sssd-ad-1.13.0-40.el7_2.12$>O0R(*_Jxy9>;H8?H(d   9 &:X^h    C Lh8ELE 5E   ( 8 }9}:Y}G@HAIA,XA8YAH\Ap]A^AbBhdC-eC2fC5lC7tCPuClvCwFhxFyFaH$Csssd-ad1.13.040.el7_2.12The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.W5worker1.bsys.centos.org CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_640K%3A큤W$W$W$W4UӏWW3e996975fbbacef986bd76bc63247d7dfa32e47bd71b5794c1994b7d4e6cbaa1dcafecac1eecf378c35aa3c55d13aa2309ec7ba7dca0d79a721fd0366e0c4dd50f3186acd70db99ddfacd422a0fc7fdf22a2462be5b7635599c5e6163ba711f68ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903cca607d527cbe0997140cb91c635efa14740b1df571957bec9ee4170a46b61484b276dd9126acac814f88ecd42b1f6fa40568ff5322b55d7505116c76951a601rootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.0-40.el7_2.12.src.rpmlibsss_ad.so()(64bit)libsss_ad_common.so()(64bit)sssd-adsssd-ad(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ bind-utilslibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libini_config.so.3(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.3()(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libwbclientrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-common-pacsssd-krb5-commonrpmlib(PayloadIsXz)4.2.3-13.0.4-14.6.0-14.0-11.13.0-40.el7_2.121.13.0-40.el7_2.121.13.0-40.el7_2.125.2-1sssd1.10.0-8.beta24.11.3W~WWi,@WDB@WDB@WDB@W=W;W@W@V͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.13.0-40.12Jakub Hrozek - 1.13.0-40.11Jakub Hrozek - 1.13.0-40.10Jakub Hrozek - 1.13.0-40.9Jakub Hrozek - 1.13.0-40.8Jakub Hrozek - 1.13.0-40.7Jakub Hrozek - 1.13.0-40.6Jakub Hrozek - 1.13.0-40.5Jakub Hrozek - 1.13.0-40.4Jakub Hrozek - 1.13.0-40.3Jakub Hrozek - 1.13.0-40.2Jakub Hrozek - 1.13.0-40.1Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1356433 - ldap_group_external_member is no set for the IPA provider- Resolves: rhbz#1353605 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Resolves: rhbz#1347723 - sssd is not closing sockets properly- Resolves: rhbz#1339509 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1339258 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1339207 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1337292 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336836 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1324442 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1324442 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1311569 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.13.0-40.el7_2.121.13.0-40.el7_2.12libsss_ad.solibsss_ad_common.sogpo_childsssd-ad-1.13.0COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.13.0//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=fdc14b49f2dbf6c0cf4a0eedbe169a92ea0edbe4, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3e55d81be00be98a82b3f80e2a866865f9005253, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=663e05e80f00a72178e4683a27e25a2cfa751ffe, strippeddirectoryPascal source, ASCII texttroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)9J9PRR R;R8R%RRRRRRR2R(RRR'R)R4R5R"RR RRRR&RRRR9RR.R:R-R/R,R+RRR!R RR$R7R0R6R3RR RRR R1R RR@PRR;R8RRRRRRR'R:R7R)R RR@R#RR RRRRRR8R*R0R6R7R"R RRR&RR)R RR@?P7zXZ !PH6ሖ]"k%w+p}zK抯ütkULn#ta,MU{"y{!a&˂\kחÏa~չx) f gP EZa?w">ԼSfF/%*7~)auБ MVd@ ɻrK|eNMS1Tek7Rbbp Ax _VI(~spv+4Z`%g IwLœoJv o2%7׍s XކñZi:ql${`:ނ}&!=bTYx4R[:ʚ B66+ƺ_ϛhPuZQ\L,`,-N;% ZJئ h5{m"GFNO8n>5\0% <2 R=s]\4D1|nKOuZEo : -)tL㙘RH# ݈$P䰸|޻$~^wΰ3BԽ;?= h#R}58уΌz87Dڡ40^UD4+#=w `6O o(Ǐ1PxyCIuZ6%K/gii55$a{o EgjuLVyɓ6?!{ l NPO]b4yZpK*x[k5Py%nO, )-Ɇa3XL_]0%۬.z5wa{d}sQjhKfEpԣҲ8kz'͑}Q3LzuoBĊLpdz{\0MF+u +ٗIQD %ͼYY59I8k2whOVQ2$ :?z;4 t'4GgJ#"E9#)Kɪ*m<_RE:.^#l"F49"4~}S7eWPiTKD\8[ZK`˲T|w;ѩ=Q)#Y,\\@S)*0J+'ڢ G&{&\{A8N P6`wacmpZlkVjܱy}7;C5;$GB7w21=5 gdxl&/8YK) V 5r4⩟6Yl//-1ҁ옻6[k>(}rǓh:$Ah;WƷoIRG=w >Rg]eZ!]9<6^Yä0_*=xݦx35`^S^N(\g[Ղ2A-|3tFp{ӡYj\pTΛx9( N6 т[ӒEgcʳPx\mn[728X^2HIԟ6 @_7znXں{ݽu3b\(;Vй ?BO7jBc:5cnlqP% #+[p./+ YCΔ8}zIM+,cjLC JmAU V߹6u |(%oq_I>|7km:k'6^M{c',rm[8C;ݎ#XcXz6j)D³#Ub<#1)IMQñQF:8;Q"-ő9"Q hbN1ذ޶=5shY[Tfx3B#V`S/R/\ÕY;{:Q[zO)?b{.*C*m7/1BI /-zr4zik qu~Y[x7"ӎn%x;*ay3nwd479kB-SIfȆҚ,ct࿢@":CeLp&{A.v'cCAQ{%.3Va3RzqDlGx&<PčD=6 SV(`x9p6|9miщRHje>`[3/]c $#!FbQ~%7t_Ł&4&@=>Xm%\Ig{[ɎH&ˤIuPfp.4{6[sPJn3 bm|Q.uPM-#B:A%s/Gwn^9[Nv0B羷hHs$#i+274wwXꊄ =N8+âʹ==ب^0[DZcb~Ȣg'ٓVEhӜX>2FpNs:)g[nX8Й(*B]U8vGH +wk£d"'7N׽`& kJ F~T#"%}f>eQOQsӅhNӿG]o`ǑB#yߚ79ڢZVLYŠ61W$>4drQoZzq#| bD^4y#GC`"5/`U{K Af"1C)O&h^5 E٥9߉:3R y.\V{+ZB?gUf6!.04t]4oD=u2oP5V ?@E@v*AFsŖ*1aaU|$bwBjZ|~]tЊU8(L.wmı\lvn, 5O{{"0F ^>W0ۆ\!dz55g1nz۟l%n:;# LǥdBY2ɑJ?k5zQH{[]@5k}eJ\h`]Ѷa'^b72nzњ Rpjydrȑc#RqĀ4YI8*\g4YuN)^'"۳QԱRE-$N$oI<]M[l%Mlw&R[e8;8MbU5#Ko͗ 3頣urwK&HɛV2'u"]^7٬ 8q gayEF2H/C׻W}ķζ|}jdY{2jg)2g9cH˻l륮C_ne9+eSh#GH/3B"$)Sʤ8=hs}Ka6?لp5:V8Xƃtq0tb(ŋ5':\hxcdvXۭyVfRYe)_N[y]+`U󜵫.W&ZkTwS qi$0ld?q?0rŸ1&m־1Ԗ{zvoҖXoΐ%fw5I0h'%WMas0=% `D^Ԧd[;щJr8jc%P MpfXU-^o_~/@q4F5'ǬL,-qR̔K6$5()Nւ}jgn/GGvlѥIsN-.5 kU92WWT\b -ݖUT`dN]Com15HEՓpTڮd U|~тV/`N-%`LmݎiӅ2zv\!dDdENFG]DO+^gdHGJH8?s/x3SU^xVnyD!X$o갹Wzv13tfPA8Eag9w ǽ:B+M҂q$2(bKaNQ=\YEv/:+BᏞm>4Oy_|ӊN$O^,'gb’d6%V=ۺCj@wtXV-<ԋ-^u3 (}=K՟) &K$ti_L-O.^^^H#IZEXBQ yp{ʇph>io^˩FOEK Y'PAєZ@g/ 釨 :zD }3PwM<˖TMSPY#5ȴCHyܓ \YL+F9/vd>GSUt֯|L77IV)뗪 .Ξb^F\;i~5rƥerݚ13"͌2p3J {yѠǾ^ Ӭt)w7K=D}<_Ӿy4x K;_@aǽVE~^ c֚z ɘ%s!ҁ 9>ÿ)KHWeRhʤ&hѳyV6 s52XW\r9J:Yg~pcKl. 'zZ:;A/'%.qp7 H=j"7tC܃6i) ^ I8ٮN\M~<5U1`>.ĈL'>îJTL "?2 zaƊqW8ZBh9YWdfI<*d=we??4Lnv`d (s'O $zwP,=?Hc˙75W7a ^.K|8ym/wK]Uk-koGVy~%B.d\˲ʣX k<譂͡=9 5bH2y+ =jVko`*Exc~Kْ'?kGiG0|[J D= jq:'|SΛW!5w'X"RILs _(u P@P&(jq$ ;-/c9\\]ҳEwHwP$TprM."? 8 dաiBD?Z8#]R/L:8⁻klC֧@!)!"bJltbɥO;92UKssfY5`ٛjEURť9M-xN[G)޾A!=qKFUF>H2d9 ,HPC]sƳ<-t1q9Cca0->Ŕ}z}*9/f=Fwk|ΐŅEN"L&07i*JUPrS,{hk˫$ٹ$> ֔s.nWEWşӜ0>sqjԣ5_<=tjR43|Y^fxNTqAy)4WȮHDzQpf)չ 2(|;wT)C2 V4Ⱥ}):}sZO"T/ =rb؉QJb8;r[7ITSz:%'ZqrJK|TynC|'}:[vI%ԙg.&OH <3en$4,O>CR^PZ6vTG{Y7 }:,k*;0p%ӌ'+۠z]B}'m[`rm /ͬ3ccJ{j !&.){ٚ6M29"(9!N9/beaKvU y#L8"a`xpψ9jP2icSǛͣrdȇbCnHbc靧o_TKS۩g,y cXHKxmak5ho}&^_y\1='^엕C"όM"_몠D*>[I[Wh2d\ATY=S5Z}=N֒ATB9},#I[{(QS珊-D뻫Vfƒsƻ΀%t"ypeƸ;<y1>MS.ZYUQFZFڬzsEiwWBj@UEzl-'zE(U!ꍄP[p/vޡ1}F<&E3F^$3RPa&MYkINɱ@`et u-{msyξC WHXH\!Z a[#:!/hڥWob~diMPMd+l%<3knHIfNY!v[,. v0m8K@;As¢}%N'6TS`W<;1+"mc-*3!ׇkpNk2fRF ғHf@-$"'lZiZ''HO-[1c9k&OP6A봏ֻE8eS}]~$0\i]MToE[ii5ބ~%0ߊ0 r R[ΞˁM"k {)ެnrdWIo@.;}` Dwbv6I|*Jqw]͑>"/1fr <$\jAzQ ;3<$kpAVhFȳZftM\gR /  0˼T/~޳׽*# b TFY! ,?r}%ѵD x V(İ(D3NJhTVRtiwfy$J!~F+t^tlC{]k H_I tP-AYtϕ'&~ KʛwJyn5%'bby#v:K~+wJ`6w<0 Tf9K;XіqNՆ Zo 1Xw#]ם -Ucf3kms6VI&sUYT䚅$Э)̪_W5<,KFLXgd@@}Y3 $GtH~.ZF+Xn7WKYH5YTX'f*}10Ϩsv[VRBW:s&I if.ݰ!c[KT"ޑ>;SBp3>unP崐O;<h;5'\ac0$+pIExjDž 2(HݾB`Qo1_w+MK!.q34'@)QGsG{!OUAITxP %FPa PVju V k٩Uq6qa)fF4W  U8ߜ/Yy'9iЄt`KJ^grV?,gKS% lk@JVƆ_CYJ?:B UAn Y9p!VhKHc"} g= 0l3NkS#,7IVIm%R**<::wD5KlKoI2;p$1 qJRB w@| cG 7IA݋)L~k^ ?>BW3'=6ªWk >,,pXB`}m*pNu4p#t`o@&{u ZUCn#IG<'}ٜ<oH銴2L'y)HvW Yb碁B 7k Y 6%ؕ&D j;2zo_]Pe@`5d3Xhw~Lo2L vj8G?V06W!~]ח\x!Ovˮ<,Aef^+`r 6ɕ~?Ux>j ҰۛԗMTTJHaZ_Lw#.QTfW}Os"ɤ.z#@EUyØJ'NйߥDxqEtx.ej DR i܈|x{aF6G 6UK6=˹}aX  u \yơ [9ڕ2搶s7 &TO|v0.6& cF1wlOY(aJmRSqyOEUyGlic0K"A!?)wgA2}(wk%8]b}OfA:_L;^[HINh萀PDxˏo(_k*NNlm]@& $:+R커k4CTϡV|+M9Qэ>X Gn1LJwKJkU2~iP;rhZg: TY.vуxe嫅~&x3=R[o7-fKh7m -J>#M_#!C%6bm#YjUx MU44HxnrgMAܗS~&³g;T[tw24 >X2'?ܵy8C?2H`h|5ԩ7OsvKQZў`uݡbn 1dJmW]C|;vpao{ꙁ?Q"18H@z՚v$Ƹrz y5lQstIex#ZVR!ũ@Hv h3Ss~TOۛ) ^0Ng OKs;HpI<@'~9֕r3dԲ׭ƳxAjԑ[g8 c̛1-YeX80t~VBU۰^Ѓw,&˺%u(Y^ }mo !ˣ@DrO<`R=cFkU~d)fިӺ^Av 27qE U i~𴭏ƘՉ1_,^zY8;%2^dZ[J+Rڿ%W&?p^F% v_|\o QU>} Ў|TTF-BȚa<#I!߃L0+<>s}r@M;!z'KT>j?!  )?Wk4܍O>R ih#i6CeA&@jJ*1aD J`}صDklJF?R9皝~8G+4'U@g?³^'?܄@?Ҷbbׇԇ.xO-=t3`V Ǽ:U2)Fb)skV f q_@~OX S%@ſɂCIVhrw!a6%Nv 1IHɠ Yn .Ei-5_U(pNZQ&{ml'&b6.vut`S{F=y]u7L_Z鿾t1?},4;;-%VV؜Y^O3Q5>NNUUې?%oe*5"*􄈬h]^q[xvER`[ ~̱%**rTCO?;xFۈ ̚߅:@u5y_v69d\te%E'@trW.]4x`սDЫ{^d%F;Tn*qΐe)ݩVFoSXKl'(x4tKX/Iﮩ̽|UbwqLuot yQao䟞iUk)?UjwPn&R̝yT\wf>š'cf^~N#mrRmz85Ž ܨ(z AOn]xO;v1]@8Zs=vbPڸ%%7V³[J B 7^`ZCwe}N>?:\DI8XaAho-.AtK\U{#8Mh*n=Y]6e 1EK5֑r?vP&yNq2ޗNWd9ځXCyM#ɓ8v{H+oxnϬu&R6eIέ(gVKsZŀݫMvdJH;e;ouF_ɍ[ y>Cֻ"~Rv7[_VZ?mg"޴]EE-CMZwBmX]-VM}% P&׉>MF4*i\(@::{ 3R0L,PEWVY !b?!NӅ6̔heڅ=6ZgDX̘t/5HXf5tv{:YXf=:yohz @R/|EdfsH@}Bɉ B7İ|苼!f?_3?3S/ԕRRҳ!(K&ѧ)?_TՏ-]$jYc<Y;NhũuRC<xM14F9Z&I z9+d_NRkͭ|25bzT&N>%@дe*NA?#6>"o^Ξfm k}#(qEYj&JIZ) ݔ;ubz@OkIF˷V;'BAz]@OU;TNYᐾH! o F]ԯ/@Ps;/0+(_is(}/4usÆNl6* f/#}7Q+컑G@ۯ; \a)յy̼c۾G6 C]S' V3zu9.E%J^J~F ]װwpg7+Skka8|$l\!qsdha]B2rH 5)$5r53O@S-j.qd`fRf~*K;*}`rxqY.BghY#:v1Uatn^(K3}# Ok"/`umU$"缟UZ4iuȃG;Q귵E;s@{yP8T6ܯ/̹tHO{6CR5>^ƽHYL1>{衪ʶO巌;Sp:p-#sQy4%29T\N}n8#9t@om;Vࠩ-%s{>7w){m|^[iPίt^Z_I_%-g\(CJ8f@Y<e0HwµJ3!.}{h u(<&8F A& ΣFvфAF,\AcW!qbCk̫kskxH<Ăw>;I͵BgKiW] KbSrT%ו!|hcB>6=mn#0H,Zy^;1p Qb(r9:$; O| ib{F7?QXɦҀpez%1{ n˻anI٬,&36|FiK!dE~XzTmoG{tpka74 C— T`,dzO<8ߑpiF1=Q>`%RqJpZi^!>LQ_veKYz&/G{'| [-,a4 k0s^ZI W%; `N6Os߮c6­R:e:{LrIۤf65B|ݍ=-R"uf<>xqh΍#I ?)FD>˽:::`dg qˮKmA\<V/r|*=<xDp3[MeלrMPCOgR38=HͣF5-ğQ!/8ەi, C߯}2 Cmm*GՈOspН I~eV8xPv<)uK*~e煉s Q ih{h̪@_糳SxIV3liāxrӽJ!.@+)B =1-,x5@IFD- HQIV$N}miQev(9iV3%|zhD h&pIWN(\۶֛7W7۫HgwO@O2}ϻlbYY]"ZbfQ3`"j7dH~ק?B`8&,E[%aD5kGy⎢U \#a޹x:mrDp^ëuQ-J {Ni+5S;GB^6J Zk9wӡvײU]!9Qmu2qȟ[/^\ImYP:.,_H ch\+nE~}F uZŽ)]zA^T/PZ?YU -\er-;#GW"ixW/#|q6rG@2'ߐ &*!7o8˕MF]7l,d%BmMPc1(c/{nq^ #BKe\C4W=O1>[:v)%bQӍ ) #|3`d<%; {qk}anu2ۤp=-]V5#h\3>~l>j{I?Cd'Ȱx B!Nt0ߚ鼗ieV,݁˛ X$.7ZPqsS_{QV7? xBy.uPy^|Aˮh+6J`ヸ: f!v/ϫ=)%K$ ol<*3K,TsOI)U(f C$:ALԭKvsVvz#uzfNUB>w0nAHaZ0tܪf^,I-=K@xI66@"zO3D]xgz e4XWVstX\%s=\Sjyl23=Mw>WuKPEwD[/ZbMĠXAe!JP,j~S(9x(c,F_L`^wia3InYhrHOeu9GC ]68]퐮>yo4+U7T#bTz>qzU<<˦CAlBէSWA%c7Jh-@ ?p\Mw5'V4kf² }`ևpHE$+eF*c=BK^hM?Gb2>̢^amF (OH̟x)6Ν3wM%x&6a19BLQy9=ty(2dRt4ZD}Pr ߱g&HPAv0ODUoF%ཚ<.>C;&d@h!#=NiύȎ+F`lhy C&93dte9'C BMl/fӎ*ؚ`;\8uwԬ΋grEp{-TxKF?zLցgҘБg^EV#pQ%T}A~>(aX#s+Nի! /YWjލ4b<j~B6_|Qyӡn3F;Si >`/`OP+~dyL`;H 6k)dt-[4IJhǘ5?4J<.}oquY{6q)$I ? ,APWOjb2IДc.]Ty7IuHo'.w>_<\pCDqմ\O6=9A|q4ysY59}^ڸG0 L ly#Q>/غ줈/u'琲hKѥOu*-- U,WM++7Ǟ_s )grЩ,|oN\RVq.5~B>޼֏@7V.#mv&F_חt.( _l$⣼+W֢mjc*uUC"Qمt9Zceg72BE}GFuxA!094xfjaX58rE͒_q^ `@!o_, >:O咞/ +q> wXѡO`f$wAcG1 k#|GWI_;*׿D~7P ' LnI7=u/{n9U1z6=F[9ifƔK3eOqgiŬYNى8 יڟ 'cKG@CXBVO) 5+r~-G'ai=н U8p'_J5CZFxރT>Hg$aR|vZV-l 3fnOwYˑ5d޹IO$1@QoPa= tE)&cZC4a,/o9$*!8 |]_m 5okc_}_mռY0tDژQ-t^R׊a˷X4p=f[g, ؾz"Û(JُܔfMW=.$*)t}` "~R8D|] j96 :Jŵ_AH;:!15%,wl?5Q/AE(#2[EsasF8 $?c-A+Wq!bDfT uwtR-zA$oJ׎N>9KzTݽU".Rھ3tU*0 <)>Dk`JJJ-$~˝J ^pA]Oq._Sԝ5+ "^%sM7եA|TP_C1& c&&mrQSR'.g݆;;TmmhdLt%E:Iw`8F4^ T$lgȰ,@+ß&X ߰DHmh2EA?ԔB޴ lx "Y\頿K@Uy`RU^/[!J^l``C9R-Bڳ%AX}- jy?gɰCnӤvPX(v֣翝:;6,)wd?~/µ m㜚*-z 7_=k燴:6H"y pUGZnƉ}}Ẕ~> 9.)^uxGKxU S;XX6GWJ/z 3= Etu E2YFz$&foE',B'y>tW^䞪č̿ҡcjb=qR {MU:BPVm Oap PVtצ'd!õl1u|O8NHb2ߺ6usU; 9bES}(WU!lDf52O a߁iX<kի#FD[=,TIA(_ݻnﳵcYwAC#G`Co-)D r~GYPȣk:4_%XiY燋;˯&rx[r'/oiL>>Km1h|0"˹WBOUvg~gu(둢 +U,Dz6f2BއP1ےY>E j6Oр9SKb|CFY/#m\ۣN:0zԈ63tsMobʥ7(#~Ũp-/-ۆ^ 2"ŐWVo4(ښ.^NTtL,us58Ueмa'{vF7\ԩKl%t6;,EaNIo@8_BrKj6½ ŻP{ɂ0=!N: wurH@BS.p}i0G}"tմ t avx:(hM or/7ƪ`֟aP-[y "w!^L)Z߉{'K6 O}5@K-Uqc޻(ޥ(;x X;@pFIDN.oV\Lڗ"2! cqCEp}3,%ه,:b$Xeq/00$#SmGyϱ 0E7-"k/]^A<:I65^s5T:5~_*RF7m=nV,"17&`{ WUV*"aqn@ʶQ$eHٚ 8H4EfUY0uRbFR\C(@ bQV_uxP먿/FӉwr0̇_c[))`vY+_rMO oEN"n̸qbш` ad 2A\~LݝPR\4!Px-ywJs&EЅ l*Hd<,ZRe/k`G:& =HIgٕğcwaEp3q࿅a*ȢTkE \fxi 5 v"c+ˡѧإ ѻȝ sD[{n]6PZ ཕ(@O-OL6~hlV'0dOOI2g~-RnDi5 ު zF7x<  ~>3Ly4Ԍr1YX䜡4_ ̠E: qwPB1e7ܴ0D cI-4f̫s,*a@T)&EIB_>"_([T~YW5Qn<]%Y+|Ɋ=g$mxk #'L+/ʶcKBfˑFV5+cJΣ˲rt7*c`Y< Y?3>Lr-|Z-Ls3;1{SNf^<dVDwU!|??Y7q.b Enr}>@$20Ђ#CoMXҮT] @lǰjpQ0T&/lPW ۗXR]/"W l^ҋuljYsI A()s:ۑ' n cYZ?q3e #2Ӑ! 9_hEZh (¢klw]U[3n&XB>qlrco)ֲ V/uNHe ?y %Zv&Y$NL(CFj_{)f疻$E2T.Q(__qlzL3?IHKWףRnNBLڭXNcvs? MeGX/Hpι&ҭ)ڡ:dJȕҍBz ]p tƠ $=.w_Y's6yʃgU%jא"4ۜISECȍ.!'n:l_"R?{{S½e~' YVbE04{9O} ܑCm}3ȹqiS읒X|▀]NTJlIOo2--Yʦ=duQ;tbU J=(¶A+mU j'iv5x.Jͥ_O霣bO*QpK[<C]0l+aʾIMe(^qPFp?ls?aIY񶁬w!(ͬy~ʠHN~ t,] $)`2" xA6avkNGz/)"[ӊ--e%2/M{A^ʸl$LUX̳! ePORdk?wa ;uk~>]=~7ki&)vlщ*$ʚ pj'uy%&%3SW¼j#jC Cdx c).isd2/\!"hjPäz$ xd5%  e)RS&>QqMC5=Dbmr bZ DcHHհ`s{RB#@Nx,j].bp32gWSay}J2y+by%R1G?s&u\O^e ,+P㈯U ;7 kDQ .8[n|'NgN >>b1%% 6Y +!TL (#wCD[O*dEŌuĽsX&3@*2m: wl9?G7r柮sU $yQ왦Ĥִn"vV%,Sˊ6TBp Y6<(-AfSuI;#<(BZm3-4U iVHhc,J~754+ɣЩ _9Ԑ/ӓh|Fx'+@\We"XBkEp^R2N =@.>M,3ӮJZ< k O&y~E &A2(j3<7Q36i=p E8߹+[/nT^0tAl5KBsU(g@'JCzK->C7I.4l-.o0پL8j 1Д) ULao~p!gZrWi{wsS#Zuki5h >o=殕I(!*KyNP@ʠڿW̗,w䤢cr ߇Rlh@%`0qZj:ί[W˓?0ߪ˹@™>9Ra&;#Ym{64\OgXwԵl v-Ed3Uu2H*|u良[I/&tPQss Er#b#܌uFJB9T}k@[EU\z{3 FGpkg)zM g߿v:0.$*C* )#kal#^J fZ$uLN$DZLg?*ӯǻ5HsUWBM\;4I mttN~/ـ˰lz'6sRF@ RĎo&. aVy S9 36'B$҅?K=xbx?ߒ9±;θd u*-`h` 1G0~C=xy7؜L :!_dG vAM@);z70]?E.ykiLCw9zgg LČX2&ߏ}VT2%>4u}?LJ t >/ƾ_v;y;JMuE?Te]NOsL{w<12Pjt~=`<.geU0=˘Nr9Y 7-~hJTQ"`fPT*y45xS K[P܍nD>2ôUJ#{"Eaf, {ߔX@\`&5ě꛹L%Bh}u)<'"AvaU r#([156d#ϫD_Flm@:b_~KIq/ɀHnlT$[NSz)G=EJw٦R3t3 Foeٟ?=%'ąÃnsU5}o̸[!|Rb0,McCN0bbgo ` ;f%",CNG?k셅7SR&F]]nA:QxdTb&C_ė7 bH[pҩ*- ZETEf%!=*ON32@y[̜:%s2@Ȫ,}p^'g\FLn ?%eqb~ \_2bA+Yχ%+uSUDDF# V5rhc}mp*Tyº2n-RnxvZ>P\G1IB=-̽ԞKҝ XǼX9{I,` zUe6.EݔXZ 3j®{ys'.e̾1/\ȦnNB#M L(Оz ˗kC,_̺o. ?-x<[z D߶Y^% g.S{Yyd𵩟؃D>S<['?Ɏ61MYd5Z ͏z!F6uilY | q#wQm @7>~'=g,'T8?̭wd \Y>UG.h56n:875@$ quF [z(Mylɪm&Z8aMg>}Cnx9tTN е6U{Xpq8>%P]fW1gAX38t}k^{*ǔ-7U-9N5|bIe+bϜ56j]xP;;ZN4 @NKax⇵~f15.c!eibzq|+@\'0f xkaPMЄ0+\G\utKCm .6Ng|kc#'z^?\2.g]6S R*N ,ь\"zQQ1;h`cDM2 rsV*>̳涭G RAV-̀`%YCۇBjr@;wEl۟]|cksݨS5^W[6JnИ ߠLi3Z3DFaLlҀ_a/N7G%9xKroʥЁ! Tj=t Yr`{lzb뀈46Kyiw0q0ex3A+dtP-Ok1^TXzg%A,~4L-g^Y!!eJ 'pqX4}q$hh GM%`~>qn=EUxP͜ )ppA:W#6Vwb7voGEI Wu "^y`(@~{.o$F c)aϲ؞؍a/ ?OS }D97uR`s9;^*H`|WA_MKwo6Ygd,#P˵|&twlH[wL(Bf1GдFN#]L K'޿FaQdY1+ٽ|&HGY̌!3̘iMX{دҳt;Y[*GrG\eQ"3@kSf )Δ4jnz?seɛ )3C43~5n*%e:[A@S2pkT4`Z)z3Ԟmm^hsv}\2A}{ T_3'j.dxT0kbX7?xMIIY .oHP-;κfh= 3" Pl`b:99Z#q~5]C &m; 8JAYI1mVjy$M's[>Svw`AԓS Eo)dg T|10g[] ʇfKlEʷˣ| U`kLQԹ 6x(og ÀQKڲYIfGG{Y5M-z*%UrUT1VJ2ʣ t[ qj=J碐v||C>逿 XC wެJ_CyܬHu@5<Aw~тtL$C* aClX76IncQ3Az{mk̺, AgB~YF7oQS¶ T{_W;ݷEkBpeG\1/' 4 6ZoR$/w):2*wpķ ~" |ѦOei@H 9fzaׄc͜bzv{d]z[SɌ]"Sg5a7 PcmOT#F$ 'z~Sm%z"!C'S'eArGwP( Km$ lHj }% hJ|R|{_۫\[9p@$tG-`OW lkIY~Qx }袓 P{#Giw6tx&_)KJw ,д[s[_hf&WH5,ʈJLT:0oą`U)؎}c2ũTZpa/j&9ץg I& zzj%Wpx8u6DAlhQS㉚\_[ X\,618ƃxerYe~ 9LQoJS8˽d7 V]\Q}+Á`UeB5υ85 #i$ۢPsG ûo[<t& f{OLF% HE*8@(8: 9~xF,YiTQoMXﭹ.(ve)H HVI`.eतPޤ{J4VO,Sx \6lwmEj#gr# ޼T2->)'+-'\co oe4 ݲɄL&vUs򊨹<:)s7MIl_?-lKCNl@k{Twz:v;‰jRʭI>Aʧ p(djfn y}{Qt -Zy!;>0xU#fE#9YG>ƒ(`yGݓr*@s 4#vbza 8A-ıu*sdA f~[Tdའnd-D83[n@GyL-ANo{A-G+ntJz0pFvŮg=YEƅ_=;54oGpE?$5-1l_X @$UZ|_-XqHnm"rM=qSE,}yr]N6 K;U 61VX$- 3њ~%8 -Qq_[ ĨET.D~h8D5@jA?75v#2F 8UTf%*YSr|lb~޸B2ۗT 3Y+-7˜I_ |& R#_n &'Qvƽ*e A܋mn4 )?sbn|IFͻpp8n-Nx\ xEsmw&Qz:VQ2.p ɣq$Q6LV2+8@Ou){84]ذO nKaqbY 1G"Z\hla^O»8> ۚ_GvJo & 6;7:EÂS9f!_>6+1g Spn!%*#e=]rNQar`z̀)e}l|D«n*|_Vi]l'j5NJ4j@j_@W̚?l{"E/;)y`HE4*a>w49+^BiRt<kwE?j‹uUV-Sjl ! T5_.i/oUL;`wzS=B  (*taua9r3@sH- [hSrm 5,rܔ0 f-2^7{IPi DG [jh^&n˔7Pdwlםpdm#(ok#BB*Cg?uM-){iuܡ`4WRgD!ڭ85XطP. q~W[% uڤ)kkI.`)1BT8&zE 5ˍ4V}nUɟpc*Y_ "c䨣vLh߸3`2Snh8=e{IڇDQ?94FG}2&bq;rw:}aęlCa>n.Qwb#Ƣtɛ!w \ s\&D(Hτ쿹n%FNǮ(։JʍZy>9};~ʇHo+7@QG󤒁 "C"~% y`N8Gutz"bEƯ 0ٰWIRZ^ yNd;3bRބg_b.pM$UE: $]w>z2HHa5_NO{ &ّ*=aCF.k5fG͏p)I|?e/ E& Dt "7رtDB͜b Bwf/> %d}FkZOȳ13k1x@haRj¯S.`;?OHO,;.~4oi_eumeUev,D{;I_:WhPLKJb;L8X:ۀ2Z&}|}G--˳r۸49Xay嗔YDkԡjdלDߧn, ˭"Y&-4(]+_5.֓8?!K$B&@r_V"sS?i4LnԘ3n$P*$ a`KGb9lo23ϗLYf s-+8o5'<;DTB(+0 Q/ӭ a)]4d Q,b^ UZDRyrRڹ#;C4TKZ(ɉ\18C-|%j\"۾|6YfVPAq^ b}WF`h [mRj<&{/> ,L93tGVk*fN5ڇѭv@!_ 'Pa Cf#BOMN; c^rpm?*ѣ͗:--̆h-r¸׭{K؋",1S߶M2`?ofV1WBLzQEOSjڶwt|jBQہAfܤR}4vգj O N ;N+ S3 jt:hNozni]ngfq<*) i +w!pSOL學.f(|@_E$'+ePecFM29iIN(zԜ5 pYÙI-aŠ|1.7LL!Q]m@/0m GV&ȥYAx%=+͋R"TLXa>wibvQy-aNj6Ļ);+H;CDHB6B!h֔_UHQ%V(9QjDLP; p'!'䔁Lkﺚ]5~A*{|xa~Z <QS Sm(N5G}bUjs;5{Uo~2#jɃk=&Ӫ ƫ NcߔՑ,~?4R'ؓ0Mlm,);}oWwF*3I'Tx-QdlG$ FrHd-,mЧ:܅г`DDxC~DXb[XhJvOٖU0#Oc5ZqXiҔVWl6ܮ[pN@/ Z- NUN,m3[GDbm)+[/4\qQikdÁL/f(c*WssB@z뢯i$V'H-=1ˑ6"'r:,MgyvJh>ӀHC`9hoY!^zk2Cꗵ|QDNܴ)7ʬ,}>fI!{ɮYݚc2et-E浈mW2|'?oHwmYà@(a@ +8̟~o:VIhrS=,zhVG5D+-P\o6͓ Rk߾ʹ CԋT8T!F͌Nj=oatP0)t|,z  vdO=:AuaҰsb9fG#7̫%֡||?SVgW>Xeb57TC%/ϴ␖{8T-j*\RBt,vAѽZhߕEhh⤭\E`<_`kvgN,b"̄j%*pe!Ћs"$Hi-8tzz]v -oWZmw_Rl~Ebfs"7mVL˜eIGS]Zn;IBr(&$6LvGPniv3Dbڻ6! g dwE̺G-ZH"INF$lx dBBf빓7G>|)ۥXbV:c4:6gn5>ao.rlZ ^`ړ "5:0)_!Vb5ǣ?1ߍI# u{Bk #SyydtܧUQVM7p;Tg }nKrIpLkUW (d5>Z?"LcY+Q  `y/ZKkid0¡X&;(Fď@Li&{LM 2r[eK׌ҕ*h D=5eh>n8.vB[[94qI 4{m|bSaxWe9}Bz}P5`͇S *N^F»U;LUdO)wDRHxԲ^9xjo1'+II{gW[.-:"WU86;Lw>hj5"GXGIs9 ْ@SHqwzr di; \xl +wZp"'3ͅ>WҮ^*I KG@wU=X ٣x_.>o%]he{(eG0K 0Vax(M$uZ#64BmO6y+ _0/w_SEN0߆$Y0K$79Gj0#ӧ>0cŻt9>P72og4 άwLd);79IDce=K+N* t$c\vW9kQ(]jvM!MFBbrwhإ41s$Λ4C XLM6GVCW\gS6xAlpN߳2,fRgERGQ;< } }kh[0;p2s#I|޿3s.Ux\a>QF9:pvLD0z/Ǐ6>+9V(ݡ>o ZM`1:2J@~l|\ ѠKh%-4h 46ڪը[#l.;>BuʲLMsfV+N9gkn 3VTN e V-;~~m H`kvGIE*\CV"L #]aa2(!u_U#s8]ĄZp%>P {͊I:)6O ؋utUj#Rӊ9Q>3Z/W #_Y0 |FCt!aʑ +*|\wWt< 0&-\kǫגxC^EH,[K#[AxqyU'۝W H*:˽0nqu6 Pi$pqbSb|fp#dz;|s rqOgM6f&SD%d`]ź(r"LPY`:CW?q2iOȱQC۴.5zP5svyr}YyA M :ƶFܢȄtaw9˺Lb8e\8DǠWih=5MX:5Zv= n;b9("{c:Od%Sv$ 1͛M5H>ic`l :yKQc^X;zWceB˚0*$دxr' RJ9Y؝Ƽ1eM#97̡j*e\ ՠbP8*;Ո$yyT6HrѲ!eӝpP=!^zxqb1Fg6.\)JK+0 J)O*qrT~ccJf8SͭmtQm::nJ 4YɡsmͰ Y&p drn죽 ƿ4P\mop;8g3|DzV *0_~maG ڷ4q-;Tv`^(;6E{3/| |;6ѽWa.ُٕ#;gr[=U'CYF%)@gKfnWtdhS=#tӂc> >#aC;xDS"ڊS_'.ĿnZ7 0C%ggPJil(qRzLYlA"]C~FC\eU* #$K~X7 xkfgPT C%_?$ wUzcsz֫SܿVtͰp=R5ĄNE7BҸI #kjY˱PCcwi eI4L4Y{{zE9 Ώm4Y+H[YC~QVcuߋ,mְ0M£'gGťJ*"D}:\i=iFWn5ڸJna Vzv2߻׮b$ƞz rbDo[%Ov)e 9:&]? SSTzU< nP'g_ܟ^ [0M,Fr)[s,)WF;Fc kDGV9ѷua[MBCr?SNiYϯ<$6+pߣ ε|/Q TP;1İhSP"Igy_!!5U7r$"SdZ@gSG RGGu{ZLi91J=;{t1O;`I׷KeZ;KZSܟn0%s~|6(gy5:l~r^:pSKF55zN>aV?iU%#ҬjSc-Zxff]ŋ)<#Is5~V ̿x3htcG,Р7U͝wK{TkUTfKP!XtPG\,aNp"Jh~%8x H/K,ET !ē&'g3꒫)RvdLYܲ585U%tOf8یA϶$nma27n0iռA"V6RkeҲդ^Gu!d^V=snY49>CjӏyƶJ ,)ѢܼwFMcXX< >%}C"T>QtۂRœT%4"Fv-q*eJ}go/qlod,v"BhooqqEِ# F%ĥ'gyYM<ߍ"t |#f:@qS(ҚtX;UFގQE=y>H2+; DV>ԾT'e~AW Xw ŷ {JG۠lۤ:co,)H wh;#,ޮSr3Wh$4YH|ϱw ՑŠ<#s^MoTZPrK;|LE I%]7k# < Rlj\J%Vw`쳓eJXyW-<'biżx9#Sk !`KP/c!O%oyEИKMV8 4U ͆ՃGg (1o` F#;9Dӟ-z/h#k GczZ(]g1^Z PjM{-G,ȰOV,/րE} H4 ξ.s19D=:EQ}8u=A(_?KA",ʰ3I1<:,͇ťF>.UPV1v^fW+T~. ew[-RJ q/扚K!L q^6r}G0Xݵh Z;Q'7rK L>B_ʜ:ƷUz{VN?'\AD6229[R'|<[2B KBMPҹRxo.AzW+`z-T3oװ]H4(*S-3{t'Pq-!HiA: (oRdP:9Jh'~=]=gN'4GF8Bp[,5>oɭV5w6[XҩXAB2"΂Ԋf3솶 *XP[Z_ʿ7Jk$H|)( AU5>B }"O>_\UG9 "PpʔPTwG|pUbNԴ$ BXs9@tt7&i|OfpƆӫxDZXYl#)sNM!\`C4VV',‡D t 巎ϧ:%桫{z=G`ٯ!7|(aᨓqzgiT[{6"N*tr"?bZE xzqB8I>I.ڢ/W%)z;ÒC{4/ew5\U4m>~iGJԇ+}¥MiV|DX,~"˴ x} VA5;_!q6Fhbx6_&5%DZZԙ+̦PRcY֝ 38Dd@#=Q2TY\~Җ:I{jᮿuA 4 ŏege N%Jt$ؙ$HcmidhI0:IzDВC83{̊ l.x+Ҏ?w+?o2ZeR9`LS1靀 I "OcONsaFEtJH>\BU/NaѯHƾ2;U `[Gf٦5 8.]0_8Sw"YcpptD밽.|(^-Rm(Q2J# sՒs]>kƅ$MQ\ U8e2ll p/풷 %EK(}r$Ńf@]2rZYx!3sg_KW_yEb^'zr󂬋?`8`tԖ.3JCKg8ǛC_t~eѤrR6ĮQ|@#}],i3q 2^ @Zy:wU4piaE4`lhwxbNB^I,r"|X9a>qqssKc9؃ ūC D_ˈ0h kl0Lqk4&%ڔIQ1dk`yu/9/Tuޣ y-}cG?F~5Ȋo&i+Q4~}?mi(f U)|OT$t"?f-_/% Qf=.>#JQJb,f%RkFRDksK: 'ofxQG-zC,'5K8TK>:dvϴ#'Kg$,cp߻'͒CfW OPeC V Bq@]z: _Hg*^P{O. M)&GmsŞ9~} 0q^e:{E^F<ZZ~> %?٫qeC0-N*28_t$!1Fx_P*mFwtSt|jh[D֦^zm-%oHټM8ǜFEű.Za|ɘ.TI?޷JΫ]NNY;,]l#RݤAR%|e2 >/9Lb" 5U1z"Z2-(r ]D'liKNzR\`iH Xr\Cd 'Itmdl$]R@ձFx="e‘F >:c+7u8 [l\i½YTL `'_Iwd=N n}ϊ}wNQM;|K>qz F}S9ufهqt[F\;7NfQvAx^}Y7O|:h*"jϫV#ZE_4" Fդm :&)k,|"C&\U0MAm׳ -q7){LTMo禳hW]g[?bRKΏ5饥*R0u]g`Geęs>R+4ө;#Cq`N+Qr6La{M:PstykIT/2Sp%Y> 0[} N6ebs<W&.cl7鿏ֻ2N?Ti0:=:Da kC!/vWPVn1|-C Đ&SФ j*NIqJ'&s[I07s-F~^j2ʼnڊjks_UպL"('Ur5ڀ נ17ڗ94 V.9I_AZzpsO$g;ӰEB_)V#\Ê=D 8'Q3v̇j=poDYmIаLsqԀżj#JWѧw mIm5!r+ne#LhQ~%GFbȷ7XG(g޶h/Vu\Q.o|=gW=_| +@_(ѴO.82|00~&H^Ƕaè_qHĒ5ZS7Lz|taqibH}_4I _::z7>;H/jRJPu& Nʌƥ8wi蔴ڠPت/dNUoU iX@3TWdaouW5w6mE-.)Q iW݀OQffBxE{O x~Ets1o84 g>O*tW_@XXh%z)̈́g 1wk yqsKuP4˟0@.J z+,9=TBw,4L@WVMhȟZiq[z `*ΩF酙*s/H F!!^2Cc)5T.,Eʺ~ K:͔ȎIAh.&S|]cR(Ρ l_ ]#5"NյIy~tF܅`3ȧ2Ma!ᦹ*% Dq>D:s27'Y=.#:EAJ+C_"r( taЅt#eUasHZ (7n$z3yկD/"M2$:58pI) m,jyX&V ۑzQ ﱪhX:yEE8~h(~9s%YG_t[b >Ki2N>Ke=AxO#-S$*}oF f{xFAX'7O_-%#w=Mq֕O5e6"iʬ.\kz*g&pF~ߤ:Tfm]([j{F+Aҁ9]XIOVcOZjC7eCsȟL헎 A[thMי'Y,?u KLO¶w'=WξF-G[c?J { }n҃åp$!m-Dc< w]HENglѬ@wZXl`fB7HOQM0>uOl՜I&#D"𫓝t?\\9if(Y or6ݡ⥆:h m^}qԅA#a!+YngԑXC'4e.>0sU7w<|ث&]7.__ ~~oS' ГiTyZQ/ޡ2Ok?`pjnqjnWޯيXSu׌Rgoiv#'阊5 )3LA:[b•s.>3fK&Fx*3Úa cx!yWr<G@]P"^-yv/_zKHVٶ$m3#|u~qGAUt8Ή(O?ww*Y#Đm}Ԭ YZҌ=VcɃX5#Q#PB_[*i4wjT}]Xd5 `l#rcakVyO)w?9 R {*~֥a͙rm^5$& ,83;lDux`&*_&Bꢸ~ū{FZ0<D8t7FG>|;#c]p6JqniiT ~b(Ӵ$f&U6fV]}?BKĠ!߭+| Qɡ蛜}#m7&e[II_6w]<5-ܥ7 *I6["{Dw҃9idOEx- Pd1M{{\3t]zgt#s}.`]8$_%l숕Qayvlffh2󞙲W+Ӝ2w1E*ykϕF,hQ܄g'RE[Qiۄ>jyY|/;4M Dr6]AǑ=8q5HI69H'@BN'B+imԂ:Fj2}Lx <͞F@^bWDQ_ Ûg礐F +߀$*72dCD#L2HS tj.[d{ eWK7(TO.ѨG"O#1 ԃi')_&Zj(]2xDnet)>y%[(A`Jѧ:S@xd|`P~CE}uK_B6uRkmv3HU(a)mꓠZVtr*\QZSUyv "s.y_ KNməz??*GX$nMt.64`b Fpf[vRaoQr9[d>6/Dwse{m\y"vTK_ޢ`gÈκ$'fc΃i3Q%'`bwH ) 㞧sC2QH0su("طFjl9g$\ Sm; 0*}u+ByxLCwuC"WJRZ`4|o4ʪA'&f [Ve ' !Ѕar "K{\i] _`jtcnjPnK=RKdBxlS|JѰLuatȞ0~{b!:@t׿;8~]IYP)_A+51=asΝQlm/>`f 12E]7 ʅMsĒ>]O!Dy/B+ {̩+sZsy4<{NHA|5?ܝU(b+ >͢K>`fX{*pd؝()3ƟaC>(@K`=y 4*̳M;pRh>l㟨Pt7q#kd 5!*:q=tfo/Bl%)Q˖jBB|"3|,NP?`upyA0}Ck~c Qxn]n(Ve.u!;8v׾.v #2Aj{7 mLKHO'|AD;&t$V؀cCznt! _+qe#F^dTx;w#-#`bt[K6Hf,XEcqFk⑿ hti/=B0=\9󤺼dz}@qdr12'6O6jQ7 ltե ku!B\~xeSv~vdw & Oh}gvceއĶs@RGΈ˩Hd$Q.g>o n$۴Qj9lGr YK >eI;3IvKE)0a+I+ QmC# F]4IY\ᑗaKAxV؊lr*h#@3;,M!B!ZK(]uc^ * jiLD)HA%^dΐd%@E|؆]ඣv EE U8c*ߖ7v\qtA$`&L&Ҭɣf"LLa$A}'۔ݑDb/ ]<ꠞ2W7&A_"ub/xJ)aՠ1|>KgI2$;n&G""tƬMn–5a#5`sϐZ_!VeMO]E 7Ecbz v0TTKMn*\X{n̳O Lsna4O`92pQ.??tқ0.hYA ڋpc؍`Ӗf(+TtYޟa$V^JgH$q$s_K"XPtlM";ը"y{$/;}HB=YnT}ʐvF5vCb'Vzjo ¯m0hLs(z $T)*!В{Z's3 q4o0@~I$G0$4c3GM}[{Trji/'V5F*T畅dw _yXK1WXUc!yeo%v,rN/ ] N/=ţ3o7ϵHk\ˁw}0  SJs1PKa3UY6ZL\X^knJ˜n0b⢫*~MYtiB q^? RB;䳷/ѰJ$rxy(KRx@BM:6HܥtX~'6IP2Ns)MKS@^mmIȀV>RMa2@`x ~֤hnGnL 7TV|6WqCmtEkŖ1(h.]¾nV9u%=W|o(C+Z]x3؟8;ӧBȹ%8]Nє5Iʒm-b?5&T^b&;\9+5 zq4!Ș,@@n7Kau/ʗIE4D ]6p2v>3-v:6Vl4PIzw4mEi0jX$USg}, &fkWY?`;q(?W;f8>߶6@&Q x8+d-YșQ[G2iID:aK$xD0ݏfjs3$WA#n" Ȗ,ł&=<]g+=;!SxPӳJф֘*C_.Gy8gHx /DatjVv\#o2qߝ@1kFi|y*~bWZ!rX1zR ҹ_} fPSDS䦕0A&UNd>Q6&p=8ҩZxSOIpK_]|+=Di!ר$7qcwF wᤚݠ΂+,7 jA5q򕑟k0"kx>m^Չp Lg~-l: uӝ',yaf,#a' y#\{ЫN&֧#ޜ1aGtXSgF^er+;Q\I7WW8CeG1Ӣ#D-^vy 2?"$j$6co897oVwFz!=l26bsOJv׭#?bg؈`w:$,~A v_fsb ?od;%Ί*%˂j+O 9B;SHbR~f+üH׺3aqrrΏxftI/x)LZ[fhDY,L]ҫiS v=>H +!ߕŠpdHM>#U !nb'c2W7ڈ TM#I֎M_X31tL,JG1<Ιwvˆ(;IL$Rϣ*9gz\uyjTr3}P%YZ"P!-U~.8)Gͧ>J"4lt&9]=~m\@WE&l%DNû(쮫`+WB kN.9 G`m#H)q¶)8}PοⶶJDy%h/QzzYXVad|дXY vaق ʱ圝ED-x7]7/ nQ&Ԑ2J[3JM}x<8Ni@:"eP|w6E 8t}EQ7K5Ajx ؂˨!{PdEW;L8p4Qb%2mǮc[9`?=$к~۽"!z}˾jYҴo`-lqR#s:? S^=J/ʂ 7OihB4&ј4]'鮫*/=w(fHAEԄn4ɾr'2O|riFTL\f(I֕UILfU5۰EZ ⨵f\a$(,]k ;; w9yUhNRynߎhKީȹ>S8vev/N[euIXصw 1nv}NN/e*?|oNJ2F:Ė`?P#e)[V̗؆%guj6~v ʁo1t꜇OXC,<dxWc^b qݫK6@ҫ§\Xn_Ѯ`PfY 9 C!7pΪq3qP)[nMB^\n" \wJC bDz%!Z*UfgCrr@h 'NDG\d*A!3yI0ّM.S`kI e#h3jbGmicSɧ-9vcp#Yj=H 1RԧLw,+| &9{Bt\.R V1;0rْooJ `SC7K4/%taLU1@G`q $qn /LH+9O3gU}w1+c 7jv0E`߻`EFXq7 =!K]4ݹ6iC(,6U߹{) b7X}$(X NXD/Q}vsވGg!Gm`lCPݯ.Pq$t ;82ƾ7nB\ VN&؏ÍCG Sb 2 M ]#&_2 9Q `"Pd cU.~} h8}"סé(HZKB{.Pl߹/JÏ p6>~d (]k :oNSV߷hCl} 85MMie}4wfԺoE*8yՈ# <*=Lti} xy%QM[)W$/Y]T*kpT̃%xv'J}<O Е1&fgQ(g|.o\G *=G]udK-Pq ( {z@ iz/qV"{!-?ysz~uAt#C;'QE5?fF"9DN]ʒ C^k  -&SsYĖ`n7(SVrwOsuّ7ut)ˬm)|Vv%KL3%DB5B+gr.,뮱G:Fu{РSqt)pH3%MTgVOƷ6m HsK5 ;Zl2ZoW8A,%;`2;ma/hkg' P'IsmMZ\\:Lf oSE r^ʽ'H+?HW%;,@|x r\}k"UH)o3ZLGmOy%*Μxp)k1ALϷ+Z59g?#/L6eMxXڧ)=CF_8'Zg]sHc"mEH})H$ö>t(U*kXo+`NuOph'-:2r[;np ֙r 5+Җ+o1^LJy'3 /0/cӴgˑYA=ӪZR/i&* rbO|>lOl=u('SqԤt_V\;~'cexH UNu#>G;-aYu7"a@p q`b|Т[1T$q c z綵6r'Jd/Fi %4N^dq,5 ?SكٶEE ^xF^.ݴy sلQRkDMR1_X }I^@֊NSw9O&w*CGg#U]?{PE۽߼O:&>xtK(<Hi/-*oȿЀƇp<@&u4N9zK2!]2]"zR{z0&ڟXa}G2| W"A <1w:?L&pAG|l~|SꍎTEZ:(FPQ$#"r7;mh'1%ұ/jh< O9̽;d~ (''qИ?edsy }*.9i:1 < vĬ', `${kLԈ d}JҩYHz׏-<&pڤ>?[+@,[NXqϹ~ʑaBUbu]Wxx~GRav1u=xd 35=7A hF{f8ě ?i Tmu7mggF2 ZG|dwEMɍ1f!FY׆1T<=q{ЬFIG p93]j{E"v~g?a RSM`vuUEYkUܵ3/ųv|^R.ƪ3ة]# Jn'NNP ^Ac}mχIeALNΫunӿD;8|ܔ[lrbnn,iΩy8mWvN>p G%n5G!\ c7k3Fhx;>k&藊@#,$a W߾ Ng#MD[QE JZenBI~wM,n +ο y@D)^@` *Du A1b3GpӟT^I U&6/1$B8&ڮDQ-E' ]W"_W*!83ucgC b:S;@12mcmeYd }q ˓ 䎘Zn5GEJt?d;hqj U3JGI>Q|_Jˑ-9Ԙ"IWjS1 2Cl 4U6gFGFYf :ᡃ 7P _ Rv59Ie$tj`|:f&TA\\(NpK΂<,>V ?hiIωDIg\zh|]eOϚt‘<*[+)(2~n['u#}S Z8(C] p9шS&%>{"`,NZn]AOgD@azzOnCS47~UY^R_5k`'r\&G uԧ73ޢuLe 69Ddl 5 FR $y]e%bbќŪjLexqMjK@toW}hoJS<{[G0$`Bbo z)OYP qRzk VNZ03O=I8x&Z߉^V@ɛ.-4 \Q\$~2h.t>t~W⫹;<Ę2tl؝A#;J]Tr n-Vcyc#^~^ gZ"P$Dƫжٍۋ_~0ޚ_ tƆCMZ<aw, f$8Ű'\tTc[+^Zu~2)2 -oNń]1$z gI^EJ^薘@ .!H `;.{r|l| #S ."T»%Mc)XhoL'coMMm>;c63 UIօ|`o+e$z{rEGy A'FDX瞯&TxIE_bꨪ6,L$.J:-n*IXȯx)@dh!>]ok̩YXA\LԕJ-= ҕvVHT],b_O{! j7 WDca]'}.[9_$]fI[?v bl1{XJT~^&D`e m;\ɺ=e}Nlx,}-Q }5bWP\`*#7f0Fc#d7ƱdKppxԣLqЀD'cn0p>ۺ)3 U=yKTXA]j!w\Wj016WZWwUVf*࿥^7=MM =x_^( teW*QԹU*؄aXn:qCf&),R.'PsֶH*dL|U}۫KbxxZp_+_-],aI2ل1>HRgSTJf' ?2eڌѥd|oUHNPCPP_<QwO,H&EaV,5l[BzM)(XH$DqxQ|Fݝ`޵;LN^D {<++E3iP-OTBsAtP]Ox P\.}:־IYB>о=~8,Ǚԏ:gw*(K4Jpno#k> 7Lԅ鶠ΑB4uݺnۿ 0q3 ,^nzSPL$YBFg#N'*nbtMԟxh`T#j:HW?=O ,D%v@/EܶrUMSM0$ƣ-eh_jSyj xD@cE.%ˬ^4ؽ1ohۭpSRS?G*BE t_uLI4PǦT$H`g-%KI7`mI9cfaQ}NGz˝) VGZF|G>Ȏ[h_[aq7kiP N-b;2xw6Sc)ϡnWoEv>f~ǟ*,Pi:R7fl2\hj}ӧC, ͐ղTCFd ([ lfӬ-,怚prdf*za^Wf!>lI-Q$XH1fX,'}|!DjDm+& !ay&Ki&ʸIc(!ô {{p= vjYO4qxa7{5q*Xg7]^F&cP z}r_ o _`on;OUi;6~oIt,FkE9*" p(-P_#P_h١I㩦d:Azjj1up)uP,M.*d,[amn~VJ+E(j>jTm7|O0l%/R 0pdCv_j44Wٽ:N;{?,i,sٟCѧNӖ5jLlD9Y=i^+tq;r?L ';Y?܌)3{y4QiLE^A^m'[k$QBDYxr3,"ym "+\&+m7G+^gU^vʨ@/iIE95tOd7Jzl Fl2=Q+羅\G%Ol#Zql 9",$&ۯ*tF]gL'ZjJ?}BԖQpZR X3]_\!FO#VJr`>yۛ>AV= ҆LASHgfnS wfaj!z@@+In)F&ztD͗ww͔u{kq)@,8Bڵ t5mDH\@ hX?պǮqs'ʛO/JG]R;:8M亱V"n2}b3Iҿ\ K_ i׊:};w"ڣ¡dT?!21*D$ |D$JlF{fQBZhzyL$ { ZC\x7^FFxƌISG84[kefY]Vw]`%wk9cLf|v//c LPh6lgHNr_zO;Bg'OK+}ʠf7 ΫIO#b"k16mJ+lGP}-;]@S:(/uB#j v4V"èIlf>+j腀IJϻwZ󹯸/5V.sr _}bƓz7'6Fd'neX6_R7 9)l@ @Ap@Yrj35AQbUNq =3~<\t*؞s>],5¿R?$T=$q-QIXt )$o_Cw.ZK4=w#݇EQ`$d(I8i%x;^3dfׄm8x&W#rW*4@a~qmY< p\[<6X/;}L-Ic J~[VUw"!s7l>h8^fbX!У+Nl1p,T) q3 ZI(3/'=^.iT"W(DU2Jfsl54?b+2ogg(y9!~%L U(RMأd<ۀm}(&9,/VP} f* pe[v?>:nCHi(EMF6 zL|͟9d_rGjP@ëUVvnt&A*Tfw(BҝE\䗕7qcf~FsM'kIdIeQ(9P,ƻ +THS8Ґcg2Rij8Rv5!" 87%TB2DžIOhWEa|)6.dx'7w elߡ5b2'%"Lt!KwϑOX(m}VHpI $OiA5#;drkMΖVe[K[O%X%.hZwoec.Oy7d˙8u]Hz8z{s J,c`C PWrI5ZXA h#~T=,rē+7kQƣ:}-M<"vS1uC *k%Պ(d]S2eC/^@z%1"?^&y GX@k%,v׻g>Bn>UshPW k0bX48&Q۾tT˪˫.mYpNvlBПepr1 }lUd%]7.&2@)d\[l\ܜT؞Y\>K@y_mR¹Ho0)ebimo>5.7|[GY4W_/\#%$~,}|A|`=% .-GRgC|ODCv6 O wX ݔu:AܢMZ ft:u 9bdznu>9XvXi@a`J-<8Q{n;)R;P^w8, AR(/qu֚k1\eԚƚ'R tQ,kZ /Z<>|OQk"eI5ɝ> _vD5]D518fү krAMͮ%Ѣ?t,g :;z* !Z6a,}?,5r1= : KP뤇]HXJDl^ Bܛ1[ CUK3_Z`|5@qd/dnSM6򎹔t~uGj=ygYb@} wf-b6qCZz: w|ˍJ5d3n*]=U+CCL*}uv6EgzɖlѾSSjoG̾݉OgMчE4W&KOPN F -oSU7WK A>r!gg@?yMĤ;LfقjD]RwpUu'$.+T[)j&`MbH |xhܙD?8~ifUҳ PȝÐ nUrҠh“Wv3d#a 0Vk.yTb=dh$CƢDB茨޻:q{e3^ͻEzD'5_ A[H(^d8/﨨D&2h; ]nFiڮ}U#dFYU{ 5gjƊ6M5Hs4*gqp:8HJP/ia簒uZM /ݱhq80mT\wc wT˪8s5kR kELspu&%L~GPĬN2=pR?&-iQW)ݖȖt0,AwIJrL^ ~l|nzi؋>Ljr8ұ)C Ntuڤ;_%d(Uw_d;6+CrDć(D;t+'4h_5֗A_*bE)H7XB~W"/#VvL@.o }ܵTmҝ/dܴM g-f~,@TDj!l_OB-;YXB6}|T}6FH*Zbtv#j޾7cJ:,VNgtϑA}UCd}ldp"؏- :hPЂCexkIoV-_^>š\lVDf z@ ly" T/3c{מ?(e2j)-¯3q۳ZK7i+w&Bk2 &Ope^"p=:dfӕd06\Q.?2zDZq^2}_< CE8_e0пota5r>B`gޓwL/,\x*ffxG1k_;L z4VI]e9UE$b5!$G^6"CՍioSg7|f0qg9Osԭ }& Rt+)  Їn5\Teos(33so$4ҽ`p(g%)ow NrQNˠ`u,VkpЪCb0MҝɘhL"E"R4`i䪬ʤܿpx1rᅧ 6ɄS@PkQ!_A28B P rhV6Fg7rѵ#јŏygw(ܞ-,Z05z=#4e<(8jѓm/RǬhϴߜ\40mj&oR[:0nm˷-$:EYρACq2?ŽG-xFgi)iRWD$Znkrݧq#Si>ҙl ?a\A|p1Z0i)k a 2CO}EW@]qHgQK9&f^ÝkWDPma8y% LJ*'.};tU*V%S`\ <2P$> 2@ۗ4T,ΒGwߖ-Ʃ6@|`IZhдms_Z R)h'Bw3|`) gZ1[ay\4bh_؄GM2xt|q듛7Ѹ_b/׸v0XH0<'(9svOU@4F25B79:نT]|X8J[#BIQʻR?i^Kk! zhz~RSWF_~ܚ܉lcqIPyc10wBH@HxY B:9hk{̨i4+^$nj z`t=0g:Z*{8~\ax"HZ 4KWv<>?ۖ_,&ݝWpwO[:0T[JHGT v7vҎE CƱ\`&]w̒m@WO2ICJ6 U٥'ɎceN:PDMZ̹7?P_v̴M QuS;LlN}eʎc"D4pGjF/]**Б~_eTX< J ' BPĞ⬄8-/m =U 4qMǬ=v^=w>-!N_ .ÎۤMfK:T{lsJY&n(0{*#XWzZ=h؍%#_(}(nr'#3E,^a]O| BwFҝ$BΦBۇlf3g&@:Zߢ9d'vAJdA@V=1;88OFK; ׈{V/:@"#<(oTQTˑXCQɿj xc׎<-jJuC"ޜ^w ؆N 4ہ_VKL3t7F-$3;s7j.IYzF l#3|v{ӫu=JO\91wc9tJVUcIӿrq̋b yc:W48iIc s"()]P|=yCM>ԠGanN=S1W*\bFVG%ߛiNJQ/^k*}X!F.b;އ w@Hp"z,-#ۇ]@4lNh۰,9U2X YW^r>V|e"LG!$/AĬh%h)+@o%sI/5DMaqvX.GGV}VtR[soʥYa&ieȝix*8 (Tgi?n~G!>0⬈AêrnOHEJ ex0ȍ6 -WCc{pr}8n#zj.%U[Js$K6 Rz}ON)*7;_wP :ǂ6HL>|ED:/ M:\,2et{ayORz>6rgc bl '9"JGH7=WVWKj!'fI7k-spM!1 _rBGgнeSʞ6>wЮLx+O@*y"Y{Wl =ѽL^"*2!>|Ш˭٪b5+G+9sxZ4;lB]co.|?s\{L[!%!Gw~RK~m?`Amk`0>-=kZQwwfCl"Mb4r6Z [CQ% ̔;@&𸩢F.ﺚ\a}%"ހT)bs{ ~$AQRxZ?kvh䠮c!H~l $Ɯl,92GF-3[R  )ыl5۬ ҁ vpdrs1VɖݭN6Qn, :t"tS^By+Wԑ 9>.)um{@W&Z]vheg_" ] s%{'=Fs j E+\j[F=?UHZqoRᤤ}HD65P{-g>P{X7^ѳTm©B#\pM9mTQjcRP$ѧ+ -MȱVR NXՀ 6ȂZy'X#{ c*V.h,NOH((]鬯r]aZ5!=AYN5ms Mݴ(_'cPPu*- 3=_N_K _i+-Th;^E(#rɨذ׿@-}ZAz/G'uTG[admvV\I2hxȊv'??L@zK:/tNjU5eK.M{Ʈ.B8ZFBCH;o("{ZD۸\Fl!'͐P@etO W36'0K+N"l c3] W"sUW!DĻIYo&0[k*3  ƭZ?APL 98N# J 86ЍCU›ϧ<6 riR& E:p\r^`Sbs}D<4*3vk r!ǘ ffB3dh}T z"7dV4QLP3u{[ڣ)$~X^oGJrf`Zߦ(!cr%wK/A_plꊌ&>zx)JܒwDo X%D37m Gׯwyݕ:)8xP.-q_Ҭ7ed仼k`NJY\"ǚ^V\B X;s`Xz}%%}'e~GvBOУIe`ᣀ.ѩQn8QY/3()4RqkT,Q)sn MB+pL*1XүXt)Ǚg-̫Y2 Ʋ$z-gid_C۞F3%kV?HT 2 )%Fҍ{3aKO{ȯ$"1E? '.].? %b3N,iMbtm.29ZSZ"D9DՎXBd/|/ ikH"Ihw M~@DC*$Lc= &RɛϲoLA_jOa6sXnL"> ~tD6+ı#fbyW-(( uB.cE+F|鲮OyཁE|TurQ1?v1=,欓ĖJ2`LDϴڠ-u,DT2uN4 HVf RKkS >5ȿPr/rO%g5ہ &hz Htl3mـhbڌiʕS?.&glߎHs.E+SK^0犺j1+8ruMCj$˾º|`'H_YGLE0}ΘbNM ʙƲ~:oVyYK%嵗/7pT=ljzi9I' n-s5w;[~De3 EM\F#nJ\tQ٤݉)f¦$w0܋S84a @80 栧ϖFaܧY2u-'A+8D܌\wÓap[;-#%6s/ή ;k,GwpoK;-ͯ}YaI345;8JuM*ޟp|/e{k,t3ߺuGok%GS!4:iƌ9E zb Y凚2D(\~܃"1D*t)ƣ0rbrl_@qރE: wua͆v>69qӇ璿ǓY gy yxޱ5?a5kŃLsdY7pc1""(o6ʔcV /_$]Uc|4Yƕ>+4/g<ްg70!$ygD.8Q|B S¿6Oe]H)"(V˱,i.⼙C4i{IfmvYSp,Kݙ24HG+Nrb8ɥj޿$g $#`&wGb:!6JWV't=s>a1g>QF_SP_{J3Uy6T6t`/]Ked۽^YJnTM\l/ցIj{keE0BO M@_3N ͒coBX N/ܫ'KQp9WGj U;eP\FXM .u_V@?X=zC4]udMNt}d=S.]u%7bU Jc.hkc4O ,a,JWBlP/ lG?WD K,bD=Vr;%)If߮.E`!S-~1mpn ,qT-$J쟟VFz$a"vCc!9y=6ʥ'j6>A(1|{5x"el|iҡ¿ .23D4ZcYf18=٢L$ ;vtod=E"G`N/7,o}-tE6AK_Lc>F%pU䎞XmN>&kϖɆO L8j%(dL-MH6d=n+M#$wdb"."pX$oJA4Gkl =,Ӽ?VL+`&~Ó aCXs oYIP\hZW!+|C2kEVWDMse`VϙeV숾rpW}gv2;7B<w+nTx1K -l獔1[ ݆ asKB l_[)n̡Ě،nlq?TN^RJa{2 :xS O2(ZcnCxv0M?G鯩f!h0}?н5 Ý'y:@Os>m@ko:Jg|5m?e˻{U19o7CT1RIr&/!E] riI*|m?)O rpsWw~^(7IGš]rVOĎYG?‘Tm|n9xpZ쒷s5aD2bc}39,UJ:ewrUuP H}?FABAj@Cm^{ַ0>sa_ $hg$EP6j9F)x@MᅩGT|q:Pw} !<4N.YYFZAM]=ƚp?fo c'˞*S[Q[4YpZ#s$70[,iU4ƄH4SApw{ZIRy5VQ!ږ_JU'yv XwDe_;{W{f& a_t,86Zy~o.ˆ.wejS6P(!Z[MRUyj0ůuzz<fn(AN_ ome*uOti4P]Im VYSt}{N" a |?dh^@РOwK`2kTMK.-'3-Q1TPDՔ5;6d-3%2j(mf o"jl”sĘ"@8P~(9^'h%.RoS$ۢ's*>==b1󔗨90먺:@',KS_{TZ,=0i{ S{ͷ+FS")u)_R-b1c IU3Xʶ:~q)*ɚ;ml3q#畅fyLNaJ窗u&|֭LNXXezT|i2TV&$ʟDB}-^7܃IK1Ѳo'J ȿjM.ۥs^ëO_GJ[6wicÕݡ+F+U| c@3t׃_\DBX{hQ5w 6h|Itt׏>U&d3p#0k< tq߃R,AI;7KT&)o/,O2!^ ;/T w˖<8rIe-n6Z- !\8N'8=8K xA-Ff~2B`a4,3k@k٫ x̵eJl0=M+a:T(G4O鮩|Z zm-d|Zx|K7j̧f3QO$DvY1tQqxS6.zqӣܭvbi U2i|h~`{(`od,;3Xb"_qOt'hCY!a7K5fWOJYFEuYya?ɒzT(}e7!yZu q Ȥ-mP׾ieRSY̊('O1 52*^Z'x9"acv -u:绂4`UϢ L8.`Qh N08 GpՂ\ 8-@PsĈ5*tWv6^]Lx.sSr?;̇ Xwb|@Ϭ}U^"` rNfvlR.n@ttT~ri4Qvs: 'fW(6\7v#mR|,E2$U!GmO1})@.0nJWz/ Z}Ȫ9PҊ;$gL:$s)S9G!#ZOxъUt4ՅUH 6f7oWdxݵGľFW腈7_!]4 b^CI5_k{(f a/@։+/!p!'|י69f{)He\p-ONWxHVl. ن}(6[҆cAUX4D{@ޤia4 W~ܟʖR #QTO 4WJ:/532݋u"WvsOvSkW퓺6Яzi7PJ:es1(:V&_n” Fa'?I`ɸЅ/-^6KIysb}f8;$)%;QK"Ŕk}qaǓax:xGwHRt$%U;}EⰍG7 Z@ZF^wFJyiț;0 VAGƤ B)Wc BFG^{+FM{1笽Foω4 ʬvwA!iL!kqT~NJv5P뺡6I >FY-eU'k,snȦ%%pO]X[y~V,J[4$JPfD`i_+Rn@\@kiˮI# ek/%—3O7sJwr[H&'xؕQ Z%֚ŽNpnFvPߌݎl%EK|]#&cRPV@6]8Fuř9b̉X)~l#+½μ0˸]|)2ULF5?v[rfQH>7o/YW['37J D 5P狲!>4Κui sܞ;Pq+scOYª5-Z\ʲeA8J̸n*ҝI #[y@H&wt`g4jKDeC6Aw s͖ɞ'SYNT,O/ 4%3⨕9 p2#YRZ9rDS?6ӂC f-!u*Bv~51,T9(>\rmrFh7m,ҙ*ʲd`΢p>.΃DJtyv~YM_M'ܞ `@' R &f`vMd}qrVS .vEc* T}qġQ'ˡZьmQFpE_Ʉ}.zԼc2>% ,Qp?7Q x+ ԃXs=55ѣKKVBDAp>%++ @[Cvvy7ĮPCo[iL#a̪ت:! e}  H|ˏ(>}wkVw{0FLeH ,@sëWl$ߕ($jț7Vo_ӿ(G(*6"ol^jՃ7YED0\eᐡ^fBL ղGLPpwȝw" k`JI1bk&#`snzE)*R?߮q-s[Zp&|q` Ы-ؙ`]ƇJ)PK32p {6[0dFJ0l.C?b9 AEbUS\54&:|E译EWXk4dK5/-3Fq&:mA V; M$lqӤy%=e8gk:b0`]3ܽe81l 5EqC(Zy;) <]\"0QJq_WF>?\e8M2 +i쭶5WᦚGʴ(TW2#8$y p2c8٦# <~8ZQ]|sM |VJT3aL69܎EM؂=T@fQɄbeG1}o\"잘p(hZ%h4qj_^-3nWKqu^!wY+׸2VHbFR&yqLj2%`1 L%#%R8~о|^#L;fw *e+VH[rlF.$7ĢG.ɪAHFd zT**h&VY wƫK3t?">.+}NMKGb^ XDvO%]Q¥MȲNkl)qWxTTX;j^~,cJi;#BIFr{Rqm2b"ml:6=&j3Dj"ܘȱ?\~f2&E2+NnEl{n^]{Z/ \-$k'g`mnu#,j3MG#ݵw̞VȚY윁jH<@K|sO5ac7̷Z-Hr`4]9 s+itrξ^%'g !DHz=am.[%)ib,p#fCxzGdy1>_\O~kԱ|b4**G͞!lnR 3W`mSBOn;,K(m pę%'<1DJYKB᝹0d$!#Ŭ-9&'&{] mk K9uNǹ?ZSTr5V!l$Ş>A݈AW+TLpO_|⯃n{9 _.$%щ%":xx[\r&>\-%&47-4wЙɀ/_CKknF1*p"Wvc]Wکۏ[ur׉;%-! *\WOq)l<14Ov̤%#g& ׊6r}a7 ,4Pּb/Hzo#6'];֢+pgLF(*`dWFG-k4҈}sA4 ~Ib \XH驘o|j7`>/4Qt{RrǑXPd@g׷pP@+_w(us!J5/{Ihx0&,Xرbh@NDK]aїxW_BZU̖0i>ݓ\{'c Чgx~qQAQfAN;<礊Z/N3GB rD3B <{1J:y󭨪U幋0^1Bֹ͢~kE "M7\|BWKhpAeO&_`RkT~u@=B)y6KN$E(昈<=[4c SBRuᢦ*p4vhP_~L·X% \0Zej-X‹DAEDef :CĔ`K ƏJ%|dnP "Vׁ*~*`wQ$7K~MO5M\oj9z< j0 )nrd]UhNW[=YffD lPp7h "]cD[tr$4X'O:luv֝t.f NYơ ʅ&g7\͓IsSlYW H*$y~ˢ!kDi +̰p!ee%a(ȅؚ0s=rt0 vn6GG9 uԶ߰~81]< ˊfzt&{7#|8O4 <6dʛYNt,__u*帅`nP55ez95ڭptt5&q+ ˈy=3d"YUS6S~Uo ^|&>Px*h/Ǻ/[{J?G Z2﵌O:llMt˰|r+g@ l6֯ZL#L]P` 1#R{f@vFRtq`RDE4=*[fAcE2RVE hVWA@)2֌H`A)-5:F$eJj-ۻiB?"'.dp?-9Q1s<.M*签&]k}$%te%EPQP5L@qמW bXn:nA͢61:f-~Wgw~tfۛ_vJ͐E+\gLG]MSB۝1 8=>811,Դ><(%Xգ. 1?BfCaYc4Q=q`D[ΡJaV~S 4ؼٍQB9cwoP8RTk:i Ev5хp/NJrJ xT!'J+o.\>aSFlAaprXBE"'{sjelĵ_0R{p,0ai:{|„J2~O!x ;©+|pn}.i:0ٜTrcVaߩ24<~4rцzNxN#Z~Qya4O _2}ꍬ_f&4]'n!˕X^3֚WʊT6΍FӃfo08^Beflgb}`e1l+ Bڠ宾ЂLݷfc^[gɷCoxF}a=+-_IoG 6ST+srgS_vrPy&$ҏ0|׷ʼLGsHiA|Z1'YJ`4U_kB(SmQ) ꦩXE5p2Mug{73!@e[eH!U;5B3GxBEbYE "8'rp>Uػ?ztճ"@}0};jv>R-%C/|8 }ʞʒK:׬^n29g8-ȍۃhi8UuW!M\9Qly\ޙ=!nS)m";}<`J $dO|>V?+teNB/F;U~B>->?%FAPn+1񎻛XY+'ZZ9RQJ&RhVLKǒm nB'J,(\*ZT.Uf "`]M7w4q2BVapIoXGmx2_I%Mg\rh{s AkK#Q!J~>aɸ-{l'Xz'^TRQUKz)c` L/1_8U(ǍVEuD]J͓" ,s3(cod?jd $0N0jrw>jyU*1%uAXqwmvj{[%I!,9d{\x;%v)7硐9bR3k?V7?NZ+ߋ&K|K/0%Fof"j?eHH+Qʓ:D&֧ZS$֡Ȼ.(\߄J~mv"$ΐ_ =nmL7wqp^`L j,NmA2RU_iAų1оWwvQۯGH+:^t >žyBGktE˒]T(鯹[qceF ch9yk^HGߵR/ ` .$ׂ fޞ*x7s$^LjrSVeћa8.-ob(/,8*weN$@=آ6庝:wcV)cfr|W]#k5SbpzAJFJ`z>E|N9OŴ].˻CퟴAY||hWS[o$A4 ʺ P k*qY'3dA| dA`rҤqT CEا<換¢dهJ0G<2Mq8$)QF@{i2SC [74n=.:goQQq|z"5)8b,胕 R"J9 k_'2F[XαP7`*hooâɝ#lljq`NT`D'ia|16OeGzr譪_,TI<`~TÚ&'[o/߆)ޛ *D6B1rٻ`P_dY=\SB ÅgqTxt!'SODPWm}3"|蒼9-yxЂ&EPU_C+V7T`}rY2{{YVdµnO-ҫN\?$VV3:4Zci FE{B9+Z M]zmH: >:dOnOhTd/D\r! _6&.0b݈IZ=31 WE|mSiB(%YJ;3=vʆMY Iݽ<%YD ͓\ `U:>y>_]ToȔm ^+3kIwMY4)g,Q+i0O83PbU;T)Gn=vtN2C ˽>ꄒ&rn^Ѓ[3#M@]"k5-_*Yl;"]S#f@Py?e"{1aq Umh8mZ_X}9FH/[p?~Z)6BfLH-ͽ-}W~M ċ쫜O/nt7)usIufWZ65 d|I;Zav<3&oh BKB}bP;-b.yX !K}\DΧX"0kzxUv%jdnL5(.d#, Vh]ce]bie|F0 ~ȇIzxyml k"ތ>)-1eo&y^<(*  jL i;h SʍXfJ ,\],9HR*+}vep̵VkLΨ̼jSk𼁺c;)g'8#E}oK7!^>5[c^W"9UT25O-_yb2b {/-8V%eͤ{Qw弋X,HEPxe)4|ŐN)sP gHt\]*smW$Grr?jNGE;y)t$oCfJSXz"~x3-2c%^t'~kP̘f}w*4К[1TawNȞZE,SLʆ|(.#mMs_O2zHHץCkjk G6IuYχY,`‹ؤSM FGWww. / |?+nja>oET%}w j(y@)n5 b| ~ɲxay Ɨx.\1*o'EA.a ϦS/j9c^M)nU]gM&U2o.A M0(RH`K MR#^B;LH0 ``,0Ng~+]DYV,VVpIoHz9QZ˃M&3Xn /EsB2]4rBf?q|91gk} A ؚ{o!fP,x35q̅MhX!~{Y'%nԢ)mNCbnv1$~|[/)}:/j$C ?9ZM 0V FmBB#_o &dXw \\"~{M=;RcrLں1bE`e$|e#W#3/$Jԅ F]y+0pV8f揢K{߱YS; *A~"ZXװK;Vb ITʼJ$xXI24`eP 1rbc*\!c5hc( /Rz /PpXEvX*51O^Yl~feUȞANi ϫ%gszwF cސTtqGahaIR;NV-G-Mrd+D9Xa;%0$ Y8tp!(9,2z,r9ZZӸ7 L9 K?)VR7WP9? Lꡅ3Ot)}Lki՘k2rʮ$\H))mMPWm R?n5>͌,hR,el8tLC=~J.[%elV8"2{'EIvAy[/KovڐjmHVhoI{X4w0)mRa7.7MalGlh52LK1:20:SLe:ee^%v#ĢFX`bGJCT5{zh̡p4Ւ*Z)4ix JxD :cJk"lIVqFޕ<*ni2Y",y+SllfDbҫEpɐ"*uJq7Jv-Q`O]>UsyRd@gCPx-*>xNQ{ǁa Qh!iþߺ1`P -a Yj5ߗ9e8n7~PaiwK~1'{A֨BnDKT[ֳ1g 1.Jeuwy:tؠB'x1nYn]! 6HNs$5l-ndꡒC䡎盨_$fV oSKm u@]}(S<)U3 "ǡƉqP؁k1n J'mƌPԕȹ1JؾgȢIDTdܠG *Bph$\9"^W%ۏe*Pm\re veO^9yF˗GlE*'N*۝Xbp]Kܹ->gX8 1S_#esqBfV2\Wc=jt3!nhmdN>0] } 1Nv )U M(  fAثF\^û1Wd١T^~4̳ ^*vDxC/>#HrD#7Vn'f#X{>|3M OVC2g':gAqC(j$RW'#$`X"݀ˑ>i"Ӛ DwoC h͋*GT|(MO흪Ryq~xU &r>3Xp7*Pr^E=<픜ebu%ċ@u:fȜ޳Y!#eSNBynxhAH> ܶfP*2 ]Q@`CmX%PCw/; (Ou I *LH2/qKRNA*5*=Gafi{0yLhD_4aO㙒 jJeDd=X7i}\Gܘʃ+喀n(  _,b*_3o]&>fnA%9$(Fz@Pz̼UBܮOzۗqdS~c'I!gI6Z_kh=T l3@''^R.m5[gW䛋d#QCo䧷p؍g6xYPAWhK &a@mZ cQŜ*uSugdN]lrSP Ӻ}9JT dz'[$Jh5.xju#dɤ})8U!ec7u#oiŝN&nZ˂zVnqJyI PH5 Ga\ ݞR"6 A!aIGPtGG0D:*R/JY`іs]yE88B}{_кsvw>xl4%1>l?W7vE&iHg3G|$=49DW\y~uVVG3'N#O@xrZ4e I#)D }C,*0k_ BDwj\!^lX:Uހ@/my+uTRm/K,\=*EG `=d*zMGցb.t.̯wC*iBR$S ؝`$~2gv-bJEy紑YG(9itbMM UyH9uʼm!o>ih^䝨[0&>ҰƋE}%4v?;,h\J%Q?1s;HkKny[(N{=ʮѹX)H܌J;<BÈF-3}e(b]+շ8 Pڔ}%. 7PZ3uSk 7f4&,5PsI?'r ]z*3!":/+yu3 1{Il~uѶ^RžN!$n=#%1䕒tC>Rfvz&ĢRIH)WVDmRׁqt;Ili,/GێkMH}T;j6>G!>HûRz@BdT3Zlv*w !bȃ 8l YZ