sssd-ldap-1.16.0-19.el7_5.5>t  DH`p[;8$ƨ6 /H(;Lh>MW[8a,BS+;"*)b]RKOwC,L: oPl|+ߏ " X$a=U |hK莫HDMGs.f?Kqm\R#/=q8Hc L^KwII_D̝tm@]4Я_k I=ԡL&LBԈ3Pms8,^ț"$3:XEj^R76Qh5bI:`F P٢@%^$w ;C2U-U%05G~) l% OBS|zFFٝ+Gg;ԸXx>;?d   < &CIPp    x 0d444 '4   ( 8 9:p;G\H|IќXѬYѸ\]^sb4defltu<v\wxy(/Csssd-ldap1.16.019.el7_5.5The LDAP back end of the SSSDProvides the LDAP back end that the SSSD can utilize to fetch identity data from and authenticate against an LDAP server.[3x86-01.bsys.centos.orgsCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64\KQL|NB^A큤[3[3Y [3[3[3[3[31967829fba564e4039a6c6820b5c79b5b9e2e24c0fb0578cd28949298126be9e8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903857b9cc9c07ea8cda3db069899d4e35aa46aa0cca4636277c003c99a43f1d81fc2b4a69e78168f9f7623787db4dea2041b9f6d3b62809115b229f13142467cb96e59fc0a34b602d154562666c77a370609ce364c1328ec3c950e014ed29a0891df87ff11c4989241ec65889a5def6503aef3691d7f93e79193077cc41d0808dff9b10a69a41d3b608bea5b0fb33ecbbfc906169689b2a5ebe02300023142c7b6rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.16.0-19.el7_5.5.src.rpmlibsss_ldap.so()(64bit)sssd-ldapsssd-ldap(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libcom_err.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpthread.so.0()(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonsssd-krb5-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.16.0-19.el7_5.51.16.0-19.el7_5.55.2-1sssd1.10.0-8.beta24.11.3[[Z@Z@ZZ_@Z_@Z@ZyZhu@Z3@Z2gZ.s@Z*~Z'Z!D@ZZ@Z Z @Z7ZNYZ@Y@YYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.16.0-19.5Fabiano Fidêncio - 1.16.0-19.4Fabiano Fidêncio - 1.16.0-19.3Fabiano Fidêncio - 1.16.0-19.2Fabiano Fidêncio - 1.16.0-19.1Fabiano Fidêncio - 1.16.0-19Fabiano Fidêncio - 1.16.0-18Fabiano Fidêncio - 1.16.0-17Fabiano Fidêncio - 1.16.0-16Fabiano Fidêncio - 1.16.0-15Fabiano Fidêncio - 1.16.0-14Fabiano Fidêncio - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Fabiano Fidêncio - 1.16.0-11Fabiano Fidêncio - 1.16.0-10Fabiano Fidêncio - 1.16.0-9Fabiano Fidêncio - 1.16.0-8Fabiano Fidêncio - 1.16.0-7Fabiano Fidêncio - 1.16.0-6Fabiano Fidêncio - 1.16.0-5Fabiano Fidêncio - 1.16.0-4Fabiano Fidêncio - 1.16.0-3Fabiano Fidêncio - 1.16.0-2Fabiano Fidêncio - 1.16.0-1Jakub Hrozek - 1.15.2-51Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1583746 - The SSSD IPA provider allocates information about external groups on a long lived memory context, causing memory growth of the sssd_be process [rhel-7.5.z]- Resolves: rhbz#1580281 - Samba can not register sss idmap module because it's using an outdated SMB_IDMAP_INTERFACE_VERSION [rhel-7.5.z]- Resolves: rhbz#1579780 - After updating to RHEL 7.5 failing to clear the sssd cache [rhel-7.5.z]- Resolves: rhbz#1579703 - crash in nss_protocol_fill_netgrent. sssd_nss[19234]: segfault at 80 ip 000055612688c2a0 sp 00007ffddf9b9cd0 error 4 in sssd_nss[55612687e000+39000] [rhel-7.5.z]- Resolves: rhbz#1570527 - memory management issue in the sssd_nss_ex interface can cause the ns-slapd process on IPA server to crash [rhel-7.5.z]- Related: rhbzrhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1543348 - sssd_be consumes more memory on RHEL 7.4 systems. - Resolves: rhbz#1544943 - sssd goes offline when renewing expired ticket- Resolves: rhbz#1523282 - sssd used wrong search base with wrong AD server- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Related: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7]- Resolves: rhbz#1517971 - AD Domain goes offline immediately during subdomain initialization - IPA AD Trust - Related: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Related: rhbz#1327705 - [RFE] Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1527149 - AD provider - AD BUILTIN groups are cached with gidNumber = 0 - Related: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1525644 - dbus-send unable to find user by CAC cert- Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card- Resolves: rhbz#1512027 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend- Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Resolves: rhbz#1523010 - IPA user able to authenticate with revoked cert on smart card - Resolves: rhbz#1520984 - getent output is not showing home directory for IPA AD trusted user - Related: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1421194 - SSSD doesn't use AD global catalog for gidnumber lookup, resulting in unacceptable delay for large forests- Resolves: rhbz#1482231 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: rhbz#1512508 - SSSD fails to fetch group information after switching IPA client to a non-default view- Resolves: rhbz#1490120 - SSSD complaining about corrupted mmap cache and logging error in /var/log/messages and /var/log/sssd/sssd_nss.log- Resolves: rhbz#1272214 - [RFE] Create a local per system report about who can access that IDM client (attestation) - Resolves: rhbz#1482555 - sysdb index improvements - missing ghost attribute indexing, unneeded objectclass index etc.. - Resolves: rhbz#888739 - Enumerating large number of users makes sssd_be hog the cpu for a long time. - Resolves: rhbz#1373547 - SSSD performance issue with malloc and brk calls - Resolves: rhbz#1472255 - Improve SSSD performance in the 7.5 release- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1432010 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Related: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available- Resolves: rhbz#1507614 - Improve Smartcard integration if multiple certificates or multiple mapped identities are available - Related: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1408294 - SSSD authentication fails when two IPA accounts share an email address without a clear way to debug the problem - Resolves: rhbz#1502686 - crash - /usr/libexec/sssd/sssd_nss in nss_setnetgrent_timeout- Related: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Related: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1473571 - ipa-extdom-extop plugin can exhaust DS worker threads- Resolves: rhbz#1484376 - [RFE] Add a configuration option to SSSD to disable the memory cache - Resolves: rhbz#1327705 - Automatic creation of user private groups on RHEL clients joined to AD via sssd [RHEL 7] - Resolves: rhbz#1505277 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss - Resolves: rhbz#1462343 - document information on why SSSD does not use host-based security filtering when processing AD GPOs - Resolves: rhbz#1498734 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules - Resolves: rhbz#1400614 - [RFE] sssd should remember DNS sites from first search - Resolves: rhbz#1460724 - SYSLOG_IDENTIFIER is different - Resolves: rhbz#1459609 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds.- Resolves: rhbz#1469791 - Rebase SSSD to version 1.16+ - Resolves: rhbz#1132264 - Allow sssd to retrieve sudo rules of local users whose sudo rules stored in ldap server - Resolves: rhbz#1301740 - sssd can be marked offline if a trusted domain is not reachable - Resolves: rhbz#1399262 - Use TCP for kerberos with AD by default - Resolves: rhbz#1416150 - RFE: Log to syslog when sssd cannot contact servers, goes offline - Resolves: rhbz#1441908 - SELINUX: Use getseuserbyname to get IPA seuser - Resolves: rhbz#1454559 - python-sssdconfig doesn't parse hexadecimal debug _level, resulting in set_option(): /usr/lib/python2.7/site-packages/SSSDConfig/__init__.py killed by TypeError - Resolves: rhbz#1456968 - MAN: document that attribute 'provider' is not allowed in section 'secrets' - Resolves: rhbz#1460689 - KCM/secrets: Storing many secrets in a rapid succession segfaults the secrets responder - Resolves: rhbz#1464049 - Idle nss file descriptors should be closed - Resolves: rhbz#1468610 - sssd_be is utilizing more CPU during sudo rules refresh - Resolves: rhbz#1474711 - Querying the AD domain for external domain's ID can mark the AD domain offline - Resolves: rhbz#1479398 - samba shares with sssd authentication broken on 7.4 - Resolves: rhbz#1479983 - id root triggers an LDAP lookup - Resolves: rhbz#1489895 - Issues with certificate mapping rules - Resolves: rhbz#1490501 - sssd incorrectly checks 'try_inotify' thinking it is the wrong section - Resolves: rhbz#1490913 - MAN: Document that full_name_format must be set if the output of trusted domains user resolution should be shortnames only - Resolves: rhbz#1499659 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.5] - Resolves: rhbz#1461899 - Loading enterprise principals doesn't work with a primed cache - Resolves: rhbz#1482674 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: rhbz#1486053 - Accessing IdM kerberos ticket fails while id mapping is applied - Resolves: rhbz#1486786 - sssd going in offline mode due to sudo search filter. - Resolves: rhbz#1500087 - SSSD creates bad override search filter due to AD Trust object with parenthesis - Resolves: rhbz#1502713 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) - Resolves: rhbz#1461462 - sssd_client: add mutex protected call to the PAC responder - Resolves: rhbz#1489666 - Combination sssd-ad and postfix recieve incorrect mail with asterisks or spaces - Resolves: rhbz#1525052 - sssd_krb5_localauth_plugin fails to fallback to otheri localname rules- Require the 7.5 libldb version which broke ABI - Related: rhbz#1469791 - Rebase SSSD to version 1.16+- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)deesfruk1.16.0-19.el7_5.51.16.0-19.el7_5.5libsss_ldap.sosssd-ldap-1.16.0COPYINGsssd-ldap.5.gzsssd-ldap.5.gzsssd-ldap.5.gzsssd-ldap.5.gzsssd-ldap.5.gz/usr/lib64/sssd//usr/share/licenses//usr/share/licenses/sssd-ldap-1.16.0//usr/share/man/de/man5//usr/share/man/es/man5//usr/share/man/fr/man5//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericcpioxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=534130fd76922b98f0fea02e2c143e85b14afb67, strippeddirectoryASCII texttroff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text, with very long lines (gzip compressed data, from Unix, max compression)/PR,RRR)R%R#R&RRRRRR RRRRRRR*R R R+RR!R"R'RR(RRRRRRRRR$R RR R RRRR0?P7zXZ !#,[] b2u y-iSqX*|Ӕcs(;INa^jQd>V/:"8]O_ù$k:0y?, Xӂƙԩ Nzc`iXya0u6^[٫ws{a<0Q\:9SrBaRژx;(&pv!;O =&CFU%!釵G:cWUHvz8Thb#شS zR"X'ϯ%D}S[A#`Lh: 7jPxL /)2E)=}W%^Lq+Witl%!;lVfW^גp7]06@*fPce }}<)C1xp+'\v[jdLc@K90u$nI1ĔwO"DW`J= z ޸^#)AWHp7M (I}"FUz3fqu|_Nb`C r+s!"| xɬaXDw Ӊ_ JiF.`D߽/#M'?79uiufोTGQ)egO@U kV`qNqkHdlcpˉըwG;ޅ*xscЧll}g]~2ѴYckh\Pi͙@fcvd,re?O 0z` hu`)$ďàC=HiF X6$f0޼ZKVzƭ&,(hxnumox=5Py;.{BNQᦄ(Beg!-,#J<eq®_l&d_l 5hF'f`XWj`QhvTm oIeb uj.Osldl -y:e.HUOL#4_,b`u%Ɗxe;N0Hm;͙XvGRYu%;aq]F>=+`C'Sb3% 㣛"F钪d(RX%ILw.;4C˽TèOjGFMIpR5fEqȳn"z}SX)7ŵj7EY2@eeKbKm}L79pg'XՔX!%NɅ (dnV L >. K >ٟ듊SĖ̇i"sq_GhG I< j4-cο: wK` 5Z[E$.]WcQa0K5RCk[ G8Tü{ }ua۵g_h yqi#&5bǵ<]$.O S- 8?{oN#Q]pM\,h)#43Clӷ1h:Ņt+kѿUJrsZ+9iy|=$$e~dIQpe Tnɂ0׃$ȴ_| 34LkcYV†f'{[&*Oݬ&‡!Y'-vMfepμ~ER|C!yQJ†>ږNCo(4 wS^i_֏?@Oɡ+!)ىӠ>N@ oVŵ~jY[ X2C}mӹZ_Zл<ג3a Jp$n:WHtJ?ÂߚgLpgz_pg|>?\ubfMX(}sKm]a2Č3c^ 젂nlH(sD QyԐ}i>y.pJ멧O(+ <4?~}/ ύiMn(4^ cNMʒM `3]pxjN˶ ,Q9Z+>}wk'JKk3'J8Ɏ|?Hi>WT7\mR$X!bc>}&vWg p-_L`OWr(ȺL=^W>,X3~Z|hI_sQH /c#Ss!hK1d6:: țQj`ؔP~$毸ͨ2KtCWxR5ݐėk\,R78e"'vN vHȦZIf9ˋH_=41&;)=+(qsFb,`|3CrtI>L4a<+*bQ N-{ffH mQiR_Y5ia]_ϪDiB4鉼Rʭrpv59>c$3C13h|r]K N0El~¯h).Y P vRxhȞnm툝FN_K&f i@"#/};zpovC8%}ՈgGM:~HV >5٫ t#m)CL^gZPg oFj0  C˪~ "JS_4Tj B D +9TuxY WhW"0/?ͬr*z: nt6pb1DNͩ;x9ϞJeOy---C>'dINa'in%gjh?Ij%d>;c޻J;ڈ՚ԓ2<5P{8а"A3E4(w Z5Qu,3LO4V>PT~޴p ,;f7 ܅n Jg҇6ejxrZ[;A@s tM w$D=JHK7^L b@@TxEp, 6mxtEbYϬSL:x&,BM#xZ3I(=Pdho GU]iO~]c l^d9CrpJva hSD=r.Jn{ɷ y*b-.i:_M7h"Exb'~nS_ѠhIqE3`o>T ^,>/g}U56 rH.]Pg}њ2`8&jiUNpmذgѶzw썁z4>!&ug$+4 9?7 , Op#*ID@(%XTLI5S(HG9K弩d+)kG1ng*4̴X@7-Rےsb;0R>6`[!mY7_8U5d$6X]0#m.[>Kg5Z_?}7T0 pC<S|hʔB~I۞r[$Z/wfVj*y({m@Մ lBNRf̆9 cYVwhMbioqP-WIy8 `L<@2XG/YŰ'lLYMbIĒjݕV48η]N=13ÛkF{rJ>Pnٟ:y!CnZY̯xC}]ϗQ,?5p|ZۻÎp82MJﲫ̥aTH ]q:y|Ux\h/:AQ1'YޟPŊH9h˖ :p>+vN4 (QۿFD绊pЂzu;^pu;yKsyT"dr5.}w/]T姀UkdqWk|BV}x؇J̜:MK?OѧV#hԠ2ʿ>= 9*-.A)E'=Šui#7Ӵ;5Oe_"ݞq&+moIXѓwu57qO+ٴ>{VVYOB,BnD}S-<ٷlAB5xVhy bTt5fSd =0~6T[BQ1zF#/OJ>$!O]r%XnAP00)1\W:v@sMXո@&7xɣ ~=CDgЙY!'&<3ib7W/ q~|4$ Q&].?"ߡ0sy81iBS>NO hAd64M?#I_X%@4k2љX'n6MqqÈD-/E5_5/QM\c\r$N(>= {õSʠ@OMZ܍r~m6у_ A (/"#x{[`C-Tąm#>&L.3- mis`' kп*Í%9>pE.[c3b_(h$Ŵ1GM=^7^;{W'Z)sّzVWtW*O}ƶG]G(o[HsE[rk-E //&{(.c4<Pͺ՘{`U3+kX2'vd0[//O+cI=ʵO"X18o.COJ9̈́mXeهY4aK/L&5paZش\v9S,Cfܚ@t$l`CU.h?iOA*qa <0*+= B&A%kх wUUGI8p\]8-B%%lr[O qcu=JrZ} '*n2𲷂Z4܉[pԃ;wޕc!;.q%K-KL]^6vraA-yĥј׾,>:=݋ׁ)nT𢻯'9 $ Џ9a QQ[x;ge u𽠉Qjd4Xq> *;ܠلS%@;_2D%ߨB`ܒP XNt]?LQ7&EZww9~urZgVc9u4=3>"߁ 38e5Aśt?2iȕB񰜬usYHlh_4B#YG@ XJȯWŒNɒ\b)*G:.{j%=Tis#? ? LU5`gϏhu&; @87ry㾤B8ζ6C0.XdTLnީ곛7'Cє)midQ٠22oN2U j?aZ+빴G=CjUP¾57rL[ \\N7>(>_QIAN-\3x&!CxFAy2ZQ9EqL^5!5L^zg;nLm:yՎ @ (<N W\Μ+Vʚx҃3`fE"_'@@q`N/!ċ&yrn!4%$IGIՒvÔ؉+2;*iO9>>gYW^V^]o6nS{|~Dͦ]o}N ;-V/Q8jkUZ1fx*X",8GYyŠҙ:דO`a-N@2nhJ}FA2܆ދS0器z{er]L95*+k}ǝ& ~ iЂ5ނxQ/MX!.`6MЂ$3hA 4__7Y7"I̬"A1gNܳu>wixb\{ .6\YX0~>\NeCXy8ht]. 1khA9'<.9'Ҏ_.kQ 4åzh}E-` צwzz?97ުݞI^Dݲ<7X0L>9z2`M6ֿJ)_ ڪ"[VR {T0 [mBd cb_{s6y8k^{:\ P.[DdzJ*\ qY9: w(YUNt 'sNOKv5~,-/[omXS3@x+eZ8 a+2\ rCio,(яm+A ZM_MW[<Nwsmm.d DmOp|ȶ;o zKld-YqXʰ蓠*}~%c"tQŗ؍!j ϭ뛶4TrCYܖ;v;I|cÜPLSs0;[s3 {s?1v'\DO2XN\;kt*pr[N9vÏ\L DHfu~=Ex}!D%,# e/%~fd Xfh7H(Peq#tFeᘛprIJuf_HYbp@61ya3iӊ}ijkUB>/(mvji8rȸ'cxl#v6SOsK;I~M~J) t; *Sי G, uw=,n~C.Ƅ/<͂ӆ rW{oM r5+{mf>Đ9E7k> ®KC1Bn ؁0_V = mFwmWlLMJnTuĻx>,&- S̢ zX]gN ^~S =EO6]b 9!8LW8WS52jҠ)9\^% ()fUω4j:ゝ_`\,c+ 9IT=",3iʅ~+m77 n={y\(>?s:⽘)J`Uqm+Q,sn4 պ須Z ;*hvqfT^A d[amvV U֛c&NUҼQZaOT;oo g%Yl0k‘Z?lzkZh)PWn31bHA}]D27˳zC<: x(u |CAg}}SY.U1,,Z7`*rD?U[hk}C6y3HTH%fM&q7 ]% 2Oi/ ;.V̚ YO.} ? _Rz8 Y>TV!de^6"8Zŵ=1UoǓG ?C}A'y WbckDz!;(/e*Q7rcik,@^n.zû&]n1?^x5ҰL- m-蛾+Lapt55P&u#ݱOZQ#y?ɫr"\BL# ͍h C[8Kfh ю:S͚!]Wm4W4.޻ZVUS>ĵ˺j-iHkvWV+GeE]z TNwrXŒ=UG`3RKkF0t6UB2_^h\,_,iu_%ޑN&tk$Y8ڮnjmc92$ZNN ۍxįͺc.4 +*- "+jsjV0X1'6^10@gT^. BqsF.qݪHMcX9z]XjĚ^u J1m@Xjs9lD^0,zPpdZ&_2Q# ҂;I!"ƭX'¿џxd!ѫוV883WhO:uq7(qe1T/ΰG۴󇡮^o3p;&OA`fxX[ooO3֎ XشBzGVB-6UzKeqK-Ҏʼnat[VxdsQwf29@SGj'D1FG^a+U"_j/9B|0o@w)׾K﷿vR §,>W_v6Nc (,*;_P'}e%yPc=y[B| Az3~ۘ0_U9 Jv^B?;$F4!FNpj'uI$a $<p9F6jk%d|n(9ԛZbWqz[ =k/!>~ĞuA[(:՟u.G*bRWiV0d 1P%T Wӥ!HEBm;gi<{R$|CY^ןH]Im#>- JTQ40EjzƘAjdnjLOX:۔GԻAY% φϗܿ_MI]ʃ_-oI~#GS=Z-K9c4"F\m g;x}vDdB. ~w%(KyņPAXق8/(\ ÅԹR1$=ɁKT:kr;:*M3Tޙ=HE8eTMN%dB"Uy0Tr3㢤l8RR^i5 >-i;S4;%%(?*~ƃh]TɸP5ӆŹ5h~lwa?7VQ2:tjO!t2Uw)ks=vqn tLFFVv3r25\1Q 9ҩUfR鞟 l [";.oqOZY B6$Soqwҍ hzМ$%Ɔʧv1̶=HGw :"biܼaYhb^ N{"h &Q2 5;N"AbH^cxT#7mGx..V#͍I|όA9_JՆ6wqS8nhFҭQJ?O{ONPLT_x_@HBhuA׏j:o bnx>u+|M <aqЎVk%V 8 lߊ+n8N4wNc*\ ZWYMḊ?}R$Mޖsqn*m1}ӄ-\r0^tE;nLr}Rv4YjQ %70}'8GKpl> [*ʛA_ a ;> MVwV&;iO8mͨCr})% $$ޔJsu%@;Nf^#7*X+?yh>EU@w >b!(T.08pN8o;ߥ~,N0R.YK<z5Ed 4Oض#tSl]f1Ff\rD^P]BlgMgBH\*?ir<$Kۜ* 㿺nR?]2imA".iUnOgIDW\JO鱱5ɼnّIw>h:ʨ OaqtfLa"_EIn,Zbզ^Ir%'@Vn n٬۽N˨PF>S8Odq#ɡ:ML? \E) BWUP_G۴:UyRQ,:dY>4xSѧAT[]:oN?R`U3tW?.ҫc'bVt=vjwgrݐ4>LÐI (;KIWd9I?WP}wP%GJ~]KzG+0`<P4a1)lp {?"Z]~ .MaqNJ%;-M`)4-p1Č啊pɸ43ݕ݂NQVVs&8H"|sLa K7ϬCL<)ME#? L c3!7sGWeZxQJ_M1x(؅ѐxXPFN1_;E =o4 uBn:a+_K'XFsteZ9'0Ktt=u&j'j,!֧=T6EQ@N~V3_<)?뵿>No lqj%+}ҵ# @(ᄢ/ӥ Y.V6b>sթ7ynA{J2;UZ"l n$ᓪg€ >\e$up.$~21Jjo$H/H~׊K>yóMN |1vu{]@V\ctZ]3 S? k6h[0Uy8Lq#vKL|z!6 d;sݚ=E"n;E+h Mz]03%HZe*$|  PHoY:rT+WA}LnHA{)8o$R=w tͼz cKvϓp(^*8Obu;^<_=r#!`3|فY|Ju\F"~Euxp$qZk~f6FEH6:7ɓ{ޥ ƜW9X{lq)K I?"=QpNV)؇">ssD%Ծ.2瑍J:J\1vАLVݏ G+cS1j&ۨo݂,V'`TEg7NF򕣲9~93"jb;˓Sk)✪΋f̨}XףܙНb eZ\ϺEVFRlamƑhp:mGFzѣ}dJ!Xk_qѹ7Xsi)#McŐD]8A=گu1z.>;gv^;ɲ jŒ;3rR/.yt'QYLQ杇cN\lk.,FwmZ O|}(ڼ#T%%su y]RjS,oyӤڂJ6;&W W2 ٤uo;=V ͌ɶ/@#ý;H1or,Ήa ֍A(T r}0 J {T.l%Wj&6}-]<';̌.^C2(er;:@`s,e»NZ _(}eI\=01دTlf^X!ZyhQl b(9#Ԏ^D)HȻ9fNKqmb9_V!'T6lZED6<,Z󭾈GQL`4tT˥xдPcx5X/S538@$8e`J8d.Q uxa\XBP% s 4']!Z+ 89 gTMT.p#Pj JG/PP{QkvT}$KԜdՈR!J*0R^CjGOeo;,5 ׈Q}# 7>4M;z VM^?g{H#ő(!ρEo0ƀm/y"”iߖJ^Ω~wgtW\\ǗB %ddX캒۝qL6(斯gHdʓ@G7`$y`ʹBXb\a!FoJ2J3wrd[(PњkHk߫Nÿ{^ "lg^#36 }x~fGM<5G̡ T@e07P|ָ |"_pYPքj!A. EF=ք[ @_O1(|ig F [O\/]X[h4F^ֵ1lyn*;*s乜$ %EOq!S&y{ [mSm*a%Am>xGƬkJ O';Am|2椤y&Α; IE**Bն~O@aLޞ+iQFƬy5bZ(01 7edvQeӔL=p,iR~B1^cbO^6,wdEpxN9)l$(Gs,Kp.c[&b3sjj0k$e =m `_gQ !>Rp-]=⸑ \~G7?y^S90C.'ۦH9c^Zm@# Fχ&۟.)A0}PwK!X11E5؊0#Y(P,e 9Ѽ-aw@e>0A'[0uC.Y B$' ,{%-0()_#p/KA!s 2]uj\QHKľ8v  1a 1T*m.=%=j$U=jl^|s-IaIwQ'ۗ4xvH nlQvſe4lߣ%eo_Y _:25kljxtΓ-G|IoC%kw:j< 6D=&7º j@oHUۨRH .2$rO`DKZs*0"=sGKl ӟ"kv}yMhh |}+?(Y5܃I;pIEƒ(/.aXoŨˈGhN"3zҒC9["N:Vs:u9.sSvH_kVg$ ?uc b_Lt1Dލ@N^UP+K[>uYps<]vsNHE8cbx0:$2B8GTlOA:ke,->L 2k#UxJ]z(jsku_ 4ޡQoW MܦiJΫ!dM_V&>N/k_deХM|53YЊPU؀K?F. '9%y^5ő<6z_Q45bJ?_5 Ȋ!| T̨O`a@mU{ħׅ&`~&zZ- pӱ't՛K0 ;3S /~)Jr^/[}fF3b?6* όFa2 =?w")<,Fr&\t͕\{U}77ts[*Og%"˪akB'j~o?Q϶6gR0&Ncb.}%"(EFտDXt|6_)0dTpK_8Eu鼼[;ނԕXC>qcG軾][T/_*7xq}o̤Ae_^Fw䤣ٚQ8SuV欜Rmi 41$%I~9hIHd=Jusu/B#4eh\W rdt_TrFluDs̃ l6QJ2c^i$ ^+oК+L]ݱ򌑀tCR_{ቱr'棁4wVj9]Ꮞ#Ep 6 Ʊĺr <^[a:vΤ>uny_Sg羟]&5pHO61XNQUa͞D~?2m~N>8܁ 29m}%AR:;a&㢴[P@?W%g%rvB*Z *XK58sfly=L1[|-uYQ\O8orp<5hubd6_' q7QKW.}Օq3.6L\sBviQ%|%p";cϢhq ʑgo; ,PW$YIM˾c|2g(kŮu1[.8@ T.1T=MʍasvwގmDU.LnrV.kFm l[T'RnƑ֑wN㑽R6TzSonƠ2D. bEj}@cgvuLQWt{>8ic95LêAvB DT~m+*c+Z 4ъڗK72p%B3;LSװ"{Bt {/ی/(Eޞpn}!ֻ!"kziau &0zU]Ef~K+'4,ܐ$h0L#kB&q`o⒇O /[buB/ }׿ P-sZhVm[`ɕwߕeu5=\Tryr#8W /އ Rߥ͈5WAF1w_AyRR GӦ@Wf 5+ޜ|P5wփ:X e46|jgO:8Rd>xفFI2ne>"x~K 6ݥ,-0F"6̡'oE#h'eFSlk/>p~ *0SX82$+lXszؘdx0yH E,n0h C;rG52=kT3<\ qZ{a;NE睫́D$ -F|seKIЂ#dp<=]E3#$̚JoX\5-^ަ7QHRt NK6!fM2026STͲ-e_^O8y6)>E ;3u McDy-T,/;w,2h@CI\, 9-^vǷTH]Gb;ѽM'Yu#]U =VEg5 qeJA뽻Ae.V"fX|v߲l*G ݪfɸ>\a)]GFX!ǧkFr=¶%_#òLJ)(0 4H,ϰpVO+ ݨ0nenwSyi̓1즣k$:@H4mX۵H fѠבl냔EGrGiR 9tA(6j-g_b "/ :'GjDj [?BV+zG#tn%9ɸ)ke(#-%y~~_3[P]`0qu K@~Na哣#VPIo.VZg"|I>R_ttTk2[e&(`ڙdYAysSR5w|YeGe[gzuZ)_!OSv,֟8\我=#T<9T#@`ƢȤۿm6Jfz;>eZEy|&LԞkܣsu^ac+݀u,EPGp[>wkb=̴8 2<͖׬ͭԲsQ~OZ #\aۂ|b(UW%=[Hi^LnpQvn"`P$Ju#_~Iׄ9w_PXc ;J: 86W5{6S>LHHpTW83O.CF`z#p|p&qDtTWH5(b`Ø.^jlZD;:őQ @xVy1CTxiOOsm|PV~a;c-g['ь_p@s"¼i]R Plm#=:E!/zy:bfGw>< F[ '#3חBBicU˜|_( d59xr+ R<`YZSu_BQ/MEy!}C5c\8z.3YǮZ;A"5ߒ<K!ˏ5qfŽ!9VT} <W$x`43G#}st΅!mnB9KG s?]C)ĵ .ւ"蝏'}Q^3-0@j*㦑r20n3,q:i>59@vsv_r'K"z@Xv5cfp@DmY@cwY~mڎzsȘS{e5{87StmZ"N=6L eՅ5.5|pOљJE ^R^,} w&x iff3[s=vp^;=,c3iKy< N i*3ȁ:6 MAv>/"n;>f7Tet 6]XLqrU0ަ:F-G1h1Vr:Chn{G۸?IU!4svBDݾbO$[QBhaDn M9jS(gɰg5P0C)uꑥ)9nV2R}FROP SaE,Q|d ;f\|9o֝=(6AK Qt°S Gր5N9w_pY M\DPW2-dd:+X#^i XI@>^xsJy]ϕ kT )\x +D4BT4;ۈ3hfQ4 VI*2+z-<*&9DS sO)Ǟ/q,S$&^XP޺~ܭ{|-^V:޻ya3:/6@āU5V`6(Us7/U ޻*qF [z*PT=DY9ZLg<$oh!k1_eo j(=CyԠfǤa{oM NcYTB c0ut9BA*7,헅a IHv̙X7~K3ةعwq5Ř I/ lPFT,_un`/̫l#HgL׮LMYl[ӭfQ+o|1_- zj ,9M2h\U`%8 ̨/@E+Jsڃ^),(4*q|R@H"%6y˫(wn)ݧ"f^Qˢ5j #ub@Fpc%y>\m"x+kKyZԟ c1@zL|68Aٌ݆K:?+PKn;8$my C5~貙l]^lw^8%w S wȩr)`jQQւ(PϜ!~7[ш9UQrs-&Kc3ƕRmSā[9q&@BȱS5h>k149h+ Iw5俜b xC|dqs w_D֒ĖU2v2J_wqQg|X0WB4-= %+䨨V˱s5̊]0nX]Xb+k/L`m6{M)M_K)q .1fAue :Z3Q 8l}6k? *-kŵq9^|Ps9+.± ?DEB#sS TtRRT^d:ЋO5ɀ: eQhm{)~~_*uXf}*/Qj'IB(D w! Dt{"NbĵFhmëv㻳57ǎϳS(Id;*o)m QՍp|?$Nr,'pu%uiɆQO}<'e;vQ 1qy ]8V 7z:d Cl<%Dq'o'zǷNA ݁|uN(϶A]~X p*d+Cb OG1ܥ84vו1۷_bìIޔy,b )lmv? ݯ*)H,WAb4n8}h+\Ч}G*rm}")*W`ǎ;PROY{4zd LK޴N,xtLDQ;.b Am/{-Z.O.(Za$Y)UXǼW'F{] nH>j>7=sFbGP+&sZ1L\.¤p;.Cqs܍5-@t"g|"eŧy1F,@4{xgUHf?J|IVqEN\. U㴑e4#s |H: pw"uve[nO*Q꘺%WU`kɋR`JI!ߣv #Dwxc9-{0O3JZV}>E/P{ɻٶt$"| eu]ZOiB :6>ޡ&0Q?%>"$4rK~uh y*BAJj)HH`1 hGzt[3PP# %Ep9!E2C+|Ǖ׆o`&vN.kv Y{wgU#Y"łF,F  t4=)cVL=)QZ^9gA lrnYM. ryᷫGݿKbBBCJgce] ?)`}N3Ǭ&Hd < z\8ŷ^>xG=<[ e-^2%2HPbQЈ+dZm<`!e>@P>;++eּ6Q{Tx 9e8&h*pŮ'hH}8e*SC W+#%26yRX כ~=8u x|X31Jq{&{g:U4p3䪸&as :)*I+>83Cxa& MR~QzE3h7*G,`JҺ1t6?ynz,}rV$HGgRdobt&j>YOh~$C7zHbKއ\%Ri,/}j5He,s:Ppyg4e(r3`b[+BELX`:2!zcP|~Qх."3[UdTY[Cq N5is1RuěaD=M>0S#EH_9O]ti) ͷq]{9k8=haJ|D) ߬Vp 7eokDcW {XmtH?.0$;!*o2&d\ZFO 6$ )ka < *N6TZqs N{$NF~Աyl!AVb6yt9./ڔ >Hf$Nxg (bG.tDXGL\$lzo;u&RpXB&,\'rS 㢄.`{ SJ1xEђ]8=͹N!s-]ETbi M6J_>1NWxv&.oQgΰ=‡R)DyTQt %]%-1f= |S8xpSTbepѭY& fbfO}8;x޿+k1'-4]iں́{] r4'3~ w;K{bFfq% |Ѽ@}\*bF[#|GF$fpD,q_[{#MeĝOÝ P, Xfm gg'uJ-J, +M+l?5VʆjqKͽZ-Ź*gh\Ǻ6^2(k.=}b8w" d{>B];#!SdO暧63PhL: >$ у!Bw6Gܾv*ʔSߍ~\sc~8SPK}T\8-XlCBg{Oҥu}(BYd[kjq5og}v LNY |Op'dnLBs`Y Y6h_㱳sӡX^ښce@]tF,7im]z+7UO25mlg$Ƿ68YxﲞۉC_FU&/ )s!F4TƄ0 Q$(dDz8L"#T2E\n%Yp+;UU-JpFtU]RlsXg E4"KCۆ,˄L/z ˌH% sr8rD7{ۡ'dʇ `md)&"_ۘ,;Ƒ?[:NJJ9l# 1$͗CՉ-WQ(젚?anFuVS6"ٽrg8hhƍyIbֲ/uyvd? Ezͮo==[?5bH\3o 3Fw#=}"x{cKΈ{՚+Cy y\ t.Og eK,]_:193`g  ;&A؂he!~`xh|I)- ?IKb~P+'[vwѥj0yyn]P^Uo ?>_64ZZK DZg"8Mǂd'7u6}oŻVc VYl"|u؉LT~]8 |HBԊFNI U6/}}w_4C7uY>&qN%iӒUiJV&"=@c .A 8`D %+#y9_Gޙ7bM-^oz<4|;#&e^$~Vw 3^0uBv^" L{KnLm=y4La ,OeNq3*3\q.Gɉu sWUڸ5IʅI`„qK6[d"~ou֗R,ad0#RDI{cTs{}CQ8/xYLs"B7s(3;U7;`(q5xW4Ih6~ex}+̏b6v"}͑yP~֙7{批9ic.g _ ݣt/hM"S|"Sq37>V3׷AtQTs 5H cIa *7 &A檳5s * t>TF=rF k'e{7y2W_L +7PWsHY)$=o"sſnj .K]MWe%Sx¸(21fKm/bD1xVgz O:bv*(gHCR F?BHNOC([yt 8t jΌПj݁mDek O@\r:-_\.3Ԯ 쇁^t-MVL+ڟpoxP5 "[ze*? 23LDx& 6C^ IK)IW-kJnb3Ze3\;}:v` ԧ2u/SpK| >"7׈Z䵈Ȱ˥E V9Nbvdq6k>Fa U۲-ΓO[B,(2 ]Ճ:@AU\T^5s{_(FHEѽ $d%z՟sZ㋝94{34P [XS(HC(WZCu18AuN ;L=-(E&Y<|i]f=R5gDOA{@Hwd:_BuRZ0dJe), ;d"C+EiYIÏiGJgA f T6چj~ T$w, J01^\6avR:ew4vy/vJ/CĢԢZn,>2)=Ga R PAstd=+o|%I,K|OX+gTO7`ʵ{Ytk_T`YJFWx#ip7gVLG,(JiR6 毥M,L2"1[F[uW^?%AI~F8//DI^0DW˺Gڽ*!Рz>L"KV9+ !XI b61a"+0Y~=0U/q9CX0:+|P8U)vҡhΐDؿp/}0O`1NA\~9Kϛƞ(xIgEQݎ >Ylj1! ` Uv:K_Tppœ=TUx/O7Q=K&hM3V S?[vsmqyoeS9|RWW 4X[&E DYr-`WۓvV?վ4UZEl"[!l7jjTsyAENhe"D$7O@]]KaD:ory0R…bUuPV Ċ` 7N3g< l}v~|m}H.D:7DN{_ 2P 2&mBl'= ~OE/^'HiO#$ⵂెB[ͯ7D/^S= _K\⽾M,N$GxE2?"ƴ1TB NJY_ِ -WZ!-PmruF(ur nFI `gYdiTu@垜0(ыxbjڪBd@{4YxG+?Ktl}|!1[7Sey2 kA雁9}ó = ٢D4印oꛚ@`rtw5>7eՌu?ƓJo KprʒxuԌ\[]%8XWio)/oBl=3F(}r2\HRI13Ո98 `]%jlmVk6*9).Q}{G>Mx )D'k'8rۘ<]5ZlBu08 ?VF.]){\H2U=n֟T0^/ y}!A+j#ŝy=nԏY["MW(8Qg0iDliIp<[" NC}qєFr6mPg?`YڼnuTtYPx^*Eϐ2n);d3I~|2]4OpKw*zE7V(<˻z0fvt/J7j)! \ob/xp{qڴ]A]r} 3Wy~!;@t,%d"8FZN+F+ Ao!'x ǪOE A+6 |X5ZQe: a?~CUZ1] l<ƓcS s$tƙ@]k*TwU0UN(&^h1 GToNHL-`>(%׎G9!&:?KN*A%88k5B{ownLHɰ. jJaeOҹ-qO.p0ⱝBU}!MO^`y6!Tj<%߱>^L©t?bv 'aR)f4[KC{EٴxvӐ睊]\#oBn¹1hkT&ڊRm4~crnQ6ϸ3v{;T6Ǩ潅/vs>/ctOSd?[ώcwGNdޚ>cՖ0CVЕPxӊaKG$ un@Ti !37qh:)u=iT ql3Rԋ AAɉ?VH Eүn/mxiۢ%(Q{yO@DݜHP:4Q5.k͚3òBwrp/OXcBq5ժ1)NkbWbǍh'zg`IԊ_ϳ4IfXJ &XokAøK+CM9BTݟBim+pK^}$tB|mN#N4'X|CaGV)ACWl4:ܧdګ39gT2.[ >rD!>GЀ$phDF]ӹ`W%V35C ӛbf!"-"Ptlv2'oECQttV ȼkwjUzGc`mMÈڢQ%|&#Tk~l7ETYt=d`Ȕ}n5vAĝ$<[X@rѡw))T; WF9i(@oElSEoC%&7WfG_0?O+2D9خǦoiv,\QN6/c~>U8c 2q2sxB5m?;8fu/79ߛTɐ+|tֱ39؈)P\jƺuJzALZC-,y ZmeNYU*pfrH9 rqpKᏥFBx Ah7lR%̵V=Q_T-C ^^uk;l+Z[cdGVL zn \HҠPJXWL:+ wcoor&i_~DuolF $~c X+9' T-BgE^;I^W7U!5ޱvgw FJ 3a\qoq:V;lȀ+⏇%pH}x9GTgSllEoµM~|75ƈHlg—I l\姶4d@.fqe3~_l0ʒڙs=ďՔ_oxCzx D5=b M=[ݸ]3,myxyzn̺Hnv'wN&U$mg$xco]2˜*M؁,(cCxۏ> 9?oN a2i^|-ԛ?t _){WȜj{4p Q+or,}Mti>EicƇLYBns%f?d?1As̕^ҞL|3x^ٸ/}KͿ̴C @oݯ:o ~@&PYM4W>8侰%,yT b`98.⥭(0mCԮ"A#"agFTead!2F|xGM3^Po ;|im.W`\*:saILsdDcdw%% ѷf!##ҚpÒ&=Bě6K)M8JRZR=~#/ʞNv~u&C]4N9 MuL QۃpOxzD, G8ot +| ;%Kz@B||閈U]"ƅmtGy:R D᭻oecSEh *2uVUT^l21Oղ6V߇<$لZ?ϱnރJB.v} / a7-KR?*ȇZ\+EZLKz|qD(|v  u o6Bj-Njz "Esu:4ɬ'MdUѫ!kw!σ>5v5.yr'A"' HXm*%{#0s'&p'9bIշ%k.D :gZ;ށWKeZa"؁ l[dsm˞eDT089Qdz#.7ߛtĮ:+"b}JWV,WՒ9pYvenY\ys8" -U}QN c=âchY_y@QN՜v#X200Wȳ\sByjNjOsN=`C^_.H]IE_? +v|B5 󿰘W0`rJ&A+mǺlްv'"QVݫN% S=jM Ϩ ;qv]8s>x:Aj{:^; 8ۓ w`KxlUs]:o8hߩ:/Rwn5GOOqev9P2+T<[l>&FvMc*t?'rpɃB~.97ߑ5Z:.5=J&p?l/ ^)[1c']{: 6QA3ȣu'0C2k E w92&æ%pgÑ1]!s(+.ɡ[ TQRkCb#uz2pg zf#OIMnsXh )('qWrvGd"Ui> *%ib|%io5Iam*dvF?ŒB^zrBT"1aWiOV04fVJ\YNe8$͘sզay>tre}wQڴa@F'9<-P7?Hw7 Pz%dC0CMn>8U06o1];}3E{Yj[ow:嫄y:#,#HXq%}8{OT+,XF"CEظhQޚe;Tnh:_xFwNÿ~ͥ%CgMQXϛAaXh$ LyAp+ѿ hA}Sʹ[p ꬃ r-gzM:8 ˩$Mɝf lX< j” J~lˆô T( ~Ju5:ڢJZ335 IC"Os`#bD}G$am & +AYSLsxc9עٌI>@DD9eI>'拨tf%6G dPG0?D:OwXR  b_ndӺEz$:Aۺ5g 񉮝ak'xkR3 ̓rE{!Nxp>/`,vi 4nn:^dd{#ڍy%Xe,'.WM@dğJjtB.Bem'(+|$m.azO:6.pߓ\hC6pē!6ǔ&B%,L + wsEf5ԏ3Ϙe^NXH$d^ {fE%tYh:;}Ө^+ԊFU,+vT)B5د}2WOOl+VE( Gʀ)) / ng0=A'*!9&ر^5o my{GQIE[:iX"9]oTX0ӭ2wBtEMo$紾4ctV ! כޚ#g*xaz6fe#,f`"_"@ebn[Ԏ_Nc?Dl`0@vb1Kb+nV|?~ sȢ2{tdEP FB0#ȓ+"j)X>+w C-cq1|l_\0,kC''ѠaO!ZݰŬJ"i]|>9ნ6R\: rΦen,Wqᘙ\X{.i`ҎC_fC^4{ىQ_``n=&C/>h6` LI LBٍ g ! s2ޞ s#ִCav58ϥ0}0/ueo#V<8[/a^ ۢ *ܝ*17vi4({wae: ӯns v0ދDc wL߄uͼ.ӈBigT>y'qGՏVx[gLMxtq2(j8\vZl/5" *O7}viy‰'v6m. r3eZlNPHҼ`.Jb³d坠u56`mƩdMS߼7ˉC(`5h2ə9:EHD-7āM-gq?̯f8<3KǬ2\؝Lp@ſ bdD>uwBẅe,@)-u}v*!?tUWp>#qiy^-'#hk,m,AԂόÏ(xG~C ·hErUсIYA^snn,B*ĞJ rVOi.*n*TLݴ^6u?8~Nr/rt>-{-FKwcED)J%+RiS$veO/cޔMl*P}!侎u9PxhO6֣~nRCjUr.X:fmf荜mDo#d#Cx_bV'FaOi2y>oT֎0PN+t'tFĠ|+T|p|kwjRBҮtB,&'\jvH#'j,.P9ixK"nQhs(%j 1o_ϘtD+'0|ʞ8};$^_lM0#WB)8MrC\ Jg#F "Y*3ޖz#kC qLqsyfBkwܡ I#_H&HXQZхk&/$h_<Xo= IJdrΤeV$x^@|%!9Qנc#IM]hC hbJB{P9d{j?XN]RklɮȗeK]k|tK2M iT%÷q.nN D-)qC*<4n! Ŷ 4 \ g|I\":;vzcֆK@Ox,0IgJ x<旄&bL g"0η5 ɍ ꍫ<5UB|vOP7L7M_jL]覩-M;V>20GTf}Kr9I]l2dH:{>$HIl\P2ch{̮+&~`?4wvZ4@V rqZb)/`˘vW3c 6evKbQax3pbDe` fn)`k~łAF쟯f&tn|ܦ:+6I$ð X̔ 7G~`=e߼vě,cQagܑ o;后 #B?-VBPq2NX*˛"DuQT}Dn"h:}!DC8x¯?8vy|gC+8G^8qm\}ǵĔH;s]:!T)cGhj8N#AMN?db i5K-Zvj\j1J@eɑܮG1`wYh&^<qBC^ R,i哲8 sԚ&^+߹.]-I8ੀnr=b `OY*:ѩ߰>p3KGrA_dFN:ZR2]g҇Y3alU`eɚ5GPpܞ$樼MNAU +I`b̿n{J y%R&Nw o饡řgN){%r|B"EⳭ!?ytebJס B0Ls:bU 4,q+ͽ^1U.(}~.U3-逜j.'+j Ů5冇kV_1'`rܹIajk%n-a㐵H2`ĩėVV^YI)H5\D>1<|XK&s{l $@)5{q<ŚW`qlBCO7uRWޑ 8P~G߂1[Nvy.T dv^m3Jd蒈sHQӌj` Z140ެޗw- Ź-GWJ QrՂP2\S{f4[q#o;+Z`53rE0 =m &B 2^2Uipi UXJ4;Ҷr",;"A >yQ,2]gBn$|)뻱=!؆P򶡢,Αr-x T@%\;gNQzn\?H{eb7FhIgp ID\%w|:Uc~SQvit,6'D~{O"V8 X͎F`ҝE'-ZAҼp|Pt_bEV*kx3TYP+$nL"QW#h3~ad3_ZJYqa4NgoŊh-!`mxb~@QJqX;5KJu>vóvLkoC NE%5&(R>N_2 Ĵ" Ք|)YU(ω#'\x}yq}DiN { bB{ll]|tOܬ-b0? ALXYpy9sgI[@<3=|3Ic<u^ #xFY۱c'F%PY|dƍ3ib0 =mZyDI{\Ei6s~_tR2iޞv#p_$g~׀zZ~si," ~ם20'8/rξg×N Np&G#kZ K!ٍ8ȳ{sCu24 +VrƪH U/ٰe$htG3!GJ3i[YzNЮͮ<cb LfT<0#,«uP,;vBBP~D OFƢ Pbq v)A3:EМ4b*.!g&WCN?]<!-}өbfMDe߫/yUflAKVgC^\b?Ot>jm-T+eS?h%Q*PI5D`]dc#bSgVRjP,S#5p`}$:!+Qu{3`F=~FԕsOoK@*Se}7ПIUD[lTN݉Ney @؊t7+2EMCuI`Fzr>aŢ[璜]NtvA^2jc- NBd4F'mR(5S;sY`r,dO9`i0f|?/ǀlV".ZT "M feFw r ` x%Ņu=߯7ѿyÌPJʓH }ុYy97xoՋ-M|Ao`SY*MrCy @\q^&o9hPhltӫ7ҋӽUgf2 :C+R3w쪄7alJ]s~ _;u=͈$/{,?},Dx6KlȜj'8A5Itۍ?qrf%іϝԖ/ > @r"1s\~ 7uKg6p6KF6Mn]/t$R y_ @G|L4{[ie$X r\ $u f )N(o.&w? /BxX*S*=pkRDMhA}ZfQCtxs&>sR~d_)s ]ly-,Kaq67d z%z#hTV`Lkn/LafKͨ Ϝ%zMEx?- >RD1M7z GR2 ZDy3 by*;OϲOO8ѩ*ovB2\Lm ̗wL1]2"S VbK!2$P38>Zpuf. U/@e1Õ^gO4=p\z[ǞkE\`F\fy("&^)o=:3]*7{Z~#W/ "igJ+D`J7AFd,+\`k/iZ'ك<lڵ9Nji*Ӽh9+N 3 ?4?E="$CQ/ĆB\sZ Iw,id!qWt R򮊬Hv?f;}GㅦUT}ѧoQΰqI ѽ&GAvŖvp>Fiط̯Db2d2D ~l&(GQ:e*ӜTP;m0B c˜ʹƦ_l76aXb~- a}da9hJ7C_d-t 7h" # WKpb$ʬs,qb u_YSccbx"+lz[/ŅItdhe~*7 N_EmZׇ ws1;Z,A _ѝ^e-ETOny۫~dBWm} +WH/9@#.hJVR@K%l J3oe gH~u9kK< Yh%Z+YI@Ll5zj/]m#&>Ԗo/"٧*MrfX|I/ @AhS%ito/8Gh`ޘmSUPU@QM/@E٭ކo>O@oX|Ҁp-ovqf$M̪՜hIJ Rԣ(x&KlZ#8e>!: J:C1= <, mgxboUHqaKn=( QD_J;>az֡i%۰o  *>K]0Ugf#鲀?S ̗1/\Z hc| Q<¶*]g Y({=8€]˥5iU>in. ,L]%dvQk$R Xyr?~=HρF-âS._FCTV^7̣(;b tI6"l#Y r2rDROIap͉u5XVEu$Y$)4-]z gx97o[K|ġ@Nk1n]}gkΓKԫ*dh0Ⳡhwt]-$Dҁ,CYH?mOqՔQ\t@r"?\;jh9~:w}v{!sP]s,/ y1'WWږ953<ߨ`lQRX}Tm¸VmX|kwPjG7+1X7- Z{TV-{|Y4zusJlbrZ,s\xV,.06:HiGn_fGV_ossqARN6936yG%Vն["I&"EP:1 +zkcqj[|F<-ȵn6x,9jhr!U ] )Km_xڅi4٥<)C$_9] AKyll1_aP7Ѿ'.VoOT `km\ ?: FZUPŹEs@Tmn/9RK Ui灓eRO#%D<HDFx:4yC,E sRu5#ՃBd{HA||MOs ѹ6|£3a2o4f8Bāiy{x؍g !\#k/C2_hL%cR=}# 71Ĉ{%U K UORz3AY1ex)7D]͓7"$MC^2\O]l?U;0գK^|xF{%9չ}},&w:Qs_ݞoZɐ3^(C3tfW4^K\|ftk2+JS,pL/ ) b!#SF7Rb|'$m?_(Ly kŶwpP?0sj?.6&<dj;+?YmnYk٤g֕YĝNc 6i/)N|/pߓ{y =d5䋘+;:ZXwNx9l/c>K?c2sq'~z '0_%b d¿)9Ѻ% b@/bl Ʉ\yLMpCr 7r)O&Q}{*÷ ' Zj& WE ގ^RD[zۈ¤ 4&pu/֮W<!~t^:NjFs߇lQ¸;Xs l&cP6"Ќ -1l(Ql7~vz>GΧ[98 !GU}UyCpzx\ZuPHk@(",2 Nt*fjJ]B}RX?L e- ;uƆ (]⻼ը"~-8o il&d1bYeX{o*YzCb̻7LV;_ ޼^A"E5FP&PtJ̫#1tUdtеx!c^glwxʬh55J1m(!"[UBInGh:lw>ߓR?DLS9ꐑW >5 !ƺO V?keJ^aR[>Vz-zy,ﳂi3e 1Ģ7#dQCyk[X:8KSͅNjrtb bS-3gȻsXa?evnw)]2ؐ| > b,8ϛ #Ń3XNڀ7p_IŜbǷx=:)VUoGBq6;&;B_PcUֻ^"Lm:-d98OK»f$ p _g8@~N|vmf%=(dXhhdq+fDgΖ5"$daceb(~+Mxa2*r9ܡ]p ӗ1=0UꓝZu&٥Ύ~f@&0\&b[74ۖ] R,/>Ai~uqi$l:/̔7n<Ҩݴלr cʝ}3X{1N寒9rr[c}6|umUG($ +q(_w@by`>I\ӞR&|_$ PQLlQ')mXN~d:v@䵏jׯbPO\!:nPͼ+}rV!%h>;q,X/BݘUh}<ǘ)CM5?)?&nSKi,pMnG%Xġ E,3v2cQLGdJlA$ѦGL+^w'ޓ-gToM7GYSg 6ǟs;А)J ѯ9iSNs '9(/zt?̱DS%;$_ ,٪׼;Sf !# |sz, R $5 _36Ĭ [wxtUmw!h`3e:YhK7*bup)e/ *U N7WZѳe¬F :,zEA> RF.ihPr&"4 eLQ:ml'H̓Tp80`-͵~"M@g3Uo ^NZcvKM2nG%no{|U?q$2XI}>"4lr0VJ{/_q垇LOŵ^kU۫<*[*낛vpKndBGV_ґrݍ<5_I]PyA2 4o)щZ{(Ru.\ <*o\dfK6^7)E/7!nt R?q_eqZp <}Х4=Fҥf|qLUիƢ0E ,I-$6xz+ㄨ#^0R .' ]pX"0Uy~AaZOڼ`"mG=t. _tW |N0vZ^&5Ū H$Q?8m'C7 zkj^M;9&y> ɱj/RP~_/} +]"C3Zn?0B< \nv`M![wi #Qxp$1t=2]=Ӟopx3&@\׻kj#L@RǑ @0]\b'xkg=bsrۑa|5II<EO!%,J8\ tlɧ}X6l$̖oۖZ/j2x \"yrN(Di('OJ艚bӫ]= w CD7Q͑r]HoA5)"K[I7))[<>#:2li-@rS+2L[$7QSݚ%t4/h JNĝSeBx 8V7rkd˘:)fЭ*I{<Ђ%&ǟ)`u!I$iRX44ōX=n/=vAP;HI5 O__䜢+[ULC?kIg^n#f#!+sMtE%v0ZuUǘqRFp|R-'Hą\wy[ll@鼂)tэMvߟL-TQ`*=Q`I׹H ٛO9[pxB%ؔ81(HN%YS b  c.ȟ1c@Ѣo̹' nX~($ $g ^dJKļ{NzL1؉_ LM&JNL"YϱN 73b4ҐF)0jюv[H$|:,jJُI61vZ @,xSDrwxKm}\aGdbZS"g%o?nvW/cTaKbv%?Gդ!MobԶD ̖Zc\ݟUǝ"gӡ!Dz͈IMIϢGnʴ:êe?Cِf5RLStHܽYce9's704a3meCY-l+7GSi94?ɿp;6/piXB#lК2;ƚV%݉N:H柸K"\0n*D^Sg穆)8-C"M4N>!fͻWFXc+̊biL1;WGfqbŜp?3%bΑj,Y.Ҍԃ9?\Qs+ <9!r}dw#Sُw&yTjzu+9xkNEpW{ e56e,\>&;Y|(\ _8Hc++ܿEI]8\aAwN 7 lJ {!-ZĆȮ{mĄn_H_MFvl'εga!nQ )^Jw8Y~OsEAAlOZ&{]&@Tgzh8:A)3niJUu,9.H a<}hePb#G0E<ÄXdP)K ܲ }p30/ ecE!F0-vEDk N&50nq~cQ ˴Ԛҍ:s,Û4İJ7*wLLTQꐟ48.4 p&phnyt*x? p5, p1 w)"ɵq^cU[)PG1 URPt@ ӌ.r0s\'Ϡ.q|m<\(2XQoyPGyjq)hv{p:5qݨlAKD,o] d.No]>Lzv$(TR;o7c9޹JY(! b@,R!v"-;5ž{/<q3]Ap ;.G WzHNDa@|A"ERK&bvutIvU[9 C.3ez\3{ PM|SmFEC[6aRp.F" t%ܴDC4AY:w޶\ng=m|l !̚J[VW䧉FeԬf f-s0R+i+'aJ6G1Z̟RS?нf+¨^3>>r{o5ٛPcEYZk?qS21㠓B>f4yߍgO۠Q1WYt7E"cw1O;D=N ! FBğk ŋmhByt7>~M+>2X-p((-`wyG@\,9Qw;(N ~9}ȿjqU;# 8,tF,'K~s 6}^VFyȪH&-y7OÚ ^'9r0VH7vKFp@B'Mj~GmH&H+JI_p.|MIQ);]bb@Z?K Q6)Úd["Ao'dVED%a3TkqA:Bz$o|[tG$rn,OK ")|Ȋ!'{fXSR:9Yhvo ?(Px29+n]1Nᬌ|=SdDFUDa>:4eE #V*E! ip Js\1Ĩ6*,IH/bIz[MR _$q◿#}:Űt^W*\ #dNhTEy1Tͮ^_oIC{&=z2#`_trr1ÿPLPů45,c-;k|w`ϗIWݏ}wOQOw;rp1M D ( \ YvILve6 WR/Yƪ3Ӫ DW o!WҸ&^'f߁yCDYH}j}.+}"ʄN̅L4j, QoZfZtF\T zjm̿bNO*})qUOksfϛ L -,w L#M)^DKQ#J~N#./1_Pƽ$W:0)OCI嗄iA|Y\Zo;OJ L|Aژ^O$L{Zq#PwǖV$7O)^/y}CX-,C?V!l/A6QO% b);c'L36lL^fggT =_28B(e^Q/,ezKLƒ&}AWo:[ꜻiw}~ 4dNI%$F ҡB7I\yсHJMMS7_꣥E " ~h$i /oAF$N"fJj4Cۊ3t8zq.Ap| B-n.X|Pd(Y,VoQl{j],}P(c,vպOo~C8ģ/ppLyH x< oQi'~e 6+OT!D{އPwi !+}(((i_l,͂x)22$~3KvdWI;ٽ>\cUho"<w&k;̼GC4B,H gFX$MYL4tnnuWU{ֈy8fa3b 4k*tUN]+aG=+MV-mͼ;aؓ4)-eܹkǃ>9jz52Ϝ˳]_\!NxIs 4c0V4iJHkaX]<\W.v.eGxOߢ\ XA*YS5PV^6Ɲa %B$2m,Dz3?ǐ%Ap4F$j &72Ƀ8|uzqtz!}]@Lr:`|jsmW.nNj[ Vbȩ6gI.__\ :r#.6.nn NY MkR'VDq"lsf(`1y]`[<ʒ|9,@&Q@L[s59aU h ¤@|~? ~Fr4˴@~$'GqE/tv+t#A򊒋>xa G=.FVPw _-/T&"58Cǰuo1<7@1*235x~WjdD4MA4wR["h&c6K Ő?$W䠶5IcAc z),@eFّԠ"%ڀ߽>?9 :o̲D_ -<- @/mM/QÈE+4\G.GabB]Ad!0}F?Fɇ06l;.doq +4\I<y}~Lz%K2wl# ox) @#n}{?|}r>)%@Ya3P`IjQ M) Pl'H{zv]d4qGG($.C;sdU.aCeQm)rvP={' $J#Q>##zp%=v lye=> Mp ܇q3&bk5`>I, f?rODn5!#DWb{l_{j.xtHN&Oz(G,&?  Hp}XvZ PA]s a*նߋ`  гcAFrQhV] 6.'UaA?z$j x T10P;00o%3%sM RȂ{I1V2!õuFo\d2?˥w?~Ίv")#IWE{:Y^uoDA=# }2Ajsk>fvv{{O'uN!q5֐"k+* ksMqxYX>G 8tBzdB`9EKM%xk7Y;wr"Sk߉J-ʹPqjJRڔ=.Gм5SlNYIEhnm h [$>"D!zTP9S9rhRJkAVsc^mƔvLkrQ7Kkד~ `QL hJr"v~6v*XI!=Dp`фAjTOVeg`ݪgrź׼9XQ4]*)j3Bi3Oi0#aǚbD(Yp3$8)qVb\ZH+i?$Fz3ELBP%[|.n'ҧwAMl*$A&:DLMA`b*l m~٠3*} +pL[7{O='x#=0B L&5+0l:2dI)5h.i*jvâp_J? *% LFVbH FjʂQK4ckMeFj0{/y.7;¡em~UspЫ2a=@J!9玺Б=o(0UрG:|~7׎#THCx·Ÿd 6JZ>-` US!BAcXcoG-r`@|TBha4}_uKeL}ØNLJ5ƵSzIkM["]tګrDUffH/2M~!vI?Ne`Sṕ*B]hS`dФSwطb7t;k#@#IyBaIQg}{[˂ǻ,ZOP&R1qu!f|n hzl3~_R>L"/e^.î{ҜPrTay}v)]|Xn\]Vɒ/9He6$RIBw04Ω{4"/=Y$쵼՞^heG(p:ӶqifhJj1@V5)ׂ/dUO:TYR)0k幪MOnfW_?ɣZcKTlAO 6RܺXap?^:$x\FG@I^@-  4E^j 7vF"\ˣ |Vt9nʦ&UPqP->%a@|e9KH#QT MY1'G`IB Q⿿6 qF8E-dPۡVd&:#cI< 2e}[(_]֏RAm9\{Z9-Tgh^y2ǘl)^:C&{c} 6sg+;p,u[z|1jLܒ{Si1S>j ”b:}Ҿ[$- b|NЇy!,șďR^S>m{Ovwe!]GS+IWj<ϱH(Kjv<#Fx=KAD' yّ#BA-i[ B/9)VQl/dZʪrJWtOUFS^3+& JL F{1; )Q|إǢ&I((2($ B,?Er:133!c r@N#G9t&N,LZpn1x{]сv<ȦYbcVب*PC3&yk32+NhW㶲]?ABnɴC4X8Nw+TLF"|h-J-8:B m-:X^N Mk~7Ń-jfDnmR<蚤·|^^"D#(ŔTt>/Ke`Vvh#Q .*4/^ =kw (׈v-[L?@BLJOu5AwHQSw+K {Aes/)|'=d -^cqDI c 5:z5nx=Ӊ %=k?Xr bӵuEGOߐ۶BJt<d 5|VS + ]-j.\%O&- Ypp~W!֕VUUH ~ڎ|Ǒo|}HVa5G֎-,&˂|x-+2WhOheџD^ G\ KwM#C[y]~յ+5wōfU L8p䊻?o >Ω a]y>BT_ W EiL8=.Tf.Ʉ#bZ kNY!X^/}.ԕmW5 QJiJΚ@ϽrVR>~ 'C-^ƓEW8ڙTS<`$;pˑ ,5z\Ӑo/r*޼K>jdE0]Qeת'F|K"B_paGgxͭdWP%V_,⚿zy~ ]̤XQ G4X80+ĘwEh~o]8R76@7$^hتEo[0  bX%*G\c ~_|8O8_ `*qU.Sj~̬4VO05[J!Z+0`..U%Tܔ4x·>b.iU}so rv'1-VbzaZʘ13x%TM1g¡!0T: l0a@ kxF{ w h4E"QCb'5iMMCP.G^X[&ԣr(|0XMTw"(\TЙ%FcnkO2fˈ6:7%G OgVZ". ՊΔ!Kg}rؕ廾"ɢ(.CY6 g $QB&@y{c׾$R3rbfϾ :8:,7Ra c h?trԃȼ*3 ^\t"īk#JRSrE?TT](ȪnZTǤp<{S|w -?@{Gu}ب 4.yq{aʃ+D'§yg`#LǼ3H-RicVDݹ=OwCKKQ eK*Yy_,{cv{Q&0>!}.Ѥ͉SJ]5}amUM*N-$ `('}_(dܻ7,J'a6f b&`g*/oVr*>vcPe&c;~^wJq4$YvO^#A2iq"sV*)I1UUU@2=Nu.Slg8U;X 8/X'gGi2F/[/K&Bq4$$uftfu~% kgQ `2_Y˰u#.1=ʑpxi A1 m|Vv8԰88+_rƥnET}#e\jJ5+";m'5W5}R;TLj&o8 mdDLuN*1"zU0$[2`~%S'1!_//o/g^0Yr+}9G}*kFU,s-CeU'շKM-v[@|8.ax3brI=(K\|~#Z9T-\jg #YQD"##-╀5Q0,^\H2~pL# 79 gtLn,av(!5ĩ; }6YĻÎQ5ԗӱئǞi~aV.f%uQTx/k1퉱FvDb`D4 PPߟluGFUT)~םwb10ԭITmU7酸M_! @* QqQ؋(- .ʳE0AGUhEa,RTNZt_+fm˩)8 z<;.oٓ5N~N*#`:F~Ү;8煹X{|'3TCg427Py“;=f|yuA,O1QjְRd)m980QgUakV"WqYjmcqكaz)*h"A޶-_CNE?׫%DCXu]kx;">* yk.B9uъ]dJjn.#l$4,kmp-+q68y$9%ۀ$\a𿶡pkP^;dx5e2V&cDN=P`f@ *"+0L6m<7=(bNhZdt,џ:2>zH~I!MN#߱.KqL閻:.^Ep2YwjYzN\߀A Â_qoX IUc\dN`3VlU|+-dZp2; Y5k|O<=q756]P!uN˻D>\IIKRsQ%p&󘽆6)$/ ij,ŰG!* 3 F~xJp- ^0V$ |ḃ1XP|,.YrY1 Cy*B(K@vC;^E(;~됡HL.+Zj4ʔyuàCk i ;yT1 gV5hO/B#L%Ʌ{4f{&TrTF߰AšޗĵY, &s(+9gUUdc!9x0eWu J QxC7B&*z @ߧb5A8\VHü쇪Y@,ߝRtnYMT6:-4K*tR7}/|wt7}b8$] O>MD~Kms )31E\V݃c 㒷Y;]YJ쑳dcƞN_ݶ+gz^z)i !o˲lcH@'HW%K5U ,8[ yYэ]\qaŒΟAM HIV<,Kx?C^~zfLlzHIK-p+m'u jV_,UOf+,5ej|FGHuN w%pͱ{ \ީ|1CEU !3/d ]IG(~in}09ϝXjEDrZL3z N'V4 x=zU9+v9H~ݍR:ztNYi F!hCeߔxBfd8If#t>uMM. .uncͩ}_*RV%a4? 0#4~wtsj胥Db$ZJG贵K<=jx!!Г:v-aհ`Xtu*=][iy4joN^H?MNk 4I[ä!+!36L N&ݞTtO/ns픊uzqVHnuV/>ͯަor')14}NdbCҴ 3y(΁]AUfaΉ#AtC |!?9d<] }3-B Az>}6lbo">Zf%'e9^AwP K㒡y΅Fm?%@Wey VSH}s!/H뾆aM&o> ]+n@᳻׫j}3GdEd2ULIm/#mOK͎9Z\NFµI%ouczd\~ uzb=|GIϊdBhP6Pw:q{=dGC<]較T%;g!45B xyD-/9}iJg[6Ty./pM}YO'UZd˦L^OK׃`8i1=9]lM2#e%+j)A+O\/`ہG_ҽ05ϋs s}Gڤ88pbѰ܋VSx©b:XɧAa@_״m|"RI EA%itg5*ECH4H c(C,+K*)D[_ɮrOwioho8 Oia. U:QѤbm!dx=%T`Sy>gʮj ļ)ꡛTKt _P3Ff\K³8I dg{ "-FbRՌ͉+4ZZpGat+27@vǔyҬN}UYtWp?@DFo9=FfE bp!-%:JFV~쪔Aϝ :( ;l8Ø8qv!ݱIVO8)<pE::%̪EYeplh&YkJzx͘uRqlM7髺$ p"VQ#V U,ÃcΏ~{ c90flVuư~ulZyALNUhIq| }T-1"z}@. o9RzקGRQǧ WOԡ{[4pSɇ'b}ч !teq~mju?c:nrs”[xHWKI:Grmv1(W4 DGڳ}c[|WCEG7!Ǔc0څ?TRvT2ۦelFoq=ɓ\7Cifrٳ|2|Rw-Ҧq ] 5xogؓ!Kf/yвx}BO)F㧀,]D*wD[K)~kHnkl}zrmL\0MUMLfε]AUp`0-[$w;/ޱ l$ s>EJ6`4i."EgKNGZ 9D-#tűDw]8KFÓQ|H>?|~"DyɧTp}$'AIAI%$I>IO%?'88'r oۣlnZgdsQmrbsVfmu>_6l#P^ɦ~IKp-5m7=rT3jXч ]'ל{W|b"\K2/Ĥ\TCSf3nPe8cX)J,6X+}U_|;h$?O%Q'AI|$/HWzݿ:P4b$M_oY@Lxڄ^` 5qyg*2|G\_f h.#t#_wqSvBaH\m>lY7YGDwHVŸQ !DkZĈ2s|m7xGa|P:1J S VX(B)da$5:a\ZQH:/}b!#"s& ljB[([IxYX )͵I Apf( ^Pf M$WI7Ց˂I:NH]OZmھ_ Qw  _ݪ}Un'l9!#v5Jb+s=) K&C2H +WbOAbgoIͨ \ji:Zv R ‡ſvG@p39@.4bZHǏ?ˀe'iHodLa\!(J :K8\;w|4QWNZliuRNM沤fv^2YҜFUpʒ= eSɂ5LڼM迱] .fl+h5}ko,: ?}~9[f?C:{sL:P0!G:wP2:NX!(0v2fz RABdJO/B{M3S7{`:3]rfFmd$13x33+nX4_&'zy758.CP!Xz. b< x_= !B ƃ,+sa&:8!|@=bnw{eZ1$s;@L XRެk+dʭ {>sMv|~ m9i5iP๕R/T eC6FG eMH2=fVǐ S3.p4@oQ_CDPdK5ب]qyhB?D -Z &M\pD+nMSSa'1֒A7u!9ؐ иgvKdNJ@̂d T5 <棧>}x?ɯO'$DOf8e?= *cȆAY/sCP>f;u{yctl`lHb*ݰw`@TOdLN%-Y޲X t ֙ӥSB3* ^3IAZ1H$h.\!`bu9ϻ\͝SHYrc\a'hڢŢn@U,}Ɍ(c_v\J;#s,JF3jZaI]IkAȕx mQ ӀiWQ28"B!%߁Ƿ z% y.C_^5r̓»ΞX m{tɤekCa~p(fޕ-i%X,%iM4)MLX`01=3UMw^zW1|&9{Bhsbg'k6LcUpY@І<ӂk|YsqB/jd\4W^R4(C+\\mYp'a[U+n쬑i׈ȏRxl/{g*^Q] ,G9'ַYp{/ þjwA QhAsD]v U: $)1}MR02}HG@ۏ'mJ@'dŅ˪ ><~$3f(K]Wl*U#tzw{њ9"TblY\)=^CzM@/YK,@R;R*;A>`w&Y>rI8g@! ;OHH~us*mZ'n ݊مa[:\晠9< 9E8+]`лai^wŇ $H,JW>LVCy˜FR/RE]m1P=kÅ{.Ym8? ݬpwm:Ƥ^<tw&W,mh.UŪ]ɶ09M#r:Vwh4~S,l!XRW0³X] %+8XGI.2849v%o8#W-l?"ͯq}Y[R<0;qy6o=X!.v^0f6E S{Ժ/ϏO7O78|~/?W_>yW_n>y'O<_o?jܿMxv&# (J-H5}?_7m(^bm&KyW:R~3ΕfRP)OOPb5ض$TN3ńxoaj]dЕPT hAL.wY!P'DgTLmDu1Ri?\HV`pL% ֋7{Me6)@i4m3 YwObVFmKPK:%)+ɍ-eƿSӲ-G5bq^,hXtr*I $z2Ƭ{>.VjQ*K R prv(vI V^C_-*L)hqAH[B(@8/$8:{ 0k 0֦+axOpWY`ӿG $F6 wKd5|^eYE47`D_]p 877\.| >L GzٳvEjb$ 4 VH4L/KWp|3ME H N?Z;]PFٚ! _m >4T.1^ ca-; ?eyEu)*Ww3a^fќdVx-EZK(lifdWZ.vj%)57[۞~)0S:шjAڌ)lF 3#Ƕ$OsfM(OZhgX>f%ujG?Uu99xɊ ?c'?ۿiɺ?,nlY- {e96ZX)KKA||p28[3ɀ=jsB;߃q]U(|$7! \"at$)mrQ͔wWBho$\c(8$bFUUL4&x:q83|8"zV ޼| ?wNtxr;899< 2ؒ7o_'E\Ί һYh.)n{^װxeNcĢrE.^Dži<+8L\TaA{)\I ·R-F[M i4~:yn?AժD_AR_q.N99W=X+SibVdr1[C7ƫÕ VpnFx?\̜\yag}~~>_ ۻBFSmfgjiE̜[`]og+;ga@aH8z9:dDS'5;܇:>ޗhβ$*o%nϿH?JbeΣo>iVM&lZ9j7w3.b ֐ xk]}Nn1i|6H,J>'8]3sŒu, :,Sg?3.~0 ~:7 _e6G%Ot±{q5yvDH{N7ף!Y@eGHQmG[xKIJg?#ӡ).ÓWfW†̛y1̷flyM6iul}[Y/~ſ>U~5B.07070100000007000081a40000000000000000000000015b33cff6000042f9000000fd0000000100000000000000000000002400000000./usr/share/man/man5/sssd-ldap.5.gzK0KCs@)!ȬN7!aL!^ Hy%L|;PBň]Qr[cKm#^a(T4FQ6" (&%i"@6>ĩ0JńH~^hQ&̿qR$S6n3Rkoتt0ƌߋ! 7(˳_^x7$C4e֬J6a2/ym$ .SgWm=7cB㞒T8 J -(=p[W`.⻍a"*g8K 6O%D iɅCj3͘nf4F &vg "z%>n:>rAJA*K-@^@'HQ!sӗ=+ob[c=<89#oO tH"pTdx3`_ {/{Ÿf֕~w!6OuKqvqq\ (-x8/7Qu¤@Q2`wIxÃg#i#clZ|u$M@$0 ImſA$Yls06nGg7lM OBey^n&)t1aljy8#\Humow` KY?'栂WOs{ 9qUY|-W?=޼\y"x؃ lm FxnjQ\cXo72qR"-{#&sU?I?Ͼ'mIk*Fv텈^]ῠIbv K%>eO؟֭hHƞh{=|Q v:Ҟ$Ƌ n&o`Zg$iƀrO: !Ȩ zg$B"C1 -$ϕ|Ṇ°2`dbkX ݇T#LB,g(-P( دJ5\A0M! 5q \Ȥ֖'ٲx}v%.` ȣ"q\Ad-2Rrz+x[k_9!2h!.h2y151Wmnɉ!H@9*4P ѷͦ/"zCJ]!N"ה;K[Qe<) }pakb`ѿF7;}3L*~3 d$vl]$v{4uO.'=>쳋ztRH6>r S;R?s6e"ScsBEj7T4Ϧ4/>j{HAz1ܨl$p`AI*;t@9VU%Y^[NF\67'*GBPx 1K WDܲ;%iU[^О7+=LSf X<2vSz1V+/vTsxyQy7.8]]k:Fu.8J1_Ӄ/1`tMGrQʔ=kn0  G+>8ZLM"Zջ k9attՃ- qpqBG^>/t7O=L@O|:fyfd<(34c}K7|*~לQ$_å:FAkȀ9<;͢+{` Q1IkDc {maPp=;z3kv2Mjç72-l!w6 f "K; w!+0W}K}{v Efϴ}4|0)U=S]{Xv`}߁^nEv"R:KdV 2U {TkF*v4iSUt{ F:Qbt;.Mj4J%[@ ђAp+,b_eT󪘪1XI8 Epukb‡ $hclS [x|A3[4Pempm4pȨV)㒽}  CSMՑXe0P>}Rv/6,Ee&Ґ`DE,Lg|},vuY. W+TRro2 JYT :]ԔV#Ymz&Ɨ'xǡQsSCݭ-m7Hmx&cGϳcV &piK p ot jpdXXMI`uJhB&g)獽A a  XNA1vk?DU6St,nwZ|hwLGrKʺn-[I;=)B+BdW ~D$pRP<\ O1A uSY 'NS?q"S<_VhϔSĦX#7*αsjY (ƿ=Q!{ vJF< dNw$_ZLIrWeZhG1)ﱂ瘆 F(y qm<;of& մ/J5 5ac2a5#v4KI= $FЊw\{4ñ pIԷ}LF`g8FQZ5]gnpլw׸-' {9Fn <yDç&V*ݲqbaJ6S6N'3 R}Gk%$W վ gZ/؃lFIb,em6']0x0[i} /WH ?ڄ/_}ɭ"!Eߣusm< 0cJ<%GyQkOvKjV90d?(`6y1گv.ĉZ">$]b4*䉮h[9ŋ&  K7YpSpp `qI>XPn0b jB72O罇}Zf }MI/Koh9hċ2ʒe8:V1Dtu3 Gj]rP WxcK<81]hKN/0L HQM?XG+е{mQj 8Q#+_ )ҡo@=1`VpEV$JX0 xls/ ͭ ԹX]pb5VЇNTX_tf 2Q;G$鮭 5[A瀠גbLrCS֝R%٭v(o>c*ꦁ@lЊͫR-ÀLI`&v mXiKg:g欿a&.4Y1Mx?J~~=<9\ނ.p\˜?z(?l_h-/)dw*ߠԖ m(mDNA҂b"28Cz4#Ad-;tr~ji_Bpڱ!~Gdv>IT Xe<5`q~5 ntݹ]jک?ժ` R!`6nB<H >1q\&M[1倵1Pv2w]M_8 "L=o| Ż:).} !7j 0Dc-EQu Pwٽ9D%4$G(zZ\5 ӽ0F͕O~F~v?Vw|e(_Y=kB!_,[i$V]}# O8s|߮׊'P<''C(t^i/4u}Sؙ+TlsSN1 .Sh P[Hj03UN}QK~y# oWG~)Q[Em>eau?nGְ#tf dc  l~f^ 7EG. mM)wM*,{#Fӫ^K[Qd9dZqS6Xs>_lpwf&Q ΛG(4f tB%{GE`O_Dk94擇-ΊArPHɢK(𳖣_Es79Q( L0!a~:9)V,D(GT1gdN:mX ﷷG;SIUQvKY c6 @MnVRœpL˚mU'OFF˸';i4ThdT"qJ*ZQ+,!b&A6ґeH C6>Yv(h$m''5ɼ$uV$C6p@5gTXۍRkp &Gxdv",7 Iir[I.ew+| w=%2B?Qu5=FzZcIUb詼o,7|Rϻd&"_"7'UIP ݆ÿ::Z(gT_ˢ ǖFbgg y.fOuo+{Wnex A-0v5$j|r7-`߷ v}97̤GdnUH`+̷i`w)6B9:3K)\sR_Sg'0 69WZV8$O!PqvlLF9.f_Xʪ @isY3?&haHultUG]W;dT㮏uvp(h>+PYn`\|6@B0fP҄,,u8aH|9HB][潤kus|G+ɨx}y{DwlHrZ5N&/a>3Lq>,"#1;,YE{~yCC}Z"_\HKP( _Fvg#3?ٻy]G_ރ.cpE;秸ٰ3Q㤸އ4?$ Nΐy?UCE@"s##Ԃi᐀3# QO:a!ǨK#aBa=hq,BP`PLa^I[nS!VhXم؇R=;m@n=ܘɰd=4e"E+;|{aBbOQh< lo?zׯ^B/7P.eI =Я9cEzrp jo%CLs!"֚7g$ɏ.t4r6NQ:ZGfA{֌spI0aϪmVlS7Tu|O)y(M=u'o!&9ʠ6SX qMyk2X@ؙXBy?~|K@F^'+>(3xeT΃e;Z~)hh|J ZO))ö÷DŽWpNitz! :ai ̎?~A?kȉ thqJY!+gPȱ%\z!>3C:aX?\-R#!N ydgb|cDr-.^3օiC5-]\j  B %J<2ڟ) hk"Q\WST؊R]) ٌ[vB/%!cc4R4qM.X2o]T鍺~'Lc]]z#Lp:nێPK˛-)s ytZKt8L 3+*_vT&yYتQ G7,F\ГZq| Ĭ|=z0JxgٓEr~e$dB!nDͳ27|Mha5\cOoDc:t &*Ӥ?0n8WwEYBAEs\ ǩ6 O^+5EozH1W19tcp00c#]}BxG?/Fŕ =MZ>!HXx/ *惠#q2&C6y ~D<Г~}A=0m+O'&8`\duxk:@č5ڝɺ Z"5NC"cp4Wa+x{(єqyȕz q SL.-3l'[mb-uH1S(^@@Nc;kw=ҕ&KCt$¤AkSƗؾx#RAY"!eAk3X8X+ӲXEچKClО% }},AӜÓ,ʩ>(P"WBɉ[,an.};d[mvɛbDdʦB%؋6TclMVM':(|Q8|D$BZ`F^MW]U"@`>7β+T殶4Y?B(_Ë8,5w1ٱ=ؽjLGPjLɋ 'FFM 9C#(J6Rphoj'u jK9}umqP-r8%1{Ƞ+QL}X&Zj- e&+.ANń:~݌` ຐz%fznڕiݳE J6[h‹jSf$ş;b wZ8 m(^ a_ɶYn|.dK~t!_,$LpOC?p yj L0&[&,Zb 2.pTvLvv"@2ݸM@?arhBx1vg"``a Nky&OLm4F(%@;ZLYbs_f%7hoO_pB#װ\D+l,ͱP4MVpw! u[$oĐ& Es-SP hrWXP+DtL$Nx~yb9BՖ%Y HS=K{ZXpmwTv<)\htyߔljuݫ:ab߳0IJpϲUH5&ږتt='rnh`=A9jC\G^1}貌B ,{'dX L[lI܋C /#r5ouꋗT/ us2X(515x|LpR !6 9m"nz#6p~J38wrb^jPK?t/aPVO,Z`-ϽfwbdZB#峭g}Ip,|bmNѾ袴49qM^ v`YߐvbMc 4pBgy$9W8Hx8G!6j m "߼(!C$y ]ۄ##%Z >WA.0CĖ9y>L xtrCu<W YAj8+d`XFY}hꎹ7**MH(cqVq|Cdӱ,ifI2_^RƩh醳s)1xn[ig sD(C5!: lcgMڶjm!wSGp)uP &Eu#!IUZPAw(CRm qNtE\4ˢ 2-kBܥ!|@Am!8~"(O1O3$C|MBDZ?4^V-ϨYKy/h GI hn 5N`{2ٚ" 3Q+?avYg$yVOU7Ͳ s0,_?ZcGhĴ I~gE#Fh𕣦ڱdt,k$vs i\|Za\t Del,<ׇM!zY#J&c %BGi4jr,)YoLj_gx@"/#L~2a66=VsInYMa7 Ar8*vE4Β7X#d~O.z{r$Ql; ߠHR/=`?cQQ4%9#^GxYZ0_2aQ2YKb*'RID~'S!ϊ&l#||Z]ZАAQt.(6F0E*#aلT*R 54anZӦQ.]L19I'e*EHA*92⾃uv~cʮ|VԔv+sݚ|2tY&=cbKk[8?,>gM̐"n *5(PLHFg:PDP>%- hxl8dޞx)͑֘stozIYuţ:ۜq#^t"\R/m_2G0J_'<70PG wUw/VQmxj>+0wmk>L)/GJN[NfT~8Pg%%)'E_5aƗTw waI-Q%`ӣ-D| ;CJc՘\MQ1j%`4?PmIU%2߱-/mtu)6&[[T8̴oǜI_Ưg׳R6u'~݉_w/! )5Hu(VM"hѿM/& /Yka B<Qrc vE))#@ ck/LEGjqց K-ZV!<5WqHomj5i7ֿ1<örAQ1VZTetyVe[})  {-uRKjK oq(4sbLډe1ݱ@N!ZWBio$cP'iz6Z9GܙaīV준 *H YVn1iRu ƩÆnfe#BɼG?dĘfp|}(AEC clQ7MrypsE8Cѧs4+O $ G0Z)qm g};:,cM;.;+hN >'j~ [Jtt̑v<:"pTioV,wđ@bHM)jKQvPC2AK`x3:4'^eWxs)nL[r(,DTvY Ӽ!8,mwY|Rn[.itvV~] >3bs'oJ[1ʝ-{b1l2vg*7?`G95>}ѝ7" GDʏ #i?*6f>*%l#PI‹#DV^XDT :[!Pɓ7i cC.y%W?g#bÒ(4b@Dub1ɥIy52jT)O`f=u!{_bJfkp't$ ^(#Jczt e!G\7#}$B:+¤i@%2Tbc# \XCR40`fFg,br>A]e:L~₊f R֓ѼPdJvYCDٹ }8{F97?Ȟ|;Týׯ~ <4^97M8}CGi &k.pE`w tnqGǧ/1/NYVQ &U0ze c{ i&1w۬NeB7sxK1cm b}Im.כEI4_v՞"Nf1RAu­$G~5s2lk &HP\b (Frղ&\ڪTI 7?A4>,^] *;#fo:pP_-yJ?UoƖڗQ:!lR ڴFAC^QIr܋i(=c6675ь( DƣnpWHH6R8YAyJ<fH{%$z!G6ML2cgEsbAF)A$EM ɐNJbonFG1ћ 5SP-[dYFuU#Qc~'Ƀ(WحrtDdTm҃v3=|IIJH7. otI9@}Dp`@(pG%VcJ G;syh"LٵEm?FcPyDR$)7cEh(}eS,L?,PgG؇-[n^z/ R =v hUO*?Y-gd`ah0x. u7SdJTO*躙Cn[nC-±<$a'tRGA?/f*gҡT)EɊV> lvKW_Üg{lڢ7{w siSfٟ80%9;o(cF *\`tDKp7| adK rZA1/HH([LJ{GG{/i6xH鑟g^tz[. b 񺚰/u/6B k?eظOD~ ` (+0ET )o -^H1.9dwA +lޏ DA僺Gq6Ipͅ;g Q+9q>eǍbc!&'ۖwQ­_vqW鼟ⲝ"NlwY)E>8nt@k"92<" 2c,kL%}dtJ*>?1 *k"x~CWNʽ@a| ܵ {m: v_h&楧!3b^XjTKYLicة؛p(*G"0jIĔ(B jXI'>) p:k"E܏ތ] +Hs bwVOmovw| tݧwLko01 Y89̠]ۓ ΈbLQTsw[mgv>Is i9~N}A,dQ.h78ß#xz{mr3+4&B8b d8!NAeGAC(՛X"\HxEፑF@"cS`/Y1ƢԲmtq&h[NRA@U{wĺQ߻>4k m ZX<6_92ȯĆ#چQ#Ӓ"&rL45'4EB0-]73㼩󾙋^ nq2 da>zAT@oލ-tɗņ]F)D)&88k균ҩ72+E2 Ppz0w%PYy^(_g'dagF]z@qDqb NRo$Ċ 2x2(]Xh굞'9kjp-Х-11I}V[Y;1ժ!6[ƯAuPh\: uoln/usC vo'F&[GI1PPҮNBm}9y"#^ƽbZ%H4=E谴͠^+9eȾ 3Ng;[QqKɿY"zR"Ps| G+ZNF A_tɼ-?+q*[ӂ+xE0_/YKUmV}J8ꋪgn%t9w1 fV b5{<j.{ d8 Qj'@Ill{OHC||Y:v'Kd6[{QNAvg6򱑰Ԋ NN|ba;,}*{{7MMoo^:~7ɋ7/Nߌ?ᇷN6{%.],żW/]vU Z\Oca˻ ΍",/}B<<|wV- pB7iSRdmF^<iq0=s4%ߐ =v?D d* S2]Q?WӶ隋v|73n]47}~oϯÿ~8?0~s 07070100000008000081a40000000000000000000000015b33cff500005e14000000fd0000000100000000000000000000002700000000./usr/share/man/uk/man5/sssd-ldap.5.gz}sT׵'?뙉4Hfb sRuIgh9K TQQ䌓N|+uoTE !F~i!8e@}^{o}o8rL ]Ivr:u݊b!띎_khxel-~X?/lESSSd1Z(n~zb{ɱ4&!$sYYv5 Tq IRѵ|`bV֜;$?DB`oN<|罸ӏb :`utL,d-E=onʯOe^S S.ĝ~|?:̥$ʳ$f"Miq3ʋ!>{p|~̦qX֛85o4?!ȏw~k.גb=1L䉉|~rrca4MرX+\p#ǒ61|{yRDd.h.-Ev4gIpt":Gug?/ҹFcq ^+\-ƽe#V>T2w/^yhWs)q/}׎(Mo}I;[w",;`QK 8O[ ~م`!nů0Zs1-}*$'D !~s=xdzǰcoOcArG7aDJb2bG 2 'f) Rj ?*E# 64{iu/ |%q^̈́Tr꧃?t|*jZ;Ƨ\رf֙՝?oo< 񦌒o.pT[pbHՓ[f\sb8ޛH 1#1{0sX6|wS v dgkm\,c5K[H< }qxU/>ˁ%f3q6 ``Ϋtq5_\ X>§/홴⡚% ! Bnb5`{@Gʅ)a\wçp>l?=w^ QBs#.هo貎GsփH؃̻F[B :~a!زh.eO8 K@`yȞ7⩯OtYp#5YAҗRӽRs! TuqMc||,ƨRnppvX gwgvz?Q] 86Pe"C@p+!~?OFB xug(xienK sa*H"!@6" =_W'|<+ (,~AY-@U[{K淚WB4&-tSx 40`~ćMېGs ۺ]Ux`ɚ k?Pru9=2ޓX3Nk[9Ή62A67 ~|֤@ޡ?'mR,;R.5|&Z+4|`?Pܲ|G\C"ˆ{>uv$ 'pjﰀXZ.]eO~\)BJrhGqj ~ GNλGLKERu` ϕ6LR%H"!.vt͓'N3|$lPr?}!Vů/]{#2+ڷkqq @ ӈ>G?Njw4r1皓O?>:}r_Y5‡yxX*V˸nADP f _d4gݯ#G[|&Ozf2Ӊ5?i9 zـ$rKe<86y<0zJd:l_v5)o,Fd,47̸145́1*M 3kSH=0ś'8xϼ)LG┐L@ؽOtRHyLAkCI{ü]1Ꮠ?0GeՏϒ|Le 8gE 2bs7NN%m%kš'|+D _]+Z/L߾`ZUŤeuXs[Dz]Q usP~bsĉSWy`3Qy&/vICU6Fҽ+Duo<3ȏ?*{lsf!ˋ4Q(b >xXHsaGb޳ĥbJLupl\Eh]r>+|odi3':[tIF@NA^xTwO(zVJHh8%:)Ա@!w>ymAԁ~48i|(rHy%ފt3"G KmَǪ \Y,:9,+Mc+7ڔ^Ūrʄt3H2z5쒒2 '6P4Kt Lᮡt(EsFy/g#]z˖}Heu 9_\Hz&m`pp!auB$ge>*5qQY- )d枢rn:pčS^?t>BqlD4_Q1GWfUT/wYAEb*)ã z$7RĤšhM^׿7=6?`GM/EG9vRN;prMb0l/=AϞScZx V1ex NÙIAS@~o-&|}#[},y#cC>t*bt/BcE _Ցl O ׵Þ(j4vxD&#<KdΞk@= o. 6ZK{Iz7oNԈ, #V%ffNk{ղCmE, ZdWg GeLq]35G-%\ JG7.NnZK6;ϛqfׇlujH(XEltTUZ;jW(P (FMc~f)L-$uI|mvw,Oؐf3wd=䧖ZWRCƲQcǁMa몹~ڊ-].(?".83>CX~y"!,"28nRzW,K͙^Xa$T]9wnVAê(WH 4m{,`dJ~iOǚ $ʗ gYjJč#cYRK]Ȫ'ϕ!р/0D` b2R<7ڤwH1x$U`Y<'dg‹J:+ IB<@Zw}1>CpEN;O;S̀W Ο֊l {1#Q@kZar1ks7gt1ɋxbG_kzVWJOg9x}2kÚ]+ ]P|Xa&Bg hquaey f'_%]NP8rH v'>it8ʡ;2l2^ o#9ivTs|,5m{2v*nW&9 7)|=uw)ؒ{_|O;1\WrK'*/-s9>g2oDr+2˴Uw&)a>199|ҽx z؞YizYS'1ݰŴf^7q;hG( 0W s"^肪\*mM< .jcko%&;ҁ=[ɇm^!_VY*%8EHsפ;O&8Tkf.263}>xN{A AjIM+BCڅB+uygyZ:) "#N+ەΨ{pD$_'g] Z fPuH7J*ku@\9^`%.>1p?<2.oϗIή'-$ "byF#vT:B%pR9ʽGs*Ñege#^)+x`= 0m&s$F^ H%Kc-\pnTZeYQL2[NcgN q``9SGYk_ Mg^ cbrsh@U @(? QV^ n&aU =xK5۪W *mqBgF$8]RjJҒ ONtN".3cb9Jq2Os˧_3f AmL?+a^-,"^ݦ`L{x nW1K8՟%Nt.5~+VԌdm =j˂tP b;E(7Uǭ r9)J^b\Z`C*WP$>1R.WdRZE< ?ľtd#L4.UYl:^ݷ8&1w eSr0vZ$JM۹&b–N/%Ÿ q"hZag5+wJƼVq@JCtzz\!ųf fb5.Vo(FT.U'''mZuDBr0G֊gy+ďT"A'U\*76Ce!$Ke7[Vq,1zq4 d}lB-%mp:@#Y~p~Vgh[vF29PQ)n])a|[14REMap *[wT^> w0f%PW9i֋Iۜa^@`3Mm\N*W,GhK|ɹ~}XI-\ 5 g&9o21ϱ@)ڇgI2~p uSpυ"iI@J?u{ٵ XDw5ׄk\cT? >U)zVABhÍ#r*_kse*7+ԗM*|3VT? =|d({2Q'tUqMZ sg]>3*RLW ^IpN@ˁ @$lP{prߪ;A#- 8,yQ}8zt:v8?>q8=T\OgDBuՕt!jt_$QaJXI'wP[I$u v2.]Lqő%= -fߑ:ۉvLsS0r1#1Ϭ}-iEsiiM%ͬEM1Q4siGx?Kp:Y \G3>'d]̌㾘ྴl[ 2]OrƯ1p׳U9sTy6*7ͤ ae$`J:Gܮj0؆`mJNH N7,+ T)0{{UXvU*XK($UmHhe(-XW9K%idԟW,@&kKAjϝgGޯԢ,}"EXXxXqKW|Wzը^wqؤ0p4B@t!FzH1Y@5" `/ _yנ1!hAͶDG|þ-ޒx=XFp[؍F S@w;uo3+^NJͥAsT*!NnCh#ߞJW4"]06xUq6c'F$ͤKIGC UMW; .IK|GAa lȓ^%ܯRp䝅ncj(2d@PqwߖJW|`pyweK`&5j@ܦ:upi#j%Ej!k]Zk߀>r2ig`GB|F {'m.2Tz&`F{\#"['Lix^c^A8J^t5oőfoe#8Mؒ̋?c`γyek= OD 39G>! k)~5#6,$\ר.y (3FL8 )ؕ̐,Rc񞶘VXpWJ E,YlAL@n`쩜Tw>BJ%>`zҖ-v KTtu덒RNZUB/ɹ]M:GщTF<)`0ܿ0Y c*H 6`́ɬJ9Nu1. ~;I;Poux~ !n ucĥ'~Wi @_3\ʲ|L)4)FP(p(?MG (Z8a3HC2cm?@^ +FfV7Te"&&/n {H/r Vx~ Ѿdt ED!Z0n\,Il񹉔p=84_=!J[zCl, ڳ:GKc0s[z8gϵz͵.f`]^IWD>%{͓)/YY(s ,=>޹+IwylPفI5|S;Iqi ِŔ{0&8%5|c ݣ3Åvr8ci~^BCQj/Z#4At솿q+Q,.evɋ)\մҍeAq0XFv+QՍZrlnG G͉WKUrѭ`GΊKt[Y-CHWq7\]7/= m nFA9Q7蒘l2zY:<kLgoPIJAI/4X@Expbît[e ǿET0=RKu^a# >Q̺ɏ>KEHtַs5;4跿!n#w'>q]7XW"X{JN'"BMo,kvۅb }o_?u?brӑem-[LvFqZN!)+' 7w<5[tzX3VUZoF4֊*Fg2p_>3cYs]U&k:KI]FHˉ0kq{ 8 7iU9q+WqFLBxb|ȊmK[FfZzAc(]h"O(;^ԟ/̏VN#ۮ,&-*'#S'M~4y|V0QY J?mF&QE6 o(B݂vgU{k 7aELhvZ(cNz:TcV/<*f6 r5 陇~:cjWpցvc`*܎[tpnwHT4`">dRaz̲Sr/!P uq(t}N\I'Vt 픈;€.@7'k?;v$;pFSg.4?[X qF ߞz­*+) [>h{ŕ Sc^>C gRaĔMCQ[V\_PXA3L B&eJBIO7fr60W`ޓB70[tQ'~25uyc%UckiQ\3@8>J?ƎFU]*'3ye.T) ś%_vg1pFF1nHPh<6`x_r" -Yْ.CN`z`]0}jL_uT+:-obVfRȨhQ {S-S9EA`aU̿ 9>D)ӕ*ϐ?8siEROۼM:%Ef:U7q5(2`ÿMS)Ed B0ڵүҿVq[egXmٲ tؚ;ρLuSΪ[hÍ).^ 7_:2͉L|kýט !H(a q 8lJ\u_鞑m[ͧ/WL5neU`5YcL?+gL h>yOa\c%Ki2XT.|왝[胦WݞF;aaٙpdvQӁձEDd^ EScb2USFXݦ˱ )sJ)rDLn](Z[bcb1Wnu]%-uY'e=8e)vtX^J0%+H5sCe[85p;47+Vq "i8h?P*8*jt  P~o̤C옷\na/RU0F,/ݍć6yT\n' /DŐJ͆pFr{}xPUR ϛkړܤޖ!.Zb< rƩb*r*-mk,5h0e;+ ܝe?ί^;hF6\vާ|.o9-a<IpgU!{S{(lMWCP“pr\w`>V!@Lj E9c?VwII/#iNIϪ(劈0ع7Wyz((i;e;Ȭ}Y8M[o(=ݤSY!uwu098Bt?. @!Ȟf6 m&o?9ޥ {Vsoc6`3:fcBOc__~7tG1 ]Gj؅m;> %{CgevHHڛ=E & ӂrJu]Z>z{܌;Y'mmLgi9T)Ps0sf[58 )ֱH |<7 L0a }(Ke 4]JvNeUX9|U_0-ݹ,zWm0 ^0_UUqb+7us]ىEN397#~8@46%\ Ɔrƥʧ*o yKFc\ =W-5aw oivL* $w_NT3< ?Ce`)1U @6e 4@$#+} Wcԧ`C%ɀgYH7gT,Ie âQ.o?_>3"L{Q} e(E"m\vRȯk2J!͸j;f.sr@aہ̨ZaZmWB=7/E'~Xڂ"*VϬ2C\y~^ʦٰLӹSNyiB*鷺㢴 xL: PLYVV,RVx,XYLɿ&);Z_j]uLYar= c5ńҚe[herOUSrUK[ QHC5b6د몬8YܱᴂSø V͚ E6SwBj4xJb)>`bt[a=1JDuuKZ\n6+-Lp^opM'\vH{$ѹAk>SPvsQzyCeLJPB]ʞJg fC 9 _y3%xJacC!e>v-bu"cqg\fUΚqf|ځ'/q_XGѪ%Puy3ׅaI\aDb 62%?9ES//a5:: LVj莉Cη[;mg2iGB;QHei,xtŠxHj#F\l}ci1s'mI9u0o: 롦jnRjw >m0kUJպfݴ֪)Yu7":OwdQ(4g;R`x=s/KzE]~. ö jaQµQ}T2T]} fCvyأBFIٲ<`Tt2n:Wc_y'aW'p:nUӕ* -9G6.bgyhÍ|@;VBci }]5LDX!x0<%1w \JHjQmUIm`j= Y [N1FJSږ Īl# `uU36R*@_-V#Ѱ`Nh ;jS1*« 930Rg0yJ"]ݮ3~/GaMN͝MħiьKG!l~-O|3"_Yn ɭf #p 據$[7#d}kīrAVfAw?\z^h{ -5OC|}hvyQ=Ǣ ru'WΚWuk?`DOxx|ڙAХP~ru>OLqA䦕Q"BUrRGdz;l{XpA-}֨P͐{XA]f%1hi-?=1э=؂4 e&`K\wMx LWQ D]<tH !BT4 ifVqJZLS >&+mW9_Ԓibp?q)xjw@÷(?w?ڽ:KuA,:iA]A\1:|e$w|z$L<rZ@BOO_+2)jՑ'oT"Y%FM>-tL 0і<.csbnf L31J5ųX|0 94vH҇T٫LZ4ueK xfTժŝ « 1 6A{kRZ"6p-=ܿ}pm tb~0>*N /o@QU%oNG@2R6Fcҍl\rtjXσtDT|vKY֯+G 쪊J֑占^[3 o K:(os-7uZ+!2ُíņg60 cHiguvZ\#ASb# ӀZ–jwA:~;kRFe|m&Bi. Vj81!WEk9̗De]Hx72Lؕw}Lc rmIA_cX%=5,L].Ԓ+ '}y.2 ݕY\ѰTh .+U}({&:T\`v`-/^%F{mC=)5rkd :u8m Bi)ϓXH"|% Z2/:It}!Ed1Gqs5pK$Cu l.Mڭ(Dx1JsfoFq+(-٤xfs!i^ϋ YN+ψ+sY/N<bAC󉤻<k\iE:bb.C/juACL[Fڪ4}F덇 ,+=wI*wjP?]7o:*WdN${rV~o졻NrB@:E_T툽!3\N?&L4R,v >Xۂ>N%,_r7CƇX%Z˱9Q/i//)(t DE[Ap٥ M|@N'NN93ۀ3SdXƨjZ?p(tYx)@EtU~m]enH71A$Q.wከ<1U,̙cI*`b)R TG mQZNK2M%!)jʎ5ARD!Uo]KĹSdGF&!in8U׬Qh1eTkhD@_elrFZu?j_/ܨKN1~<#^[x fqAYfOi>)׿?6!qdVYPÖwXOy,TN(jEFS4fZEaΰl$uIgbuzn5^k. z,|+-̓Hy]HB{~q+Rpn(&G%?Wۭk 2xr)Q>,O~RMjD>)u4$J~CO_ >|-~>8kAnhO5ҲɩƷǼ,`@v ( n`ikVVNLy*kГ!fi?\nj9ҊO-F%Ζ+)לjS2IaCCLq˭6ͦdy=Q=d:Ʒdi}AoZUƛ vu)Sr qŕЍ$Ə7-tjA0HIr:8^燵1Ij3732̴rs6'\=h,< m trK"O`eEVpHNm1_@](6TIw-2bVPx8OAQsE)M Y(Azz(3` 3`Yjȏh*9v.ʵ`K4sWŊ?ePY#ԥ0QI kVZ3UyB c^{Bd*TӍ kިs0c>'LV;/BS=oU@58'o86*y_2nZ#S7^1胩|y=A]1/K`f2]Yl%Apde^i &ZMȿ͋x[SX)K-bc;Cᵌ ),G>ѠdĎ=oƹ O{{}@@,0jw#Ux1y=`󗮽 Ə l|xMW6w栯63ȁ)Zɚ6ghviלYRk!s\Q)~FUe^qX40Nj?V>c5't&9!rtL1t#nv(w'7[+4UNۍw{72w*;dwP|oVBN ]&َV+d T&niJ!񭤗4v*yN2}n%Ȣ .3xmm!}T2CZqr@bP"FP3)pYn3VU|Nh.(M)+9_k]4/sFAǭqvn ~gJsn ޿! . 0\IQ?vɡ;t7pDv%MUApd~W}XT fU8ao%9âϒ?:1I >,BLo1žbQ=F][.LC%ٸ5ѷ&.@hW%Qߟ>*Ө<}UQ%iurn1r>pCy->|WX s `wK;Sz]v:񜁿P#edJ g+ ".$ar*7bqHc["ۧRy$\16 |Z $pbmec@fVԾf⧹U1NECCF5hfM~!ـ{}*he,y΍G%Q d3fIɵ-?<[CFK·lK(0"C{㵀,ɾYZ@5 NpDepɒbN'X^?u8_5SIMwm`%Hp|V `@kMs9ׯ3?'N7@Y X`T<F\h48bi8@s~@1X$dʣdlo P$mSSX^?v,wiM*AtRaJr7uKMd*qqjI*FX/&9vh\N^v+2&8W˫ryu\rye]^.nW˫n- A,$Q(-zNv4\;˗g{I|U6;rG?8YAL#^9o"Y1KiȮ&ʷ#iNxVI!nL(NR6`nEIKrf"(%E׉bN!|!Hz %/b%-.&󟀶X4"AR*ʡ˸tK|ێo7L-ףc_].W Յ?DsCԯW˫zyu)._~3\zg>n2evFnoԖ7 =hĘvܲU 06"g䮛`]_sP`Qڮ` xIDǢ)A?^8g&tLRl&e'oU@ecP5u+![MvT~8(2TI_)\,^r*\/:_oq+u 9󫦦T.1mTϿpWY9wmN@}|#N).4sTA+ xyp+)$*5O%G>uw"beO1  x4h~գdzeY^0 b֥}RMbOս qsXY㏐v 7,k' PA@݄-LvJgM(|ШTYH&,eaFHs93x%=4:5=-QcһQANJ0ոT-_Cp׾ w\.i%S+&h4V]KɦzG/5ܶ56,^mVqF5hv>B9X [Z N," - STN{3t46j;v)!r;';(BT #*6v96Csnà;2$$PfXZtCD=/:bV$iF&h8IN{&PLc :T" Td $9 WH`XzL` mK Jx7N5V.&Q/r Nڙ'rgk#AŭNǸ8O~_]~Oz7H;İ#(/ *0rV1T׋MxK6Z췋HM;9%Zx :K3.&a3܈f҉{i㤋*RBI4N3PדQ6dX_/P* p;DZӬXCثjA<,jgQ ]gdssmhxpqصxTJs8?+5ToD7>RK#hog^4y,`;&>[5c|!\dP|2^J)M",c7Ÿ֍V'ed~*(ۼEFZMt0C55F'C ɓ)!w"wkz#vf/cd:0 f*Ύ*Q͂#g],< ^V$$fk"+G e!~{Jb9U_|ֈvцd[Hf/@޼! HRA! 69x`H |f+_U,ܪn`jfyX.9[6ҸM]Oat|6$p\[\LFYvq3vtfe=+۾K8jOtU؈C 6Ð{x .K3fvVe z}KDxs̐JA83o ,=|#f h Bݙwm۰Π+Y֡mseWIwbYNOY@7K6C6шhU-aA֘1:!3qfC*2OBN0#PI?*K|r9+z}7UWSH_w;Z i pGҼ :͙V]krdYvbnPt?Axʱ˟I@Kׇ(;Eϩ:y ;8e'DP'DC^2P}1 : ]5vl,7"3.vtͷNh3iI57? +ѻ ස}_?Wur/K'nHf\3li9rpݞw~#cACYy[3 w_򛜖uTMAl'Q•B(T!TN'Ӯ.!f=~5YL]3bk<8>xwewW41bw ygJ $*7^c6]At8 gAg[{FC!jh:qˬ0sjgYdx#b>T% k>ÂL2!0 $=CD/\;>eGmAnֲGiAy>dPcrbsڝ"t7"i1'aD{ U'ܶoyR=?[ 4)%Joa.dްjn<~b÷q9(P~w.'?[5-d"1*tޜؔZfQbP@YO0}nZjKD۱qLv $3Edx kf4g%qM`_5w$&P;99Bta\zM]Zv7uƜ 1+{6(bus{}P[{`c ݖ(O;`i3V(!~O '=7 Q ݢefFtQvU$R]* [l5R84t:ɡ%~J2TV_͖!s7y"~| ,)AJjX>MP[j:*jvb֩tGOjy\dhv϶1c"0iUdF KJs ùv}Ѫa -̳ ]l"?y>r p.aKM9IT.3Ԣ‡cWo7qmMCAƭNǖ-9NnY+`V&,ě;dw_$= ԙeCC>!%u5L/De$F**kOQQt~̛ &|Hq Ol R#1|'t9Lc MښaLt:Pgs!YKq>Z{-yWruE'h|EfR# '&q^YqV=*J/OFNDHopI옺gJiT|u'S'lukW6{JyE$@ڂ=YL;M?s+c us*bS,6|v@5:rдGO8:V]icXf)./6SHƑdtANgb zo#- 0F|M%٦f 'NaysҷIJV*b|߲]|P~GUZ' |{1tFs^u =#=yu7~;gPUߥ(o_$#A߀uDf22Mt~>:KНb`+~^'-7m*v t?|`E''2Kf!7UӋ[r`N+QǷл\p% ٍx5BkC&߃Uhbn1N^[\d!䜶!J'2dݺNf [{KS7e"m>z|'ßS'OxC?O|'_|}O.>}A) W$P4uw%=Q bCV8N<@\pvJjp/??`R&oEi|TF98wnkZQp6tP7/rh W8ZST\9ñ\62\=ٻgP;E)LI#U~/.8XV}νV_CApP2]=ϒtLD`X#!2IK:l67fR޲Z)E_p.ƅ>ۗ9{ˡ@ޘ%Co_{K 4E|(b~T5#ŕ] G^=4WEHy$Q&wSlYoKGIoGC]&`I[3*:fɑXHwEaKxMfG.Y}h$ϛIO%qu+gtTʛ=B 0q|a 2|#> 5&CMm|8ڬE{r0Vr$`K.wź[_7hAY6 LGlg5#)&t ,3yS q1gQ9jۂ ņ:D8B A_7iQ]b:Y_zV׳NF6lx_̍=W+6{ X6R_^O6< zJ%0=h)IBspaDDH}I7n-pLRlDKtws2TyfHr0hq0\RZ3Um )z%Q;s#WG=Ke=湌1O q&4