sssd-debuginfo-2.9.4-5.el8_10.1 > 6 6_6 3!pQp)Tξ7]mtZ`gaK ]mtZ`~/E@)[o96BϫEb|hF)sdy#p""q=L}GluR {Tko1ۃ.JFmyՍ!v]ko&x?7^S #g~"A9`aN1R5IRQN5!~pddIXg-G]ȳ\׎vd^bA;?̾mVRMr&Q"`ɵdV'w򿩅l2 ܼ=z'"32hFޑIic{-Y^7m q⧢ Y2{ۼd{3_[?#̺&a СGŖy*jo&[xi/{e v*/߇ƴΉI6Ղ;6\XW=ӺFɚhzz4k2 U5mqp8ZYKWzP&_OJsÊU<64e55fec4e11d34c22f3dcfb6d739a91a9ba67244b92671e345d397a28ccb2ad8a194800a3c284fac6b5b18c759b767ce46ef369,`3!pQp)Tξ7]mtZ`gaK ]mtZ`|p!8W;g]OZG r.>krAsMy.H8v"ɊNfƂ`.OefլSf,kVo;s=Z{ƾ7ʶm K'GOM#!vħ\dcrʆdb1dDYB%@Otŋ>]DOa/ >p<?d " E$(-3: Xj      *HT|( 89 :^"GdHpI|XY\]^b defltuv\`yCsssd-debuginfo2.9.45.el8_10.1Debug information for package sssdThis package provides debug information for package sssd. Debug information is useful when developing applications that use this package or when debugging this package.gaeord1-prod-x86build002.svc.aws.rockylinux.orgKojiRockyGPLv3+infrastructure@rockylinux.orgDevelopment/Debughttps://github.com/SSSD/sssdlinuxi686AA큤ga/ga0ga01424af7ef8586f873624a453f1c72cc19d6a223a9af3d08a58715d396885cbf2rootrootrootrootrootrootsssd-2.9.4-5.el8_10.1.src.rpmsssd-debuginfosssd-debuginfo(x86-32)    rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3g@r@f@fGFf! @e@e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-5.1Anuar Beisembayev - 2.9.4-5Arun Bansal - 2.9.4-4Alexey Tikhonov - 2.9.4-3Alexey Tikhonov - 2.9.4-2Alexey Tikhonov - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-67671 - Label DP_OPT_DYNDNS_REFRESH_OFFSET has no corresponding option [rhel-8.10.z] - Resolves: RHEL-68507 - sssd backend process segfaults when krb5.conf is invalid [rhel-8.10.z] - Resolves: RHEL-66267 - SSSD needs an option to indicate if the LDAP server can run the exop with an anonymous bind or not [rhel-8.10.z] - Resolves: RHEL-67128 - Excessive "Domain not found' messages logged to sssd_nss & sssd_be in multidomain AD forest [rhel-8.10.z] - Resolves: RHEL-66272 - sssd is skipping GPO evaluation with auto_private_groups [rhel-8.10.z] - Resolves: RHEL-66277 - possible regression of rhbz#2196521 [rhel-8.10.z]- Resolves: RHEL-39085 - [RfE] SSSD Failover Enhancements- Resolves: RHEL-33957 - ad: refresh root domain when read directly- Resolves: RHEL-27205 - Race condition during authorization leads to GPO policies functioning inconsistently- Resolves: RHEL-25064 - AD users are unable to log in due to case sensitivity of user because the domain is found as an alias to the email address. [rhel-8] - Resolves: RHEL-25066 - gdm smartcard login fails with sssd-2.9.3 in case of multiple identities [rhel-8] - Resolves: RHEL-25065 - ssh pubkey stored in ldap/AD no longer works to authenticate via sssd [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)2.9.4-5.el8_10.12.9.4-5.el8_10.1debug.dwzsssd-2.9.4-5.el8_10.1.i386/usr/lib//usr/lib/debug//usr/lib/debug/.dwz/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnudirectoryELF 32-bit LSB relocatable, Intel 80386, version 1 (SYSV), BuildID[sha1]=9346678f80cbcfcc4f78fa96f55455da4b7d84ea, with debug_info, not strippedsssd-debugsource(x86-32)2.9.4-5.el8_10.1utf-84756d0f2a4c988d5916908bcbc81e57b47796c95627359a5adbd1068fdd6ab04?@7zXZ !#,X] b2u jӫ`(y1Bβ/ҩ^=lL̇zW/کV[w"cqQE<#0@m#S]WvUoR 0Ѕd-<>uov0k<~#E%90:kr0h5yMjw19hVDe;fN$u=zy2OUbԭ>ifPDbW m$8cR|o\$)Edվ:jVVX WLH7ncAX51u^Bro`'|;o%)@ovPOuՕrld͋)#E o gϯlEYՠ y޹B˪DhlBՙkۃQt/RT7Gx:/P5z߃V䙔t?˲=n K9;"C@2*򩉊97,Y=7(PlͪqMrrI>YSp(Hv-h`c9G5Џ9m&3h4- v"v1Nx,8)XG=돁;bE,X0y$w{;!ɫ(f ':JknS-<*&"u8UތY9ʑ7_Dj=Qv.B_f}„C\ &T`<;w [WO#j/l ]~="{jYɵյW*E^1G+^Ik(Hk3bVv{REDo[8,o%0ΉdJXJ$YPxt^0`&46j|stt2yc (3g>4:hdc͋=΢"Ǚ u$"!YiU7уP%XJhFB!k6{uWJQg8C Bĕ{;t1m#(xW\k]P-5c@# )O` YE1^Y&:<GM4'9G#]3)`)6A&HY,k.r"?1hSǐGl9ɥ)EX^']0r#5 |st39Zp9m¯Kf?%; 9:4Dˣj/?9Ksx4|6ֺ t$)L~=D] : 6bEsv[B 5Ud\LT¼z üci6/G_OmX~DQ'X׋yM\V(}e5 .Yt1{#FUK4!ZᅢT\'Pw=;uWFfdIF;r^c"<1լ؝]ꏊz\[ŗYnK1kX M.Om븽,שbnwWt\ozzO!Bz4oN>F6לA&`rRxg212_,WED)β$XwfX=:C$jkF=i/Gg( h)Ms\ʊTcv}n :tGR;Skmo#-J._HS^_EO#Qh@&*,j n8BX43y\T(;Q Xh=@!rU$>1j"x7jf7JLʥy$wʜ?7ʺ:D;Ca̖HUE _֍sf ~O>B޻ *mbA b"y5w!PMvnY.R5 hԕn&@lc4&;PL=HU,_u XqHr1iMEo'GkQG#*hav7vClV͌8,BKT< Ez3 $.\\8"$ƞrO߼9ʖz-8SjPNHЄEVMՈƙ>h!='UeF!Jdu(2ۡ jl9i'\ϖ~6'+0OG/5:r4 <{&4dmKѦ8|#ʎL:=Зe+2~y,?9i -G"z%꿌bȭO)^"]JOO)G[lT/Yj1_#`yT?X{om0Ʒ^$ZX_ 4։H"=6yuX0sϺƮq%$ѵBkkN.B<"SW >mot@>_"WXN .@6=RӄOz<(2:ϩ@`9?C>>c+cTڤ^ [d5oT KV/΃Wփikp2!mDK0ּPwQj֤1V'4&ֆAfo.᯺XBcH7^44lEhUKGb}z DfS %l h|*r ( -۩[:_>}(4 ELKrUwoF#ι_-sZ^ $hN4}Ȼ%\}STX:^'=u0SX3];q寰}bt|leRV-0M3ƣ&Rt9euŎܷҧ]vpVIg:mC?j4Q?Kn^#xKEI3x{;DYƮrtδ#EԱ_p ] ,-3Lgk:Qq45dh\"7cg.֜縤^v`3 Уw? O4:L=RN*9rΚ'^ɧ+_Hud2xFNŌ!Q* 9Ess{ڭi!Ugd !ʎj=P;\/+j7 7B2O${RIqenx@L~-ڱ`bGvϺ[/S]\:vT-iǓ;S< #j\5`;}dtVN lXP 8Olo 8mC2hD^"GF &_ncMcMs=_%iVme]TBn_MAfgyde>^B@9ȊAu5PU C$aܯ-e ڴi&_ȅsk7Z #Czb MFMy>INFo)QĔKnv_|y h\!~$U${mND=^הffwvT Q#|ӂ׮zwN^q0~l<)B|ІkjIC/01^x֠*Х:8Ǐi,M;{0 b tWJ!P,eӸKa6WۓA8% J~|r#'#o8>@?h['o뒘5#հbts Ka~%Q/&އ-HWX zy G)_4QݵupbQ!h ^R N@qp-$:&Sӷ=H/@M,85Fx"C0$kՎ*[?B9&FL'SPmSmsKyVE D i/e ?<8 Rdλm4"rwX2fo%N7_ɨޒ p*^]rIbkB0٬ATRRkϻG 7zbZ{4raQu%3jVϨubǥf&V=1P$%Wd?SoD'GS+)f`R7U0U$+B~AvG+ߣc v)O>,Qs&Eez$o.mUgΩf=R8exbEuR!7k2 WMPGwYNHDՏQxt=("e*"cAQm@ jW(BLҶ?X0*$]J: I|wg{ ә8Qr C2m!ܝ'ߒ{ R|(ޅuuIRK/hҸ&rj`D\'<^&kb"L3¦uYo5Zql|dL. ,_tJt ~ EBK6h($Cy2;O&ahZnKes 2 -:gwPvt6q|S<*5W2mK[s N8i$8 SDo%ȶάhk{CZ.78SGIƊ;'츿{ז)Q|8{84O64*+g<vTlio'6g^3Т\ze,cVŃvuԛ S|Rȉ :K:mZrq")d$0+5L6z*Rprs@#`O6POgTGB`qPYCiKoL lEO;9$Bqv'n*v?+G}8wfZW_ Vyklv5)wM/@F@)wL)|Gtx"Ǿrΰ/+Ot|ʴbb&_&X_¥R\Q=Yn0C d@\+9~îoI(›F2S 9ϢRI%GVXWj泦V|(/Qjg#:/C:F8  `JwDrn~lbm8|B/E0bD4&xE-+Y-͉LqɑB TXp¡OI=dbC7^S68պ=v }ɚ~p6tT9>15 m>T+5j zɣ-geFH |,B MO1}y^%–ZAo~9<{$`_Yz_R`*Nձnjg[%跊n#yiqeM N$YWެ֥* WW?v'(}-v-[1y/y!b 50vQqS9GGc -:'貚E6DZdrnUc-E(ѪN@-4c,rx:ׂ=NJϮa i,XuNĮ&X?h(EQ̾ #(#|rdR[]wjL~b91VKαk;dͮf"^ε1H!~EyȬ~B0ZF4s@!ڏĻ__d)V{ kxU2\;21ax+5\!N}VvNK JB1kpv꠵~׵oc~]}|yRWha!猣񢃯 %ɱ pd($6Slfγ<{4cΜg t(:FXR~ _= vF[J,K m#$:ʥ11 4U! 5OSxߠB.eMF),"#3n;Ҏ7m=Qۼ_Y |.re$aPbS GsiVjcf=,{O)vM P-ytJ1q¢'g&)q06$D-zj~.D uvQn@@lbd5 2m2A1ZuowO٤~(/yrn.Rh±/3LY"ۡfԙVG T.)|v@I l_I/|g)6ӽ&%l !QtJB*=ʰ#l-OZ+uyC %Yap>r_,D`cQ?FLhp@#L~BuʝL&JfuLQ!?.o^4pHJwbQ_뢨A͋VYՆ%%js&2c, ges^u;7S#:dpUKM\!kB$yfZf׍u!WDR]9̿lSEIq`6Co0OϚE˱WRv8;͑@ߥW3)gm)TG;yn.{9mLA>C؋sƒl{1re mӖTJUh}/%~${qoG)e8"Hݓ*eˎxs!;`vm/ Y/PǴ<)Jꄂ'ɒһr>`W6wŵ0l3 ,oSsG}0R#"iEt432>p`. uZ4TBw)"]ɵ C )6SP36}:ѪsQS2y2,`&v=W:Bv%%~x^ R,'R\o'twt)4X+|G~A*> ,`8O;Fa"Y@d ..1 n5~֤0έ-t+Y=Y^^쎟JeӌXbI)a[Ei Z }&Ye8r[/$]I/dp(<,x=Kp3e '7#JP>!ƍ@9&g 8i- [Z.ڦiaWڛ(b*6l':+Is-9?ʆ 'Ml q¯Q]ZWlȇ[UFǒSL'e+=ʁ6i?0}Qajӣ@dx O:PZ/ Ŏ++rTܵWfFHU $ly $÷+38$ߋaƒ,=c@YӾSp6T&xfyet`6/$#}e& ; Vұ1t.&dk*4rw1 Wҕ0.,8ˠ.ȃ̄R5%M_3Y3W?/' w[9} ]|NFZJmɒ%\nTe*"Et@krTM50(T"W\vtKPfܐU=OΞ *YE#z|{tl w I lw%H>sZr.v}C2P3D_[qS~27QcX!'zH%U8,[1iBhk94 sgiN 3鄵"syQxE_'MD{(&B1/ D||Y`f# H6ֽ$59Du&@u'ǁlЅnx+:KlK}FAn*}Vz1q{oCZ+-U%V|u㟻1 V 5DBN61g:؞ɺ첑(rC.y\XRæ~y\/90SV|(DU D3-NmK*Ȏ\ ֍3Avg_oMB'J2 sVW#h{PȬZ{h;915y.$`E."m$߻qr/y´@qƍ T3eCdMbx 1Xpн>lV lwtבI+6V\T1=e-+:*S?Df@w#_!{.2Um".Z&H1^F&}ʆ#g}zﺡVxh, JeR8O:Z7 g$7]9ח'y tCd70J]!#Wi>YDDz=+,j;7/+.Dl+ s΃]k՚^WHD,\J|(xwojeGdCnAcƟ} s =WrJ0/dKz>,Kj̭J؄մP4" ,<`OouKIk!;Y3Vo( hjև$1v\/[}€.F%; ߭0Q 2WXwJA3[mҪN#YB|߱5{6N-:9-osƍ"J9ߩ4,!jfCXt@E0ֆ9=XJHx&(}g~K]$.S/(mYbAIzbJR; Xz%+5&䒯>%~fG\ygUG{H 7؁q4ǀeBʯ4'{]*2;Zgh,QHb^Zm=}8\Q?I>r迮_IИǻFذr _:EdK ,d^#6*!7N"]ɜ7(7;Q$]6* g<]"sq/pݥ-?C;=꽦D ({SO{tzѰMi Hq@#w/2WLtyy?}ln?z̏$}S`(ۈl6jn#)L%c/jmNYA sDҧ~m֓S(')$# ݒW%rDgŶ16֜TABb o;*CHwF to)RFOc!7A[!GT&C<ⓠDaK?>U)O'񊑥dqMXW¹ORrJ& 1a}l%5'7L'?]NHc 9%92z/MYzv[w,>)woAC>50[OFz;kIÍqȋV:c4CvD|0 xT4rBtƯcӭ‚o٫\#ugf;/CMqHRaAӅ*&~\  b/w_A_Y?8Jl5A>ܥROC𰊥p;dQ./!8~~ŔTkƿ“ĩ{P1\3ndY$9;/s0cCkj(r<ܸު8ھ0)[tkVI LjRTF;A;%xqU q%^FH  XQ@;yXPéQ(N>`eZVeM4{OH+HQ ]Lճ~S$4̗n}_۽FJ_T!F=:j 4A|+f4iJSk=#z!*_-Xp"{BmP wc19N+դGϧ:h'I}=eW 15Ah@mbC:,2:2Hb@,')*G6Qwɑˣf1R,+5F^P\;D=PJ!ӏtfsA[:-AX 皝 4-Mlӳ:a7<=̲K0+zi`q lAz`Ѯx?=k W&U?lTX3\JzFT{>{ ByFsT]7إ -LQځwr6nJ2|е#`wW!&FŎ}n>EQx \*eyZl,5^[C \2$N@Q^ ?kz4yglsET_WvL Π3%7@>S+^5xL0͉<˶/<<@^ZzQ"Bt'ʏl E޻VrHA*9}\V 5OsQvƄgfng C-4ת)t#.u?O}u @j^Cչ'aYYJGjLwoݱYPenׯt'U8}YMe.fuSЫr-v%K 4E4e"=Hػ>dX P z.Zg bE@nu뮥pN yS:Y3,b%~y<6 ʮe8Vg{EˢT,eXpkn7P5r4-3 ;>p(~MTR`+0.&aQv/PRƗuPR}4m7#K]U@ }6{jw>X uݤ!!ZMb?Kg?TY#q2G #,v lPM>x~G$;b'Ƴ2Fb^'Ty%iUC avt$|arRق v~9ؿhYi>܊e}my x Mq:F𳘱Ӣ&\!둆[ eJK N8MiQVr2xʢ2=[.:f0E+=aGt :~ Ep"6 ?ɐl?Z6,FJ0DӪ2}U0xWj(HMKnA(]*Ցry=].¿d:(gG?;,HYFWuhru.3X aˣhEBOt`S L>LSvAʿb>d*LK Nm~:x7G 'b&X$h8L zq#]k5?SIVbFyA0|^cx XL`\Erq"x _:]섛mvc(%' *sٔ^ @hN/ٶSI:"Pa֏lpvuC/}(7Bdc)qхX{ɾE=<"8Paڟ\*gY^𗺆3ۙ=J1wrKVa G.꥕#Їo ڀM>ry)sÉ[8[re(W]V7|mw>10!ze5 j3R ` wIBFo5+K #1ۅ=N: u{E *.Ty?&ߏXCu(Kl2)jaǑPY 94,O ޖg<77l%ց5 ?޸sg5,0U{s-V'L@LH+E#"š1~SJʅ">X#Ӗ h"܃uzi@Ktήx.c UKTsLܹ/yae"-^wnצxp KfFɛ̚2IQO"cT )bKc!N}^TAX>fK&/=ӛTOjF3-gV]}S" ۍk\LKLVqRPc+- ;6Ep27&iVZ9Z&~PfLK8wv XeaoG@QchiCdݚSf4@,_y&wN 7_`D$g`l$[ݷqCK2Ȱv~%'*wt;sOtLSw"P(~ ^|aõ]=IzL)sw9q X*O:yRt¥}a sW: Gǰ6#!iզ*}i|A؎tbr4zI#*nlnh^U$ GX9GKpNㄅKTٱg țFdQ:=@T@|d#{7B.T/T;'RT z26tll\MK]v7Qe,wP0G[wKJDw[BaԲ*55k5.0Oϙfpo:"ebZ0V/V6 x&FJo]a-Eqw._i)/bE2U+om0Rp:ٗ.je]_OBQMk>F,h wjfp]7wA.<]Vd6r4<8E4X}tl'}Lƍ[x ekIH* aE t=&嬨O3!a7#>V6u`^^Hdғs\ [.xd@ ut* +g{Fv.uؼ#JfV~T+5s9Y~""\v7nҫu GK{2\WB;WKL42vcX$v/<["+DUv"11ȭPn~ǓV!~ZN!NS,N}ʪqpFfC@Rtai{+ +ukص/# {>UFR.$]0ot|(}f~`ʹU08K T/׵'$ޙD !;$N͖/ĴܸOA8CRl^POq}SVo?!vOCݖьY'〶 C`C#>l`n?ӾUlǫ_,)iOə4A'ZOTsh0ShC0|uǹ:U@Nt,5|oabnӐgrƭ~0+H%9Cvw+I`a jE'lOrD0[`g |==J4h)B㉏]%/]y&&K'DO;x#5+e9́M7_CmVi63 'd ̐!a/L\͌>BFA?.f#9+;#B|u߀fg|hZܴ^slj(ۑ62j{4PAyǐ(*|" iU* -&~3LJZCV &Rrfز;7 ӲF¸>1(eT1}]e0(-*qhB~^Z0];[ +:= g6M7^2O#ck[)d^8*俦PkUwWPɏ0%AhmZԘ??~o3Ѽ;-nwaxYĸyO;Q9dVniLVM"od<>ND9[Tav_hwL}Z>,u\6B6%x4n;Ox U^ ͙irC-鰔 Ag K 6Y>9s(a&)`GN-=f'X+Uc%>V#K8ݹiuT]0RJl! -pDUUAc@& Ap'#zNmL%p8eW\cE*/v%w<1T{ŸS^0>VEdl>J. ϼ񰂅l1ޝaݚ}i+o6L~d><-J:{_^F@b<MK Ĝ OVo7_vݮXd*VZNu0!8\*S!&ߡ[ sR`5ϓfM= Lš;ێMzd|Z/+ v!WWuBi |e*S~ȶnc VXQ-(C7-b|+kNLI?֙d֙c+w҉&w>neHq~^ Z|3cZvkDJdd>WQ(]ʥbځA?[uhJ*i|!(!/<UxzH!#'Z/?Mԡzr>|(։qzSiXQ<85=\` j duɊ;Izەs0>ަ$O~8PÛIyZN%Qho/-(nT9JugY]w{r@)F@2k0Mݔ~X)OXAێ @qN]DKLj3IudI 뉏PPK_^3a%H ?%*ȟg1y8^ !,)p(:08q2-&w08 -J+Mnpфwh`:X:ͬ^ՀBI7ǬǻV;jV3UHԾJ\fY?V [ &o Dyc""50dvW ՅQ^|+] a`v_u!W8-A'Z<Mjl\; :m Y73CgN<6I@|FG ]2ZVp`6V['?Xe3 iz~)t;D ̊Sb ]-/tDƄHs"'p7Ғ%*u3BPZF 6&+eas:$qCaDq]$謌3U_xuW:?YA&Q5e˪yQI=|Ӕ9Ч a^]~Q'AՂM KMyj],Me BStp8fp&Alq*L5?@h  Ϥ HWZWֵ!ptN:5IzqRq}Thj}Ԍmd(oc61Dq-m6ďCИAցFU&Cz\B ӿyA$o'8mrqy(T_/:uy>h W ~ySgTIC͌˛ɨ1ᑠ j'mmt9N"K8 $/ж>iܰ [PXV .^ƅDqnnY>Cv[jbzϙG*rhsAɊQ Fqe8tK|ٶ%0Ax>V!r)a{NlNG-Ԋ70"lrh$ըP?0%8}X4WY:iD+-G .Kmr iDF%™* ܤ [tLjec0LSrx5-6͋8 !~ýek !XQ$?p;or?7qUrBxg0Yo а 3Dh#D#Zc+\] TkҶ2˯0ų8P?ʕ͍&`qN6$0>ϊ ,_PmDۂѴp6_Xn?=5$ǪKF113b5N%iFvSvV9\m>Y\Fٽ _|K{K Lg4SslgrQ6Ax )@|`]pz<̳m#7eDxNAzJ\R=(xbW oh4HдbdKò]B|rN)hSLi%g@+yߡqä_D1No-y j2EF(+ݥkѼVh“ʪzNXcVc* Ln_`FySb4!l#u60u.dDi@kQ<+&&ҋF߹ENTX]Na>,>_ZH/D; }% ^޶薇'B B@&(js꽮 crmR\~m g(%-nX 3 KeP*O= Hg^QȩuU3@DY 4V$Z?g)7%/p⡫:NwK~k76U6$ WgW D {yVAqMz$3]'D (Qٙ󦈄P:H@cӎD̴Dz36d p= .n46RH}\kt۴xv)Juׇ\2ՠBNކ"Pu")~ uNQѶք$^k%z왦w!ɒާ0PfXOC|^j+0B.4긾+ $~Qύޝ$"@=- Ou>:/Ź.Ğuy^C]A<=^8gie1 n ŋ kS^_9 ? \Qe<,en=K&DH9=*}??6#{!q(CT>؋0r3kXQ]VQ(Fإ'FdyObF<7Ɖf?M(/ܤ,{+sX.fG@4YMŜuxI-PQ6՗~=үHi9zk΅I?`[KNj'D0t ,@b/ `mƣ`F@@X)<JS*v^Ϯ‚J6s7r,p]jX/z_S?+:'s7^yAN*vF\]mv`];#]'16`s;WLn1G CT˻v.vLj5M8݂ 9K{}Ye'ݟp"Tz%h_fRaJUt+ZLzni8]ΊbW'C6R@!x|O3[86 #+u2[̙m׭Wq69/lntقe9Ea@/} UDzQ¸ӊ1#x/TbԈxn$/4/'Kk+ dj[J~u{-ߙD㊕]u: k>0!Hbj'm;>6nH8nU3_ڬP` N:P:8O JheuރD9gg4  \ 8s̎2xdf3š@]qǧ- 8ݡ\Z&\b$[oLy>#Mk_RoS3u6H48}"bvzbxYnZLA>NNQAAa-qAsH$5y8bz=tlQ0]C:W{5[h'P6v(SG}=QR;_8i;@yDƴ2ڀIG{ osAac,t9 9Z& x!El t`pWI -[%#XgRWi%~qWkJa*5S'6qk”N.`O2 Ύj}{z% ׃^O|ʖqMppHn,P+Yռ؅L>f^XJgM PN3/Gs!z[-_xN7sᾆ4wkho <:ձGطHK oU"_|fI[^n2wwzuӚ|h\)*Zyy' G[:aofˣ"gH+cC5͇Ue.liU7ھ9"sq.}_y8dVbUNŲqI?Ur~oszɫSD+`UK:>3iP0?fwxff׿  tr']#VvE0;GLKV@iʸlb.;c@M{!0hGbtR܀6̭D>̣PJ8"ycʤ2Ճz])ىQ|ر@Hҧ8nOH,Z^P#|V!V9nYAdoq6O~q R">n]{pUR:x!@?_FI][f>IVFG=fi@_A-al(Zaz_9+pM6.܄ \Gc鸸y ͵' +%E xxgſCC@`<^Y~u=b J 8t!|8!=d A#*R8m~2%+ [XXdmܦs+%x}ڷ(!xZ5|:(.,|591FS٘ d ̤k qw,{ [Uk SpMb)7jH5&SBd\$<*b|: Uo+~aw&(KYpbc*dLk q]zDXN$/ns 0'f4}WYh2:5"P''͍ F!@[W*k]}G12Kq/UeH&H~ ]ϥ<&y鄝g+-;A퍏3۸*q;72g$"G |ƊQ <4;wf}=W:ѥ6oj|ZvRgcUUG=mJzS$^=;;,ݏ3p{6l%źPr7!4E<aݿ+oߵ7GHeY'hE\HQK%3E"y?x% Ѝsж4޸??3~T- zC8}RXK6{t֔ N@O 1bVڲ'{4")?bmi麉g&Bǟ6R$\tblC-<"Z?]^knHAp3ܒ_}FwH,gQG`BMyJS0@93ϽȽhl$zqjIt64T%ʛ!P`IRgÚV|b %8>e4B!qA:vèjْ??T=TmAf];FR'wDfP԰,(W1M.=醤BXaʑw7]ڨОEcY?sA/U)iz,|{QT!t [n{5gurB4w\j>VNS/FxN-Su`(r>0kZI492uÁAVk{n eX"Ϫ8nØQ)'#nh?<BKNFjN}7x߅nFV."l_$b#|G ?ty׃IM{]z6,"("v9Lx o)B$vB*H>=C̱f(І聞3knMLAXxT&쟛?FGs<Ã7>k"C4 sA>Uw p"@Z.՜s Y0LL},jU$mqQZ{eXy 5Po.+|=率q!\G% +0]4f@V'`9V-VGzܓM 1Q,GWa0mTSr)Cp-FpG}4P"2NŭQ_5 մGσCTyYgI f&]ņ(nK R?cÇ׎xa&\EhU5!=dje'ѺAV_}s+Ҩ{F$f؄N:bF~u㬻pOㄪu@ EO:GpgLMBPU8a4֢p=Ȼ몛RᗷIulPorSGl\.L[*ps(cpiÕLN[/o i 3mMtX$% ɊǹsDX0Y_ݤg3slӽQPc$r,!jR@p!_ykdac O* oZV[X=Qʢ4*0W0V)lBN;uAĶ#(ЄA0Tjc56-UcT=/ǡg=Q0Xh~zL mc1c&Ud p%TS/>KFoT14Hl\g9ͦV+ZŅ* ) f* st+tk&&aj`7/b$-M- 3u'ᷝY)=-',?-! FK~h .[LF}Ԣ;h86Gv k1eJ`OIu81h%"'#B&GFwcX3<5Vxg{g6C5Rc^D """+K¿C~*+ŐԳ, Š?.&Y`;0aԉ*|}}PJ" YVg,O;6^ZDŽ0bL FsTdч)w] ry, r= ><0ݚX@H-1YҐ c;W(2;a:kw=ֿ][*{=۽̬*?5CM͛Su5U>-L=K']u_"nneߣRӣ88KMOrɶeF*AvϵLBAF)]ൠ&k-G4VZsNqnɥO$sǨxw.owp|<VFh۔Ҩ1Wdd2q +;T89JOYSxM7'=298 )̝K7ʌc'p3eOqJ14LB^I w[`_37L x+YĝڄϭAo6ѾP iqՓk %XZ]"{#V:X ݫx lIۜ2gd8I 9#M]WyH(ŢR] Gx3a B B4Pi&a7 D #mO4  .u,k!>Vkv920Bc͡|8 *(-Y3|xFi;QOܚkSZ3R~+F$BY0NCpT|Tro$}-m `߅SKyBa/b9Htz"2#327JO:8 [b:lP{{ꁪ/@HNYӎU+lYwK='T9Lv2^ ( Y0k/r]upZE tY&^M7mD>1snbܽ\+OH%7հfhТUqKPK XppY_u{y-64y|5:;3XjV4̨Z>b("sk+zWw:Kqx%^|UtZLX0!aMjULOTy]Nm<_mӒbz Y ?rlۮd8:M-1̗ g-?sA@wO삃 k̘@{ vSY?4Fxn]zg RÃ,\F94nVr~D3|G1Hq7'Č $MdX6|+4 tX ?+& <1BBo5f&K޲ je%)s։[.}I@ Kqhp|F̟\aexY/:7fy8Wߒf\)A"gpƩ/o],=G>5XR"},eI &>$;EvPƟ HA åOV_+74s򫕥+@ xE&:GD_R{JnM_ +]ATW\Ϊai6t]O泿s\aWU(DE-hDCs/5rcf rUя+pc~|&gpę0G{A0Tݖ<ౙ )`H1 v n h}>Ԗ|+o%_}Pw_ [)Ffg96"ӐN`E 3y0dCѿUlJ ہًSy~Lp㙹5\UTCMG/K+߹Q'zb4=`{>eL`T(׬luR[iW@_kuj.nL7M2pGh 3AAOs'6\< i">Ϋ 6"րe+ark)ڃwf0G~^F񔳲h9_v:^U֝Ӯ3c8y]j;v%A?oO1SA0xK'取oΦ/}WUUnD1ʉLuF|? $!s+u!uhmr`@[8M;ϰǞYH1&o.S&;p֬&,Rr3Xj!gwB[*$tzOlئQ5m] Au97S(}ӏ9ݩ_qh6Z|KևOۨyQB!g9_{J2`\tbc]\_;„v;FnR;]q%&yTpuG~;3LF.1aoqTY?,jHQO}'E][FMÜd~~oh϶G<~ 3(#Sg;r-P N9'F:RuNq]M2v C3w.GC?)T1LE#֣s(Ŷ(a'RʨZ# z#?0Q]ٻ$ 7DduAf G̐ypAQII҃7sO^W3̘j8zNAUكo-}9EBRI;2r&{KBgS'mh{Kxs<5ٍcdZ~Z EgȀv9ɒ{7=27-j-`?l"x0콖@CC8%Si -v3K^|!btwU9Ut1ГjoӜNkh?j^_kk!?a o6JiHPSpB(` ,0Ғ2F{4QmuLTEˢ!eQuB-\=mGDRpSW̠h ¦3,΄V W[BE㊮~hǁ0O\?AҴ;'_!̎ݹ#߯ ^`sΡ2Y[Ksq)H^޿E4&!`Zح&iTg?IJ-c]Rn?2 61wcq?1y8FpJ eB/QCsIw+שac6"P |}r 'J(zUfn]m 6—U6}%:57Esjlixpr-s7T 2Z#yeY, hě/)DM{/F{Y/(BЧgK!9ѵ &Oד.0׷N)'^I'@*8}V^ qԿ暈T<;5yM/GB۳* |E@|r\Se--kZߥϐ 175ay -D0 ꕌʉЍ\X5Ѵy("hX^!C)afW5CEɚla.fgzeRDMDЎ 0̧,EļdA=ԭ܉m4>P\#`LHd'nZ9&5=#aE߁[ϩoH$=%D,ƨЙH~鳀\h=Laq[do"-хEţsp, mO]v-`O*y}p59zdSV@+)덵KOY?b*=b y] ViH\gxs}9͐Z|Qin(zXkZV36e~&kX D>W!5J,yQF2HE~qfhʱ-/Q}< ]-qli$DBW#y8ӟv3&x+*!1RXDY\\ȖvXGG1zJUtx(B"稃l,D-I"TmSl1<.%p,$3̗44͏87FOt 4qнV$J_oz^j޵4~6sID5NGT6ҫ kxޏ= ۅwB={O 9pTLd&ṮT Qeu+1*"]s%}d^515M yoT_Kkoȃw[[r>s87mCƑM$pOL5<'xQP_$Y%ydylc @ ~j\_Eu'㘦-@wQE-T߸ I]WH;eV8" ; ̟u䱿5؃w<9Y"Uq=\p "q^# <gsAOm7ۉt]ٓܘ9'g=S)*)=R4D(ltBN3UM472A-\1۴4, r6| 56Y `Ph{ߡ`t攋PɁRչ,yoDbH' 5$,&K:ލ[+pG[ K{ͫmRWPd ck_#͹P)^!oLeQ vM?"/M pDҵTF 7]xBxMB0{T/UAK~vdeF En~ :NdB5 ]E)Τ =W4Iǁ/cpl ,RFE&Z=#RғffZlE9! 1M\j5 ԅ _™p6d0Zz*[(ǴcZ %( t^6tY,NAT{Ҡ$,f_0/WcWk_Q:GN&H&(Wot:ʱm>bϞpو,\o[r8&HACd \)uTwZ.7SrJǒFB z!MޮK{DLe| W19t+]`e1g;!7X7膵N2}}aGfP2zZjuknQ:B+'y 21VtKA_ /P5$%0IbVp(|Mz|erPM%|j?F&" 5[j)&ߝSy񘲲4R$Sk!\/YE6c+S%RCؕN9@dN |$&nRP͡z{[`DIJhn1Nxj?m~d"qx'>dXN$dmZHQمcF;\Cd+UYU(l)-A& *݁_-2?`1Ǥ왌"Qlz meąr%2\~).+6KɎg?@8n1!2&N@WGy (8ID5.vBc[rC\v/RBÍ|oP~8\x,w(l4 0Q>*]  3ƮUkAšL]:ō0765(eenZJ:>+0|1kŃ$,~ilXWh?LX{}mLZ7Sait>F5X&o f^"њo+x d|>/p`k&eVsJ"oja0?5k~ۂэr׎Ti;-veMMzO`Q=~)Q+*#[/"g"Ixdw ( lr1,}tE*r5p=M~GS_Q\VY}şyZT5tIpu@xtp>O /P^N0mk0p 2}UhiB 1AuEeK(>n{oWpt qPy[WL?^ڟ,!ĉ"7ߘJ0*Kr}Ǥj CȓGA"̜vb-M7^fYGx6+KVʏst娩RY QV~Y3r0P1uz=86gIۃ;Va*z< K4MyLNm%Ӹ]v/5T Ǒ"V|S錃y̘&UPN /JXz 0% ]NΓ.*(g5;x&RGtyHl.LkS٢1r"5μ25aDM]!o kSnA톸>H`_ d+s"U,U+! ͋=/&V[ZhτEA9{0@іw:Neo6&Ѭz:6ڃSMGSYvyk`4yvE4Er^NVkROTsCs>* kJʷYJe@#0X5ʪ3r})R_]sݟI8=CBG31Uď\e#@F:c:L򌶁lX}(VkvG*ιZg>OVZRuUYQ[K'ߊ<\|{Sc/ϾU6I{TZA1ykNGtwF[ {`)w_΋8ͭ77)B,r-WmҢۛ A129nXяC9 t_f,0:]tv:+Ñ WZ~30ayk ;9hECj{OywW!:j;]̫ |#;݂0'FFr̄:*B5?\ۻRK.&5O ķdEgs2:a;$l>O53K7|ryB#]i|o S:b?vmېW1I+n>BC?t0 EŮ4MY}5jwAhm\pS^-)y;>Dsui@;>}VtZ[(ЗT5g~[q>G-Ir;_\v-{Hăl7 ˱sp lrr[vN Y|JQ|_° zF>qM|Y 3OHA!Z|?㥡 O;bM95miu\!퍙Р?2 ݅92`[Mfس:Aq^ e*`3 km ~uv, Keqvv1R:1(NEKǖ{s=e:.|T/Do4, \B&nLxf&Պ*HCt6 E7=6`B 1as+!E5-UjB[قuAeDH0( p D7;wyDRY~Th~~+FEW` ^+4t r1b0{W׉]&nA˜Ͷ0zc._Tݜ/TJp81XCc,(7 H 4K&nY0cPkWyEmd@ky3d2@AI O2EeiY'skc^I utiH+Ngݭ!xrHLq+ %2<,i/;`t4p5|ٻB IDtV(GDZD`[AVr'Q,S@bgGўqqeQoo$qDgt1,6|bP\6nEēg0! V<CQ~)B:\|^Dv[|:vN~h4lAvËn8i s}-%buk*kB~=#E5,]5s60pOZmTD+Aͧb\dڪҠo=!NSbZ!B H'nX!q3lk { a.8^D'sqgGNڨ̽i/[-壏:FRVr64E~u:aTT"+*zK&%HȘ)r6#㜌x[vy#Pb.ZO34P:0Mdt WhJd]w:,+p(m^γWzdp 0*U`uvvTR<}M=eڗP}-vޡlj#zJa8vΩ1:',S]"0P)Jbs|V95:;":Nmw8:֨,b.UCĺ?nYhe0".i].P"3Zz%~u_ tYΖ"qz:L.ѭ&VVӸ$=cg?pZ&=8}yL k;*x]iApYhd@xѡ Y%z 4TF;z!2ZJE/)+Nm8o DJS뛿^QY $0y/-s`ɧj]udL#0l"~\"J傈A I,|nié\@|``~v)/Nl H{}4S)7+2D$LY4DVAHH픸E(O/.#*z#b4jhuՉ88U-3X_!j4%6% !iv>UsB:\x-bTf:MpAdi@{9OwxT$řC+#փ% mq*5`ku"ʸb!=?O?cBѵljT-wVTZT+}XZC^QNG[EI DDtXkPcǒܱ[J΄jZ3H$;a+<,A"T잫kZ9Oc{%,kOzn!>pQJ͒'g{/dL/IQ t<"՞7%Ii7sxv祐#) Ýe%P {7~,^*xkU!3H6ڮGݙA =A+-`*h]FZƹi&=yϥ [a{8S)郜r~ArcJ *7`B -zMW|Բ!}ܻHD ?B&/Ud4K0/ }1Z|RBXë3}=q^Ztd˃5Aj4Kh6\>e܈c uc$UmMk~w]<7'hHi"E(UkeTP“aEGUH#0sxdġF4Oiisxy?̙Z dMSMm3:Vݟ}+e6n ^ }`BDs '"*p3(H iay 몯-T){fjx3xB|rȚjnPwMbpqbx %%k[2. K4gȔPnC Pfnɱ zW7w%x l TxON>6 :hanyjϦ1Kn85d4\8w|= `rN}KM!jsjsΕl^RI oFx^Bu=p,4uNaoAˊD. ({E| 9)i!X IDT,hkb?ZɡfĖ_Co $da#0}O\dFZNePh\tG_!9n]wZ&NP#Kzuw jElxٌ_ &h#}H覥}qm8k>\q.aa5gԼ>e8FZ*;E㜩+fi98XUA$8` &hp)I4h#mmh*Iٷ\/J7ʃSy0TA}LhLS V7:D$J4_b.%Lצ,U+Ax}*z!%[X;?E!cЮГG1d~YpŨ%Rp(?^.ISfEz[U hvLʨV ӉWPK.ߨpu{Jl9TSLᰒ4T'RQ[3 5.gPKGh)m(|d=lVK8Zϟ(`ڢf . tSbW[S5x^۴r'a 'sh`2F?w3e ض_NC@R)=d|jkk+^T[ =' e{cNwD|uۖvl䔤%zE|q &Bxy fg&ȧpڹ&DnUuxbVo¨0a YuW󷷨neoR8=k`hWe/]#溳ʞW,j; =-yJ쎗bs9xD<Aە/zǼnǎ|rZ;0 j3H|`QVh=BrB IVei"_["fř|xhMO&&ݧ"<!R BE`S O&.j*{ 7I9Dh&C[`b٭R-㋻qe@JNa8yn0A&,{6 7쓱?6fLc簑F&fm~(Rd䃧˙eTH2UQ(YY@buv[%Nڞ3Yyy eQ-`P cIl7|t=khwu3+lK7`_MeaqNUEyeԥD$M<'[$IDٞEP 1t \ŀ/gFxl9qWڵ^kt7mӼSB"jhivZ?d 6`EWz"44EZ$FUy;OVe%C0on:,%'/jy_eOт, 5 Br/Gߥ."}#l&$Ѓ m64>4u:W9Qa75< <HS˜b\."_e^ Z;ձ u\Gk9ؙnڪ <ըE*ƷE٢FeN_^LK{qp7lS0o&TwIhkPSj.f~D&T#ah0R}_24Y }ɧڐ>K6~ r  }Xp,T#G fW*wdB~0I{>1HXv){_$"Ԛ| oՅZC!a~ҊдFZ B۹˺A['/E}O.HPRywh~weI]|##Rv4 w+r$5];'Zez.dx,6>Ց:gyo&&uU:Ñf儍~Aç72ZJ3Ŏ faNaϳ6dNTL5k;{3c"5|h < ;#mM3FCz crMZ+IH! 2Ӽ7 {xۅYoU$jz2+@ ǃBJa_%"TJ1%O1ynsJc$<>,@^ߩiPL3'45 Mw*_>śYJYGrVݴ^#tx6ZƼ!OCYE9Nu-x\E7럓k|FNx?Ƶ谶fɐ!-6ɯQkUUnL6>\$y .t5I\V/wN|TPDHeM_L$;Nހ?vGQAwQz(pj9PwˑI},G K{ Qi5+f0u`n!Y8œke+mDb'>H(#f&E S/B& -Q: 8K\H TQ;1e݇$Zô kTL{vBTp)>fǻX#v|d: &^{Ţ}Ḏf.+lMp6]IbZFO嫝yvTF'Wyb!UC12GH @FTrampt`MrI<`ykli 6Lٺ&;LV oZ,C_9HYul3|j~}ݜM.XJJ؆ȍNBIPw@!U>vV1Ey**KkFQޔ7YDNUwi6v$ Σ/XXZ0Fǹ푥9W_w (=-%L_"1~*(˷smh̦ؗ%)gyԚwSueaLH<(<@+9sL2k7FY٢cbv..-3H'mbfW{Rɞlo~'u^-KJ,AydT {#w9=#seZSvGD_a#APnzi"p?l+UKjFY<8޽+# L z66|e}FӾM1er㈰`,G0FU:@ 'ZBffC-km4:rGp t9.fd*㮘PTO:Hk3wǑlP}Y_;ʯ= ޘ}q tk^ 8b;`o5M[_Q"ije28(9LNyHVJ(S3" ?=A-ŗP~0|w뛊"`SCLṭ+.8GpG 48gY=ۜH@cC2`' hJދ>1q )cӟ ?ތ}u6l%џZ=fۍdg7_>P"\<OaZqs<<u}'3Tه5⽷?2@q7U"t-=ɁoJɅI fJϽ5R'in\ʁV3c"q| /:i\,(Z75 I\͸_t'&O`XXIx M˾Rq} qK}`_u$/%f8?]~qJYyʪS"hVpjX-t)~A >Hb H ~/)kjnXVb3~^әqɺ9 O׫GP} .H(y.TP, r;[|=ylUD5TkJ|#IDTD,c SYԃ8Hk1+̋pS U@R#s^N8ˊXmJ"!)ɍB4S0jZ"qTҤçtF+o~As)JU;|yq ~H ^iFA ͧgb,16=Fߊ }fAl8*MOiMBiH\y,7B MAJ]C~ g(I <5Oi;-+}OOg+tWXA%J+Ӽ G(-o 3@jt:eWSM{iᜎ4mo H))dA(#{xj pLdo^<)̔!D$] Ƥ m$|A6j-UQ󹛦ƕԊhO4HKk`QrH=`)t?/fWMCt52ƎHIXȢ")%0=̅9tLcgwLOM ^TqFb<  ('e?&%>[vhoHZIiBb*Iך7u$bXE7= ̥!}!>[,hV/),F <gϖ&D|M_΍~]:D箒hIEbEDsm$8Pi}o۞ |PvQ޹qqTh &nv HdpզUaDz_|gI; \z΀C`Oznz#UC\丣 $jsck)͘~{ܗq~b)JzL}$rS -vJ힙,n N'xK#ϗ'F(*o}.M*(([6~ȫ٤ a>,ujV)oA29q]%ߝ?bv`\V8cK5KF P?=i$-FX#b'VOs1!yڣ`ua+Q{ety fIokI3\SDFHoOD)GڦNWY=cW@7&@UEQe3V :u[փo1DY<7{ 6s'd_{䖾fj,t%, uW>_5R,hx:;VZ _,>;(sh.o6TVKD hϕn>^^.15ds2,(Wg%)R_GK_?eOn PpZ1O/pO/(ùXReuf/Iq^R^&:Y!xͶlfVG#TJ—y_Cd呙_Q8TyK^?I4Xc>[t%|,KexxP[1tH'4Iz')2@M 0M2 nCEE_u_LwfE4B䑩aRvVw/u9֙ bIjͳ7!z(_h/a$.7˨ާ:~Ρ|ZD~[dsemN捱ik 1Ś )%T-%ةI+RY2\fM(t%F ct"8k?c{&-d׽P̋9ٚ`5Λ50 tS|`E@4I ud4lkUk/L g>o Pӎ{&K.q,'[9,a [Qpڠej`ð: ^3 ["=>?l#,A~< _ߜ)]H}ۚ6=7'$ S[dbZ@r% Bqon҆K鱰 ZWǪ:jʽur 1`}LDG }1߱yBVPRqU-f8"TWjYyC/q2+,d{yl/V XsڱXs#^%-o] [1xCÖ ֬քX<:!f^bc:4(IܲZdױDxZk0J*$tgK( )o1 bLc [U_by+ GDTܧ:J><_R5$s k0.ZlR'[.,e";2:bzy朞ǔF8:5+vTmM$}8gJv-E :k^p\P4aYu*Dp9q}&'3 HZ(]'Ӝ~;:T|p]_д)_?pZծJHm'Uo~3l!ǖ ^f6= S86`pv`UnH*CUc#UcayƲ_p˭4EUgw<9M^nNs F,>p1kYP4E-yC|S &t1YL'$Th,vM KA|/ e=I5oWN't iIpʴuU#O=5_Z > FV[nb 4xHzYSa q~E4IW!isQY9wiQERޔeIkwLX~e΋}ܩvA/Fp/ BWN`sgd/]t.oڅ{d;A,2psD^d&Ŵ7{ŷyoI3J{>P+vkZx%S]j%wIF9.ZW0үޜ-M4&_EC-~i%!Bg)/^X9{>ֻ{'f:02 -JMR r֤9#,K˛UHH1~WX7*OZ,75͔({XC uB?kߞhnUY t7غh/ue69 Z\lUJQ6jImԃr pb%؀8Ѩl5w`"3i<.$?+|I9q]p]'F=?-x]D^lKmd)uT~o)S⇁tce~`s WVx?A@x`жr E6ꊴU@f{=<ɬ4$wnGki/In!M*`v}?$퓱dzm{4>8v+)B|óL/jUg,a7m< Jg%r9=nhH $oaIege˨J)A#~Op*>2Kvau5h61hqDX7Z?q[ԍz;Q hP4OΕpoǪ}̹˿?MfNy@#NGnׂϡ#g"$k(yԟ嗜cofs9Vs{fӏdlBg>eVm\-:vkc>B8Ze^Ig;dVyy6"Ouw$0fq H1,1׀== ypj Z5Xd2 Zat# :\yq_;цH3hLz_F1.V-lMU QZbs\6P'\@ f'e~bp|:-Uw8k&Ohkyh~[61;՟a XκiYshT/1o8jvo:cߐk!V(/Ѭc+pZ#j;2•H͵ÊyrFA7̬ya?h+{ۥ"fly9?[ݔ SiG_"*A@V0$c$qRblQv D=Iey⊃2gspF*Agy<fe%0{Q:zX}f\މCl~58QA18M hGGF T#!$+uwT;@+ScWVށ&LcԚ"+"o3ȯ5)I~JmpoU/9Jde<m [Zי樂nE4%E´ $^KeesDd1w7 o+vF3CV"1"ݩ`},UI#5 =D#^4#AVT98z䕪|+t1ݎb4)3dW SAȗfV@XUjXwtOb%*jYqP POfךWC|'W7%Ԉ2# 1,4?gs(*MTo^~̨_vג?&eh`Q15_Jɾ$\JoQi #Yrn㘊#NX:~=KMno"H !:LXxX큫⌶clb۽CZR.E9Ñڥ7RTx|g+8w;9&18~@y*$EX)_7 /[VK$rnѨ4kyo('O( kXR pe&#=ۋd)X06Fө~ՒF|uSMŔ3 |bc.gh1ji:7[qwѬFW\*9$ 9UUCshO ,Y! J{XR1'YS9e*Bkp4SN.q2*zb#0.s%$9Q@C He9$cC3wޑ2'ȭ @};#:^\T/AGTQ9;*ߺ3'y)rꃄEsRtK@D/#jz溦H9=aQH]f s)q WGScd/%ĝ?[y\xmdvZ9,3c|Q΋IڝPzr^0˻pA ѡ/B;~&2AD=R SU#Mj,eHϚ#$[!3l (s>;2C㟭 z~'(z" ê]wБ Ak#F/G TЛJ[\c$kcV# viưhB*do1.rGF$#I+_675@Ш#Na3RXKqdn1;s8dA!-FD1ۼ7Yϲ*Q'flœG]T;l؋R; &R 3ТuH=oRج+ۖa!}]s+A2wzj͝a}j#HpEW+Bb -3"u R0Af6/kz2hp^΍өe%z8%2f=FST}6L[]R _}_|EK]&]zL]tw߮b q<De9p:blxKdxGlV!]8 /~5a6*yM0 L=B-^i {uo1mvI~ѹTH 4sκ (cF^5㘶_e& =j6Z€ђR(܆P'H#'ǀ>]Vkpqwuvg|8wsS#Ζ6\WQ \ꊢDhSAc ~0+EUKZ0"$csѱΐS d#Lċ`3\&2"> isM&$r&R N :ܯOr$pFg ՖIX wC낗] ;M!d#UJw @!A Q, 1&.|PvcJ#e1-YZ3PCyƄ.UsV8Dτ fJx@x{ܢw Ktӛltu`oퟰ) kDbYvp)}̜ه6f+g.|QoI+[u{uVj}-,sY0]/Yp.1>A<|ɾ4d]TB=nE螱@ P }bty (*LS$;?y?(EASRI͸RCMpOm}2mXTg0Zpg_d67~Y8m(`ػq7Ϡ[*3K R.É:׽4ͰadXӾ$LJQy1(qVjVT/BDvvןڜx[Rhz`H!x >mGorAKYڴbQBg.*Qz]|$\k`w>VI?p`rz &ttIaшO8?N6&FZQ<IaA7"aJs6Q?Iv=TةNi?jUE6h{!;3]+5Ef+lj\ɝMO W"`@L AN8OF=17If^fXm82}S}G4kU~a-COB.ڑ-ȑ ""a^us]TA٘ho9(3'78覴527("$H,|mw<|Wc?3إ; %Vld9.!$L_" LQ1R- {;_ܳ3@\"kBb/c8=M!Ô塆 3cxVxpqzqG'B/Oɲ^Cn54O< sWߊ`#7 Cb>E$˝u[ÊSI ua6R?|I 0!^ې]G3I[$iz O BDM٧ eĥ%]}' ")-k+ͩNmTS1HYO؊TA ` yc:V"gz-nUY|󱾔f*RQ։qT|\hf:|??!_O&1*T7͛;_DJYW*\q-h !5fOdAdjQ-HlfzF_/c8oR!EeOSPCPɆn T[~05A,dP/]*B݄ D,<L9L)#3 1lh QeX<)W]mܛFC6?QZXj:+`j kx`(^O?TD]{T9Wι;OQ;+Ě/ۀ#_7M~﹕iߞOuf)u7K@V8 Qi]p7;i:Q>P?=ֽQ&$᫏W1ks Ǿ_Sg AD ,4Isf\or(Y拂+A5(]uXdbBBX(.nɠ-Rf#_swU cI8ÃLGh\Q>>ޯVХҖtKyRCHc ~) ~;}]uܗ}P$ZS}pʑXaƊX/NaQyo9-|,Zaz+O.*#뵹B@tinV M+ʼf414V8t]gDJ j(F XpEB<Pd1tpjkO9B,\>) H{R<-1>w mt/U]>=FoE}{̌ob>sP(R͆Ђk}[3>x&cG>}8ѵ|۰Տa,!zx. Tb%h~c}cfTHR&¦D1e/  1 MXD*PmײnkZl+9&1f%6)<"0 +ihB($)L続QW2(z) dZib"fd5zzfq*pgmY9#.w -'ա'“!x `B2QjdV8-߀6,>~8zrE_{rWTLw=MY/G 3Z*H)rq#-C0婺Ð3#2%榊X!Y`dq8AZԳ*_čռQ\k,JF/6e!Z2vB1op*M+Ԩ $H9fʳc+J)uʖؾJGe*W14]GX&d",)ڭKθ4 @7%nrh';ͬ +nR~T'kܶÂD+K#)90i$u3dS, T%q!?1W+> \j.K7(xounoa'3Gl$}'?)DG)䳀Osʳ(u#}6yQ"3ՙa)? GFXV{~h\G0uAZ&? P%qx7jh\6'O1HCG%Eue0C#:ָ@oah*l"E-|Šp, TM#>AMxm[G 4й/P+dߔ%MuVZ* 4E|$+~Oɻ:F-nJ=(@>S us^@va@X9x V'|q7_}T wըΆIMt[eQ8,l=79ΤAդ^aT %q1w \ṵ̈Os4hڛini=jUwJq} oF-ا@E!<}_2|'Zt!yV;zN2h_a-ҟ2HloqWqa;ADV`L[XJ6 eq.(DP~% DBjCx\3) R/&>wJz1鐭T@ӏ{jRZm` k4a֧)X )-+e\m|ejX]HTw~RF4NmiL31J3\ ] 99LH @?zW6U3]{ؠbU w.]jS l.al:oJFnZZ1ڲGPu3*578s0\u瘗`ꥲ9Z`_yZa[i?p":a#|Z(aznEd2Ú9Q駺JJ:m)lst>v?1@.U(@spU",޴5[9an*q@`ֈgPg38}Vp_UF U;U2 \!ӮTuw*MfO2:Xx4?8q{hua 6mDitl,"vm"Y[!yQs{ofʀcȔl'!ZJ. 3ӓşUY>y-w~gˏ-)'esݰqa>pLN|}G?,$NnK0Fp]c@W8u0~76ф/tmq-E? L7̪lt4F'Mh49V{G?JL]7 Si .IucTdY͹ͼ a:[O z`PՎV:Qpok,T*YYkTݬ33(=aԻSKAq34)2R17'HK*y #ODX `5(sMC>8fw+%GMB(7íњI_<Opq⭚Q"(K|q8o+Ԕ^cG} u m< KXLhwcŻ/IA Ж.]0+5QTUXkA0 $.*dD lJʠѶY Ueh\$9dG{%E E/0;_ (}x v@|a؁5m!MIR(vFJz}S烨ǀJ޼jOUf} 7 E6]f#H88*I UrFC=Ң3}:SzEdH: ~[&+ZLr,g7&w{= {N dW.{DWwt/u<2;䃵 a+}#үbꉊdy1{^1}[ɽ$0{i؄-ÓUtC^ kY{(蕻1W4"c'LPFQPY %B3lѺ˶✅/QH>[,BygRB~ (T*\n'D 4MW$4*j\AG'7Ft\eBb?ȶ H@idmgkWz§"M]H;!ib E|W": 9G#pKXt=%_9$& JgD oa15V}h5NH8M̏1 t/ծdTn4DUd~qb;K22M.EM{YQ#HG97¨G! AhaYqSo$: pt@Z⣎ݭCO5hY`'WW];Ҥ=W-`UA0*DѢC`ߔiKƤ݆Е1Ģ05K%Q_cTԸW+* RY$}gd֠Pq)0XP!Hj[L.jh3=ĺ2hHp Pwu9fx_|϶qBO|}`̒ 03H@[cĺ3DAxMQq+ WghV>AjfVk!^{{'W< ci:yۤ~JJiYVGx&IemcxZ&3يFv`-T8ggd/REw3!ZoSwKA.qXǐ+_DB˺i !(lZ[0yzr0qHw@s&y6k78K :^QəWD}UUɖY耨|ԝ(KZ-k@>ޟ)s%7 pqlT_Hjq$ؖg_sh$fgTg 0cgtLB^_|$y`+߅. ź4z\GZV5ҪĎ jO&- A5I# /4%Gو%hʉH 늌,WҕYɕ`,Ӝ~\ϖj[>>OUX|(bnBvvoHSŌt>$mSO@O W!!,nȿ%@KTt-A*$̷njBd.w~m'W6A1j%~/pTJa8[򉏄10IS`@=vlEt͋.s7=|nqb{]صwoyZM7 ;!NT3DuKJqA~OkYϟRh  V$] ~:Z1տYx:S͔V"ə2{%1@=T2 9'sU,+W{LAr=;deްnsY~*!^Ī>xOUⴔ'qX*<ϚI2-5PXNƮȼMi?evx"8R9jSLyФD`%f>5qW n?Lz[-u&9H+uJ V)1d_ljzU̝ÿNcYñI1I_IO^<~[=Xtc4Ʌ"0'̉Lbnquhod<!Np8“*}ʌKŨq@hK?&LOIq\t~\YHL%[y lF9$h2Nylό88a?%7kjz'Q`R:?N2k gCWCdA͕ױmtJcug1]Q= hcYͤx#ש>:k3;<*#1~E >LL08)ly%3n{jvVxNxbkj+jEPt?}NopJ ƣ̱#h˖@BRV4 `I7\e] °heN.zÞzv#o k&\(XtQ4~W]ҋF]\9Vʧ~R=R;imANO*; \l~jeӃi ?ze?pD'uo?DXej'7̆}?% BWt<@Dx X{@9Sba})k#bzG6[Qu~am&ͱ"#u{ndlX' 9NKY &' XLմ;n^pBʢ墘P.[XOOPx 7lѭ~NkgqS9]F2w9qJ(`s HMmF+s3"544E!#M tьQgTF RrӎUrn9#oaŠاfkz3 qzP΁"Q#7@c?)Խ[mc2Y&2꠨ v8),!:}'yһFל!R ~L4@µ.A4q)Uj*,A*OFphLudHl˙*x\XU PދnW:pSļe C=>&8A^GL09觛@Kkri`/HudQ W|2eevj^rUJTjG[r` e `횤%(X~V9|)g\~~ pWSSF^I1Ӏ,Fiۈ~U)-# / +}8K]p0|DC ?m{td TC K*/өnOa1wnA@O Hyc7}+%&?79L<x&ն,R]@&T@_FΟ;6g--číoz'Bfcg 1pDSǩzv OɩkZ~X10 OדBàP%.Wh%+Zs\Z5ܛxIg"ZD9kz'f:aN]0&Ȅ.Bw*/R lw@\N2]NVU錢U]8SYϖuVPb.}3n#ө9ʒQ!I ;|5$id!Lj6:x !8O23D}yJ=kA9F_]k'VyM k`h@*)Z{7! ORg(t<5{X!)")|nEKRd;R(t~!\z-e)cg9V*iv^K,3p)\npdzq|lژH ›:b^K5n@,~{*9陠FMfe=EOCqs)ԘH]%^/{pŲbLWzN[j(u'gqVFzhU_3>eHV!Wg㞣@vv  ܉0bJԭH#2B 1sh EP"aӆ"[S ش:Ԫ¬cEpԖig1;mtX.*uL77фw0P<Av> ܛu8)ڻXk~ ][+mkܨ[/Cڐ ӿ3Vkv' J$*nMPcsp+``5xc5)+M0njEs TpIfVROOEf2Z !j<'ɳF>L׻X#|Ek;=ʰ{(|2|N]S7 CE>{R|;v+KJK36gQس\Y5] Al@ #IC!NW]3;˟*E%rRLO\&We&?|F {CG},nfCtRY"S+U+؃`R㗁skcQ[nB*\w)\zb5|r9@,Rry׫n50+녰bCw\+)$ 2ƨ͌jfKK s1xKt P=5z*TbA!YP57N]#!ӆ`PDz"r;$>BI\0c38 M2[oqZ|afClRxQK OG("89C]bA yA0/O ĘҩMXk]0e`Q46I3.8~QA,V:i2֭s))\xO<'$wu6޳iLÝnz.\Wl5ssU;,8m=N[J8;9a'M3 XzJa8u,p]ZKp5Rjlu#0֌ Ua1e%iާ0Q 2QM6G n֩ts 򶺳.]2'*)H%⻎Zo*~ev{ɐoU^3f_(!ɪcviT+: /2l"*ZazZSpWە@JQ|C!d}bN@,{^t_|*W묵(Bql㹹$Ts*{yOMn2LY|o&]^9Mm$BT q>f~gP` t&nop2 WuF:l#o5J{>+h u jƁyГ>7 c-nPǷdZ"MY!%Yeǘ y`9O#!GUiP6jn.۳rPM.YXE9fW n4J}G">5Մ†jD)ܓP$8KҬNR9uiסDU15DNa|\Nr^OwkE]2 o1T9ppD%=3 W"j2ϿVY2%z&^.40bʇq'Ԅ|a}_tUlݬSha(!|ްb<>=ݢ-JI>noInii/QhR.~!f]7?SmƇ~yo.pQ#H&|gc\[ uIPC' bhOm"Ip#6 h#uюH/RbB&u]&c${\g,4V3':Lwf)Fu1zoa4)~(hp-Z/f &f\BZ>bSق]i0 }qT6ӳ` Oe3BDi0hTrL׉؏q +bTHYjYwq;9l2pWzYH*~)Y%i 9UDֻ7F%&k x0˩~a㹺+5 Z+ǟmCt >m!&.!kt3V|YD:i' (l=ajf#`/I@{vLO| [} X>Fj zEEaz ׏mHvUZف0/N3m->˔Skj̡"R@Lg~^PO5A; PH !eBVY49gn|.q"b1G0Hot>܈..Ϯcr-c;(G}LI7Wv8 P jZlDa.W\3x^%Y@m@WnTL.' `E]olH8vcEf:iFiwZ/)WJg;T2+&xfHV~" ƴVz(o]7PI|_'[D]4|sjض'h}kq]9œ}nP/K5;4ډk$V¡VuщH[4P)Y21i_6j]/Q@^!Sהh0(RtsSIjr9wFAwjJ '"ߣѴJ4: lIE h%n0F8_7%?c ^ح`a"B}6$0߹&H@Ĩ Oû '?9 fκ]7> +LK=im)Kě" bYIvr 蜧E$s$rXZ pOuqʲ8Eg[S{pkb- "Qh߂pT *ih?.i<ё R k|waz;@zP+Zq(5:I=N~Q["9g!QbX -5Q?k'EϐP^ƚ`G05Q;me^mx@L)*8@r0D?6-X& Ir3 hZ& BIkؼ{صzAKZI¯ʧjv7<jlZ|y燿uCR!A인߶bBߔ 誐LvzjѰq[aܞ粄֯ E&o̩-kTby6A 4HTViwvFXeyi:tT ޖ.ɬXns ݽ&v<ӉЖ"Ǧ+\Łh'L?Km=uICc `ꝠeN(1']@m"xHt"L9wtUItJPmf3U 3CŲ{Eb)뺘G;.1-d˼~Ib=r:~Sw /:oQ-Qda&4Q `v2Ϲy+TS2[uO !';Kw>[Tq5bNI{[o>:jev F6Ȋ U5i"H%|249<CV~V޻o*$TpRaJ9p-ג-\a/w'}Bw!9:J6{NHWܺ [블vpm-N=a*\MF}UuPn(?R)6ttuCl٠ۤT,Q "He5.P] ^vnpajFn{Fb <{^z%C!˧HTGߜ`0bsKkys?h`DmsW}x <F 10]'.آT)F"Ufn#TR9R 4̀].kK[Z$ͨ ;!ӟ,鳬 35DGٲve?VGk6CFM?I,kBFd^vnI`-CLe6PYkK(+f7& ',$θy :s#`wq߈w%b' ZʓQխgn@p (-MKo\54/c2 a6εYPja5[.Ջԛ?drL r7XJD% }F'yu!tZ ntQ>I&UC(œx#tYܢٲ^p8tz)Ty`> 0 C}tda2yCOKf `Zԋs $3S5 dPM.c¹[V)I˄_WQ{?UD^;.qY=Qpџj ~rQ>3`*!9罎'qo9 hz&8iMp<)KV#RA@`1( 'G2'U-WMpG?G7qsւcKRʗہ80뚃l5_5j@Ss΂@^YZӪaq Y{E7r&y0(a67Rd= 8߇1>JJgzJ&܉\ BPZf8Z>,w6$b"?)WYCvr7ɹEֱ4"m3!Xvv+BFr^Y7dp#9VdK*[\󿥧=+kWw2La7^Wꩽb|Dj;AZ5Aw?g<fy!aZPICRɠi',뛜1'ȷg/35o*[A +(n$%ohZ^v eFXA9FyKF<P6pp}84eƨH7M+)lۮo`ڢiN;tHu^xN'RyFV}켸Ydb^ؼ|)n|r#شV P2%Pud ABHg9a&هoho8IdhXXz *p1K:$A*dv=yVQg֖{cYݟ^%Ng`&%Pd}P'R.4wqA"^}4HBKqd@nnDf4t, 'd9\GȜ [hW>VeSFb4;]\"]gh H،Z). 7S},'%SJ{A}mJHeC]C 2k̫$ %=66D[,t;xSn/E'/=ǎ3g1N<\@Zs׏lBb@N)Gb+ {[vx3m60bۍ."Uj̺lˆ | i%TCGi[݁{ -x`}onyK+31>x 2ʬ&Z#;k2wR\|$xPWy0sGRHS3B\:\ Wb>GWL *] Z1x|M߄̵<&[GI  1"JkL3^s,U'6lT/Q F qEhzŌR9Z<I\sV JlhMDM,}.h swULHfCW#2S4rwxnhenqo=3ňFJi]dPÓ;*,p35AULM)W+P~!\X L3hŎ u0/WHůV#!$d]nՄ Kk gHD?d+RG#E}' aCD6Sُj`_F"Ɠ33)I2SUq-Y9W0eÅB[6}{ZHi#^y y{2No .jx~f0hQʲq/SZrEd||k.N k'B숗X_-$-(fۊ.]<-5}D:DʳEh#H2yjĵpR L6'NoV,b$۽ W _!ݧ"ԍN p1:Cی)` UDjgK]^iUֈ<&L`q:.MC8 `Ჹ.%id2\ @tj' 8$MWh[%YmO%MЌH_%QWW \˻ E2Zs {#t!rck 2|9yG%چҙ{;CYf)D>'Jn"DkbI_ަ!gSڰ ߝsO*;'VR: ;Jyc\u;F =f[jbjҩ8#s-\OZM],{6T# gI~)R]{4r*w:Jwt8?lmyFϕnq@t0ไ a(#|}Тkr@hMXQ s1O\8+pgvrZkc祚'l?kU"g|>xo+BХ(Vrݶ/vۏotkXwTCۢ ,*_-eU/k続 piǬGU޳<2*D"F+ც4PGuAΜ^ PƩzۈxTR+IgcCK #vMR~9IWد t):O= 0pȖiQE"M̺F"7MyuY7$ZK2!"XST{'AOJd'БMłRU?X#׆EDڂ 6p}P2{vp(GkPE'{Ë͘.pzq`u.$ຑz0VZV*[ m_3],Ov;޹ni_]]3j>]|]Mᑴ\ H:cZA[.rx_CvGEͯpZ֜hw B{aM˟1VG7XHN6nِ|b6A"r=̜T 3o ._P}u ]w< \M䮹B>@_o%Oq{ơc#5WE!sQؑXB?]z!a\GI)/RFoYə [J"r!BHUR RAF3 g81r?ryֵ/&LmLu)@`4:&u *~he8 ";D'?/pmo+1 Ka.%x+{ffT6KL[bEF͐R_K8=ϻ/IjԷ t4°MP>[t$/&AE}v ~2aU#;؜c = 6#! (g8ո ^ʲ.dfTA޽?0|V&7Pi%v*1;cAo ZAڒm4eM끞A¹:,qN֗V HCϴ@N-DU޳HԖgv'S#\jJL3!cVRr b"4B@t  Y,F0\Ceh{>3UgBqI<;D*ОGăh{+T{3oA?]zt.&b|; U2o,mZj_In('pŻO xQk Oxp&$Lg܀ 1~M w *OޒGg1APj>@IY0ZBNG1&tk׾Ǩөw~x?Ճthr?Vl;GcHwow9 m7brW$CLis5/spxT^ 0k|P3 !,ds"㺅!vd}3ۆǧ!m<˵]SI|dA+5:.ϪSj_@Zw0o]f_| xW4O8kSeDn %;@0%?6kr4Rs;q7;>03-Fd{&\^5Kڵ3 @uoQ ӽn%b.Ӡ@74GeݝkƝ"EJ13^l8ݝXޝVȿx, {D􃧗4Ty: /)X $:?:`~&e4".4"Fm΄?*+E_(vȖij&RDTm36U^k~KNHROl_o$c69ʦH^$gSDsz,+rZK37*dc4@@^Yp̊_ܖ>Z|]c#b cd@vC.w.ȥ -điAg=颬 RYPl;'6\[ȶF#"+i #BfU^X \'0  0 e%]rE όNH>dy>bS/yLp(efM z N$\KcLiqUѴLfs& URXh%W1kV.vïtꄆUN=.-h]x)#L ;ZNTP?qMVrc Qv7\ shyBTN^i:Hd14@3iH5i)eK*dg^z+Oc|)B$ y˟aȪ/%eϲ D#%*_)By_Mq#[mޖؔƄayȸjX.?y~ C =6ry[*Ugr{cri~)iB?}Vfc uvP/m&-/{n,eI$b2 /ߜkNJO;;Tˋ\rZ OVX_/ ~mH>UL?6&v2o©uchd]dv;3 "AUĎ]>~lI-؝{2( ^P uf'!) =P>D< ;\r'K]`ocVWX򿣷(S$I;IyRJ-ۊ+~N+I4$*YÓ:傲>N7^}aAnn:CvigB~U߫!vTŐ rۆI$hQvt tW%EDѴb+KOoITC,fJuUֿX!R/pKg9\IA"H|D}佘ŕՎX: #K bTʬ/\_. Þ&uZ%tg楌Ag8ĉ\w B˝PTbJX2c 46}75Ln-5k[8x,aMqv̡q1CfJ0n  iFPD3犿Ӎ .r RBϸbhR/-ӳtkɏ?f M*0!ve1*±d^3,f\F "ֲ@Oc1I%J>243m̱R3hNeAmfOU%5dyfI +yГL/~mT?GX`Qӌmn~W' |aQ=&&x vcL4QPhfL>s!JL+c+z'#/J4?gKD _ ݲIW+̲YYy+}JCXG HSjFNkO.\K]_(}lbPTq9CL?PlԖQlۡ$a*)=zy:Nu#kRH5ÐĬSs H3bka&P۾Oag0x2L7W ,w~XG*; A$9 gSp%ŦV`f?.R=2,֤g`j5*-IIې@3rdo)F,g@8#Œ_8O$q3EoD:l `Ml3FR s}jmoBf⼝+B쿪Pu*T3pR b2@g{K1/iE G416CU:6yLk |u,yaߞS+xZ(B-"yo)\Vy|O,Vo&qևFrQRz$sgDo*u9ydEűC+1`C?Cxg1tpMgKF ћ*#wf$mML<֤Aͳ!NuIe1jm9۸.8Q@΃F[J vXW?]<e~,˖}ཱིP)i*+B"iE62#֜Wd2Dfޞu^UH?f/ijA(+e~ x~ڤ)€n[cז zШ/u5 zeUAdž:Hz`*Ұ|!a2b@+_#6:!D7v_7,IY)\Du%\$-v2a^!@Y^=q2ˁ7tG×\ħU͖+7f삥${dAMצ{;]~T%s!=(29U$]jɚG^ŗ1z!,8k>ht_bl/:Y"NJ(ѓ_X0m"<n5^ǤNh#> Q]Ud)2yvKR꒪^E6lYKŠPیʤT(nB9JqYjH}٥7ҳ/ݨQql[ Ljnx'OIS֛rh8ϹI7#J&OGy9WY |CtE ̋(ѳ"3P= `!YG6NηlLlx2M.C ^]-Q#w1Ţi9'ZO ҥxNg~wuȏ$)`p feV*p3U iis*o4ãjm1n[ͭm . s뗓 aJ:s_dx,r5i's2dAn (ܸcTkpKkaq W]K\'bߏ*0[>F[uVJben*ʚXcH0@( sVIL ]hӒ@&\4s~6r| ^6*AD[#s0'{*#ۯXf 4dI2c^@3z9KYAs1XJ[ g8 XZE8]bR{돟^Fܬp,:br߾~)3ȥJ^m"k9lJ n/MbryqXv_h MGw`$Khכ'I<oexJ&$}3p(,=h-w=9G-]d9fs^jWI~ 0$F`x ,b~-x稅#y.5Ԋ[Î- Nq9t=<*ӧ[_(#+Lfrqʋ^ $lj;ܲ /uip%W6U|? Kk.\EWIL a1h#<2@:B^Cs2FpY5{r2<=8 ڒ0 "Y$2_l=N6.l2R]:|êc^\*svԡpԇƳR^PtifV"jb}#<AO庑\s=.]]RE6aV{ ۍɟa EWrXcZ݇vm=7yz9^7)< 0k ƦA_TB9b{ ^GM: ͽ3keo7q"^|@iB('N|/P4]5qՁ- oT%@V meH%fJ E8mcJ wA\*55Oĥio}*ŝɕҰF%%猨eps-A&xʧ veQwѐ,rHDzq.t~H5Ț5Y7'0$g6"Rea[1\6/wNwc8T_B!9R}O,;mYW  \㘷R†]r $Z}}H8bhNьHk׬(RM9s}nӮ2iU %v;%p5lS{rtT՗?ZHwݜL :=&G#J/*aߎb:iύ K7x@ByO{BFB>1 =5ijA+OGyÞFϔПJFV$vסdU=BCq$3|q#Y-TxVID|֞/iOx=첫`L@,<|lk0 JơRR5tjW kՉouR&Tti:,zɲN`$@ uǦ~˄H{%cy.|3)k@ܕ9y ar}@k=:3sQi((p|d)a 9S!9%i篵ٌOiu=܅%4 ǵwlJ½{Āuv"\iOh(1PM)rSbNr{B5og;pQݟGH"1fGu/6 ,OdjA<,l61RZ^fsb \< 5x} $cc{UǓ О2f| 8#&sp12d|`y/k:PLP2#y]lMa \pB7F%A6 f6 0.x#K3dtrꡩ+oŭqY`GױF%krX?yгymG!b@`w)w]w'87Et7~S %Z+Q_s̀C3'oڜ96:zm{pzVp"I/j䫌GYZ8R|Ǩ^faȼ ѵ fa^VAع˹. 2zϟ0&R X}4)\Ok!M [P[qVyvIG%"b*k,CC !oE/Gz -I8B7"skC>:0q+CfDBsEyKA 'W k6vqx~Λo^!?;߁RZM㱀^r9o>TT?(jb]|F=?MT-Ս_f pa2iE `OꭁR /C^b S_oZіUĴO1&O֓ ʯ+i@egu%LQn+B] h)m}sNtZ2@AWw^!ceI m ND(!,Nrx@'@Vr;֕ƼG4#?*o#GԊ@Mhz_cvK:6+?5O? C?Sq)ş3'Z^ x.w %1 u. .mr_8G}L=Z-*_KA1'[G2WjYuVQ~\G#Sە-Π*x$;YCL5%C˲zVN*Ovقzv~vR9L]3t`D7Jhe|nK i8m/~JZMWdHX6MxqgY@L!i:bםcpHYS6r`]YC@@%c>DJ"%@oC[[lfϧE!0 pR5~Ʉ dyQwf}m$AXmA^{7>M>OTiJPc٦nzJc B/`y&3\fki!HBSw ;gdT7Go7; ]_:@??@RsqhJ  vQ6 q7Z߁p-hlx՟pKP Sj*+]mzdhPb@@7†spy%Ϥ&bU40+R}npתߋ 0o$G{4yHRIsLI5w͠*mv~lTtZ©ح!CWɰمtQT%0' 4ZʆG,B=]#;RE,䄫 %pK1U^Upf~eT~&#xG]!eT' ,;ACo^ɊJ<5ZS[+ $y'UހhR<Z1)Ĺ{mjǯr>Exp@D{odðMZw#v2E8YpblWpY.QkSq-!1UrpPۈ Eb1x(z_/~fm;7kŽGXՎ~ i"f5Fqp٬DfTKWIl+A5[pu.\SOm RЋss|3X8dQş" ί1-`RBddJLv$SSjP-6D0Ѭ7҉; 2#g&M:0bE8/H(\6{qcUHOHQp'a7%mb? [ܸ^v(mȱmJޞ_ICZ⮖a O^rpljF>ކM8ޔU3A!_]? _t,%Y8;xf;8Hv'$tBUrМR퐡~ޜ-s͇j,C_+W =W 7ME;1?rsv;.{iBm{@7/&T20@`czmC9G}-M&:P1%N:R. mIB<^^^rNWa\piQw\ &U?$8񵒥kTR6\jcaoXnUj0p$k ̷EKq9AՄŘ}1aMkIs{⮄&Y[7`β8^!DeoUSrmsz$e5'Ftj&wP\Fٔ./oG]1t:uVd.ąKM"U•x~ENiʐv_)s1O[cɄMF=➺Ta:q:.4L4iU.SDkeErx-&d\/- 5ѷp03 `6明ץ+I˶w^'vʩ!wz '@OJynGDtց'X kP.U H ځ@Q~?K>IbsYyL/Xa {KdPro{};-F;Q4S[qcY0c9*yKjv{e6W L^ ZY.GGquOvjLQP C3dD' _YDqcP#iPCcGf*f]/n:;o7 Kڦƶ% ʞ)aa%8Axx󀍹kUtC5tC,QޟF6ǕSNίniiׄ3(#C_R6 AETE4!^NiGU:bLlN4i:}"1*lKf)EI=Q sԱrśo2wϴfq]9QsςD?lC&(Ŋ/{RG~UgCo t*IjJ6 բV&"J@`FX&~|6Ks 66h$~Fo'#r;TX)KS޹u? ֟,jj!s9LS ]w{&q. 2<۳$WAvj9P@ˋ&zOf{Zr!%)b}A@l.[}y$$}?̂QF$+븣k8I"I Onp 4Sf/\4T tpZ$NȺ龿Ϟ .OV:qE*21pe_?ROG\0^l\1:OjP f,%?ӻbw-CW0c F!,+~!&-dSH!5/Xe ~ftK'ṣLBdUIX:wʉ"mUn+50h$>6C=}MĂ?(J8=Ri=LD7}o01}R,o _lDBP"Ԗ7fUt?eeTvHj YXzi&SLD%Wkq q%d/S +L6ɚ>\DŽC*^EV{`Y]_F Pqjv?bvq:UcxE$,fGUyAlA=X֬XI蹈=(OJǧ)!cfQl"ٌ63ql#fU gz'yWm \qK0`Ѽ9҈srj)gۭ2]E rK>B5DXcyq ,HB UW!Q ]x)y_q܊:lNeR Lgeln'i2j_7:726Z#5,TK4:eCc6J\e AlMu˫ *,E}jGR**zK o:O&U Z;G|) C %K)WB'?v |êπ lX\CBF(llͻ! k-aYg"{tx.UصG ̝WgqwB*u"}ˣVXŀ< 11n/G ͌xP)[ JaC"w02r?D3^ <'oB*ZT-FWѻk}B3ղK/`JO|M`H0QڐY$w[; K\\_{2g.̻F5߀-F㽎F.y# Yj-=s`8mg3.45B^8eR1`R#)I&ԇKh E՟wW-Ss胕0k}@h g5ڛ tEf3-nT q^1Es7^Y~/mA t/]3v>:7u{[mn X+[:G8K'T:}v>2Zysؗ%dg}ͤ!yS6y6GKbgF>޺?r]9cB]ù3mM3u16j0@*sRDϿ,YZҀ8&E 8qK릿uW! v{¾ܧ&S@?B_La\B p[OW ^?)6P!˙ ǔZϬȭ;hqCw %(FU'0Cn""<+a5C݇ fU77ƾ&#'!RL}I_"$*ĵJ9b~6;#h&+/3c-|%}zK~ߧ+8ud6 ䷟R*8 hlI` t,we{ #B4ߺc*O2l>Y~h0N}R_X_ZJ)gҹN{ TwE+B< ޟʢ+£BȐRdOĎQNX0]H2Ndz jPhV~F j=W*5=n=M`Lc/js׀6Tx:02S{}¥E_b6+ ؖ0 ^v%N fH&WKUuf;s7_X>YEhغ>Ǣ4j/ͿيqYgq?%\_.-Tнuf@D `e9F:NhoC/nNŊ f79~9VZ }MnQX9XZ#7H7֫_>Py7gyՂo{D%m3c&U&D7(o-ZEm򴣄9@i8$- ~p){DqhպW8T@#> [nb聖фAvb[a`љvJ}΅1A;>)n#HT6ӱɔgVgR~}{r[6&Î/Qģ(Z{&4^x!nM.J[㰬֢YJ[#{8OZJ$JIGo/_c8r!,tvL[t~y~Je|ܶ)Ԛ >QythFh(~;},&P-4+V eLwV xsCh3j8b|XoER/fo;X-sXfҒ&*,G/P}8@.^qMh_.D'S[U*OpB7zV9ډp+ zTki -$V Doy+[&y@ұT Ԭh?F4OdрU:Jj96R?in9Aqn2$u}{[x&dYrkMxwTd,ݙؖ.e{br0y@mNϘЛ]R)fzEVLءf*r"3E6*a ö[.j;ҾWUP:pI)P Dý2ӶKcXd6.s+3`OU'"jv;2J_;incTq9g0=#ZQWk5e;@0Y9aLNa|PCUT^΃Zd akf0o:4CBt DmŅs=w6*D>ƓS4zьOJxG%l#:ZbJ.{J.cPmoWsy;;c,g:a"!r\ԖBͅ 9#e<_ޣ݇jZ=0$*Q+ƷeU}جfP*lTv{1<#,]M u$8Y[͇gPvw?ku>,(4sqvxGM]왶 YZ