!mҎ2KXkꡳC_Ȣ#v oيD .Ȇ)`7Z&Ϻ1l7eM{ao_f LNKBxf^i Is\<tǟpSu;+z8 N~ȿȰ^6-ރd, O$6y O9' D^$9۹UBF6ȱ4ྻy_x\+֖}$: 6xQk ra]>[L.i_+uV2.6h2=Q<ܱk~ڂB,9˘9"dUn3ZDUwaZ¥S?s"lUE&ZߘEX2JrH$D3y#+ pEsBZiǂ WBR dXtv8y6WhJ7& Tq|7B Oj:妻~m~(}PwU w1LX ޛՍA`#0<xB0:6Vah:$%󗣄@};?ө*ofWL?ɇaFD1x%,LL!v `F[٣wu逤"Z/)CSrAX]W~a[֪~gދCSaUx7 ߜ+3mh3C*Ai 'arP&H9+gXYm/;ԩ -gb(c;P:u'0}U@bP9V !Yԇ%g1D)WMi aQ1+rN_eaha/PwMB{8x-&i=x"ho'i؜ϡ9CxFX j+eJҋߜP#[zәDÚ #)YMmDoq U~e6iu.VI N]y"!;bgfHYږ>q -sVA.ޗVaI7aj@^RDSUы55S=?=jT;Y/`XE`PR{njgV1B VzMY[׹)Vb5EK`':S9:rslG3=sZ?zRgıj-hdJLzhѭf4p} GZ5 2Z3贑^JF9[LX'-H4$n[IU}c_Cg>cN(3/`|i$G)4gME3M+לʑԼg+\*Yxm7վ}7v d pWRM|I? ea:vؖ9Vc&n= 8 ͐a1^I#h;I GzLC̱$e񌘖3 +դ/~O\d6Ϸ0u5HH (  E[>v9]1|G$U4hj~#BZp2.{762S%CK16Gɘ絜:FX\-eJV2"wA 1#π_y+J|čSgREPd@[ӑl'anE/sT%GKIBEI&cJQYyg"^s֟VJ :~ [aT%ۇQxrw){g.Ɂsue?[w+G*E`o.),_(7wZDRun O>ŬvlZ9Tѩ:GyDǐWf<^Q729{0 9xFW8!s/N"&G /n MbQ?X$ ^eJv.KH k!f~V acoFGtK0%h핰9PPC}[Ѱ #2:^G7l<{Ut}ҡm[VFGG :?!VFfWhF8`=yʌ1~N:^ 31;h-W`Sݧw]:CNUh 5 3'Xo[*+ꑱ,-7E=Xp Րda#= #`5٢R[D[gCAq{TlQ/xTHg~=B®Ր6J2(wOL7]dnG;^12\=ԉk/ \H9BLe#ĵh Vsia"YoQlz$=ѤL3 m:]l!('N G/c kHhF$BM}Q>*ƹA};۳O >6",e$T 貦pA`d欉#n7`IDf&\42-<| tX5o2D}Vg^#|F߬5/5sAj]b ": jZX c.__c34AYb` (d\nc 4~nG~K5b?wvLI|ҟʅ:}߰U sgSQ)0PFly` š)DfA{R_f\-)hKݽ=fLhĖ2O'}ɧiBD T4wHT\j\`(Bx_YGjnH2iйΡkhQbE,F.ks' e;YׇfšzLQФbFOWߦgE: '~$اB^Sg {3N]XgعPW&r|fjIeh?*S9!=@Sʐ{ߝL*vNz (U'^5* =W-*^VNHKw3}<{\q<9R!冬3HG_!%cjdULP.\."Lj9*a([8pH-%cJۈDxYP'Mb0:"T[PJ^ 4I[mO_J?2xQ|qƑ9CsR!<{bk _ v By)a<@s~Jbv.^b_ ċ``$\b1LKu4W8[! eg 쉮ɍAOO^"n;1"87=ە~sv| ̬O5P\fA\ˎͼ &Aj I7[X n;=&$B6մ-ɬ qrl!(~ z&?|rzUT&lpuGcӆ.Yl1_߾逸"ea~)V{y=(DߑuL}^TR[Y=4H6@'vn2W'> 6Òʥѫ$r_^߄/+Y3T=\DfIh%V ҅5-߲h2(D:us-eo/bND=gJ 4R"4*Hbݻ0;騰b2c>u|=@W Qo052}Қt栒>thSi؟RJ$Imy!2'_➬jjo^-[=7cT l\ uX\zOqj!P.* |+c|-ȃS B3nԄ.k%91+T^ ,kY%xy,hg+Dc6P ogp;"y[~ R=޽\0N,Y!Ti؃mпa%:#RR{LT * U8κ]-1r'KljMu(b& t/*wJW1?;2-t?651:Z0웴 5FP=zMN(Zh*&>mZ%!ć:c&,[adh.iBzI6RnTf=5 ><[kŠQRX>,.F*zkk,1#W2>BidD#K HIm ef 1Eʕw1]%Ū KO$XfQjE[ѓ%6 Pj.С|NKEW_4?[Bg@%_9kr1ǂ`:}ħDc,RS%Dd({;EibRB{gcm>H$+O7ǭM ( '=bYoNۈLf ,ٙ f6\k VC}N#}273T:xO¥rZN9Qz>\/ɦ]qzWnWh_ Xɀjxm-E<1^$9O&fKwkj/ψcK`{#4؄[cܠ4$Ԋ .t;իiUyWY"1Afs7F^*.O٦5"YR0evb?L (蓑*q*!$=8I쒻Q::lt=#1 x \ p~CYvѬZO,G"ԅ9)_F\YA$`OބZss'IS'ͱ E !zA N5@ob34W|[LAoLM_\&IgQXpXK8?8Pg5jW(9㋔\ לV#Pga IuE%G;#. wN2}i썈D3p% Žy"Hi"ulf,s'yrWc )| mk/r>)~ĄzP׊'dYϬxY-aUOrC,`MVMo:ى`{-(\b(h͛zib*ژ7f ״M<5B2D<11hnHÜK21KzW Z2@RP)|8Haڠ8>AG)0c;@ΆU ޠwK*:R\Oa%S i|ip%S1J& |V#LfzT_QaPWnR5 *Ű?,mYKTp!HV %L=t|fe"U:O=Z&~v-U bޑ5::MĠjBKrҺ\R&jQl=m3˔BUQ&auև`Rg6lBi->Ykx}'owءv5ADnj}-HT%npW\Cci{n9 OH}d{3H!&BnE'u}ņZpzI8hX/dyHݣ2 WW@!ķ-o Rp4@'l`s!KdE-ȁ!wRu1_p&Mv\O@ů|Mrq.`t>>8v,7嬸0Z@;>X)'a~n$̖OXTfr3y @Qɞ(1ܖP97cY%Id& aLA']4o*:E*%10ᕔxBn?\J'}#XaPYofi s%FK4bo?d^YMg'ҦYg Z*!Q,_0 eaJ9h"C :ui˪b,D~Le[muXڑmt<&uCTgT,Ck@|1Qf"rdIL_ܞiQiXQ3{VYUв`Ǜ ϡ~pY5Hޭ9F_)wԉ7T#N d]>Y0&W "lIubi˱Xᑛ>aSn4/q%5--@BXpL@Hl䁿}߷Be sM;׆}F^=T `3[ ЙK+lg=%^cRtF'od\vCV-F+lb`;?#wװ\lˡ~[>[(2ZRҊuy]'Ul0=w+Lv~6*KaŽ*bai&8l4=$*~&J,KNk~*WezpEߟ1/Ƞu(N'za!LPAC qk 1;*xCOR>Ҫ  ƃ1AIɧ*SpAU,UZ`DX'mIiUVh~oimc)@[a,J 8퍌u#Ow|\4~MT҃C_yZ@;qik4- JCKȇE"[͐E=GDpD̘hĠx5&ڴ?K |ZEϩ')i4k 4JҡS \>O?M'fgZV*Dp,QקVnn& aX_qg%B4:V;j ѴV9"RuJiF. MmMI/tx fqy5cQL=ZLU1,DGx ÇAqn2IL80VLLy#@d*zٍDVg6:_Lĭ[PǪ^]4 HOō5C-F?jԛ^zS@z4'Y]iy}o1^X5m],/g?ey5Df;uLĬ]ي-RͯD\ 1τv'jz1֏Ӵ9neP)U{Lg*֔3a&f@$+4"Pp$H[:fFZ_m*;AFulnxS[:uSHIGX֣ lEPRP=Pņ/&"sF mr1Xv~O,d\21a[͢w2X阶6ƨHu,|"cqz?bEsNbP S᧍~9s4@\R(.\uS{3 ur*n Y@:^k[ Js'B4KcЌ1|eŠpY\sq>lVl 6UCdem%OdzpFTmܰZZ r7 3[ν)  3d)ld@`gm535<$wHqm顉$IF2- \"iU0?6_y399ߘ< YZS[ɱӸNQ$Wh%47<q=n>pU@8bJK0wΣŲtd)ېQn E}(OLY٠D3WzFHM[HwvHƷ\}DbR'jԠ4CpEdu#9b t^g! z+t^ Yb1$\ݕ7⤦=+ >.?յ4};%r۹A6 Ys̻N=6\ C`K: [/JjT&dki|:v`}M]t H7euIU\@[<Ħx)Qm|j]`6~gO&OסRM,cJr 73v4O$1Qlq?^Ix a m}j\g誾ǻ8 }\G~~X|}OOoq `0r|#x8󩚒I6xrI33|Qjc(hJJ 'A QDk/YRI nbsgEɡ݊V|g:}Ay>&ũ;i6DՁqDh$Raiwz/Ɠ8<'bTꈨI"N0LP9^bCwD)UB(_Sp%Lla]o4]'CǃUb y2Ƣ:a]=.O~ WG,E#4 T^de?~DR- <:2K1e"{*UzN6Y~dR24JcJj=~A5M(f4X.C`}LZK7O ߌܼ%LCM[{L AH!L5\ bMZBb)hCM.>";a-*&NVbZ }mW!]tǿcK#$>a@fD4rxp(m;KÍ{OIa\1YF4|˽S z[2Sogj; K+a 9K{MM !O[ vFlQv 3== *דɟIz$ GTx%^ FA7T-tXrPJ0)DkaT]m# ;$ʈر['Xx3{syi}ku/y_ 8 KǬHb125ќ\:T&(-n @m*m)$n݇:yU Ñ4ЙSmH:G'tXW)^/q CKhJBF.t Ο XDzWƩM$߫)h47;D½!UͲ OYGKnqP)EM5 mJ7 }w.CCx/A6$#ח笨 CgOenɟzNJeg]Eտh U!B9}"5QS Odp.֭qquf4bf ,ǏI۝WBYjk YX ]f] ]s:d c$({ 5xN29PxcdBk3Nl|B_ht+S.?ɄSIJ6d kգ@#̓҆m64?ML *2x,8r^$~J?\31Y1A Lޢ45E 2nB?pÛ7>aE`e!9/ ':oJĿ@\Sv=glFؙ4z2e.EpicC7|W{tkhaֳe$mOQs׿tGxq'fr'CʔyӒ 9pZkSӥ:׀;t\p Af6i| FT9iXQAO!64ٵ>d>%t@]6e.: k;{+Ce vaR3b)Geg)|qbptw ŗXr.IW1PCqNOƭ}HÃǮ]2M7uScZ|K8p!5py! Q49jˠSΉdsi & e)^^Usonll$,PJ7޺îaOTvȄ~mj=`YT2 (-6G0W`*Z!Ti2CWUTL5 %67eP1v<4b=V=6I#{@Iv>/yQ_^geƄ B$xbgov_[M@~Җs+Ev\ W*-NtoezYVIa5(=@͂+$0vfQy>m jZ皋K{z6T\*W-}-}>7>Թڇ ҉m瑶TʄЙ.]aҍр"4CN"Ke:ӑW'T{<‚u%9,_`Ճ8(a6V2y&6rZno rqo[6,Q.__q"aV a%Xs0՝E,)I 8C!}Uf'"UB'ݯO 8GG`Lة/..(G?E+YSLڹmDݏxE_j'xReŠnI0|M'[ν1DTc(H59\& z0 ,Z3F'.ʨLB'{tjVU* Mp<(fA~8xFUɡf,Z/ٙ$}C {O$70o)ٞvz$Kp 7ժWZ=VcY KLpp524W'`|YnӇQیr<LV-f:|wv02b_28V8SdMc*shsNPE{X{a~J0jp0Ǭ`3K\]٦9UbDXt)&9L _tE%D؆a337 8{4d8F3 DhkHx]8~X1S[v`Ǚ2PtɇEFZ}CSsG8u\SOk%#,A;ρӰ DߘѪ)X O  a1DpYۺVIOZ-!첬@hP%;҈d,YEA B1?[! 3ltl "FS${ߗHu@ V$LCl8~ڀ+\rOE=!1OZ|2d.?t_y^&@))媨Qc `fDp(M6o L^IHxnnThJ{fp8 K"\=J3&+"h0L7C/97@CXE~GlΜQFZh`{w\u~цa RFCowIܵ~,=rU F 9fY_7DpO;_t [~e}L;uJb2nXiuc:W0그dB5Xd%fK/NY6Rƾ"PrU~tTWن}`x4SP2g ~#V!cvRB"hrA=E{Ŧ-\ |9C&։sϿ};+,g%v.mFxQʠw[pثH9iTLZ@NRpEe)G`Cq}_tb"jܳưLuf0/$=N3TBqT맇b'u)c~kY1U`:LIn(a5nMk{mͲ?O$qtEaGIvV `o[jx Ib'b \o9x$k-Ixf;B ׈1] g3,{r5kcv[,Hc T\A|kB,®(W#ĵ8X XVyBnXPxK Z%~/}#qTPj9#vY(U3 pͬh Բ2[J띯yďV:idza V'wʟyBYC̄E(tp0=8r~bl.4Or@31BNrK4(TA/#//"Y525ӛ1 rZo("ۦj.KlJv.!A)̱k%gLf2Upx$of;- gp8>AÁnc& \7[rB/ QS[`24E-jb#8&ٞWF0'P 4?26ztc7Q綠6p4HdD ay ªz~$x(gܟ/ 5Nu%EXngu}2V$7&,ZO&p3j>I -^UVp h {T|a!v;EnDB:~%C`Y;.Q<8t4J I}"sXd̷e7;0-;83D6=$M3@Y@MB_҇yhs%G̻VPizڐO~s5t*(Rd\Nnl5E8O8J^fi6Τ,v*orG21[8^Uxbb&mnz7-+$Ԍ^LYHjj} E m-#9,9mԼLmiu"{ /_HH9׻㛏5kFe `4c( ZY+/PNRXg6ڃ))hV\ٮQBQ!ha0@h^6եDjI偆Nbۏ4/,tTJX^pts)Tғ{tHs =Y]-@vG8,k~MЎNb6z3ƽBZ5s:t£p28@XT%N:'vq4譡H˂ B0o>S˒㙁Pԡz ڤk (U8?[SRF #'yӜXP3Oᐩ=/K0>@/4`%lAԝ)o|Tóki=DsV;f֏G\*JjN0Ga=5KA*Iq:!D-3% _;tzL稞5^,e Wc"a -9Q#@'S$f攃mJBg[19賓l"s3`n/?,cIr Qvmp;~{c=}~7]o1vxQ}aD\~(iʿTh (^A Ia/]mѡ;pYȚjn*ַ dH6%dOsOPQOY)\dk7МͰzcele,|q m31啔^O(5vbA@Du.OFv]-\E{%OPY{nܶFjDҷ 7U!~vC3՞iAuov_3q>CcU㡵`J_EM(nIpVbX1 *I9Nv@!3fͧɘE/h+T%1Zf!a]=ATf~VoT?D Ζ'];YJ^`KRӫQ/j Aǻ=;7>`԰7AYwWb${W,mEZ%@#qN?"E^ck}Ɣ;8k­ d0J .pK8$`މ%A\)}sFT4# FWcxJ"jwQe>,hWpJZ<>>N7rz6ȸ#)tª\@8pi5+lweB8r{Q_r}D2n…6f4ychPКPtX;{Wƾ)E()-hJ6|+&c,pD;k'05ܭl"ažby}u\0(T> ;17$v=4މND8Bx_95Ǔڑ$@1m] ?'h%ܵ2ˮN|ӫύ;y?ats`rɗ$ ?a}B}P#cA5J |C }rA{bNVB$O.'GgrD&a1+ЍLT݊:|zKT6(WR-q.~ 9'먶0?x^ݽs0 ]emS k"_ZkPI//:ys5i9GcOh}@@OF\'#v ƗX8/1OQF2LYY ;Qvy3FM;4 7A=HO)~2, Cl騕beD>G;A_W:=nsF&sO5ٞ&ZHOu|V骕mZdZ}Ɍ裿aԒ=8. /J W p;(12v K,sq Bvh~h2Nj;ه l,h_wq?6*GC|]ΫOp8_<݆DCCˁpA@FpʣKݎ5qzfhWԍbσb`w}à?- R `گCR`!ϰ?8W#2uU{0wL 4,Ј@ϥ&Gxjfm'{\q&CS΋?L4Țo8ORY7% GvcL#]լ٬kKDͱ!@K9\2ָsy0/q! K͐Q.촵 Uvxϖ,Po[ڰq|Z O^?@wշ'7&OѼ]}fKܳ'utѶZĭnQw6'hR[I}3ߣ-//k챍6mrZo|J+-[eBZr`<&nش\4`IȲ)+c  U_KAݱm>^)g,dKjߖ=u  ,v'`N(m1,Υ/8ӽmKȽTi|e#И48[Vmdt,U,IA<׮C9Kdd`,Mb1HkhRzYA!<B& zNf2[Jx- d`xݕUpU'VЭ 0h\4~A&"o?[vȇH0}C@B cӔZ Vì"9~څtE]dy1 utES&_Ϋ B -!]\\꣖0eGH$DO0P2:k&=,Ʀ! C\ O6f 4Zeh\%aj2d]ϓF:b.=xt| +H6ml c w\yvP%K,0/L4x8%\zdeZЃnZ(I ̀M>WKab\qoC19y$jn8t:eu=8*{+_G8ϐ߲TTqdPZC,ߪ EwqA|w[:|bYGFh\F04G}*IRkՑż8{% 2/+bb뮫ILlKykY5&6}mYIZ NJ| VbRMp@s~L[?3/|YDϯ* waN2J 9;c&!b.3h+s| DK 3X d}M'sC٣G CyGAE,LT ׹jYAc.ѝXLqn*E)24q8VSbjX:H% p54^]Y`Ml V*TZ]ȏx lZVDTvپLDVV[gfhEbCoWrc_\0|X'uǗ'3/{hв qgXQ0xldfA9!j"'ΊO98y6?EN_FP svp.-$g*=~kM7\m闀_i_\o/eCX* wKw,EU*QDE|^rn,sH BeSv86J0Yum,?6ofsA'k~/Tr j$`\eF}su E= y+u"CHkZnIS"84–(ɃrEe藊[?t4IB<* u@Z1d y p!c68)ՌjcsSXd/'trj-O@kGu wfm\ziT{Fܧ1:~3Z{>уy( l:,煭m;xnb?f(!_XKb4I.)a Қ>RqyWay#a>%]g>s8]k;lDaBS4KR׿Wuv{iCL-G9:Qb_dS dӕr{ I37-8_ gC&t]Woʅ؜E~a8Y[9ҀG vp=WSZ \J'dØgAjvmpeku#^|㌝cq<5t-S^3/o•:F}"AY^@|N{.2&|)P%ɹ F Sm- $Ux8e~uch%9mDJl*ʙj^m: ! 5o.ذ @ѿEt0 t(MFuK\jGc #mR1|`z4{7fqkJsI_G -ʺYaƷv` rLk][st$,<2q4/qمT᏶5 f'V[kVG n:1]c=lK4JDh#bT7'3flxB8Mf{Ώd"_4"Ak$NW eWGF:/c5DRGiğ tC߆8(5*7~LJ 24V%U1erDD;2n=,RˏN4B=QF;_Թ+,HK'W_=Dc!S #_rDdXQw4}rHSU y+B(8T]T yo*s1!aZ ZW~ i\P&ɯjM[c,'OJ:EN>y nF 51>BñqVP}7«VJi{'NMftzB_hj@}^M|Yږ-mv& ?hdc$fauO&Ƽ^2Tu=&eг%N+`^ ~1`OuޔZ]s1"/h3 TOujc]֥]W+DiǑe y<rܧ\̌-V=,Dơ&B%?>$xҮbe2-q:u(?༗,SpqA$AwT!yAň'e3Wr'.DM:uTF\/F(`3XG:'D;Oݼ!\ˎttxjGpQU6؉Wr{mH|  pBchcdF9Oslۉ-Ȗ7D$^ue OݹUiUKhY- LlR1|W_hmk9?AZ4hȓJ.zHbǁRcv>lɍy X) /JQYݣ )6Yӹb|8~1?)tu K;~b}=iU+S"$cVU(]XI -)t\igW?5 ?UmAj&Dwna J]D-f%gg m)?fJ $O!hI$ʹ3S#MKJ_FQ:dɻ-BWEd"N6^8kxWCSa 0- iJy;1?IoB%Z6Jwc Wa̖H7\*" v_pie ,('vj#P+3VH,veonx;I(hhGL>]ܿ1Y]9aGy O27tj2Aa$/H1nD>qGp$YgeMf 8 TFywyzZ'Pp}1{ % 2Ǫ7IC({' l)42Ⱥr&Ķ\7y:~ etئ?=jo#VZn<1Į%"(bj4%VcǻaN2RiP ԋ`# =x C?8iJ=FCS_)X; <Ah]I55My$%Õ+t񘯩ߚV!eK/b|Fٙᇣy|tO<ɁwxE>T0e4m@[otm5lMX#-gν}#?Pzg5{O0Fkވ E?`HT!F|o˛-< C0 (cÌUYp {{?DX@U`p5' vuo-BG~1Z-;]j-czU2[]Qe-0E0#?QYXՆ/,_g]t_ -[h%?&\A1偟o x{^%NԨH C8}[!sin k|15qԄbd =&≅i⩹S©Jȇ5Qd|!Q*Pyo|68@> H%@vi_N|ާ]i%zyފ3hٱxnMSW:Hy.t+(D9%Xt9E948~j2׏o5Od$^sI) ʡ3%!4Zۂ?:j5Xpv/E{<G.{~1@4 SeY޴=N+39/El:_6\C t#br9gTx0CH"`6QS1-Zmu+R? eNKx` Z`2YRT@OE'im$t=C4 $Xě l& ۪X v FPw.KG^+\@uYTUSRm/H<Е xu"e/L|tDj: !xY[vMPN, +`=Ey2iG(NčZCwB?zIP***~PWr@$1ڟ&p5<(tp+.U ("'`)=߆3͔MYQ"Ty͡g1P›N9 [Q1A1CY|25 )z1wUi칔Q>Fԟ |/7/e{7Lillx<"h&yAո~ݺ-z2Fd7+P]xK( (WثFc- 62(рM29ΔEsV5uaDLotW%4ڤBL]s^_vN%%(e^x:Rh?0ײC3auHӮ&EqXm6O{d3J4{X#ܾ2z `ª-p儗wEpme4La/KS54XPWr)$@3S r!)NU m!n |.PuN_ 52*B;߉ & O N}'#qw5oJڗA@|6]"x_ :\leo{[uAկ2U`oKɭĊ<1;RUZ6%8^՝{.Jeh_#! Ya:,}b}l66aj7|t^42/fAwE|H={Rt+J^@Db[ r5LE~^T r`K/(7B(n\s**"΋DM̊{Aic( T~3*KdU0h'9qHia7Iat&и("_Ej..hh4KWK쎔#wYQ67ŗsqrM` +WSz%sfނrn§>65Jo#QfP+ͣ Em2)=!k ?>$ɵ%kזT̥q0K5C,;d<кRx*k+MAνA>TF#M"Ce: K ]Sxz ORKHe]_+^{U /Ӡ:zL N8'XE6Ldzey݈+F>x(͟yryyAP{We0(Κz3#U,NTW~eߘ*hf.TVۂd>ߡTZAb3VbwQ)<5"r޵8 .|`F{q'qw $ wv p-i$nsߟ|]|v.]-C.V%`a㮁ʕ[9>bi/) (ږ5cR:ka}~ hEaxunsZ\y '8ްK[o'A]VXu1 " La}LM@ fkD\[sQ({`f2YdXBxn|z*yyk |wqWdzv RC?9 WJ5 u6uG d h0ݗ9_tY5Q!PGL}Q 3Zz PD',Әd89zM"@m )]܇>;bTGoY6ZIX>b@aY8Փ;(B"1?CIȀ0j>:>/S?FfbK/FZr߇Eugu}qw{͋Is5 id+7EB/ "<'NS0]fHW(P(#Pp5N y1߇u/(ק!7c뛈oA#Ou}ȉFDŽAg9Zً˼TAt'(Ǩ=z`/-O gY[5KR ]Df-ݾ4ss-oHQD- .\^jP0FO`WSV@ &Ӊq[v. ]>ϒߊ#x@>ISkoMZ('-˔@6v?YOfIj!zR Mߐ"2HlN)/2q$#~F%QMXϤ|7:x=',љ/+BŁD[hvTƄtPp%zQVOOmnP+#A_8?ı$˰b`~d.0=g4 nsRgVgEs̒'KA4.C3E̤|󨫼_TMSs[1@5Sxo0ډrQ#q)|A*9oQw`ĉCڜfG߭ӆb?oIRWC=.5A+ns` 5û^;NƽmyE ]hw.kr>aBϓ[Ɖ/Ugn&0QpϧvLo9P6T?5^d!(NůmOɛ@K;'1L>߅FdP/E1ú֑нrۖew]3,I*3%dVuX;݁ʎct)≋)M߂qL:`?RwqV)}? KfCO1+'(jJ9\5RNL!jă5٥kǥc[7 Gyhve5`Lu{UacVbiY lGrY_67)*4 (ʫXfG D␳'H!.Q"] U36?`KkQEm J4RৌDɮ/F(3UUӼCuvwFࣧ_QaTvl$t@=tܛH %a OX;󒐅_e] l]=>fttQ㶲o{9V{Z1T6[.Ѥ$Z.2j^3Π?)a?m&jRwO[kT'- }s\m.aqT>*dɏ4 ?\"NM7 ֎Noh@0A.3[Zc~c(Y>Sg/x灘0#0$[6b eǦv~b OGrꜢ-#Zcin-g/[Af(e8f6I@4Or}s6%E~$ƲD5RSZ\(GMu9.O88!PEm\cԐB#ģ8LOn.Um]Un?1 DT7kp˨R2߅c"$WyQ[=R#眥3ڂ;GN8DOƆUGGGޛ.v:]5y+/л@9)?2@^Ea 0&gy@HLXJsթ5)UDlaW %s fA3:uhZ#OMlď/1q^GeQ(A>o>)eD  p.?LyVEdR=䍯`.d`pmO;ZM((& ˓UnGFh:D5_ vc[h춏 PcJ=Q~I[^fܩ"UI='GUBhgb^@TluwLKj,$gsF!3h,ڟ 7͚BO0!'΁#f/6^m7Ϭ 6od@;X.'.qH6n21`ReǍ3hPɦ8‘d6/F9U!N4_m;e'ݣL*_MY(; cy-%7KdOBZ]Jic# 'V'ȒFӱ'AgE?)؎sFEҮYpoO*&n]0qEV]Is_:|2Th¡d{gb*,aI{dR|I3r?#shE %hFAaXJ| ~'CsHH?g˥jL<\0XR x}*M x &gKWRfdxGyTH_ x- /ib}츖{ iR&ޱR>ڍF`'YhCg!?ϡiHj i1Q@:Q**h%Ҵ Av%/EB]xF2qDgԎbQ K&~Q<&vR RоޙqԀ7s,~ԒOR!A$* *C;CC ȆlIDB "1B꓍1Vz?e.ۙcQՉdZ>s@"`59'1@or'lUv׺Sm v.[XXuHYp @|XٶyS Mj"?ʰɕEbăKy!gDإ@RI87T k404t\5V3 x< iʃ23}ɹw4M%xr_T y'~.2Zy$*~>Q]9 )ރ2*ʸɵ*jv+Q#kv: ,13³xSJ9FL/ćto˩ n6z^6; 8cJa̞&LAגv~XWs-Jni5{;'>xg|QU YB-2?\9l[ݮ(->D-J, _l+%X8)]<&- Z\RH $QпvoG2jXJ"`7IK6혞`7c߹qRzo8|4֥Cy%5Q~CI Ѱh9`gBӋͺXV`~[:]}?>9X ئ ."hG4{߫̆ԵY \6g%n!N#^K/N>7=ĉWxB9fγZ9u+U} aZ{n]0Ue*ƈUe'՘Ŋ/mYGC=Nf,]p2bAt(.:.̶>eKwf4@@+n4h?6pQe|n =-Nv.r_ <݉ bm7D\s!dVy,fpWc?uG5 C+vkh)PwtQ(_zmmd>Nr>6;>l;Jz.KOz E)}QpXG%%:sbD{72K+d7gy ,Hy^i9Hk9f޵:?A/^euuĢJ>q3`T6ǚ57KAy<6mh > K*ަ7Cu׵8\m0-UVݒ-T uLE +?D}IĈ^ `۶2q 9,=qlRr¬M.򗥞]V']ϓ ڐwJ3j'u q;QԔrNme̩BpyZ3]JR ]ei,Gl4dgƋ#B42+g2z6۵$SAܭЍDZb9\GBI-0;俛e揙AZ"VE w)eQs]zF0CS*m1O` `ʄ`v|XG,:*m.2>.ښs*< K EkEv_CnBJO3FR!6gI \~G5~߮V/S6D#cE (VJh-h҈@WQlκ#IȮX`գǸJg~]qD։b4n-G+ #B-դGhdO%@˜hQ2ȩ稜퇮=zB~Ȟ{V u:gs S z4 `(gF 9 wN0͡-}1L>&gEuqjk]> "oC =0ךtFg 5mmHgAE$a7翵ƻS_|*134MT%/X2sMR&|coTihŨ68nQ;bGlIPu1@_RM]Rv~31%+>ܚ;c&؛6E 8^&# (Kas Mz7>g"P9}>007}\ΗI:@Y qB~;Rkh*nt#3##' ^ Ts-u^q8A$kc 2A(75KuR 3?6&Zӻ! ]G7=/uT@:&1AF}Eve}9)SQ5Kzv)?W*Mً[z5wp&_J"+ʋOj $-Ɵ*fE!0ӕ}V-O YYW3&-,a>}HJbC;CUrJ)2.&b X3E`E6Z* O,J>T e%uyWx0޽Q-,Q詸 V p!6Vl}d-&F !P'hI;VQeŲv٤ |rqGGO "F}Ǒ]e D5.|#"3 \MsF#ɻN59O#`5` Uʢ{ل~&wʧ"<}vq]O˕r z6wx0Or|མ=:pЏ QjO{;F)El;p: @ 7 dD&c8:43)f!|˃Uf=.MLP˟tZS}  :uQ%^`41[dҹ4źNbk2\bޤ_ fD9Xm-;!eYD6*j%˺{ci`T/?=EGc> Ώ?!I!^$dk&0gDZ)ݴ>F ;WHz,/w4Ӆ%W ig @ێhQ:>hT# 99=^%aN?Y_3 gk"K$+@3  :$ 2GQ/Jeo6)ۿ@gmPr4@{͋/Cf5ypi2XE H-9]{J%fÐwɤ t<z] T1L1NiKgAD|r09t=.jd/j8alp81`ށQݛ r#ioMң誴`SOVckdE?$"fA1(H9r+í%W5. ' Aފiݬ JrFGL=jso #ȝ y;R̬#&aK¾GwSe%MMn]3/Z)\brGL'AKT(yfsJ1 ٲYm-3Ko#?DNh$0s"R7|dTI`04A0͉8eͬv7uSz 센f$+( 2Q nBX%he-.Rpխ \]MO6g2}!XN1ZApXXB*3Sk{6 9#ߝQ`/9/e7#=\ c_+AʤS]OH$a)Cq%%CV!ێQ ђ`PUOЬR;sL?Zӓ"r/'矙FTv )yoHyT'[vZ@7!9U.h ~ڡMC(>O쵺%29?@MF4,ZL.^]ygQAaJM[/,)rza|G駒bXƭޝ {Wf"4)EQpn|=r~~)*=îsqb٨[ƆЍQu6馤;`P7}(n>򋷢~!w]cSn8=]޻s|;ß<[lORIOP7C VBǢd!^љK`@IW/-̞+] *)<8# aeז`2ee=j&(b"KIGPY5?ႌ1+YA0hS1wTd 7ۀ Bc&=ŀI(O-$bC>͐@O{A ;7+@ht ;#ec/@-9^h?/v ĕ8%{i  Pbw%cBRV[CEK%X dÅb3!c;BS\j͂k.&N㐢L ~D|>OL7(@ojKU6YU5VYDFT7} B?0%hɲSe]Ӊa e8,W&A}ȬRI ςaF\FXaԷ_z+wTpCr4uڷS?b:pļ|O&`I @M&556}Iiû]Gs S|ROL xk8?;C>R;$~ո2d}IC#^v ߃'k= Kqcoۼ Szv{^BQm*Q3l&p_kuV^5|o*SMu2~=%lh7EsCB2Q \birt嚛cm1=D7badp,&|C{r@ڍ+eM`4է/63^FVL#"^ !]1GPy }2Rz>8[_qKc b:##P3#~݇ (jc z:uAݤ16ulDzKq둚񷚐* N]{Cԗ|Z.89Sc~ja3bKPuxB{S$ʶilVk1脿6hJ0 HȍBVbУpm2Ӂϻ lӟ" %C2fRdA>ƽ eȻΤz좊-Qtə r"'#SRnOBnZNC>2TK 8G&P .A,OG' }@I@ЉPa74n<`Vi6- 1I\fQM`òcj2KO+68yү' ϡQ- A',T?<0d'q\F,mS͘Z{ hԹL3]hPk6^¢s;(PݑE\NZIGkO!GҖzR~ȁH587D(\i+XwB$N mTخ2O8,zҸ`m[#|3^=!Rlf7}?eR7" PhX^%:KuHSS?XyIZ[uqa=7]1t{*{ozgEC~4Cx5Cqt_ҫ=Pқf,Bv~#X3bFhLTtVէAiQvƆpy$ܕWQmJmEg$ܟy6`T+1aVU;V&dQ96&S:~ 2J^ UI (lSh#=qC#/ia.1I,xq_p_2韨d)0P()<F \sek9[ԇY#}=STfBn  vmUWu{xNK?JAeVǘ;]?Կa3~H(+G1^x09zKTޘ5AJT' VSR~Av$dD@ݓpӛry[FHsb8P3h*ڞ&WFspe,C='MRi*7Hu0h |Im >4:G ~e+;r >@6K\[۬Nl>$9cp#ïFcsfg7uc|+#WCAOG vX/"_R @AugE $&["ϲ\GdUȖ8:1 5JjB{Ixݳ|_ĝ!\.×@ ~i_B J˒u clΟIZx0%+(5 è^XuYS3jRv(5#~g{^`2|Ru C×)ʚ?w<Ƙ7)d$X!F]; ;-3|N#in}Rq;(Gqdo=-VglL.p**Z~sl|şaZg7))@S-Pd/R%sKpF]oj 't-$T{{GX,FM2+mdnO\~bVR۔Hs 5^"CFVj+؁BR Y,֥ox},ſ4Jy*u8 ?Gt uk2X`쇞kdH#֝cVnk9E|٦PRqj  Bsi(ڍ*u;O>B>g7|@K),#T҃C9!`1r U.rU+ gױ횼7K)jp,ͧPז^oD`='=1o:ɶL<,7.VD5)|MlJ{p,q̠1 (Xbʄ-lŅ6–+[S`]$(lLdR&K_YKJ .Ki!̌MJ`jtz˷y$JvNv/eQxw_Ul  ida ѷs.bɲz_,,a:rպp|A@; (<#bag h趽<1MR ˵:T0'Ye)7Ep-ȩpE2YTua@Wx!5X Ƨv_QeT+Bʴ6 iYU;t1y%R5u-;?ݱdbZW?oX8˞,  vD{J( i'LIPL MF $b錪؜k?yIԹwK yx ιrޢ osUKo։`Hy 0114vcC":8؍T77&[ t$l;|/i/-N+jݖveLelUיQZI5eOTJt\+a@Ԍ\VV? q]^Ī|k-"T9%Jx| iWH m%MW*Q d_vUԦd0:GnӚc\W٬,zp#v'ω9Ԑ{s X!e '2:i8PjbyOF]ƥ5)P_~+(Xd?fߒ8; [TRPI JZ)9NV\zԃ;7X6q17+}?Q1 };u_Т)CyeB4ĜE, yP}8SL0D5Kk`_OK*n̘D|H3ͼ"6CQ䮽|]FUA ƨӃJH4/*Jg$4YQ'AN Q/-_ >]:6!$_@}4%-s|3@׍ =S{0[wbe(zD;(a[3T]cbe<1Pd&f^i^Mmv-)/;'y'C:;xqlkU#esX0sԢ B3!lQ0ڪ?X'AWD|O^KNӀ X~ô2x*DVϝ>-RS 0*aRj K$AlevEn,6 @ٱ~5cOԻgaӧAلaJ(QAEjW5 \lcp"ekŸe 19}| I,#2!i\=i^RJ,,KaM8D;P K{Nwhjϝ#I4m{.٭QMM? w#M >T SW!`wWx?E$YC)-r^ru?Cne*l\CZO7Db wPRutoK' Tiܪ<*/8fEfKslOBaXq2xSkLhrp2i7ܖPAK`)]9\^c?ELJEM ch|u4䓈?mիBHT+! a"imˑA ecZMf'%)VMk G1O 3jCOm'fGަ8"dKđЦXpcq6CnK0^AvXq6t1=i{:d oN,Ƌ%"YJ)1PAJ!0kfYR0>daXzuMVG @=Q.8< ' .$Wq~M_N]'` )i˿qR|Vg"o*w5h&~m`O8IvkiҬu9ƥQ2ny}Vٗo)*tJ`{XaR84 N=0ák-x0`(y5S,*eh% .+NP>= Ĭج%\]Ka +dIMSEUȹNb4 l8)eDqVzpKv!sJh-\8/>6)U% y 8×<.:F0$T A0S^buQ9~p85OT&/>F-7LF'M G1,`O[%j[J/T*%l ǥpŮ!S9-RQDO=Kʸ?'F7O&x _HI1B? $ /Ng>qYo]4R&K [G;TR @${R U*"dU$C9퇶B і.ʖcHr$)4nM;hiaM +'tJEDS|Tmrwي !,C9yF&UA8A9} QL@<äh>Xnn7^#}@le^ nrR+XzT}qcN{*z >޹=XU/3b j^k]2I;\p-ݘ&p-UL OcMyYaAzܢa)b|4; N}:e\DX0Ǻ:@[D뗨c q❮\ %/ ?w2k(>{k1 iD9獓T+.PHC13r,H`,nYkBDjY϶w$2ctT$͗49C*ޙnqa^^=w4ՇQհN\H7₷)?=b꧌8'{7 EFid1e?M/&VaΑ l/~"Jrh@p.>0bsਪ,0l4Y!؛LM2 #*f& ZwyuFWmڴuÏ\HU鳨1 t0Acs@y`h懲 8L lⓢ=P"b{C-XOi0 uO G:a'Y.O0V?z+±."tJ7/n J9;iGT!+j}և_kB Emʭq-j`SnQw(Qm :|H:Dlm u!~ߊ?\ uȥ,@?qM_!Nؗy6Om2ݧ;R@H}+{VIG3JWպI*H`;8cVB+ngJOH NNEE d֦>d3Fik?oC"JK{82t g%@= 7K19@ ]aS=ґ+1tjW@ENnCt[t٧;0<1ꁵ$8m)g υӹndxv L\"$mob7R.0$ 9FuٷV{?FƱkKcmΆjN}Q'7?eO0:yHøN!Ur$<;v܁D.w6sm2Opv(ҽNݎ,џ:SHMX:i3h>F>?e,~,LxdwX# M_fQKC- !b3^rly,Df2u")b~3$ qNY;Yej7!$P8P(gK|PlMiTsN'1H+ p% ϔm Nժ#0O|/CfH9izdbCu +w/*OI^?.tܭl;mFXɛ580Le^@΃Am%`KRS٧txʷe_J5e!/g~ /KjsݚV}s\>s\=I=`NXpDԬ", >TR?ōvGQÌs\rr yRGU4SK7tJ  \U,&;a݄Tw3Eg,.if,E 0 )qͅBO)_P1 4c',a&ɷ-Ϙ!p&$~I YZ