sssd-ad-1.13.0-40.el7_2.12$>\yi7cѼ>;H8?H(d   9 &:X^h    C Lh8ELE 5E   ( 8 }9}:Y}G@HAIA,XA8YAH\Ap]A^AbBhdC-eC2fC5lC7tCPuClvCwFhxFyFaH$Csssd-ad1.13.040.el7_2.12The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.W5worker1.bsys.centos.org CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_640K%3A큤W$W$W$W4UӏWW3e996975fbbacef986bd76bc63247d7dfa32e47bd71b5794c1994b7d4e6cbaa1dcafecac1eecf378c35aa3c55d13aa2309ec7ba7dca0d79a721fd0366e0c4dd50f3186acd70db99ddfacd422a0fc7fdf22a2462be5b7635599c5e6163ba711f68ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903cca607d527cbe0997140cb91c635efa14740b1df571957bec9ee4170a46b61484b276dd9126acac814f88ecd42b1f6fa40568ff5322b55d7505116c76951a601rootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.0-40.el7_2.12.src.rpmlibsss_ad.so()(64bit)libsss_ad_common.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libwbclientrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)4.2.3-13.0.4-14.6.0-14.0-11.13.0-40.el7_2.121.13.0-40.el7_2.121.13.0-40.el7_2.125.2-1sssd1.10.0-8.beta24.11.3W~WWi,@WDB@WDB@WDB@W=W;W@W@V͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.13.0-40.12Jakub Hrozek - 1.13.0-40.11Jakub Hrozek - 1.13.0-40.10Jakub Hrozek - 1.13.0-40.9Jakub Hrozek - 1.13.0-40.8Jakub Hrozek - 1.13.0-40.7Jakub Hrozek - 1.13.0-40.6Jakub Hrozek - 1.13.0-40.5Jakub Hrozek - 1.13.0-40.4Jakub Hrozek - 1.13.0-40.3Jakub Hrozek - 1.13.0-40.2Jakub Hrozek - 1.13.0-40.1Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1356433 - ldap_group_external_member is no set for the IPA provider- Resolves: rhbz#1353605 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Resolves: rhbz#1347723 - sssd is not closing sockets properly- Resolves: rhbz#1339509 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1339258 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1339207 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1337292 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336836 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1324442 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1324442 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1311569 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.13.0-40.el7_2.121.13.0-40.el7_2.12libsss_ad.solibsss_ad_common.sogpo_childsssd-ad-1.13.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.13.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=fdc14b49f2dbf6c0cf4a0eedbe169a92ea0edbe4, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3e55d81be00be98a82b3f80e2a866865f9005253, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=663e05e80f00a72178e4683a27e25a2cfa751ffe, strippeddirectoryPascal source, ASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)9J9PRR R;R8R%RRRRRRR2R(RRR'R)R4R5R"RR RRRR&RRRR9RR.R:R-R/R,R+RRR!R RR$R7R0R6R3RR RRR R1R RR@PRR;R8RRRRRRR'R:R7R)R RR@R#RR RRRRRR8R*R0R6R7R"R RRR&RR)R RR@?P7zXZ !PH6M]"k%bP}zK抯ütkR5jcmH) Q]y]Rx2aꨑpM %v4X ş磈z;.a 8jpeTٯN(\7$lJW^p<7hz f6 h H<2K"=w107$G'5_75^Q'5cD&VOwZ jQ3+E4i7#BaQ|"_euj ]=,5Vԏh7ӟrƆfUH=E#oqDJ桠nV4&]nVgX#~`B?F¦fޣ!+_*[k9GL{GRmI'>Uvfo<(`:ٞlSH@-Hkaʝ4xёb `ykp8SL~Sܨid Z+CLqxN¨P刹M|n rvzhDٺEb%x7줐k|z}Za1[?&,aX gB5Y+ɿ=ے2CBzlao"0 g_A_*t=@`gnI6%AF0ckU錆CZb/a0U@`\fsg~AC࠶?~n<~ "ؕ3;GɾreӴ3О*p8{gb%:09G$Y/.9xmAEY mu_>M6 `Y۟ ixpCps_o ba)YzIٓH}N'L5yûe0o#ݳoX؅wAZwygȥ(DMa4Vv@R.[N!P5T}͝){kk[{YWYom$B'eA[ *sTJӪreVY} _5FN,pucs!{΁]=OZZ_tXȐɒCS{q BK^ߞ15mY>Q\QrHE3zvV <=xGs6%\d%-UI &Fh*"#]\0⎭A[ZV@ś1]XKdtLHZzzc2#}n«䲖^RYYJU4a`er\VݷbO'5&PGI4jںirW6,njRtTM51 eJc덴jbf"ܴf#]bAxqAB+c $;.b)䞖pӶs3k Ac&=|oFR?'DDLu;A՟wہE6m c3*s`5okpL0psh8; 灇e<Q,+]u ]͐ 3}]p}}6>h}CoK5Urk@TsEg*OjV'`L\t0~6&SR4i9TXg֘9yibk pcFlQtZam}u b{sV]=^@JLm !^SM΍1c WN0M!۞}„x*XZA1 (lA, D/g3ނψ)@ dgg8m31k'j43wjԠCig آnhyʉad{;g9c˞QPe]+DgU3~q5rNMX i(n g39C~Sณ~w>*4 xb~{ a߼ %HG%c)5Kw4ƿIN`g2FμmyQ).a뀈ك4MĬ;ϡ2Wn#i}OB2E>ʰ PW , FV3IQŨ!3q0 ,_?Un,}hN4^@92dd‘-5jZJieQ PPR}+X N/2}uXWtsՌ]H4G?j_I]ZngJx^o\KŶߞ+9# u~ St#ĒZ {R6q''`F{0 _`+8Fm]4Trc{: !@S' :* CTRu(k Q!nJLfYyc=Q#?fW ]޻[΁x玵 ٘KCJ_^RaG؊VI! >7ٗ؛p$+ a [Ь#ςksZek0n 󮡞<*COFu <&kWoUΐf4K 퀫w`˝idV]=I)dsMjVc sЂ]vrW%1_'PbڏĖUym>&]!::v|@.2<!Jq{wL k,)?ܮם")lQ-t,۪^\X\ qnEX6dPd#2s@HL׭'RP̜ܙڄ7(| 0|5Q6l"uRK Fvdge-H} S ׵_5BUvtrp'TٚEî HynET&Y}Amz Cc 5?-r# b0$k/r H v75-`Ղ+E 26b021*N)9VPU:7A]=}AגpuY=lܧugI^~?5=(?@.mTAό4۾u+NE[>% ! ?"sFbM =aeSTLU@{؋$yEL]|Vz%B+<@V>J>@JJGMG9&厼<9D]yf22bI'u.jSnjQ܁D=P#&G6-Ww>m21?yŷ\]<")Ӄ* P)M3rGOj >8yaWZEKb X{r6A[K0U5@r_ό чSUY:.?颺3y[q SD0衹Ol}]۸%D&_15?j9M` b܎^[~SM܈vQ Qղ`~EgUuz4H1t{c.1 - 3\lU]Ԭ b6d#MĬ,l_]8V҉J>{KfxMBÊt2&՞J3qíNi˪9@D{9X \`a#!HD^/Bppz no7v4UB2ߎf'x~|w+qpqA_0"(S"1CZp4MVF ۵ T #>nU)ABZF"u ڒezRLdy>2|}Oc&Y<$ڨ>dDsaK͓gC_\_%J|0֭N@,^p2cHB$Lj@Q`<9iF?yGL]hXdi'}4)0SQ>mT>H  FYV5i /['V)dDlʯooKyʧI @+w259 j&s< =quEgJ9UҿUsul-V6?hlE5t0C浏Vhj} g :nՈft V2ݵ"#2 Td:@/qH/joXQ}cn4ڢ?WL&?B8a^ifDiKtJ&8͊V"/M>5!RM 4)Bё{4G7 >%+4& "_\5V[9F#`= ix~Tڇa'̗җ^X\/ܕJ [}ľnKyTd^΍L_& Jypz?H E{Q Mjn>Y/k.FޜsOQY- REǣmKvrc4 q!}ClYJ)Gkzv7&2*SV?4qXzcYA8i?X*: ٿ j%J~hi& .|QX(C_ƅZMC".{JțlWb!;١&sor[0$] <8C[bygK~ȗ-ru0Щ& Ce0 7i= T'guDVfD Ӓ+%iƢ)?dHe&XU;#F[k^z-'|hڲὖGz;Pְmv(]ts em3\\V&fYx4,V%/1}wTӌM?\OCۼ#tlAЎGX1BXiwBB,ȝǪ-̓IEƱfňJ42)b? NMe B'wٗ;$W-͍h¢k0|>-|;|8sL:nGWuZ M֠;6Ofs!N~eBߺ`[G=>BfhFbhS}.) ךxxcR >hv)Uriݪ@cGiHۤJ Öm!%88tF,KN ֭7ʂ?qG뉏T9W,/!= jLG<&BgZJC`L3^zΡmkgN/~3w@7ąz|$m{N g|(tP&)/=OVޑIOȸG^/P,˦z nk[̈́e;3Fz0$WC{o3KLS:CjZ'?^9Dd">jxLS-q x!x|;؅!P..yW~~Dq:PTj~N7#_l Fkq ;CRx$iB7p0lPZfҮ U'gҊmSQȳ%&}X  Od ˫D<\TxmK|a}mV.n9@ ܬeg&T['{Х<3hs8moR㞳"+>,;RB a!֪3a+@ǝ1V0 YQ\} t N|̖ƀy^2+Vu/N!SE=P냾gUmS3NV 6m%\yo;߼$w^NK(zw`|TMQJ0zq)ES*Y^jJN`B@'Mԥr :0 ndb=ZbLINٰLT 6lis#grWVNj^i `˝x|*ec^,.f]yC3M?8$ Bvo/<\`yRF&ǥ{#heA|M\ڏfh\f [ vC[N{d$:6V8]ō),5rg'⻖*B=/R)oT/$^8k&'FgZ@_==Aδ\A@%wގGv>ė&Gql[x҈oBmϙ|ߩ_ q%v=!<0 D-Uf6?x =0n @sO- 2_mg4M* [h$a G`G^IQ)>޶i;=KP;3b hnЗbc JQ(Y+hށ1 B[d|N֭y-EC}S['H$[!fJ;ٚ<<4Q(k4Q ծТ[ϹOX+.J yD *mמk =IEWv }=:UUE[V:E74p|4"xZ--vHo):Eq4\2NJ}%0ƭbFᓡWDtjkլŻ-y׻Hj˻^aL8(椔˄ҺV׈tܺeeHSx`ShXj=Hx]l}W12V/rR*S;N/,Ce)b3 h\kkr꧑T\,[DSSJxRک'dwbBI5k{gX;=nPx a^:~$0rLZ_7Ǘ:P`BGjQRT⭈4kԨ[3yKͅI#SvMT:fA[d %t6u<^0Xg%wtz]`xW;+{Gr0 =|bm ;}@[,mB֮5X@9)tӔ'*+A̰lE{n=NiiҼTvחpZ\p / ;,3W)!UF;lW)f`^׎v1Sr83sy;?5dq 6 m:eJSx-SI=!1c:]YD#W+Y >,]]107+?m"#8b?ތf|;x#ӗD6-H.vlkJA.n/^yLd@\6Țىh[';rn? b*R+1n:CB6="/f;9sONZ[B͹# tv$i>1CoX.L{3P\[K3 i*h֩fj*rk׻z9Ⅽ V=g^T8k_~a CƋӄl:fi_S& Pq`o؊&@|[9htfrwT5g | E?U>6b,zE5WD{kkᡅL"Hᅄa_|{ zz\{XVZ䢚pG wN,Lꎋ;󇇿UVʨ С!/k 4Ri<фBw3IզgO{W0}]$_΂ 1~pI[5,5VC't՛_w-Hot5N؉cn)S}+Uj xaYÉ1N~ ߉Gb@%A>ٓˆk ,<rXbx.e}M4Kzu F7WI"d]wR#s!|k0J;p'tUUb}{:u0sh o &qVd_\.ͷPWшerS Rj(=ƶT)W%[fWσ3aV9>HK> :`$s`K;(Ȃlm+Xpirh:RoO+b?km Zrx4-i{06F3V/f?ZGtb / 2_C&^$(u]m-v\ %xF#z jgP(\ Qhzm3&:$`] jeMX dK (0-Dv!蜣:=I*ɳ6D3Z&~oYqPMUXgzM`W`X)YL 6ИVZ1) 踲mm;D=Q،|JO] GoV8Z!Mk'\}DG?44A$2KLUF5^P$ӲT9L@.z!o!QPآ ֑!ʬP%l^/9dTV! HP =oM;/DR4α]Ogg q ;g #6*  *OD4x]x} RG86"x!t s1ö꬞ծnd[6:7`Of,"3uu%gyqHQQ@3m,,k"LץNY3*dG2nZե2xNqx&w.3YN]]pe\5wX쨎E-\W/_@(]g k?7C'#%12} emi-6uVRH HS;5lY;Iޞ,f/?-0m qJYv<5WA^q-1g}FC>=SZ+l[-yGoH.ֲz61 D.ǭ1o'ŏS#¦ܨH =whb=H7ReԌ͕A6iTdEFhPSQIed%JȖX(,Nᴣ^XT %!`[;T6ܟKr{ڨwwem-_ҜyDpJFkБU׆95W,ZN$ ZY C1,ż^LDZRXLTsƷȨ°-UEVcVoQU5q3"\T!|OqݥmMaLTF'"-Ԣ>ICRu]%,䪺w6qw~t1I 1 SpgNy @TXi-?=TC\c^EQG{rcuxElA<-FbAS4{y!,m<{6k wx-vRcOލ*Eopg*v#weha[Gl4L fSs݇w&J\BS*nL*! XzgnFc-4!/>kǩS:EZ;85h[S.G+"3M%oǢ3|*|<<-`kGt#,=n#4~gJ1G ShڤsDYj結5D zqI~.a=0 QOœ`ã޴(PGڰk2nBٲ?A6^)%|8 ۛ w4(<flx}p ϗ3aH'{qd^W^:YqwM@j 6oyP Zk#{afTG@Y6@t Йy'9gjMXSP-ɴ4?ǵ 5}Rd}_T&s"WlCkr(A\";;8r"FziSD|j-$]a-ǟ<,o8K&sDzmr0`J nj\.,kH>{ղlr<6 ؖ*N<{ |(G/ _dꟄ`Kh+V >+Mu!pIn\4ycXs1+>e)4N^Gu?ߠγE`XRWؗK[P ,uyIprd*0 xW2dx"S~pP%[ o-ĀQ^]|;nC(⃠Yg$"6~)(w"4r Q0]gTk:<%r(} IX)q5FB3_"=4900{ECqpo9n:oiPZd oǫ܍G* Ѡ05,6 ^ccm'K_a]LԯG}b3}b FmS9aDqHD|2BĈ &.wbLJ4aڃVuk^-VDƫ[2#^թ]H,(%y l$A%Xc%k禆8p|v= F8 $ @\)^]>сH_Fw P"-qʻW"f[}ӗ9,˔a5 j,4"20BN |~[Eo).*pVKrfR-A}T0jNv"TcWT-2_L69^VTԼ/ )^` QT/5-ĬTGTٚѴ+C89Xxy߀t׭Q)QV[4@}7(Z+7a 5,}&Nw+ FҎ~CPFJ[& rG&VjG'Bqĺoh7)7#tΉ./P|Ȑwcu씁C."ƩgQ{0ZL\77@}+NKa& dnjIm@ߛ?|{X' F+ۛQjJVgV֍0 <&@$e{84?3j;=% dg4bdࣚE u DZ'P:v0G!uU;l6WSzbӅ X˿֪:qKys]s-)U**N 0;0M :L׬/~X(I{NafǺzŐn86#L%(l!ZMK _ͧ|+um6CBoS-T{G'r-B}::,|wV?zhZl׈SBfǨ k(} .I>7.,uU֊G0͒lj5֎gj-Zҏ7Ɠ7+*9'ft秬[Rf[ysIUjXXs#ktmcpzeRMVzDBIͽ'D[4+*^%<$)BJzTSï3_}\9U":2̶?g9JH0=8l{d!gC>f9]B%;EYh[?h{L3V+S&oEʠ{7zd^~PWlL' MgO ՟N7rH~ν28&ˬ2I\C9 h֣Ei[7 - 3S %+XRmڧ(8^ </I}ǢLkаxRA!;O)`'5X))o lePx(%=P:qwghC(ilJ-{x͈@;%L&{#n j҄o!]#Q'^9G%n!8~}C@_ qSPW]۝Dpg]gm r`m h߾)jW`!cX+^ⷘS4)~$܋Ö ,x/XFKH=kߘ`C;b2[O}OJz1@)E]F+oƎ.G2yVB,C"{CN3+?¤`: OҬ ub F 6$0tgWn~(׻/`DDܮ{|T3P+h^LPWێBJ!~/|aցzo#yg`{x'V+D9꣦U!xabB4r m0.0 Tt(Ǟ8M䫄qTƊ}q# O sS)[y`7vU.*,T_}WfG:sę:[0Z^!GCh7CCIG+ kwB$X!3xtk@Nv`\i0[m!ft7"P$ :kʜM uy$yI-ᐉ,RR+ T&j^}nK_6h($ hõ."zA0QS„CBHp/SrªEW՘xBp̺ o\Pꥰޫf}Bw{'N2HZ{2~gF,PXFS4a` îŽ}[9Myp7w孳ҟt\h-;L)H1 ,"eCZVQ^x6CEΟ|stJ&eԪCp}N|v^UeBzøQ?ٺZ3|~6@004/w$WJ %{H5P ~|`~GBV~)\uyߚeh^?>~DH\L2g5ZHM{b2potb ɰitFg@6i$E uu(EQfuhtNfX-5&h\wÞ _8#C?v[ IWvDK洘S7`rB΢O*UhȪt1{vVQS' W7,6Z睽 }ÐGKh[Z;w`vgxI]/_ƶxbNܐ>,Xͧl$]% ;SAu{\,q kBIQ܌##o(C>C}!C8<5P(T_efv36h0˿ytJԃR@RoDm] Y,?4gl>Q$e:ճuq[kOxj.ٙic8$ּ2)H]\6alj< wYJd w((;|-S:ɐ7ɖUgnVY'%gXBO ;>X߅c*P,{gC*3H^Ֆ>/8\A9#,q6OMaI)?:S k,~JS%tK-Rht-$ 9aG΅'Ymmʄrjh$Ѧ~Th_uC zObXCWYR[trZpt.U$I="Km?V-*ӄΞ%p@ʾMҨZw~B3^r~Zw$&ry!2ܠj*)v˄!fϣOaNeU=O09+ _1x~*/}w kM8Uq;I2CKdOL bg?@ҝ##bnuvg8k Gӵ!y!V,N gtC eIcs9jg& Z@PBxyb]7!Dz%[%?Pͼ@ҞT 4uG Z|맃Kz8b+[u}PDleHӨ;*z<{u'4tUCR`k/a#//,#i(P^JЇjhw(=m5p"s$3!Ҏb]^or@JV'jGAsTVOY@^IW3bd-}a$-&QP@A-$1N. 7H>ˍ"O*! JAŖL)XQa@#0tN;AᷥQ%`xm0Fn X=@Qv҄ j;Ļict/(W̱!2cx"c,j/乻?&4Xn=6}IR>ED5GG֎yS]gf<3c>8%-%쇋s+7Ӭ1nA1:ې\r?y)oIЬjuIۄ)&|f3Is供(KY"KVOT1?6懷5mNzɊrOE6G#'Ta,Nja7I!6n蠼 '(ڼ 7?-s% (q2do ~ }:Ls;䵪W"i! gPCX'l_g5Ser K*.R+,Wq&lx wx`S tUq\=0AE?Ұ-("ZX$h;53Kp'@; #YNqSrw2RF=ܯ-hos'DE$8jD}RX[)޸_U l _8y. l +Q4FL";>T"vKY:bpQo?}akmv"Q*rᆯɋsnsjhC*="5V4}B?a6`Jk=0;GEmXȶ(%O;DmI=a![5oE֬hטtg]5D0rv+F}l'A)tO9}r}?Y73-mJ *؈߀^\G/K~PE*1퉰ROT8g幂Wjۃ7,u%KcŖ31%z@]t)X~QН3_y=g﷪t'#rͨ2KKbVb6[UhSP =&wbC#`G\kZA&8crlKݿ!S'cKPPLjԩD"`OP1pݒMG8G4y0揢5}eN`|4LO,pǨGկ e m#0-yʘ«֧r7Mr;P蝬YW .@_0:Aѷ I|F+6|Dy^O3u /}^VuPYR:-Q+Ύv'.-^2Zr\ۯ{;0H&m̩IWrvw(V/ࣵJnٲhsbR9k4t6`oG9{0i(a"M}Q)YIPjiux[#2?I,nQdpF Xy%&&5s(tӨ.St #t}@GX6/٨jPnsX[@Z2 +=c3d2>S;oF}cfФ̬S <Zܧ)_ο\b3W\<94//3f,FV17k},; @{Tc VX}aD?%(h/4bp3vMO e rS*Tgvv'3Ȥ58N9@D6s_Ī6` M^+!~P>O,Pɲ M-|ڃҹ9?oZ~d[2Wh/|3J\t&IL_d.U - x aIk!Ka tװZ~?Huf',vmg达Θ(Bݗs"dd֑!s޷>WZ&"|[4cZq/싫@ |R1 vʝ&CЁy;7l:J&t~y<_o îUBW >[ "nG7F؛++H{57ޖxK!KFǹ lW0&UP_^,ױ7$>>SHuɞ=9npLOVU`Q9hU[M'՛O8OT㥝in|)-Sҗ#Ev12Ȧ]a 0¼"vx0 jcaFSKs!'c(eI>dziY SQq[^Mko~S9&:tdzl3s%4 zuBp7D\VSזqM nӲΨclf;'^S32aǡGLR"<"6zS;DzU#V %Q*}ĒJP7~ B$tۦn(m X1MM+!DMT}yI ]Iʭ+ ^<¸YƖѴ0|syl fAΖZv4Jo$aO-^b sǃpnlfRCVt9iOd7ߩZܫ!>hzC3Rg ` Lӥ|N6:MviX| ɔ0*}9",)MKuf)F{㴮w-m,T{ p4(rIZw_>}I:U*p쪳e,DcmuEHモ@Y4$Vګ]{HƘ|;yi <$.pY}T~qS^+nLfQ#r"*S\)dZ+%D4ZHc8ta-cIMl~HW=ort=#"Y".k:Y)e5{%Ӓ~$8иk@#e󣭩yzݪz CYuÉ"8ya\>N $Wr9Eц(CRn>kVKykیh6j00{IuHD4۰,>yEuoRKZzXeJ" ^nxԘJW@7Ъeg1);i*''xQqv(ٱ>7]vPNn^]]6.6*2,Rm1|Sa4N wܵ\qwԄo@ș#v|>?צ:elÍCB(9Xizxr^PgB(TF2dq  ?ZkH[!dFxjdL]l>30K9lӃ ELLYpÕHǗvSdV9ʻ60dc@Do]Xq[\U';!myw0s~˼j͝ FD$Q?!IYd!}v/#1j:ka;55B\6G4(@O_#|Llh^KE2Z2."Q}x^(P>Ձ?#RK9[8xzr#3ת?rx}o9O_)ߘ(?<,t?UhsUOҼDK!$D^"!`=&X>W5Ħn dG5S͹Qμd2sdȷK~Ъ sXQefƄit2W9OA_40\5椠{,0,Fu =AKNx= 7zKaUU c_K!#r$iuObєwbN=qC e,`Tb]8=$ HIK1DIY4v`@ꎋ&wC{,r)2)m%uHK#rH{<7tAEP-m\@e).$m[Nc̅k԰B4eQ]?kF1[[CI/) ]^c#%ξKG:CBka2g2 ޺ fM6V%R^GX谑3S#)9TMsUE\@? ڦ2o}SBםz Q~'w2(.Gn#c.s3szj5pr}2V\@Mln} gp֪HSqPx?(ihKϹȍ^$;Ln]hcïLƈrOIJh1!ZAݰy=$ [Iαhgwxj9uf+ /_ D],-"@/fI!%Q>c+P]ڿӦmgA[]ێ3pmLBsQIǒt1 it ܭ]uDy tjzm6[k=hosB̼xA^|'_y5,fZypr;f\:cI0uNUZ0XOrdbwc,1j:Wܫ\Jrj(WGyɤc0؋l,5 /@5ƨԼ4tq 4ATjh!ݍK-~B|/lƧ& K@ ]k @;-ի'b+Ef8vAaEK4\59 t`}܍oxF!dKlw8-iUȨQ)oǃMmb ,HVg!P$|h.JHڹZ{P*緫bAo)?eΪb`z=zE>㭟JM'I33u,GG`-V&+Z%ږǺ=R5'e£r7EW짪@~qL[=ӄ-x`yd|nrsw` 7(,hǗW.BOb؈5c 1f~hLN_iBa @xr `F1X"R1>20n䑂:_PM{v+'B))]`uY7F-)Rv;è MdJG9N~Aށ5jtdںLߝeM]Mppy-=.JYڿf(fGGP݉Vj7 uiYS~+"яzx cϊos C0&*?`_08G41<%SChJB""Jy^_64duUW2EӭVݟ f"YqU+0O*Zk)[Dk`a_Yyԇ GCUa`BA8v']GVo1f6^eZ`Nq||^+nRI?D)$e8̤KzH9uhdL+Qt4}GW|i_)+)uOKoI4Xd>ߴ^Z,T}LTbWCM~j!ݒ;g[or'P R,zb.|Fql.1Fc 'rz\faxSD@n*@µ6 75 %T̯92?NBI=8Q7>gn-Z5ߞ qyp02sXYSfXkwJԲn*=(7yOo<yF< Z3"}ҪW"H:'Zlh&,^CPpЗH{'-6{9jZ=鏱&e!ҫA*e밗VWO:'ɦ77p1+С1fvVϖūh;djϰ uՂT/@ ziP.A$ u/NNlX"R,"[zFyj$utZZl,%WՒfk֡.~k5!}q{k ݗhQ's\^t˜u" W)|+\pYe24ZrB]שI:V AmR}aIg=G<^&S/n+pv[2?~իS:' WAJg%P %)iw1uƸ] y%Q6*rD&XKc" .^Gso@Dؓrx)=lK'/';V 3~DSCuRR?r}̦ pvWO|cJA*} >kΛ Z]Z.{%d޾ g1G0O\O,ԮrPBg{~,2Kn<`lJOx^MOAlB~+zlPe}. 'jYXH?@Ӆjsi Qjaދ`YqBh9b f OC쳔l߯[_r/ɦ"0 ^ru%%X< 3Wǩ޻<4 ϣDz,6T-NIJ" k+U VyzuK Ln6=wr Xل`lw;\\!-uLjx06 9e\Ze'E`rZdAc Dϯ/,$%SUj&Ţ O ߃? j{DE2MOn ~noh"ÑKo4&Q5 5+DX*#mXѰ7…ld_IP)ZQQI%- ÎiNyXLNO|e߈L. v "nJ36+ ĩޡ\(xgӕfG8>~Int./}~υ7VT :X84d?'rvqnysTT%W j^phc!vsGON%TR¤qç{ 2*"$cTdq1vqšڸx8(+!]_N]uMы6%Hr!^_on,Āo+%K=e{FSX 0PEsX#0!~.Y 9*ˬ/XBGP&&xZ1[6NG$#NL$C/PәeNZ:n1`=S4-36<xi +{j1( S{V[ 169l6O}{{(xdSyT%NH0fҼ7 @?&=[]ack_xY% [~7g워ڭRm;Tyhb(jJ"GzvSeEۗϧ۬LZf|sX iѫf@5 `,nj&%Lro{T G~Y$ ZetǙlԖV)H>Tt/`=tJe||ށL~R2TŖmذ{/:hʴ.xREaSi L>x 0kpxV=eS'fߗdE&0ZBxo9/'_00x 퓝73n 4Dp,z\TOb LnWΘޖvq0s.nl @,٦Mae+9^C'EXS UZC rao>E?DRlF4!~Kֳ>RRD_:91_Ƃ_"aTt b V|-c_DZSCE /h*IHЭNe3CQz_($10*]5 c9Η5RfY,CA ( n?8tuL u u- nKFl~F O5 %U>rw-Otn,\)xoJIS%DR*v}$~it+Jmm`kf;.UΨw\i.u«I^K8]kf|^M0Ft#jH}%C+͙ࡻXz9T9ԙ~[¦>1nljPӼ#$yN8kZmQCe&$ `Ö9572 ێJRRO1ĩ־_ʦ`l SKƨC?\dpbe ZV\;|$U;YxTɼ=PM(OV9 ?i#щĬ sQKj Ϩ9E2Q,Y}>G\/ڂ geV²z?|0q:RR:q?,׬.CpMABeȶ/j[{ѱA~z0- h]Ȳr1UFc);44"}ؼʽwqSd&W V5Ii@D#¡!-!++)SMhfSt8$fR'ꩃ5\OOLn0mriӌ,<Cq\ZmgkgePƾӽV M~z"P˨wZ:6gޒq^=q1]ʏJ:,.cr8' w!tpxg0!;fM ^wg2YyҌzgŋEAf[LPaV͐FEG̟~BYne¡$h~doB &fVq}ݬzüh]V'j>]5ﺁ>y9FQ( ,</ͩҗBRC \4H֑O )dqlV #MKNϵßn%Zg Y,HJTZ=_Kj㚒ʖ7MdOOǕN8dEVesJ;fcmɻ[:@Wn5B̸?؆+MN(V>fnCJ0V@Kt\L kbi0:eYb,o>,iX=0& xZsIǶR@75n+$]#ܱ+T>jY>IWoBIKԻ@m.\#}p祰WC xgJpX(lxĐ3~wGMnц (jO]U j 9eˎ7]ԉZ 1 ;k K$8U˾;'UbjY !ͅ0LJHZqqWV~D B -ZnE_[!+k^|1k)E,CM'l4%&T̉5V/9.$l+;yXZ! 6aRP¶b, eaT@䄑gIKp>/C,}|8 4)h-͔PJOf4EJD6xPbժϙ(ggiBk8|1 E`_i ֜mhc^ƫ=fӏ\BN:W qTqzBtaL[}I}XL ar>߉l[d3eLT%%juZb ^!̗OB…3ptƯ4?2jp2o@w "oeh 'U~bѴe6-x-6'{%\*'a/?K!֖9s3- .#K5U8>3/wH(Ѱ+#%@ (O9!(VE ",&vIxQ[I668%n_^ JB_v-]gvpS'\ZHbc2ا9b%Mp*ȵ%#Jo6\{7gKsXNedz1$Ԙ s0S?=+~$14F* l͒ݕ"gm^ hWx826jlKWAf 7u4MFd.<f> Ta5-l2,?>m0^RtwM|y^ ͊h$F'2p+kx-0s3Blv)ŮVn%$PI V*J5 涥Ξ5C hcԙ&tQkCz¥[P77'^{H0]wUV<Z/YHC,ϰ]6f:lkoIu.<X-"3YA9ٔgfvPs*۞W"WaK3Qᘺr7X$e*0>EcTEY͏ kuhLɃ/΁M/QMPGEqQmwS#w)3| s#`ƞXJ5;h%UKT׷33E3`0@(*]L1X!c AR[>ڹj抜 P(HO{_ lVG.:m)O!J9Z>'}r3s`d|"RKjwhA_M`rښxun$:kǨM38)awX7}͖T+t=.=L/F- 8U}"pR 5IŊˏM|jɛhEА~C4C-]\w)$)gHhWm1;0j ChLiXx'Տm] 5AQZDVu (Ɔm$;fTI]n~K~Qxtb{+|e/p0dBYOӑ1L;S|jwa^? bsC5g^Dm/ENY2iViծ`U3a ?:c ma d_NTZw'zWOwN*^A Dq^ϜPZn o <mo$'_#$yf{ ,lֳP9\DWRq*}V+1ܫPwe0|5tblv׃,(| ]ƀf&YCb1E.ɓyR]uźs˜?\$,މ&+f3hX?%j,Oɋp*uy;<Īo?2>{چ댌QV[0gLMm>~O8P5۷ P rH#Ȝ&wPڸĮqOrso ydžh.N YX8t,ws E a#6AU]V/fM| ο(~c峺"`F`XtqLoXQB|%}5p ~{wxU&YZbco7fDxOҺv ɬ5ѯY i^# t}ZXܽ׸H4vުD~ƺi:5˔cW0`;11.Ml%3ft잀]NoCU=ӌ17mxgRo3WYk?o1_CRC:1ijqU@?;$.}]Fâ}q|ѥ9"A.Hj`:cVEݲ&Bmcf&M`\o!A"9K127X| 9{ۻd bӃՀ_}~xC. o*pHXn,kF\.|7,ӃL*_^T]]cWtgߟP.|YU@,Qv8?`g%hG|b2 BAh浄u}_-9ٌx˭zƱr025kvx4 !;,)TE"1+d>^?9_<͉S &("1UD JD rSps =߰}gvHXu(=:傜}CwY/v2l?1|K KmσP,{VF}loGG?iJgp=Z M1yxS㷫gCMa!O0GwЂ20گG>b%4Åt[$8vU_NVob$Ft<,iOh[\G۝J2js]=4bVxO"6.=*Leo<`c4 ^g3xR)v`f+i~$F{<Ue+E/V5с1ߡ8RT`.{FۈZk#sV;mZuuFMr#"Xc}M2) °y$뮀K M/_o($ȣ*ctmK9V ^riǕOCaSRKIC']doCi !4vk/s!݊.D$C$Kr >0@Ac5Z { ڿR++z#g,9IhvNc6!ÎqVviyXLdm3sS!$W+_ioZB©:)9ď[*`gj<%diS@ T|n8^#*8 F+^Ͻf 9f,t$L?z b6"R{C7wdk}\XD?[@'u:EU}4_ǶSե3UP?w6#L/]GVA?1Z:w7f*I= \ހrG`7OL?IJlI8dl0/r팎( x o>'D7^⦾MQ=1ث*5[l)\F h@mb -"P5дmeI/ejDB+/%u]bY9^xBҎc VOSbEBhz\/CE ؽVNZ^CAsgdPȉZ1L!25uA>dA/ !N^`'ZP/mŎ[idTwf=x}z/N~ɡ>ZFC(.#Gar'պ:IǬ;QNnʕƥ_ avtѸXu̜ǽ3a0)9:eK R!Mns8{YjmJ.8 ΨRڸlޱ4n|mD#0vBȟrp'Ek/m·Z^<̄_"O~Ȯ $|\.)NiIYIn(cyb):kb[㽢V;#P6 jb0 h -ie210(>.ran Ijc slf}W#SV[ ֥ZBonE$k?WoT8ewӗ:+ulo6 U΍֑ogtC5- 9M\XbB!Cc|؃>D4htjPSS:1Y0 c :3. k+?{U?8-^ş& ;of=)3qp)影!+ɀmSx sdת!7< R{^,(yޞUyLOnߎTno=$5 SQ T7Yqx@ɴ`Vܿ@q44=_T$|2(Wʴ~r HS vS QKLyh s T`d|y/NP^Wp$98ܿ7܀_(e4!o6 B6J^:hT*H t:eVa_ ׶鹡m][q9n?a{848|CȶYE"Ue:q1~qvP$Sń{h8X}$B^8fU Ocr21> s hsXVlݖmlpH0sʆ ])dYQFKJ 11smmrfi=a*C%unSS~G oFr8Ve;7@E}z5&+a;\현3Ap) 9 08C@j@sKNisǏ}ZKdhTGEBv7h.GRm|.717@%Ar K3~&NGl=ҍ4m"PAcu35) %gyZK&-j]I*e!]Z@95})P98mV!| 1]=3C@FjU^a(ٌ4LJq;Dڱ5R>fTO5Y.=wv2Vl% kPEX@sۤ]_mwi\"ݱn% N+  gD[ew2Za|{u?vzu?#Mad*c?]kR4v9c`n҉ ՞NPwR">]ôw$!bhó\)ɴf ߆Ѫ}oN9J#/|L}"!uW 0Fy<_P'_C40k.;gx0(̼?4QbRWgaˉ4@6ڤ.+HݲB]%Z ڄo3Df&#wv/>)`Wۈ>Ձ79imPMa|Wy=lsF kglۀ eA".Ie#!#"Ж1 ٻFY QšAш_:Vls/Hhmj-H3W\+\wZ+Ϊ8PI'޵C// ^3P}Ty7 -8x(? pԘ17 LV}+B鮀DmZἯeighB;: 3hN2;I&9/6Y_ʎц4zN{n4{egj'* Hޙ`Z&U#5z Դe=9'3{tyyckҕ *b|wJ+JXp OކbY 5L`ReUqFV.{W[> Ѕu̸4 {k8 ƣ1Go 𷘻6^mzN'|Xԫ542VV%|S /ӛm2KAhCuEo f>CQ_JK^rGlF ՗ee0qx/p[ :RH¶`dⷞ)D^Hסx&'qUz/eТ hp ._OY<8]ʶ&VQ-fXSXEFhAz&4exm}lt= d+7EI9On[*b*UL)F PHfM+$j몒:`џiܩr,R/6;sS> SeKf=R*h?.|3, S 3-dT4fߋ+Jq4}9݋$8sL9uZBpPiIR7+^]0-ofZx! tQOR u L;XYˢ;?E0u/=64u&$8zqA C"6K>_\Y.cpb섾#SIOI aad׏ qpmݻ̾H(*ҭUkݴ Nt"P Ir[ƁԢ'y1]IP ݫa.[Av3i?8AaGGC֍kW]7 ?msFD֍N&[Ӹx tBol nY4r>6% kO.ܪ@?d'gyhBNF#}qcFzONKUh'X=ܧƌn (2u- ʪGpz%I?SGV $dƳS0ᰵiW{^]{7jB\ A1G]J|D}!ì[ĬPĚ=Ok6==X)*zz@\H}f |(|GbD@:qlnIRzo{៤"lZ;RN?9/1-fƓ؏vm퐅̻?d}tB#عG+FS#V[HFdзI4NT@( ]u xX٩eu>7X@ti+o*ᏸDVi+6WPEVӶMX=+&E^@Yqs ,o^)0Du29Q0y^8 >]uZGt$Yn0C]bFkN7R@@ߧ8I,4[;0{T&rwEi z&}}kS!|O)e¬ytp3ȠX,Tnbg{%J}4kljʆU2~׌0ߣGRwMbz>UW62uݘU'޺;#)#Je-ug/Opogf>vԶ -?-%6 :rOB8͟%nGRUF'nvd`4 $KLP~_{Su=vkq]uzf GQ;[JDcsFXbkE$R%W:[:53i<cg'>6^v{bPh#|}uyFpF3!|F}C@n(EAH$qwSuH+GaW'"꒗|rh7D}Pp"AÂv ktE.eLkY85Πî[+H (t vr,@v8=2C&  ܣ%`OKN%T~HxPe'@p2C2V0OHg#A7 M{eG?\/0 DM_AC;/0?8?*>G>wal$Er[\FNȀbNZ%R]|{Vj2KrF_hvCFj|. =R=F}Κ\<1`*%"T&H' WG oGJ^ %ZY5n!ޜSiw r[ź!%6or;=<`RTX'}>Wk^ 7j.TY\ uoA3=lKJgkD|Ɛ`MfoCF0jU p|˧綈Dj5ЉJo׶k"1f~ֺ;FX!t+.x0wdǥz##X5D\R!8;u%["E ›ΰqCKJ}uٔeEhN#ĸpw@>+鯫5tϓc߯1㺹@O7|oDh݇.omeL>nGB9*_wf.3$,&.V7mbReVJb]R7-kYWr_d{+'oKQ g6Lbl_~hH;o*rS۩̎C5k${oRIeb+q@w,7dnЇn] miqD?Ė!;db1"t&@Q0O򷔺kR PTψI*@{]ҀҀؤ8 k J=i1&iR$gB†\TN9mNe1WVN @X[mt\ !EәjN(k#7687W6ՅLY4hoh8>R C g+>vR#>=U q#{-m2rHԋx"}w j9W_]7UBn PT5VL=^Af{: ;5V*EoIG?rAoH>dp̖>%T繴JA%h MԓnmDɂEv@̕q+kRWSg;2/ c4 MWMMr"~WDډ1n>O.úqb~`C\=nYy2AgXks҂ :r(JQ^fM~iwk.YQݗ.o Ua:WLQ3FՒ 7O(x- 3 4A9^6uzy'ڞΩvjhxGţ̀ɍ[=8K8Gf4-)2Y-<*i…H s t M&[ hѤ|&p: nG˘KaV,2{D!ؗKC3$K:a)""b,B}p+$ZG4s,jk( ԙ/H7t.¢|k+9b^xf*7sk\V[]u؊k+fO29ȘsIPY:IBԚ@i;)X=,E9ԩdIuV3nU;Zo6<]S%^Jfu|,RpDeŎnb/=6)O &V>gdJ4,QCDʿ}%P"|ʋ+ yʡz'-cz5?+oH(]Sq򕭂KҩE{(1.g57}>BTs?J.7?, @ IlmʪZTɎ~Og$Itw "EҕW=l"^ ]d2Уb6X.b.G bm1YEb9}ݨDYHC6jgi X\v Yja5eĽrHԔy&4~TU)d39oE s[9-jutV7'jF%O8I oW?2kъKQ3۲m&Nn?rs4V";D#\lB#cpSbtb2!_F?ZKp"R ]2vqI$jWC-VLn Hξ^Ψ[JO| I6s[j%:p貋f}3^ȶQC'ɮT^Ɗ^=蓕gcIa2aW!x@!NN dX)SUJa*]/4AH-~yMÊg5GCj)KkO#l[./F'ng}SC`_ u:՞$ *oDW=_ s N*: 6S:UmĬUx[k|Uz iOV\n]JDIqL> 'ǵ&Bi̤3P'G{Kl[0"|ѯ+6to'9ݩ2>O=l)J`Cɥz)u\b<C΄U 7݋j`gNa0e{>;Dos ſ9?|߀S.WтO# R7;Z *v02A^c}8ƛxQX4[n P|\/CVDPD &zK$E']eg0 gꊎ=A)uy \zց ?)”__rt:I ஃu1o EOƫ1%k#;ENG7" ~ TMPȡCbAHDE سe=XFÔOĝ㿍`\wUGx< [۸Ki۱E[9\E{, ^/< AHgR&FG5bbt>2⹃+P#pPg&N?JްC|"tʰ]Vן8_؈(3n$BfNyK/}ֿss,v7zH|Ӽ olaFZMI:LN ֊io ٦(3i˓L~B &͘'?7 0ݘL2 r&jdoj8-8VMOq~W&k}=2ICOl,Pd{~ jz q IRw}8y]a,%*XMO"9wRjo ;E &&;WٜĞ]5X7Vn-$},c||a[%(@"$W;J5J]iepWF_ݳD0h zJJÙ'8o>uc 8r)'}N6#&)'_ʤ7qQj8M, +Sd%s9<ҞQy;˱"ݑL!TOvS@5;1+)0)߮"P-``t^w)3f]2 l3Ș_^bvNg62e)پ慻UukscBu޿pɱ:,P2ˉ&Z T&ƴGCߘ $ǞWHE-> (SV9z8p۴]t?+0)^tm5|NӀW4*;a_eAV;aA빚KZb-h  {-,%y51Q/*i:zT;Wm֮φ+y5 F)k|$I9߈mzЗwChtnt5R)P ud'Z^h;a*fkn$|HL! /mn[@a'Oxʡ0sM,in`Dt/&5[iZ2pSvɲٌ]p '䖡;Lй[t=e+`g͂iRkJjcsDɯ&?[EVܑKkEGD9 %=T~<A[FbԢh G;{Q=Y, 86 mXRM/8eVaWIq],1g#OLy.vo屓`E)fnXo)AҐ[sxTsRepR̸!e0W] aUF ^eB `WO JUoN!ޱd ^YC-/XnGڌu&y怰H++T}o@Dh04n)HOiZ6 `'Q-*4ή_{V=Jzoz?ȉ 1+n}Ow2#̪v%U =HuZlo>0n x<sq&pj_=)\MvXqqsEqzr߿C`#(rhTkt8R ` I&3p6~A/Jp%t,/PYjZjlEJ( ҢѢĸ %K٬_D[ҔtiCmK<]+?,UbQFrYdߺwii:E > ]m~',/DBQz3Ep@1.q6Y] z tUN Y_+ IC{2]Þx 9rˀy\WǏaA҅[&rIZm^91h <3_Au7Ý`WyMq"z`/Sm5fqb1/bu6vAW|lq .]3oYwXCda "T4ޢ OnbDF,wk G 8y{/l;Rvۄ "η&f_#;0Q*Rge늶 &EapU5- 5GYH >AvV%3+1Y׫>y-({".ЕNt lcec 7LtG(cI[HdSoJw7;T+wuNEV%Ӓ>} anN];d3~ޟ"f,V!S#[M禠v4^,Nn3dp&mdjwVRHvKz#ݜD^(3sFr)Fg} U֍;$3x"ބj5_{h4 6Ib=dg!peLme5>6 ak 5yM5_lyL(]4 lnf@>tYP^~gRd&8X*``/&W4HYںiQ)z2#`2/Y)Ƃo_jiZڇ<| ^.H'Dy<@/߿$ݛDzqfZpnA- W#9(>07|LS5Ԉ_Um©3Ԡ).$ޓ1@<~OD}}Jl(FK->G3mY×B\)8ljd@ҰC`.J=P^rٯՋـݼ@JhԲ?X.|GK-̀%0#21Dw!>c?2 gv`>#*K8ijCMۂ@Q|: QL.V 5!NеGvANE?Mv<[Hpz5AMLMA| 3ӊ k[n\ z0~3 ۙ\!o "}#@;5Omo}a[/†DaT-=> XbZJ0[m3yFj9ή" 02. Ra~%Ux=NbsFj֛ȬJ͆/ uy7AӖصP $b.y\N@ G;IK!j-6yzJ2!-^<8 X#GKh,U wU'FI roV 3ǁwW 8KPjPs"F{uM?EѢ#?ݯ Sл-O1HR ' `Y.Z$JN( k "|c~d^Y(I {!Whx'Ǵ-4tP֠-E.iSqCL~d#,yu@Eͫ(8yjX_-I:I[0M(d̋I Cc 0 ¤;37ֳ1[~lߒZC?k4ZQr oa(k8WWuֿ$6Qs>>h2C*1!7嶘 Y&H]D $g5-ڮ9&4\5ȣB/{ZQLLtNw-}eĥXSc&ׂ#T4r[Q$Qeg0h*b О|bZ W%ˈCu$q2ŘLD6_&}6mL}GQA F,Xߟ?E7j'GF`\?06%A2-桒hu;$Oc_ *[&곟eD6t틭]!.>,[.Ÿ.~ 4kg_Nw糌,׼յCrpWK`9YCoooKht3/Q};P'*Wn* g>:aε=sS`i#jڦ4ȂZR*fg;f|m@4,tQ^J %dյ٤eliۢCլ {>Co @ڛ?_)Dx^CϬ-,^$H~T'*IbGOzY˜?%g!KDҕ>T\Gf5?\`&"]nqA\DIe:&ߍ0P PxdϨ[ QsHݡQ؜J?I 57-W+@~e 8p9{>LnD%ճ"PFb)wRf>*jˮFmE)xjZ[xaU$~GdEk@Hca-aa!>0D"h q؅J=lzB<Ǜ]8%S8Gl)֛,Wl^fAC ɨAdN%Ib mJԅ+ȁW7y՘K*JFشQ*"1T٧̳8}Vu"^Iy%)N%B3N9]^옌7}NCxٟ=/z`fB$^4>˸K%pO򐟝aȪFU|jY7>]o8 *7!] .>AiX9ix6]` .֫ >"MeEm_ޑj +7?9eUo8wh/R}ym/.@ *>& X'y &6B7qiun _Y7M./ \\qQŘu9f߹-tW#p3IObƫTDŽ5U[eG8wm5շ5R}lΎv|U& ]ǡdo}=DYzF/91%Ȑ2b!<2J9 Jtyjխ&.<F,4乻l#@HMYZi~<1~0}g?`J7WC=* osqͭ-V,q]'H"Y6;.r 'rސ3gPhȺ 0몞,;Uu$J~L!P;:#%W(a!u,;!I#lӯ?z:yH#Z#7,콀MvBW_u4wT&FV`) ;*^ւҦiG-XѶGΎIK6[My~= .nLΏz?if:Uk>uv{(X^fUccJ7-:}@]qzn;{~0x.n0⤱P8_%a3$NM sWZCfˊ(=2pMfhs V}>!$ȑfs F+F  iE.ZW6l}Ug3.3Y:c[LnTi'GbgC !!u] R̟Aiz2]"Q:VDy{J3y- iA=wn u^ZwۥK1DA]!j m.Os](Z]AT0Yf}JmX'|Ĥ$YnjPyCK2}_*T3=L=1Òjh*qfN9}3IKqԯ,=*$7SQYRUZM58^UBha02'獷bPr%ttnV0i+Wp ee9'DD:1)vz>V6Anm z)lsP\Dvw[9䇚:|`(KȪNp.' %,L+7sAoB# :pYӺ'_Kl6+D:>ޡd;A5M 0@zF苲u'P-+IY2M'ZrC%|6m te5*UKeS DF E 8|^Pe16H8p,IBevچQ 4Lɧjk:|aSՎhFr"e)£wJJI, +!=h )BSFSt?HGk@N7_}*+fP)Y+WgFF !.Yb"/Gc~.}"+\LL]2p BjQeF#uۛGtI.~=.tX%w:x(TAԴ3g7oȓ'9RMYukւa ռtsd/keC;[:*NSe|`XK>}-56IuM:='ESF W &TԚkPC43_0֥jG۸ppc>I GNyxUza]pM(}gQUH GJ ` ?u'V\AHX$ts $ˮ2Yg욡Y"MMo\̤s    k/m,]JӃZT| 32lup Õ.AMo=Ao/f8Q†lZC JU#BLn(D\'—Y^;qJQ %CzXOM<6 *6eJ^/%!(" \s(4r &sb0"Xm -#X3O+2 >[-EP{ȻĂR󧙻֊?,Gtz5P4 %kӒ&&7,Rts*k/Z2!?|2j&:wwY,Gr| ,ZH.4-/KIR%"~G.>fk-xbfM:HCz\=޻th{*|j b=7WB 2x#bQ\!7 K*$u֠ʗfث@ʼn+Ҩdt_5gcb-"<z؜ W| }.TF";gߑ"z(l<((|ٻP#;àAAIr"V2kSltDJc N( ZӅ+u$F;Z30Nl aW"F*@]>ԁG+HC`b6Lec{Q-fxI'H=f0qghߚ9NL[n*c*DgFL Wg'U듓$6'Iy0|uaB:}];(0r;==Lj9t lF&̛TbLK"F=:] `Y4kղpw0 t VbizÇ9 kl*:+v+bbvLD%48^|expB0#&*Ep&A<dzoˆEM+fn@ Os3ҐXe`jw4"B4rY:8\+4X-IS$V(€XVQ.؋N]}M{,~ YH+'4e$B I$&ē5Әy}͏ӷ52b sՙ\}fpߢSl)z&!ɯ8=b ˛0BMnJ}P9zQc~ր;2 DmIiѽ` l(|rWNC #m\}xAY1_< ;†8l&n qw(B£J}޷y%IJz!~*;ejunK5t'"g-M"qHA!E˻XȲ[ " Z1q Eζ }jFM=e c7tvs2ģVlPӆmΠ5pm'eiQ1O #wF k^o 63,L~ƌʈV TnN',ͶrA]7d'[xύ#=t>EJPͰq?!Af[ AF7sk4xt=Dp7Z[,;ͽ;`(zSy+j"Tu=$6IG2.7C+E*{Cy@ sk+&W6mG0%ݤ~!b0lwbtpGA>ߐO/W&gʏ餵?zvUN_37фą%S3WeZJvl`Kз 6\ҭ{K pogbn'&8 j:l30#fD]{=^ћR OO+"9Xzq־Tc3U9 G|,IL.N~8*"Lcߘojg^qY')}&2F Q׈>W]NS xEЁ+@eQ*Qh򗞊Zƛ"ugn)r#+':V` d@D;ȱ7w}gن7atp#1t4ܪ܋H30=8{AW^ؒKB$hLpGuNn~kEP?KR#x~?0Y68Au%tۀ!;}T0ntu.`'*`^`Y-zRBXëOc?i+|KŵwhD˒L-^:,~ZK 9<j1UUf~SOJ*P WKIsdp-З 4آL`*xGsJC['KM5aN^ۢICs=<q m1'&`Y3ojp1 eQWN-K8_^WӮTL~Olcm;W꿏XJT~!e_m 5p*p5p8}/漸r2Je BC76\lO p~2o瓜%A>R~O\ [N25ؙA <48ڱ{7\(`'FtlCE~u$:NKYvG7m^zi(+ Ⱦͅ& T Eu \gjև䨻WǮ0x Qˎw7?1hd^gqY]=j?9lPSϷI0iKS?T9n7 6)Zeõ9 ?E0 BlqG/zyail_2uC1~XQN1aL (cI9Bן3G@~NVIL*$'Z7ȳܬN,Z)vj{<)k5L"$W9UVxsxGs`"iU@Daޭ0m7-#iIů.{)@ 0Kϫo.ȼ,XA L5ϫ7d!75o_x rH0ߩQ,]21uߛI:DEGM$LJlh)S\]{<'etpt*WI*8:o ~6娢x"רƌT]w{JneD 5;\Ah.؀B2Izp~WDo]Cn:{Mĸ:Ҍk@ʠV`7콰?26ZN>d\86 _oǸfnxpVQ? y)j.VTT$SyAF:zA]l8PT@,18Dsa!mw( QT, @pnk @3H^lm'LL۪:J+xS7.-n d67 TyrbGkPSfCAHև $NjDiaѝ')[ AҘuDlރ)4Ρ&H]t]ܑ犎%UԊKAXIf']%ÑSy3ɍE+W\%*P\Os٠(XqCz%SkX1&CSOȩz81J ~pd|͖=ïK2љcn/} A [2֔.y°l;֔GHd:%fjU{tl`Ю}`>6-0A~ ^0USPA~-C:ƱtY)mQ[$f\\Ï'k dcz)B2LePBҶ`Y.ke($Za! S!:]b*ӈqOY>zhˎ-׭l3wd"bEeJ'2|=Sv`"-(K,M 6p]51ôђ}&>h÷}`Ƀay#IX/'UQN2BPCU$=^P5U_SL1) YЊcDC+adrЃnSu ASt'gH7Pf%s:ry0 xS͟Ll%RfW,B(a,LÍ&0[/e#9ߟZ4_gt2g 1,M3- iٟtyh)pS%5z"5>`SSu#~M;T&l+EJBF]څz0v~oA^7a6tbB~OXs ,a =4TqnO87 R3S8õ'S'v?e2d7_jMA4e%D`r|M{FFmTԳw vLc;н~t->!{:G|ѐ?C~+ d5sMcD{t( ;&EfJ@Ta2ͬ#cQ<Ç;s9t6edį5E[^"15gV I\9Z!K~r0{+ ̮lTt3D|)% Ora;4`VEOwh]ASxd%Y*P*oPp`7X%<0&{pT#nVP\a^'%_&Ai|Ё \x2~̹|Tu@}Q1)A2]!TK/`l4R8r²N9 oi Kк<<ܴ[ h"㓺sH2sc# 2kBEd&.itp-^_S “vەm/ǜыWT [KDTθ/wi5k@ZfVQ*cnH P{g2kWGyCo7ͤ AClga8W vq'#=3\÷ȷAjGw6~7/hx$pևĠ 'ek”-wȖۯnI|8lIIl #? #FlbSYu:ylOrkeYjAb6gj#:ͤ!~mX™;N>RxR7!d(?P&%mqǪSw`m{ɫEX-0F~ք"V= vfJ5'XO?L$EgDz&O޶. R a V`& ;"} Hh +݃Oj"o̽8luqJpRNɇ7%{exʞ~%cN8Av.99_a.XqkT Irc_x^rucUΒe!?/V6G  g7_}{yA_JΡ#9?3V4^%J)tXftY\?dN 6qѪxlpp}f>Tw)"V}?bt^*ne aw`x~hXnV~"94ewLrC6`U?Y˥ys Yr|` Il {8k,8M:s1 }i{Oo3óک`di 1`;o*<ИtbLcI KT3zO^(/&+k|r>z?DJc*haw| -/Vv NGs׼CtQضotQ3@s>E>g HW52l2>t<5&si-w7 pJiz,,:.o Z,'gSJCZ4+ʨVKOYjefk+wt (5I]˲r訩 U5d:;,F2fR׋b:d}x2zbl"@UM*,8fy!A_͐hn*VsFD%5Pj#0agߢSsRGZC ^נoϝa&fw5(r!S){5}`f] [)Yr5^>еEXv^ @ʇ +\%ڜ¤E1d:XvaԻP훣]B$;D^ ׅ΃寨*&pMEӴ"=jnM'_xQ0Ζtu,.Zuݿ p*Ot)~RE3H_"AZFEj(+wI#nQeh`m[C# 4%Ln qwT/?"YҩQDr&ʑ bx$r>#Yf>4#yն&]g[$Pnֽ/T}KGa2zk<>mMaRQk[ouG # ;9(pJ@[$tķa InJL@9TŜEPŨnd/qM7YvTL=і&Nj(DZO>sǙ=f-{T8\ s/wʊhn#{*έ5׼a[߽ؕ@Q!{II@^qΟۜt͗ hhQ-E>ǩ+IBFIv1WٻG/*V~P: KÈ3ː{쀔 +Y0k|T W3> D gM$Ow2I6hO2 * * &y#YLz Iq?Wq-4j^8Kǖ & % 0y6*&L}5G>}䡷T4y(}Ұ6|X͍MhYɐ%l9>dIn$7g`l`y]{^5@fSx:7[3q? 5fVJq?j ̧4'P3}F[j;ܹ0]N5!T^FreG`t6(+ nF+")OnWt"" (-qF=m̉s6 I~"KCF> gq=C3yԊdmn D 3 -a=w&|ⷲOm<('9t `}(AJӸd"&Υ Dg|!a9 ߴVLc "25-1aaG\iȶ"U@?2?qC$BUJ89ؚwم\NY\i?u/V{lGqpEu:/ڢ؞vBL^;7$gӚgӿb=92fA)2?zC)AC,&v j#o]﯌-f]Ւ*gM=Ɵk@ J÷ C ǩrМ./%:Ăyue-=r,81zlC³YŭGq`@tc_`mύ6V-1? Lg^'=̠P&ߣ.J%[_ұN_/ͩGŦl'#ѶO7s"C곷3AO{LO1ez|$E0R@m)BO% A^Æښz#\#kpوS$o#zIdWh0ZA.٪j+feOc=Ow J5+ C"kcN*ZR5w9OShҫS 8 H6`բ-|YJZQ*^>rytn@06[c=P>-j՞]q$8B5@\|s}@r8[7 6|L&sC?|lenN*.J!d{ܮ6!% w g_Nb2z#p\ˣl 嵐zg͎T T*RIaL w|gi;Z7( BC'ɪN ȝ;uHo;І tBzecB>J8h"B[c*Qx\2?:g7̘@wVW {mvO*; ܔ0'BYG_Zx餚;iۼ%r֘mB5J' $MCbljk-#Vu+ipNK7wd^DeׯQ f~v*ޮI;E2[.٩VbAчwMCrQl /vv-K\3S,?@hd.͗b*!O}8 ~X5`A+ڏ<^68(B#)v[Aa jXn2JbIf,@_~sgßkkiAQjs;4 +-!=_U%׬U|0/kR6O>9U9q7Sj|@rL9;8xhCBsʺLQ|iIƗJ:ޚ1M]x`]u q+҅1S"դxЂpqhLyg `PǏfKW 95?_{ ޸ IE5L$L0苾:儔L5m9GWi6[ G~B(%9q#ZHIfȢ8?B& !FbXalj9gkv/]:ToxAo@KL:-EH߬kY{bŲ0r;gx&cLysӁG[0%WuVN:)pGfo@ | [gӝ3nAc_~ \e;8q 6ൃv1%H oMuTX4N7T sJ6䐷˺z\Ώ"Iθ4*p*Ն.iW(ҟvK柂. V\{й:~oESj4(FvT}MѢŹ7#gG }n'bY<Ǽ46Or" N!8\=D"-1)쩱3{RHG8agR?[.v*R?0愾*j5]dBM줍]iۿ2IξUvdE{8CHǺ}+]sE߰O`xVV^Փ.n@`8{+7{ޕ{"ĩyl<.V|R4mcYLNPҡ}Y[Fz7mtRDx=gaP0"0ëʑ9ȫjC{7E=X4'ӝcEkLll%"A j;qI$$h:{-r 2Gn!Ѽzz6UOp ] hl;DxT@q Py~,} V.y?WvN1lѸ?ۺet.|Q[iN>|C9ϑJ;d?%i|DOӵjCYciod8,FH;M9 `WQmNTKBz ݚ2Zd4Ms_`t [voМ٪-g \Å'N)ksۓ4ͻGR#TLv&#_ @ v/A6\˕IXXB =#A7Êv*[}q~׋kk.Ze 0de8N?[>5^JǤ-L.mX7. ֲGۨR^WF&/ ΆZ/~'1a(;ؑB7dДb?A$=G[Ia oT>~k A;U};R5CXa"3=|Zj4r{-$S2 λ ?;ů$ֈ|_WzK_ $ 9vmDPӢq6:O:7_Ap^qA.աG] dn37;$X?M֣n/{g DEwzU+,N%%YOڐľzev$طlM#gDm ӰOB <΄scv46AY`fjNsۿE7s]{}>PJSoA$ܥzxXzuT>hƆ~)NE]3SzV "F;r鞀#}p)I+7GUO7jsJ<Ԯc+I\m*;ATiНAvCTZE0VUde{Q[kWÍ sLy;fcf&2kN<{7'3cw@u@XfH"q{O`peno 6hIϋIF;'6g릝^Dy:WR lr|;V:$4ƂB|fW Q3 EqW#~ %|D= (&e77\$F׉k vuO5ݯ.*R"iQ17ÒNX64CxADpX0L6@,ԶGӸubA% Rl*[CXk$ f{ Ԥdy"[/Wwz tGGϒ^Z(6arzThakJG>JM4&!L~684V mm Tx UJ_B֑È/qeLԜ: f*/ as)g-1*zJ .z3 @\TݽPҸX,+)z {w&>[d&\'÷wq]:nkDhl^m5ƦǴ`J9Jnb6]0WiU&G;)Mv)?ld"N;7~c.;#CAEAh-`?O7ixRlXԚ70o>4f_a|qVi._N$"04FP|`,r{"9V'=BLK(2-82" Dn˪TZ+ZLشjt6 |؍$  ޣ+D=ٚ#Ajc] #gq: `ox*z& A b]E}?r}O;ܭ:}=90Wbf {]e=/Ԉf..W/؍gz!))17;)8P$2 1/A@pD|\k fHj=!;u–D/9tDb^r_UOUk̽8vo2pv=)kRB`:mFg6YR K%rEUJK r&EZ>HBP} zh?3T^|]K =ց-pֈI@ݕ  fhZWNE+ sfzUtБ*e`b~ٷzouɔ4Gd5p,JbVQ*;=chysia[NL4yLxR鼙 .:lθH`e8?=?B#Us7O`.OZFvq>4 9ee":GG tߜ|5t1s%7PO ]6ӕɘ,Cq ;@64H+{8[i!w՛mdXl\/-DS]B.y-DC฿ x)O|K2jޥS8jlz}r' |4n3qlbM^Z<+*o\x(=JD\uvzwr֬Hwr+c8㒇~NwX!'S͕*J$4174J U* C|2q%VO j);v7n[ 綾^$Wj?Ă9ni_/_*ݙ`V~lԠb ZqO"96 Rʵ*]m}ỬZH-?O_C?1gҭW7Ce5(]Xb6WyBUx05QnʅJz\W ąd}FQpkP]ȡi0߁l ,_iqd)\^ږRUtLlcmeDvF~C93^9O39 i#w )އxHw#^P׽r4 ~QƾuEN^61kMNv-kuSר#nkʤ%-ZΜ+;g]o;X~~x =]oe^J8FB>>jTjI56'ӑw1?f@RKSQ~Vq"xkH;Zglt]Xjx9oFZA lV^t ZD(̛x|rӯ溌ƶ6t^^wH؏PÿQޗAr:4fm!^`CҊ:f\އAf֞O?\wwslUyDZ}lR٥nE7w?ࣶR_A&.])n#IGR}`, ~p) P ̌/?73ujOWcp(oae׼>8 Z$J'SZC`;/5`F^]^_6b*=y:/(*sHUUvV6@^]0( 4zs 2Y|:,S+uC*iܩk_4(ҍ oԿƉڃR) k'hI3=qV: +@a 9`D{[yP+g.4WQ'J۾^F.5@Xn<[~ήgԚ+yR<+@PlMW@T޷Z3RZxqW1-Ð'%8e#(>v[ 骂iHbҀ`#I1Ld(|hb W|Y s;\fH%"@K:D"bY|^B-U1vb8aNIdYrmg26HCHM~y4EBؘ`ay&!eI HN/ @q\q) ϐhˤ4c$ݪO7QqŲgew˝7ձi"x(_u !Ew%;u ?B+ vqZ\75X^DWP|Wrri27,J&J.{KBSkN3Y],ټW7a 7BNT$ 0CR>c J]kkIY`=IIՖuzW?}\Z"{lˤJP:^5~I~?)$MBfr*;'HMBKԾ/{oBgo&cg =.g3(Qm<$ʾ_!\hrN]ugx,DS>M}[[d3W߯ WvBkwW0h&dlGf9 F=QcJ0"¦óTʽ{(X(*H96_R[-,l،v_3~bf/fF%b \n5$12(Zs95-LRy.de#u" C+@3j,x!""}!r-J.Xv|.x!8`OAƣE[47|sKÆ#.0@&S]>/ jw郩'LFz;'8#I+s8ɸUUC.%#9JM.NeN;Q8+ >5-`^RT)jRBh'3xGL\ 躓7_Lrr!,rҊ^ss6.-&-+Үj5!hYH O?dT[ 6qaQ[Pk[ yK"O })-K*>Hl] fT!=gn])9͟f7e@.FkA ,ndil.e(alO3ݎD6s:!>^ڹnw;C`V4Vy,,QW* {{g~Ry)]{ŝB4O`!l.;amll)F  t[4{mK%-֢@.Q%\AwlB9I'ϵE7 (zʦ@BQܟg8djxkn=j=JWASm //\N^6h95e! [TVbT}SUƯ"ZvoxDEPn7dй:(q8zꌻYID屭$s T3_ZM.E7p7oK!vCsJh{,rcA$UF-+4XcѲ wY…S@pilQO|7x{{n"pq hml<[v{$,mefŲJʝ>#(iL~bw.u4*sմ0>\GC-ɭy_k(b8c/ּSP0w' mt)1ߗf4{0IG%aH$*8D\HuBte BW^ɱ蚫b@FH kgMH٧J7ײ1S`[!Y'dIϥ,MV C%A_w %bEa#w2}Ij*,ꥑ]#|~hz3#6T٢Wv=WyoVJW,`I8W:@zz&{̒ßPMk' -{$v7 'YuB+-`;59)cSZ2ݚ"(7hwvx#7(zٚjWC&$j{]4ԉ Q/Cg,GʏkQqo;C6QUK Y%Ӿ6 w+l%^G|)k{(OѴ琔?+)Zڢ.8lOHOtI$ޅI 9Yeb7 Z-2r^H4ܤa3̄0곌qXL{gJv𽌪HC|{*B!:-a?QFQ gT'5HGyL1 qo-tFb<*x\Wc?f̬Go$6DaGsҀb^Um}ӄS{ p-n<R7Ǥ4%dxƫRqӗ\[A Fqr?YDrK%VmR 9 Ds g?~mYMhLR8 W혪]?-fuzW:n3m)$>i?=0iHZJr:]Hb.Ԟw/.AKےL8T_d'C53/!q_:8{P՜P0д!81X!ӌ;C7&/^ X)q,^ki$I%ɕ7+KHB=ţ%=󌹥iЋԑsm9x3prў[o?2-ylnǫuV_4W޳[|ޑ|yv4(C$$r+ MVI\SAy0 KR\ڹH~ClpIWOx`7p= S^T.(g "Q8j┖*:^@vIt'RL;mkۧ.>_V!mIH-ߧRФ[` _   ?,$.tgC"6.{Bp_G/9PR9Nni~ 36މ~"(0I)Z0Bp^aLTm=Q壈 K# N (R&9jw]ry+Q4#j&H%rDnPg)3N[h"dN-DwFlwpYi~4J\q46X}h>(ў裣zSӘ%KE,  CZp%X!<(բ]z@m3hJl$\keO =N8]M Eaz7Uj g-J{Aމ6̐  ,+wu2H6iETCvA{w(-IwMa^L`0F yJZRCe`/*SC0q9ZK`DPt jTޱkذBQ@˔*j RWWN\]&0t=I32hАn"E$*yF<@[2o 9(~ `0qn\] u\eB\wEVP1$:krǬTwԈd:\cxL}> 0r,C2h4R]:mO'(c]JHk;? wdK,=%Q5]X'{ΐ'ml_ZwbciC$_L]4݅hC◌]3DK{ON-+GHږOz,Y/+}$IF{hOV~'IeEGG ˃F.=toNW³M΀7tN\p{\WQHw'<%&!MMٞ F0V'ΊHʚS;n}ޒ%뜼ݦ7'~`g8 Lbrbw1Z934GE}D YZT!cymR#t7 tQX菁9'BItDϝ J_i3ig~^byGPcZwsC㑿J cP?bdUl qhLu !)x Aq >: V; * SP=h)]aayd;/4P\An@EwW&`NffS]ModvIr'yAǚ{uHzr߰8tD31m&Ν{^Ǝ\|ci_ 'YuO'޷jpz"_D+gO!dե&AXٓsO.zٻp{P!? ګpaHmms0_tkѻo1:_/MAqbQ0]%bDjg5<ڞkBA Czy>G79f" uJCuaJȕH#gElKޘ!C VBcDU]r%ijk)v}sL&%UTuN +g=/OIƲ#eKbĒ/Ԍ+'k}E8o;t( i{9QpL/k.삮mdc@{3{w3ޢZp&f-!҄%ivG}(zdJJLsD}0zcp~ 䐦\FDr!ēYa qh#@ӂ˃3m%V{ "6).8g2 Z}ˍ,v*KȺ%h[ےzXq:1CݪMU/I֧G$#`D8]T0ThE0z!,J y5{8P oBX4m/,+E{+Ozʲy !1c? ټKA4Uσ o=hs{(⃤U;yKhjzvNdV!YAXn+lȚG)Uz1gڕhZtä O y[X%,RRL{]!lES\Tp!伪u;uYc*cw=!r9;Ĺxݶ׽[U.fﱊJJhyI/ѱN2`$ /MwgX}+^R~7 ~U~Ûpޣt,qXӋI6Ƶi⅍6soƕkӼbd'b{|OH^>ME:/Qz,&S?@&J<;$c}OTǕE }[( (28m5>3KDzzpf"ZHX3M0կjR+ +t#Uxeqfw&b ߣJӼ3%]~'d>i>N%iXVѓ+6Q <3{|cvm+3dOc`9y,kֶ eVԇzm.C_ςP=ĒFm "Y71j\|fK;:V]Q54paU%57T<>~Uaaw\ w74Vr&(BoDtcB.O|8HD UTМ{߹wj4~b6F()+#_aǖA*NGnKY gsJ6I0!L-)Fv,.Dbd&hG %P48ERҰ!UJ15mCqUE|UB|7_Lp?H=Glp37#_`U$MfZ&_nn@ f-T~Cp'3T;9ZHws% %蹝vLyõ5rBO Qu3F'YjX튀N%%Z p NSzW?rk Gkq/T/4]RS3kE̯7Y _e1TķzQUMsV1Wɋr bД=/%3t!ԭ\٣n;g)?XA&z~oWOLB}gYM],:eE*f5pջHYx QK|ҭ ;hԛ4NdfC*p?KdL$֌!E 5ׅ 땪`խ*ڠ6Ѳjc,m?^LЖ[5}C}%P"D,l i_+5:&lu4ŠS /R<57Z0 !CKt-PԪt E߭\;9ȅIRk:H}݄&ٍ|lFx뒃a+1gA2Pw 0%IOv}'=mry[6 z>ҕa`? ukY_ZS"CbDo3O"J Ƶޤ:YP /5Z9$l -"")SAg"o:`;Jz&r)(vx5B}h|G^uH ^SCH ~#WbV.) 7Z𫤐=lq;9 u\#l翵etq)&2tb9G1>o/.+&dXʞiWz23y^&b{!wȽL]F͠a, m;oihA >raOE _eU/ZbS؅(%*[Hk9zm8*?0ƿt`+I-K*:E\ztц ^+7%ƒ2_T}6BNn}T%>. (5Sӛ]mZ}"#v ?MԴ-mZ{mPWEt)w^aT~|cNV0z-T>t*x:ˎqHV$Ipv;6h~U*ہO@dc .tv%Q@2䈺 A9f{4)9թ8S3Vm44!6e% #/gLK59'xsKW@ n6Ny"Q(~E*͙6(ex!P;_.Q>pvGE;: ցFfDSYcY 2IJd&cI ->.Q #-@,aJp-1c'7D{"qy;nMY^E~~۞Jn>XKa) |({ֱW c#P@@]W+d¼>2{=#h/ H VG\D.'LH|AGN^'!ݭ~^v־ȳJшOAᕬ.%/zʲKp2ܳ+Ytr?LHkJF2Ey;=ViX9ʐQB}e#npy{畕{sqTN=U! u D\ $ [یXx'=*9Dͺ_=w%Hu#6M;!eVdT`/qĚ j!@&쮝55_wzP=_YY}8!pb xB&YZ@bmEQ+rͯ{QpcZ!|4zx-MiF-ۀR}_1~YCfEhP+(' Uce `5;ohMI)Ɣ2#W&Ϝi;S pFK5!YP>,0@O$ŐejD3x?8qf604ll٤ u XWR25.^#Z7j?8)YE*åhNmAΏ| 0݁aWƪdq/ߦ+s$Ѻ7&SIPی)-@K|,SD*a/So{Xsaz,#@ܬSON- H.@)j7\GX [䧲cAIf?N\4zk=v5F 89!#FdS` @Czc{!؉{n,Z=ÏGBjE9%PWb ΋(I9o|=ʚ^kEw7(Pa[?>k!T(r}۔FHV˧CCh )kȿ'4F#wz1u~XA\Q!r3Nϼ+& ޕD9s uDžKaIodN40+B8$_ܡBS +Hu\F\6;NJ Vy9`'5=oKh;yZ@Ct8:ORi|c$g( { yb6djP?|^Ǜ܊38qf#kǑtUޚS:srVv,A(Sҙ`0/P;٩lxMhZN&,{HBC׺צu,gfNKN>Zu'VLR0$ݨB oT*EDz=!7I[J Q:!K@~ԊЏ*wK]( s@u?(oh9i5,ehbo^=F#jmJhآ'Q[d0vܹx(a O6gJrbחNrLIBP1˖ I6h}Vܒ$a5̣a7>Dl^x|  T:%ɍjX>ӰFУVD}L%\ o|W}0r@>0kL3󖯢[ zv|n|>|KA<aF٥!^BxJN|H{ /O/?] /#Qd̳p%(po֦ߗ^L>ݨ,#D lNd`RN^U#=&R"x޺!|n]J鷽D2:˰P8t3D7/y_陇D /}h UbYu Jk*J9vl^ҟ ع\1),NrP:>;rxq *=\E5ʎcK'0͂=K8CxEYԳ4v;+^nn~af Pĩh0G~3i;ϦD!「( QKX¿a/<NFG'0A gF&٪a.Q/U|$g7"3LE2z2B:>0m{#٥x*82![-veD)thٱ jA?q RAБa0K{zP0Ew0є˷&G{DիR?GmPi SR=~ 5aTe t4?*۱*PIS }e|_2rnTvAaqLi;+ M)#8+R%GީFxux ` RCE?L0B@sAsbYr(]l;&4}u- /F3e;e` s%]8K;o`i虽ۯ L x$& ϗ9ұ0*n?]1<5nM0@XV[Bad 6"S#m݌Y[G("*@jATa46%ԟDa 7~Z!h ,Gx+~XgLʐ[xQq=Jvd ޤ A]\J9&'Y0L󮸐/ЪzX-ѯ.*Z r?+ GNGj(zE[OEشnW-Re"og`Oޚm rIQ /ȇoYN@hD#E:lبHGywhT}OҬqdCE'zqiw{7¸3lº1m(z`E/mfKs[#Ch+aPvzȃqP.Vsl:M^X0Pti ALelo'I#E r'!e ē1dZ*zN9R41UQ %id]~:tZ.>+W _p*i,KG[e MBr"i_f(b뎋MĴ#B;:f+1ziDLzVT QD,Oe7caAaB$ X׵#X ̩M~;fDV=OčtA$r^?eKp&`u,jz~߿s3_))xWv<GY11vo{qe#Rwei\&fUb9+ ik6%sF]SȻC E&jQp:~oNJ p=1`|zG S=#*k/ާo;NeyݭW|` QT#HlqekOԹY3 xf}ܨ>Rw Ѫ\ws]LH\R XFrdl>vk$K`mQ`3 /Ҡ4T@Loj[]!gZ [ʼyMq=`hiDZEB<."\F M}Pd!͈#IE3Bq-*W4O AJ^$`..ఐyTc)S,x*mk,\~14ug?9?KU9fyZ"3J'vMJ VxhdNPt=2W11Y6~8ͼ>Bu{&,xC:w-c#puzQ}Sm9ώj&7x$lm˫^]þc xMOX)akqRC:%G4ma$fB~b*xfzF]U fIѩcېDi۔ d g6Q.iNjAЧ qQqd*Q\f[(>UX zЅz3)Qao{>o S'cQ`'ļ eu ߭1ҏXwxnb6>&<lw#SJ`zF›yy#]U·e鶘2=N z|@*=$>z?TJRFQ.&+#]&GL>""jKCo{זj4}M)#135X1֕e+x5%6v2-bF؜#ѐ=UJ\?F@з+lZ羁.ȴ 8"7jvcX 9BXieΥ̖ra\"-)mΓ2~QEeOŠSՂf%<.f&NRř07_>_p$=݉Y) |7%OtnH# wf܀i=nSwBz@H .M"i r։]nMýBwEh)d4H  ,®c\ B~^PN<ܒ\TE_L]h-3'F^Ek} t[ odx`%ih+n&xxQ슪Dgϸ1Hb1=b9:|hǩ/aB]?G˙v+;55­M> l눗ƥnZ6f6tJ(, 9.Dm@$*3j=woM /0{H w|hUx>UbY#:gA;{j? ]H }y<ί3/LQbjR0UQX:K fP  """c,u)yR$8DY! wû 4+MTM0z)PeX4d=FYBk2Cɉ `#7p#] rs>3Ӥ}xP<+ؙ,[Hk=UIS:eo+{Xxsٽ1{F{ h1R*~!㖣R2aE3 PR2mNkJ]tq}_Lhin Q /]*~k>Ota߬Q׿WTXi^!"x4.&p*krZ 9jN2 CUcZ a0Lmq2J:L G rK? |6a jyq"s}0)ۻTZ;܆Oi ˿֪سwN*jI͖Ej:,3CK# JF5(;: ^J8_xa­' rK2AnXE4mc Ҭt5hM?)}qoE5Y`|Q0#@->äqRroۇp/OixWK3 ab2Y6_%V<8Ul7E5,lTNg|,dFu}u{g|xy ̰V`  FNA+,3+v|TWYc#'U˴1tɘIyЕHdqʱ!ײF>rId5k[P!^RgBNM17 tPM霹NͶғ+E"C_,idx֠boWk=`o(I]_*Qg<+ 6|Rο:<;ҶL!kxC~S2&]G}csڐe?ݹ`W 8gXRk5%mcՃ,ī!ynB[jn\=~cK}mɯKW *Q4l +׭OL̻`gI%s;'t4K4N9jmkkV-XorK,ZrvS-?[i(ȯ+0r3p!ןk"( lB$%Ȓh`'jq8w2$\Dռ:L J(+zTRb 󿋡,S PqW"m)KI޴5@"!5MgG$ YZ׮a9㓿m|-9R:;bguv\XA+1醴`ET*;5wс4`}Xב yd퍠>Κ-"N}|p'#J/6U1C3N%=:pomG -:D}6k3QE+l׺Ml\c,4W5Ic? 䲒|U12S~haY,9?_$OM? *Ҋޛb0[NHhdEv闥: c Vz]Aж"/חU \e j$R5+ꨕflK}t!}f܀ PǎW!<Ejeqc  )>wVʕv_W=| SWeZ~M 1oϻM=;Vn(}?)X-JK+"bKZE 作`B`|m9Eq̹S1ʹ}cv2J܁c4u#&3czVO9PCC(λA 8c?:rOOӲZ&s3?b|ו}♙ b=idH0K!7ռTiӲni wA$1M\ZcISZJ ]zf RF Z/OuɌg6A?;Õ1" vew7+MIHL/=P8|uK Dati` X.En}%Whެ8 San9' fOD0@#"vtv9D 1a}26>Ӕ9$8M5I`Ƥ_O5tE+f?7BU̲dG%+l_:3/Y Hc_}$ZϠ(Se=YԒspJxe ԥp

қ#*e>Jj ϵC~i{.{&&utҏr?Quc{Z}+߫X1 8ԗS+k.yCzS.IEՀ9ה4 %xH5ãY~ tO~7=V]8vNkoG_  {,;jB;;%WL%ݥ9ݣ&X5F!LR/Te<3Wŏh0,͉eP1̌xMl]l_Y;zٱ1 3 Sl;Bb9]PޔRd=xك wO!tq5oXp<-d H{%Y5B,sWT~cJ){%)֨)Yk"oN]/qt4BlaqKF7yH嬏,Uz?A;żd? bQAc"J\ Qdgno>Tݾ%]-K6"Aʗ*&k)^-F_욋(iV|b{ SZK6&+2 q YZ