libsss_idmap-devel-2.9.4-5.el8_10.1 > 6 6_6 3!pQp)Tξ7]mtZ`ga ]mtZ`U17,ĮW4;*vB {j  vb 3 vnH.xlOG׊ޓ 'r nPKͬѳϜ+΋U-|?`&( R=1m$BJ©;B'IdV^舽;`({.9W6zYsI7w-L벟ׇ<*SZPl]v6yr q@vO+sR>i5]Ou._6y<[o78k{8-:gb4Q]fp7iwcf(e=>ml( \{>IbWH^ ]$`/yU$"~jmQ^>bbiߞ2D4oOk~.מ"k]^*5Mkg,:=Yl\XҐdRM#j+AQ)ܷ>{'S^i@"1Yāf|_Yk`3 ]9gE^sjZhcb308b237eae4e18b7e24d8d886fcea805ebd255e80636786b8b29f9e8bc43430529a667f74862f73da627cd672055446affe7ce(3!pQp)Tξ7]mtZ`ga ]mtZ`|:xt3߫$+|k<""Xx57*}Ndib~hUTU~+ܺm-Ac_ ('4<(>ZQFݻ ]V\ծAb7tuKl]Yŝrҹ=~ZVwdx8sX)Xw-8BkvFWPI&SCTVƇ1Y }Vn J+1WNQvoBhiwh4)ЃO<(082 UK>&bpoѽO( dr ɷ+D xux.; v΄T|4x|1Fe_O5%aojn(D 2;Uma|6Wh4 fKs=!=d[мymזb]S9V`pqpw@Y-cS2u3kIQ'unŝ6xV>p<?d & <lp (( ( T( (  \(  ( <((((89:kG(H(IH(XpY|\(]D(^bdeflt(u\(vwX(x(yClibsss_idmap-devel2.9.45.el8_10.1FreeIPA Idmap libraryUtility library to SIDs to Unix uids and gidsgaeord1-prod-x86build002.svc.aws.rockylinux.org@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-5.1Anuar Beisembayev - 2.9.4-5Arun Bansal - 2.9.4-4Alexey Tikhonov - 2.9.4-3Alexey Tikhonov - 2.9.4-2Alexey Tikhonov - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-67671 - Label DP_OPT_DYNDNS_REFRESH_OFFSET has no corresponding option [rhel-8.10.z] - Resolves: RHEL-68507 - sssd backend process segfaults when krb5.conf is invalid [rhel-8.10.z] - Resolves: RHEL-66267 - SSSD needs an option to indicate if the LDAP server can run the exop with an anonymous bind or not [rhel-8.10.z] - Resolves: RHEL-67128 - Excessive "Domain not found' messages logged to sssd_nss & sssd_be in multidomain AD forest [rhel-8.10.z] - Resolves: RHEL-66272 - sssd is skipping GPO evaluation with auto_private_groups [rhel-8.10.z] - Resolves: RHEL-66277 - possible regression of rhbz#2196521 [rhel-8.10.z]- Resolves: RHEL-39085 - [RfE] SSSD Failover Enhancements- Resolves: RHEL-33957 - ad: refresh root domain when read directly- Resolves: RHEL-27205 - Race condition during authorization leads to GPO policies functioning inconsistently- Resolves: RHEL-25064 - AD users are unable to log in due to case sensitivity of user because the domain is found as an alias to the email address. [rhel-8] - Resolves: RHEL-25066 - gdm smartcard login fails with sssd-2.9.3 in case of multiple identities [rhel-8] - Resolves: RHEL-25065 - ssh pubkey stored in ldap/AD no longer works to authenticate via sssd [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)  !"#$%&'(2.9.4-5.el8_10.12.9.4-5.el8_10.12.9.4sss_idmap.hlibsss_idmap.sosss_idmap.pclibsss_idmap-develhtmlannotated.htmlbc_s.pngbdwn.pngclasses.htmlclosed.pngdir_51c5d2e6abb8c097c7ef3be9fa53e57b.htmldir_68267d1309a1af8e8297ef4c3efbcdba.htmldir_c85d3e3c5052e9ad9ce18c6863244a25.htmldoc.pngdoxygen.cssdoxygen.pngdynsections.jsfiles.htmlfolderclosed.pngfolderopen.pnggroup__sss__idmap.htmlindex.htmljquery.jsmenu.jsmenudata.jsmodules.htmlnav_f.pngnav_g.pngnav_h.pngopen.pngsplitbar.pngsss__idmap_8h_source.htmlstructsss__idmap__range.htmlsync_off.pngsync_on.pngtab_a.pngtab_b.pngtab_h.pngtab_s.pngtabs.css/usr/include//usr/lib//usr/lib/pkgconfig//usr/share/doc//usr/share/doc/libsss_idmap-devel//usr/share/doc/libsss_idmap-devel/html/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=x86-64 -mtune=generic -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2i686-redhat-linux-gnu     C source, ASCII textpkgconfig filedirectoryHTML document, ASCII text, with very long linesPNG image data, 8 x 30, 8-bit/color RGBA, non-interlacedPNG image data, 7 x 8, 8-bit/color RGBA, non-interlacedHTML document, ASCII textPNG image data, 9 x 9, 8-bit/color RGBA, non-interlacedPNG image data, 24 x 22, 8-bit/color RGBA, non-interlacedASCII textPNG image data, 104 x 31, 8-bit/color RGBA, non-interlacedUTF-8 Unicode text, with very long linesPNG image data, 1 x 56, 8-bit/color RGB, non-interlacedPNG image data, 1 x 6, 8-bit/color RGBA, non-interlacedPNG image data, 1 x 12, 8-bit/color RGB, non-interlacedPNG image data, 6 x 1024, 8-bit/color RGB, non-interlacedPNG image data, 24 x 24, 8-bit/color RGBA, non-interlacedPNG image data, 1 x 36, 8-bit/color RGB, non-interlacedASCII text, with very long lines, with no line terminatorsRPRutf-89a7cb62e6c9f56444e0287f761adcfa4ab57c7218565a6f5c9e2912b2f76e238?@7zXZ !#,}m] b2u Q{LZ;vW lnBqXK@4(PqrYgfNf .pv=2 頋Ҏ~2f5qY]!i:7k.ЁuQG7<"A+D.3\]5~fΪm!J 2RC=(5dy~S*8f͠BZCƝRYD*;R'Rv܌/ a*]܂o4T5Z.C ӇTkTMy B,Bo?3EDdΫT0Kz*N|2!+ )#{/=Q,ڰٛZqC2IHke\7~r7j֒ " 0&SIB'Fa\v(c=ϱ2Գ؆A[9{8ןss3as]Xa#x5p21n]#%py<0n!FB<Nv8.& D-dB }ё>Nd[rj3;OU#5c_gŏ{Kb| Zk~S-;W תORt I#G^7<ZmX#*4הsNS۸U2B?|&~A .Yx:b-$p<+ӃD܃ќOf"d3Ws3!TQ-nP+Eqgc?P?hT oX䖽(Mضنcqf4 %؅D{g9NX:R #K?Sr5jkn2z:Kfd>)TrV}gε>AшxMmv4AZN{:h ȥoPL"ஂVJ~8nFP5Ä~r, Rr|Dx!:i#S@˓۳+{uVboy-O-2Y3ENYƹFTq)wVey0NgٽV:bޗL*^)=0Bj{?%Wʘ2x˱¤#g=eKS828ɜ1pzQWhYw}jbDrF{Lwx>8@f'w߄/#Afe@݈Gm.çbuضx.\V9CDjfպ')i#dʡn֪W%;#bUq~S*YA'dRJ:pw'fUsNq)@?or!TxO1@wvZ"$WYxkydéC{1`bj ә@Ǹ&c~uJ8 c=p/<;tt'wwց- U24#^?z=60T+4XUWᬛE-v?16M],;XW0") o@nDnqDJ>|0f/HPLretwjvj%~aW-h֝%r g}6O\4t?%2}|;ǕCt!b3}G}F/HQ:V\ܽ "ʴ%rqG`ZyM h+PV"-`nyy[b[nt%8%)W\i3K;jS NX<4F5;RP#8@j;ߧ3glFI'xX(/<5 lJE[#\I9Z _zS$f+zE%:/k *ݮ2CZۛnZ%C]zHΤ4ƲI&י3fz]Zdx|'`˂O-;ҷI'V`c0u V~IPck>.Np4e/,]C7ٔ%k|s@`}b$l\%N>} mӱ'XNKzl"r]T ";F8 ;숴TA08jkТ;* $jQ`%cڣȟ8+bDWc3=r@#%&!{>p+ކl=[wwhh>GNJME4Yk-:/[zmǞ$xi_S ʎ櫴j`N]{4ןP%SWT&DYTr\A߮&2`((EW3i!툰Pz/pE=bd9n Sk¿쫡 }9щM%A-H#V+4hd3ykgg4jڛ sf/6: ' fSSG!\3ߤ'-B]y[eFL;ŹEЊ(Z| vYdG+ P 6Sϱhk 36i6 W IP_0RYRno0!mx$={ aUSߍfҌ"yP@E'Nߪ9U"_#ķ#J Mkh0cX!?˵FM9 }d# O:\c̦A9)-9 ]=v?(Zh`F'1νqjS|| 9HH+{^؅gyRHAl*\WB҈Vn}g!J̇I~{Q_ M͎ )x.P%A"5ERKR[QcO=o"#_5㲖F=L]TZE7'_J5xhX^ef˛h Ơ[%З`pyђ^$_PQθ|Q>3:sAj:{i}bHĹPbU#x7lԿEq}s[DJ3BUNg&DٶrM_i- !%=*+[T'-f`DT|cz}I koGC-Zm89zm,3SF&+VIJo W' 3Zj:1\DZ֎ݶ{PNΏPf2À l.TT}H~IHJ$(w M| Ņ ^˜d)QK``'K"t5w: r)[g*/1v&5s]6dDFB#G<$AAg0u6D7ʾaDп0^A%S<;>;$!s_<ι~ք-!JZ665eBVxPyٳUlۅ? buyD)CVB>=O 7̈"0I<%b=?{Y0'ۦ|WVA<t;OL@p&)-H8$r*/ in}CvGrs3JΩiXA{=&]=v[[8>\ Gqu]kpP쥼bv-H %nt^7Ehm3ULt)dQ" cRdqQc( `uY xf"i$ {L2[14eK{[+|COP=Xok`*Pc%ԇh6)'{ 5œU~`8C+Vk\ 5qbPAt>9%-MK؁{k`U MKe*hWtkD3 Pr@m`z?Cg #\ :=B \U.@K' d&2l*m}U9RJDO׀h8Kqo\%\ eg ťs+Q'!0_- N~ (.{! {舮LX{wS)7+'ZKyfmvǧYIG`m8ϖccG_yzhk04HVP#H)֑M^,@ eЌ0*'G\Z |H _:mVIý y\Do7XF2{Oܴ#Ր1RUbȤdQ? ,!`hQ(=anAR`}d p'ڟ@A4#t?FZ|a,ag:1 Y+3a^v0|ײ `t x~]+TmOG@BZw?>ޡ_-6經%Qa2 MKr?6o!A{u2W;BڗɯǙEg @mƷ@@6 [G5zPHPlbA#J,'|Y* P:0`ˎ8lD;S lMȴ+ ~6E L6=>?}YZ拳3#Ez(@o,0e΁/}ܭ^ g-چXQ-bmdL.2xx{0V`[p- u W ״%.c/A&-ȫ4 q8^/Ӧr[ՠw.NyRG? 9ggF5׸%UFI樔K3*F6 `e qM Y<R7ōgx45b?u_Y-߅yFKK HFA7mĔQRޕ7%J6Ε.,Mr]߀{x7~P:#gDO[N'2Oh}u}ktH˟QA`ZUՐ:l=SGf~$,|u_>_ fT2d($|vDβ@K"e3}v7itĤ2Gw"MX&w9DsߣjyY\AXkywK5$,3% ʄ~t1FЛeU<ݾD"oH"u,VWMBY| {ۍ D, `{ ( H~O)a#VkŇ~e#SW)HcR3*[>boŸJg(7!z=6ݹ s5&;q~uVsⳲoZ*r;:\ RĆф'jӶwg~ʞ'pH G#޸p3 °e;CW݄N WfѼWc7f#Q F[퉉4YdȌ.4sbQ={36c K"Y?7ũEa7ta͘?]Mw.N=%Оe q:⛊XDH Yy'p?w A b ݂\-I7B%D3?R^HkSjyHfdbF@ç 'e+G%)`:Tt<!.A0̢]/uLH@BC<`3誩B5(/5㽤)To`Gt5aT_X#nR²c\+|h_gW1B/8򄩦f{FqOz H!rcy;x MT,-Me/tTm~$N1VxځY4[Sξ[t$, ixЎuvN5z ҏU=HZ$DHڇ°0*l1W\t\ ZWdFu.{Y݌Jk_yk9Şa{`r:OP[)_y =ȘL !dA"xUPW )iQZBѰDpGN졒^| ~2Hge";Ʋ"Bcf-0ւ<`G[h2&1d*2(3ApMvNąt`G06bNe>`/-Y 5!#:p_ SI3tL A5ͱFD?9n6wM}d'stpdJ@=mRX-H5Icjd*h9Gڲ%5po 6DA|s!"ʧYkx,_~o"1Y9i5cx @3r|\d(#P)y_O\@CըoY;t&˱TBÔ~d3%4o tV 3nѨgDsBL(ix!\-)ds@#,8.-+$u#˩o7ˆsw -7[]L eKkl<\*2O!Y;cI6u,I"/AL;tiR*J2"]}JӚ@zc9 33g̯f_S$YM-g%z#5ftqPzeP;GY枑z!DqCaDÈO ĨÛq]Qv|oӷHoРjhJTWqx, KrVO8C ez2qlf2surbL몍s'\'"l@)lɆ.z^`Hۊ JOL]ǨNl =1 }is S NF`Vwe2iũuqٜqFB`%y<c+^GkԘmi |@.9f[(w{˽Zku"rP4J},"O ɱAPU,I SdPi= lDQȆ ᘜ7(ܔ$qfU$(-~ɈbaLußb?͹ A뚴_량 ǧ&X҅1Si{$L Kx6*5 LT{t2 ݫumsuH𚌈^Fu񾥽p iJU_Dcojd$WVcG4dBP^EE'@wEbkUiO|e(d0J;rnG uf2Rv'UNQMA }uA[ jsY#J0PtF A\)pd AC? +W2?CS/DܚlfX^%'Ihݗ\\{ M BkL'%g7GHP3c@t<\dٝp#^̞Vj%uJB`ܓذyW*VT,n|ڜ*ݠ" Ouo1!=d >=Nobe~myJIM[#SQE?ksg A')kFiFoƨufߖ:&Gc TA(aIMWjwMTAJN-&t8>})Uo(Dv15|crfؼJUy6P&? Aw"whRG™8hU1v4jӱ +r\{WKx/j̳CaX."k?A\--WblOGШ0t=3H- %CB)a('pP./M&2ed* WFG)/*.z!T ߘ Lj21k $dA"lWK%>?9;Ld?zh󅻢c@  63ck o̤"?OL"^fS?\oA_L0ޑdeQrߤ=/S&8;90݂z 83W#tvc #xfvkSйY.jǃ,[ow܋=tHfr> N|B7O /kՒS•MVVC#kŁ }k4v$A0)a΍il=Y=Sl 1Lv]c_!ۊ$^^ MoK*mX6">VLFd,4[X1ͿY k7 ޠ1&qBQnQJLȸsm*逧$gzwI Cy]%^5\TU 0 ן+&Y;,з)rϖOz72n{x a#/Eo"ۏ37nN$ZO8|#>2x\"Ni ˻$ϾhsP%@I=j`4LZ5)o䬊+^ %@U>lt {`8E#ao˯&QxD%ӄD*Vm?>$<3UkSLIjkm8n$rv%rg5x"]v=/("Ӕ{δƂuE0m7TuO'Yi6Ѳ"&Н_6־Zwo3T@]gg =óxeU46G]cMG XM<,8u9OyTr> Ɠ&xܘꀖa2vR9=*\mEBjFC"D1 SxٸX$~wB1Ołꭶ!<Y:; $0}4}Qd|C8ũot@xpA$J&G|㌾-92t~s4A\H@: %Qpt pL?"櫋APi}.n-{ey[} x5NFZ$;V_+̷WnksWS8]ҹ߻FMdhm4!_ʝRMSQ*tfq*"z{}ulD<@O.]?":P[,tt${}N翄o9-ӯOI,3UNYup*1+٤+4@YPs/owt(^auq Okpxn@eaE\EߢzwN]rC3iT_evZ䙺A"+<{FuFkA3u$n_%fU0=ߘyɪۗTSjs*iΰCybk)iR[U 2(=:MttcAqʼ+)Pli46d*pwh7kq1ХCZF+9l]/S75/ϕ֊Ve,3L͟fnיϖK1dMm=~$ */T`EX *bYX4Ǖ{#B,8b2qkΜܪ^2}z4EsdOd4T: EDRB _>3͋BOHLmHouE$'a)ɇˊqĞ8$Zs:[Q~2[ڜ2/"Ew0'uy{R .kM$nXMoEoԤLA`)|"9H-b;_%e|f2eB*!nt|P*Mؔe4z(JqE*~ANn+8g6A'X:7J{T%]M1mJh25׮H T^ܲ/oOun0m&K4zT/?ס; CRDsRש,.ww:q}Byl‰aB`obZ~춞1X|l.jhH1Gu[Pg=Ї720 'EN:Z9 w~z+q/GkI4d3:ےnKY{fqoQ Z͜NkXZdWe5zA{gв^cW%)vxUb5VB565R!͓,l-ҟ*Sdo% LS&4l&8zr& 溝thhp63*KN%4uxp3[pSsTFGpCޙնt>FH)-Vq@kcOPZ-҇_2H UZZi<>-M 5j5|#Twxr5iƖs ɖyEuv0=,}r`U:{ސ*7>^ c;C@]O _QC:"rXN`qr\)#r_}J@b.[:̧K28HPB 6 n0d5p,۷Al4&ԋ6(45`0N-w]d yz"BbF˪{Q/5Đ*xq%[|&0︝dRE4x֐̑?ǖ%UuY& (X'$g Z|l4%od=K sT㱄Bƾ^ w!W?[xp|0"9 ΛrTeߍ[2~I2<*ft2+.*,[ Rt+X1_X=;e?sWI?_|r~+ϭAZզg lk'FʛTuLðaz>LV5J[L, qҽ˘Sgo*~M$'˱bn#Wu}oْ:c^(GTite8vhS riYRڎcL3;k u4Q^{ WG=d%a@#_䲤ǮގJʆuHjgL۟:X|Vi\3I]5ƇF2gFY[ Mdr8Z1 !aCu96х=.g}0@]?UT;: VMyn&f̍Gީp<15=^}("#d-A'@:%MO7}ʤRg'8]Z)ZN<ȷ$F42J<*%AQe0[IRєmZx~͜vG"6rVm5;yk咢/h0i`^kyEkS-Sp5Xwb`r|a CY:ƄF/#_39!+V ZXL8[I<^v̦#?vcqn=i >z=@&b"@$WL|t#PFj8..հ7.3|k~R/!r3F^j.Ex(Հxwai) l`C4N$'mvc91 &C ѿޅLB(Nz>"6຃/ǸO)PZZG~ `9ote::ӹlV)RTyAS9̿ږhB/3aw(BT[8W XUp1_2>OY&0k6i;mBoe@kݧyr 4U{G[Eo  •ۆM0q# `Y"%F+^jm16 y&0bYC7۬ZH-z|ThɯTk8>ohyLb5O$lƥؾ2;}ޘިI P/$TyC q=%Z9wp"[5nqD+)IύM)G>ڔ)\4 rY5Ys!^tHҸ1Ua DO,j~BLĬN?^U&rsx^oUAʏsp@a3vw߫`P^=`=f=!^%`>g?G|2k!'}okS,G1ǘl7ϘCx"v]:;6mɪ2qq6wxؒ]ezu=1z>{ppPRv^ NFWA̺[C8#~>P5),%s#kWhKl'wH*а3i,.c ȊHW>6sifJt8ʕJSJ!$7JGsxs8VWض<.iA7 e|~ <~'1 6R1n21a)HE?`|y8N.##®cy*҇'2nbeq(W[U3gPց C*i -u q=i* @!`r(#QFqBl*ʬ #)?>3Kk(ӄ7|gNL+=H#f\NPwVztB7Ez@I nLBQһ~>0}cLiCs~om:*TR]׭-!g{@xSSfpt}ijՋ+ W2J<+&е.a1ڎ jw(Yk 'V䯒0vTd&P,m"zDd#\7: MFM[(X2npjlCEnR-#s$/˱ɺ&}#=iW0^͎ EN.$C+7I{F?z)Uq0!gRjIΦ ZDP k>%.ad+0 wUNp2ʝj"F=KY2/BJxlOO=c1 G욁ڳ_yJ 8DL8mxUj;F@kIDsu[FqjE9 +,nUє%2X=Yr? g!,s:Qp/Qtr5k7+4-ߔfQ ǣgEQ)S5"`1sdfYn\Y`Up 4%ش#˹ݰ3d$ʰ tw^@ƙv?v YܤD]6>YI$\n5=[@l7nhͼZVcU2և+ fyk"Q4sRU$QТܖBMtQ)1y<:~󲾂4ݮNL̂ȃX˻;LRSz4H0ݍE )d\M iMf'O."=L3\ Rmz&Srdm9\LF+5ZVqՏKpIc Z9ȐgywU`t&s'zj; "k c'H*/+s64͒xK( {jDt~G(G} 8P?pǸkU я#6WrFmf^`}a)3s4r g!D=x̋Ⱦ "0(X0jl8T\>Vce_R7"a@]Q1mG"v%Q=gmfZ U%{z?Ǹ¥m`ۧ˨\DI(_Q32bqnJ$i]SDW |_t=[#5g >l~8J3xbo6VWe)p  DU{~lacD:OAaaF8FOK@&RۯkP_vR_.`vJ4-{AY5̈́Ezj_``pK51s½n\nZ,g<{RJ^TJx4R )e/&Ϗ:%eԍ,lW dL#F~{.M0om5>M*"^_EV[+3YΎ@3Lúl?w \|O{2vqgrOA gN9z8=J|y?efW@/*km)q[-2vXO.ݢBPLt̯ ڴ#ʢpdWH8=vdb^ MBY>p{ a3TxT,mB(Ubgv۠E\:^CK߫qst=$ØN_2$ig*WΖ-kF=8WQZAZFK|#l _y8Wz8+r Σӵ7sڏZ6ߦE G~|z>A -2<8"eQ n5bonn¬7^FP\X{9ˁ:a`c"ywN^F8>@}SX#s(l[!I3[f֖g΅?ItD4B+>J2H@{9KA\@*{:hF V8/ueB>U $7wlXa8 r-3!h3nog_\E y1pc(/ 9Y@6[=8c [a7?:q[D~o#L3F%Cߘ d[3 g232ǃ(*ǵ?6dʶzٵjر3@@XQ ^qU0%]vd:aV u3'Fq>)QcyYU1yEp<{8ډ Ŏ˫E9v=G,XQ8A7kv &S{ Rw11֟1C-+*ep{&)v`ȯ;OjB["h )l|3 sZAoq)ȸ_`7_L V fp깠=myz3*7ϕkuc2*#Miy5(a/=7;qK s!)͙0\0 @! bY-~W#YTe2/yu{M1H=8_q,gxl<Ә_- f UsWd/P3'|ԠP +_ ;2hv\`,>l>d(s.l\NIӽxZ׻$bp^U&Dq ~>Xȏپ9+f"Ў|nv_i &Wrax6~ #e4VK%$uWST0.r:gqطnGts/$#̒c&4AeP a6]|ZgbyD\ IIFe.V;w L=jjvE!f-aFӨ@TwHNiїWDOXB8`c2x8lcY{C *MLuF_NJ,s.D}{nRҌ6fɶL7RD j/Meienv6os^6V0U e6ɶA]ܵ"ZdvM\8J<`üT oZݗ73zUU % E'Ԙa.k}@of=BZ9 i\Hs0$h(<3%jZ "/)@칷=y ʿC G&_}mKl (ihS'mrQ@Ah %q3F׉풪h{,F.Xu{<:OR w kv3zp4ejU2WݺNZLn_:DwPJ)] ǯ_{I^!ZܯTSN]rljFp쉆v}ָ 5/e`3-4brmXyI1o4q-i$Ôh;7S /LE -=X xX~0$>a<{)n#;p@|tfsأnUvg~^A'jqRLOTD8 " z]AL&ݩt##P?{A/bš,7,:;SWK^wbb03w7'oEVmei&oaB k B[}YfD] i%⋠X2& 2_pd/`ڙ;[3$뽁8M|lnf+ 2RWhȯ7_l+{x{%>MܕhbD)#2kM@yV'PЊGQqz۩i_#4kdTO0وe!s UKP&GgLI¾F3BmC”4[vPM>gQWWֳ`7q*-Q@XCOjE!BW`b4-/cA1$7n&'kH)Ao1U4 ȥv*a/KԧDZLoڋ{(|FLeA7w:F[ի}|<%<':{dG ,,׽s?߈U@§V$)2@>ܶ}& k4}1>w7Ē)7ͨ,4900^^-x*mƲpI׹-|IGm^"&ItT#?L)i9"Бpc.,O7 |#B.ŊD@FKNBQL5.i# 0T@+,aq2]PD۞#NHݮkO୥4->=A48]i<vcMֹY\03C͸@澧66*DnD:qj)imsʐC9h[ehy>hWTל ;@B$k8|R1O㓜+Z^_lƬ fŶ!C i ع_)hu t2"cyFTfUA%Xh:YƋ?r=@iq̴^cpniote4#ܭ"q}m^R|W1ܬl z+myh"U?+e9X@<<ݳ67=_t7&m}>u#'Lx-12e V?)!|OVeV+eO Y* rZ95QB뺩<;J3v%gR\^.K0S)֖|U/rTEA@@~=Ϋ ^2wE谗|7qC<'~n,"m{BRh] 6* @DeT"湯a5I[QfG;zP+fvw0N-Ա Y mXy"@rYډ4W?S@ YDa-|&f waiQ1>ۥB?_6ЩՕ` 'NC*Vµdqȁ*3e}](1e5!ҟ5ʷ[&z \8%*#=TwGg-X.(OUh7c;]}a]JY ժ0avgb"y/iJfzF5⡊hj׆;Bxo PYzkȗۚn@~ ۲hPYдoryUSH-*o'Zj!CV3X2{7Jplx|-[/oE4=!@֩(E0GGݛ 6]1Z#Og >C 4ild҅^,!Coȵklnǚ!PjX|^ 6dR*cҿPL eǝ^_Tg(fT훙I pȽP}:1) oycN z!kfh} ^Z#̧ 2Rcu]A`RRH @#&|}P+Ѹ RkWCS5QQZB($]S̗L\ UT"ho2q/Ԯ |X! +*6a!}F]O [B{^V)ps s{t[+jl5Z`ͨ'@6Ỉh 'FOG,``5^2ݫ [it)c<0%rjUw[aW>]m ޕ͵5}!{t|MT::Mi.Uى1(+~,I񼮀kE_acB)XlÔgéG`r#͛ؒfGWb׹VBߏ_ʇb0_6I%N 8&u<; AzT 0H'GO]*8,Jiq# a"7VZfyKod< sHe|iñ?)0qocK<+;StQ&/4:s 7UXInkN VG~F4YmtB>홠y%TA $-8~R'7`#_}(}_oZ Hyd$|S5jGBwJlraEO Y^PWMD63a\ kC.346wmnMvA+&8m}ռ]T(}&2#Q5֒0puw5vD$&q ѝ*Yjl&g?KbjjQO%2"n]n81DY꯹`lo11V'E`W{ k3+T=PXc' mn 3YY:D(Vg9IYbĒNd6|d&j \,$8_5u_69 k/Yf,Ξ+q 'ԷR*{Gd-/E↩^Q 59O9O.%I"icZ'\TK|JppN[VЮ{tnJi<`q,yH@R`sG Rc^>uEȼ\4eF5BJG[_bM<`Dc{2X[`e;x =dZDd:|&oS Qp)_6B\e0O@ivq6)We 3vz\V<)OChvٲDDVU"QdS*a_LN7W LS]8P.OӣOD2Fp` /1q/ ?{3(dw{6 oUBj+o,H'`IsG5='r"H`L„?"G %@ȇZ~)$S*k'46i3\ 4ZM(řg/yws}DGvSCWTPPR`ݧYDܷzIn:NRSok nVQ=]>Rث[6Bqw5C-e ,qe ~dPQwǞνh WCRu~v8zjQ>{>Zu9m0|h>啾gѷlߣjnWm8~.4(c>t7`l[:N9@Sx_j.ʎ{'11ACB#RQ+Fml"Ic󁏰" ti3^s)M^"chSć>kǞ%?)O_Ul6,o5݆ vȎː?/J{Zvf i2$r]01 CXdF*ن\@~jdJ\J2u9x sB,EUbYW_a%=í㬹2OD;m9ba M-ԳVx@5sWprQCXf!G$:K}d[юas%z"5s%t%,г8 +LiwwdW7>@,@$څ\IJYAONX\(\E֕,!KRP5-2R%\y@ }0T&T5gN|fL$~ͷ}G?W1Yi7^V; VXkvI`qњ#U 7 FI؅ YS/4K ->B qY 8q-ږ a}'ճZoYSf~ÊEf5}դZ˯ƀք?L]Z#\=^T22Dpt}yA\Ư;y93"svxZ;DNQdl8q؞8P ԃ[LG:fjIRH*x)jdSVu /N7 L۴0ldFQ?wVoF_^ L6"15s~j:;7ҁ74/ʀ dIpPh. ZM$Y5 \G`jiCpJT,1/$?plCW}B476粅&|-v<>˵hC &c$P: 5=z{ ИĎC0Z(١Vg?CSw"^Я-3u-JPM_\ XL.O,C%ےonO+$~Y;Kl w! yy[P6hΝ#RQ!)qBJ+^ERrf ?ud |YO˸D# zU=C)蝃AD -]җ 6CBH\Y ^Q?EJƸCVB55OYRt .r*cYO bKu^ >`w p]xs:П=>=G\9\8' gD ?I02Nؘu?#{&y|ebL c 8mI ͥgJhbbؠKjnX>W% VKV=H:e%TzD{sú]c@(ndiMAǝ/v>Eϸvd ϟ eX\EdB1!>-_\M<Ggն E,`\Z!sGƆIŘ%rJCJ]zQY:Eu}bEcy%Ƴ1NBmf{{ݔXr= y k-uSZ;ͬ/ y9/(<npm2yIƉti!lhM>g+:T`r*TW 1|``sCcdD! TOL?|3476O|R 8/x|Dc53yUH?ɷ)?WVO!|uꔿ1BP }H<TۡyJ:dDdtsռ_%KLAmq0`&>Ȇ d GFyƻI gk;""agGA^ve.!_mc?Duz d;\W}C IPjծ +J} KfȴrDl3뀥iif+øĝ-p9p _j,ʶ݃:@ "pC~ͪo P7]aY7i)P2xr"/ ʣBLA.6YM`y@B=j%7(N 7 j/eFs骎-w,0i/ΗZuHuK/Wl$ 2s7y/bB8^Lnlp).GW.ٗ0$EYrssXe7oK^/nf5ci AU{Y#[+= oU\,uPHF;C׸ab2= .6(H#GiJ|2u Hr^?}uZjT@'PYh77|3iHܷ=inLi0t $IgC1.}^KЍG'fn#Sn7C:ǠuDDOMvRs/΀ FX[W E; yTj Wa0znTY7%I-غЃZd`Q+lgӡ\Ri8s梆 :#ˮmKBJ G@g`w^[*ȹ`y@å &lB$0;x`%EiRO_ꏠ[_k[mRt *isݲNt2T y·kv:-112A;wOl0egW4(=Jxd'_w3R PEYe% Exћ`2Cxget<wJkESC5P<jY򞌗t ٩CPq充^0pԡr,c kSP\;y~@D:.Sz~~c&:Z;ؓ}f&-ɦmtp~of& ecվ1>QfgzGO.u^/9E2{s^͘B{-JbɪZf *&8D ¶(2BBkHo}rYĴ4-b,2ClU/t17 jFOo)Kލ0]@EٺGmT K[.0ɤ'0̌#ufx&$zUԽB:O,I"m:2GuKfcب'M\+V-Pѕr"Z-hE `b`WF{eg},}l-W4} #Y>!vlx^?:i*ɝ|H=Uy\Y4C1Tsp UzשOʐlMZ 0 ] T@>'oݴsw@h:Ly^EDkyl/4(:CZufC,N)'T11}M4:+H|3nu"ЩC>SӢG4GNCy }\"3*ȍxZ `c"{3zEU!ɝj.eUqܿ0 ?im6+:^Hj!\r/& HPl9)1u i#m :P| WT?]۴M `K3 0ڤҜ ;;3x~y[nY1uBEz|sP"5?aJ2,G?:( [/T)MDUYȔtжqii c[ƝBW_uUCOuz"\bP>NRjU;wD5{[Ο.}8 nOƥTǞ@qyr2\bnL&3Ggkpܶ[2z8o5OYyAdhSvqWc 7D¥I]MwG9 uSSX,v`4^g0v雟[ ى~R6O!wyS0 ؔ0p ro K(Sy1zE1m ]ݹ;YHZ[(4&^#4˞iH澫-hʫ jk.r){cHfaI'vT85_FeʝT:DxI\?ו?Z2b?O{%ɏs,7# I9[+7knA//vm 8Ҕ )uQ},$$4 [9N<~/DvDǩFbO9y$Т)n.xޠV>D&հg'OLsd YYEM{n2A!c2U(%Ԑ4ZIѿp*nRx@aWҒ <&у, >髃opV^$ܥNc*i]L#ufbue Mmsw܍פf1EE%BX}ᮘڊNZE"&||af?g+:Nb:LU|@p"T$84B:;riz?f@Bzlu_\M3]TS$YVӱdy!~6P!l.Rr4YJiϤa刷,,~@U ZSv)"bTseOB{}-cT5vBO;"b􋔰IKZm?z99}\X'{QDc:t 7]K ~m>Gv@`417}䀛~YAeK8T1֜| :GIˍbܞ/x8l|3@|{ݢ*(!Ηt!hl˥Q"Um%e[szH0I6[޿8 ׶p/oPރpMHE ܾW>y[}qGjO|&ESp#Q R(& pf[BTfy"%jJZ[)hݠn+Fxtw}TL mQgJXl =u iӼ𛀄g( Ɓttm}uNnY>*΂ . Ed/ǁU{{HuSҧ)e/S:U{:#ZjcbZȺ!h{árBVkD&Z iL.cn=>;uE9#p?R+6qRHеC _rEL_sMN|Fq:/q# 1X ltHLK,P`8]TRRfk]O "uEVA7-}X=Mh$W ytI о|_*\&uU*}j &R#N! Է(@%)y&d cTVՕ&Ь5,9l{uhNgڵL -8gEƞclq;\ F'ɇ%3$P(Q9RsjC<+^ 'no%o ЍN'+:q4k;Y@ P 6;1!4L*ExD%޹BհTwV<k $4eM9>sY8lǪ=#nS Fɸީ1Y:Cp,WǕ6> P8 dvur O0 ͦ `=;/RkĖ˫Lս0-[;v){Bѿ :w riW+5rŒ}&wNڴ [_#U.ODԆ&p;h)' 3 Dn[G ^ >AAdR{S#~K~5,tVްxdQj:H7>fF[5-KNk8űh/[q~h~J)0lOO,_ ;fUԉg·䮑|m8Lx;YHhjf`<-K".Jj ~!*xM ƙ >QK襜F; >˖2ETZ9`?lBGl )ʼCcxN ޝ S%,Όԡ0s9;Ѵ$n)LW7~ȄcdyB ׷Ю*UŖ 8d(؜Pb,_RTPS ڿv 8t`Y":~W>n^ o?&vSǘ5"qKcdxηa y4q+5DgFGju(}p݈"vmk)R@e\^JU19G2-IOkFhQjXexnx^Z#ˎd gP37!癭.-S4asHC|KJd Yn?EB\3CFM8~$Nǧ=.ա*h1HVc xDܥ;^rSl%H0,S25ުX0.l-ȸQ$haHeh%?t$}Ѿ^ߌ3x!xzZ%:P(z $?7d..hW@.tjGctƧ.T\]tHG^K+GN6ԓ_6ڹ)X\?2nr:*#,Be ?Vc;?"J/ Jeh]g◩6^+2)&/gSyi8$)v:M ֎Vp 0(HClnA(Lo8^\9L{;_Vzڅʎ!c:F"i zRTI9me3[8-0^]M瞂K(ԉ&)O %T,ͳ.~SE W d8hU~pa0x> !*x|fcCļty% t< [KЋ9 hUjoȥ5 ?Y rV-mt=7Z[∂x#C0TwE^Fn䄍G%~ ?@s)L{&U 'Ehzuq2U ;P@fԢ?l2c(:?uڨMcP ui~.N̈́1g˹w1|nJ-ڒxLnI]DYN>Hd; PZkKUUBYT*oUd&s| ±-hjZ%#hY2>AAxgVhe]d2"!ƀɬ1%5hА;#h/GPikJ%$$lu4Ġf]t@ĭާ?C.~$i|!aABD"値ZTV[rhzH=OOp^ZgKE-l*0:ZJ+K>4`Zb,Kp5".u1<F37,T(wPN+:/Z~oT[H-?0 ny. Z[ LƸoovr:CdnIWs`3~A `lG(:SܟuF^\">|s:]po?4A=rQe~'ۆci+ j7N.kc' }ڝ}nqݪ"IZX-W ;sEAyl]f23HY k >6-Cn6?g6U@c9Fn!w·0qS MJXvb]vF py﮹nEI.s=Q}}S_FXB޷BFٜnt3cm/Hy1G J_K,öRGBJ]{{&s'UցpvvTpWcHT@W.W\.Q5.tQ!*,P]~%_L:'E!定9\[|7íV#׫S_!('HfA&y@ PC#ENǔ|08R6|=SrH'e6VbNFY~#}zi+{l3ȅ F; W̿^ ԎmYBXb)Lr2-dc EhS,}RjY|[RO] +Cp~$2m9(1u^|D&hmr'9*kL#<%ӋOFF.=faW 3RЦ}mz,B?8 \^%}Noԇhe[PIqep^ "WKTN@%#]1oz"&1ux̒Z*-<P‡ɫ@711vּ᧒sJjz:q*ѧ!AEu㈨BߗZ2`Py:ϛVήQAlE I!){{4"jtW(Q>T!ļ@2M 9˨7[hE$B ꫙tˠD.jSʱX|J˒V̬'yRɵdI 6oG9&C `~F ⅘Z]l 7%׹,7)P3l OOC:;.LYZĔ9\-'9fr[u%~ƙ1vG6NhRc;lekܒʒNBos#PQެS۴aGF$Sz>w,t}u3`"rvйS 2؉'~whoJ¸k#{X26Őn˶%x?SQAt;(,kV7#]%掁tۃ%i č}BIȅw y9u M}ųgʜ-":&羠D'4S8*it@~ n\_dsY}:<揯_u|Q"vQH,eL'NnhYWHEvjɉ=+h%}[mѩ;V) ϨڧJfJZ>Q_ZD\l0Wn"Ƚ|݂ nQ9,F.ܢW`NHO]gѪf֦;r[X77g˜Ѓ/@Z3t،CL* ~l g~W6EL2%@> Rëk E=v7Wb"i2ocj6(jkE U eGB h~9ޫ Q\$PH*73>V_c׽KWuDT șG6ݪe2=ku }P1HN,3O1`l >&[D?6]ŮRn*&K;x:A'9PZq̶ˎк`w~?C$V1v>^iY̓!LD {XsQ{Ylq)1h"@5K.#N6RQF(PT FQ:cl'aQ` 3/Uő5Q1ljb{cGtuBlG,誆ޭjI Lj[0Jj=z8U /x)vL5ME|p2GQ[T+h Ib@Zxعy._"}jok|wT^J|l1tܻ֢gl^[_;ڕX/Ţ99J{WX0 JpOwD6XEte)cWӒa̗=jmT@]Ǐ5–Lf Y. J, Ne>mE{߉SpfL9Bfŧzz5PdA) n1cB9O D&BuQ@Lc90!uEҌ(f Qo sNGc _2bؙi\yi+K޳q.UƗ}BcKl4,!DCWԶrDNc}yPr;zWp8RI_CZ;{p~ #s`e90oV:,e)pk @T28)i݂Xs )էFOU\^#H $pj7y,(2;,jH&td\I_9Ihe2\f*j%Iܸ[k{ʿS{Jw i4kRdW?F4-ѫ/N;.%zC*a[xbdgqt>f KhUAuqa-\oKN wad"3-M#(MJ:!b5 w*w_I%k-}(X\V#@ ȸ\D{sG)8ȋ,n敘#Qzȳ1g2,9Ϫ+Q+ږq I֧A\|m?*N%"pJ#pWI=|Ċ;jVVt͗,Ho88՝]^8zuGCbZڛzY|> V0ڰln&ؗ>`YvVdt׊2TaxDC:qFPi( ӣ1KC-͎w&)4VEEʣh*5NZ#Q-}%(pg93 =رpW܋.>^Wt[j]J5D8ז˫NL b/EbqE505qE$XAM5x<.vjcFcobUJMj9˓e;V[HH|oq^7αp[b<~n/zTĹmå]jbV*G}En[^7 !#ܷ`_`bgG]MۦEmj5Ҵ>TjP6ů? p>K!hNcr鷌9> 7"&&L:]7OsW!V-ٳU,/ui9o)1@[L J76h1 ![5Oz{<ʲϢLz%mbL1q`.oތh5(w$WwK=U"1&`x[g0 ^흚rY)$Jew"[rna-<ݤQA+y]15Sn/an=ƿTiPN#N?.l` 2sw1'dirgj I0Mw{#:JpW WAVZAztg^^GԚOFȩ-oџpئ2>o.LRvt2 hV;G0*.#SXjMb֗ 4@bNVA3R;!WMV!T6m!/1X=A8ƈNh&*}Bbw7H!:`ru\Q!%M _t,-Oeƫ߶A \^pt'Ӥ3׬hH ȾJ@-@Gyp{s][𔒂_]6G֭i/ߗm#TOx̵A2~ mР*u ?2o@H'oԀynF4fbG3ʱjn:)klk$XjIgfc)$о`X6Q!w]1L?Rw7N\ALW%K6/\cY;!Ư$v7H;7:$Kw -MLMmۘTYPu4AןQ`2vb97 D^˸\di# "qNA ݝOmw+vӁ5No=tv}{6D30r-6n6n{D(~NP}#`T_xPbNȯ-ii۪a1cx#q^02<4]*Ɂ\ˋq~4a8"VmPwhۯ# ]7Jvd G fͩ kC:N\&=FMn+".0"nTRFDn;| ws׽$e6We TE>Hi(pAfjx%8T@j"K8icnL@CeZaBG;О0LJ8pDz-]THklvL% a݉o*݁6EsMh}yQs+shye> (ldn#۬.Ggͺcd5ih65(m8@$?͛ bFw?:zΏa#K\=kcIԩA %xZ Y=q ;(eQp#CIsDBWᚻ> &,vo!~QϊsDƕ(pҌ,?Jj'9 V;G|Rt EMoQ;Hy5qA6>9dJn⎢(w:j:1oϠCTfơ1(ΏS]~/%d]Yx6="%ݽzhByC&8؈Aevɰsi!4(^ -Nӌ/Ǝ˃j&I#$5Cx]B?PTGoD躭&sBjhu9L+*pZ9"͝G{Z/QVit*9/y[vg*NƊ m鞬{&Ww&5#2%)6:3)3LL 2Xexg*O7dn>CZ,j::~姺wMMHӘ'z?0X&/uh _] tCOW騿o4d6W|f m#Cvs%AxKsGPCÕE__%2:~f2q*&pɇu x |+ԿoNO'|F^1_'ЦD7vL몙ALj9i™">L~蟶\hiC'ct'bHVԘΘ&!w;EFTB@"/dގJƋuweAGmE-uӓ?2eV5G9L oliVaGC^ڕR3lHDž:ބڪ^m G*9 P&]}:<#;#V;mtPcӑ >เ7s:ˋb%Z֑Kg/DKn6K~؁״rVmENϲJ;.Khv}nozf1v- \>`mz~)YYw;V#%_fMVû^kS?bJ43pƺKE]QP'c:ڌ' ?9k@#!՛)K9c'9򭝘:U0gm3%è4irRnˈO_(j<]]N^Z@Z' +SϮ C#ZoJv錄Xp[i>%"6kfg I%mh )ى_Lm;kQuJVcXQ g}IdT!:]4_WQQD3\e1" mERS\j(\ UJ<"Uz_r L7 )<~5as_+Q֘%h k|̣ 9Ð':1xxQ\Qu|c9W9r׃y )ىph|4kO\r=zk;Z?.uKٓW1(2ݳ@_H?A5"Q|gOI';շ?2a&4gDa i=E:V 훓p2IZӄX bhCF枝A%k+7)Xp ڈ>H_n7.'68!\4o?uYCegkԂ\+;ً4=2tL2::Ŝ=V e[Y4~gFK)ʼnNqկ'J8в DBa#Gj[;3 iO /Lhɇw$iU8(Y@f/AO OO޸KO3ng;q>`59]vnlmI(r"Њpl װcXRm:hI?ύ_I*. v\QO|b( nZnن5#ߋU! F耍e;!+1Vpp0!g|A,~qFb/D ŸݒX!qݹȣRļR#LBͶ}಩|l7Cdv?)^ JmMiC\_˿QB=lhAb>C.=fW}&G#%*c&}8ha@\{{-Vt7eSI|T $]^.`l'Y!5M2@Z}~Xp#΁debP{geI%ƏCGH?Q"b<" vG>ɓ3DZ{20 Yx)C&IATo^F %G*\-Wi!rG˖kz"2)@@b fRw/{O6Sݶ{ħi=!ɭv 2Ag'(*qE,]6NeX`/hlq?ܶx*"C>gy7Z *G8 bFrhQh;؊!%c攚FT*Ħ͕%x{:Ԡ/ʻU4}O 膣~åCǘ~W_iwyZ{]ahCShj9;De;LyFV3g)/!7q$ϩÛqK)!^N@K&onzf! |C1u!( W/('ݕ|oɸBRBoQd`m1JSV7")S샛 Cqn6뤄E+|#'7mwVI|(5bW֘KŃkSr go*4 )xC|tQXsB[ N z;HeoSXR>a6v)tznfP^$N>iÞOG}LWQ *F] RRY)*asx"ΊϞtiwQۡVEt{V,ppUs <%j%:Dز9k*!?y߁a38sg!Yg~nQ tDl*#V $L@ ;z-/aV__qr\kWF vs;dPLʬ;FLv8jrs;jtz(J +}0DfEfÛ0m$RkP~"5! 0=5dIR34ebhn=n6{إW\YʓH5&)?:+ʁ/OnK9i1(#ɑ8 A VdqRXg0Cj"F;%b6FN2+M "&&Hn:'b!.rE7|%(4x r ؔez@C$l}g%gzn#Bފ^T{5am l0u*YsX=l#nE\fU zd1Vߜn7JYI8e*Jli虶pX){K{p;V٩ Tizܛ 1+XAo} К Re-ӈpiF)(HjXg֋ xs"umFi;w(;Fp{RW ts.(1+/z&DYzÁEE\/AJ!cNHRQL\j{ς sF4?Z*?Z7W3%%2OHacngilӕj} Uփ~Qa)©H?+w\Wss+ {jFB04EޓkT#sJPH;*J 5 5{~,PʺŃ'5WzX\ DNQHVR;y֛΢#J+mǖ3YZȶQ~@_38xXG̪QB|Nt]֓;mBk!T$m4X&:,Nc q4pE}PdKهhR_/jkA ,[dT°%qΧau#T %IJ=W5jcK$N,T#@?%7ưͿ 4½ؘ$-i]EHRa#2 ёIj)Ulҭ ?e.̯9ʀᥫLvˌbuwC#^d1zQ&!ܺc2rא 91T*02HTcA=7"El8Tnd"ߍW\Ef!N}B#+=2OV͸@>`\z,htk>HSBW-oT0Vm$yf@Gf ] >2?Gc!ЪpGWl؊m 6fMvzkhԴ NU6 salFNlBe,:íe|ToAPL܁ˌMK#37$_~8l\)3WfzگuZ\9?o=Mp>=0wybYGq|Jom!I0 IN0gQ{ .? ^Ii9|nZz4;Iq $0"M){0H=tI#m& nF@Ewbr]{g~oOھjdhN_r ,*{8LxF%_lc ~M*?-4VM<)wh~ԌyBgsû!{ XS3?:rw#\WɮZyf^QgYmʭ[$HZa48iT uy}VmT9[CYJ#R @R'Gpq}֢S 5TAm-hĔ+,ZPQҴsGLfj!`8|Qn[,o H!a FsP 8tDE_2Mn%` ;r|.B.qkW>T!"X\ BTGIbY7ӵ0 4%YFz;A[22["ii cf?6XVUX,x*Lmalyy+DxfeϣCtȐ10fRZ |#aJz|TLjyWAj py\ -pwFnmdf4glT( >/\}QXn"1,EfN.&f5":aVVhazq#N9O@'c{^基`'yA_!' ]?L#M/^5T###wc( O⩱>Wi O{4c$>gU_{m}@J!6޿uw߿n7d>VgZ$nګ$ţkVANr!1 ] n}O2Q>~A؎6r;bS6y9WwJV*T*X`]a):Tғ%@Bq08 <*WP|)$t]M SlD5] Ndoy<':T ܲsN,kWI^~\s$}.AJy~%„D&Ec}V S nDj>ִz1 j-~sa' ].mBtm6+T/6 4+wܑ0A5b8s1Oe{Ù/iw"%>NZx8% C X~L?CC?.{2IX|ۙ;Mq#g1L\DQ>Q|؇\al; إd3obIc^9O@*V(6n+s4#xE,iLw/xvEj/SB!E&7P NIe1p9BII@OŘn}n+g/}amɴ:0eEoLvz}3M0э~iJA|Jl%D>(Gq9+iRҢ_%Z1-79i^cCrGǍ&ALjf;toOоH6]Jcd,o/&g.4.K+cS䄂-2Gġ6 Krr& -geUܹt3s1wTbW6U梐o #m fKdTv;3=ᆤoًLk#*oۀd  \˴! ~%4- *;A|Ddt1k,Zxd"3ln?pV9"`8(F# asݳӋR e,:/a!ܬZk5 UBBXʅLʅh|(ʜT?%] X#eW kACʌ,ͦMCE _ىm [GܴigiEDEn'k;iN^94B%IRHRb!軋0-Faڶ]c zL6HZLN#WX}ʉr̆%pZ8R. ;+NV:֝QPygOS*FnFi#/5DCYh}rjd>}%j^0m0A$cT|oT\9,nH{2dDsφ hd&v=26θ_vƘ.]}mRdkr/0zPًzbcS]3l]5S8m%/;0NaA$u![m@7~"rآ>b<(޼G;N] sRrsAlM9ڵdbHQZEƪHzgO&X!u;,j#ޜݺ7y:Z+n- EՕِDn:k@nk^=%mY I)g HTblVi B~K̚VdS+|8]JC5ePl@91ՎgQ%e}<;7S\3YۆKݤ˓K aHKW;2Q#3޸I]&d؆}*>_*z`ҮG}aG!t8} Rl.牧隴6 3J7#eWs+Rೞ)E1Jg"ːhRI׫xSLT7L@?T"`^ aw ֐I5TLX^̚Oh0x[ѱq0ߨ-:]0G},ϵe?ߦlaaTTu.6mIN=m1e֟Ga"1kR!R\mCty{N}ruUŧ}ܔj]qvIB`N>+TdCű/+$zK(3+@˷>i /CoXw|a )A|lۓ<,Nhl9$Z^*9V^ji*|#SrVe" IyXQ|? D,sا5K,7e`U|kp~AUjFʳ/ Y* nWЯ sgqCzq$g`{.ZB,8v=Qv_=Aj β^p)XdkUSmfžXZQчW d #6 ymi^ɓʧ'j6}p^l3QHgT̨h4`Z]Q4'K%#QsyA&s{OUz_Q8]imAg4dOF] +"vt.L;Q4`01KafQuzlLA"*ZAw6u!B"eS佩ߩ=l25OHOŕzb ,#'*.?D#arf/)H`1%馃,rmM9D={fi:Xq9"~ |0~'6VԹKxL"8 R&t=0 H^f.i܎5 aKVZ#ޢFz:&2k:SoਁLZIGKFd?-ЋRB,Eph D! F >Vm"/`vq@ YYbeƣTPI'6^DW5oVUc 'jPG Z5_8#p:/"_X :l'ʶJ e2Q!*jr̰f?*`>J6n&wWMDv@69?[ =cpc YU9Yܺ@sW!Ax/i N=(|90Z;Z ]* ?~r"dTY4ڰ#iކfp5 ޴}wm$ xBYÔt(?w]VG.$QEL8W|kQGMEk쨕9Eh= 󦲅,^+KRp&Z:[0 'aԞKKe ]R%9Q \]N%b_{; /xͨ!4dF@FtV}A+֊զ{a[СH'&0h54b^8yha7lnjLˑ7@1m3V_!6PnP&pqdpsW!yf+Ҵ`/V{FuVb{g4@e4)w"Uۮ_ w24yA(dGj+4X ZDFF\G[0aDw]D |R6'],/rgRw% 'T0{ƻڃ-D)h<޺ϗ+M;2[Y'1_sCX'H 8ciCIϞ*PiYN%pXc{`'Ѿ-93l;k>^=K;M3x % pWy Mb_}zT݈IIGHf ΈK B_uȪkU7!So~Rh}hHmV?6ֲ!]=O]T31F fv,vj0p 2#Lmf踨A*JѓCZG0  ?B{wT;'o,DdWE]E\<3"o4xtoAPvg"xbW[8bg7w:2z,2Lju"&F2;m3a1|W Xy>gѩO)͛MY`MM$t p3P20J9Ef 塇 >:Z_XzD~^0qf!p%U_wvϦ: #MjF_Hxg OGs3ie]|~!e1.@x*ina',5VA)he~+7EE^+d͎ @DyT ѩj7,qVO6y?MBuQ~@{1V]+㧿ygwh=E BXƷhdpGfkp{&%bwTP8ftܫAr)Pఇ>A#8U}{-1ipXؗf瀆а ,x1x @ZCG*V*G&ڒ J 5Y)9o6^lcLv|JݥQȳef9kB3̀lh[CƂNz2'.nhJ֕Bhj<? HMvKF(-P73=E5MٖX7 'r)]˩]nDHB`LW(lHK`&,Ήa:]zAsJy82;zy9B)(;?)jw'^y3Фp1D=2]~q&Zt 48DWMR>tjLE}3S=: 'u2S)=T3i8QL5qrц ut=F> Z 9Y:WW3q(I}؟BMoj^#-Ww%pwM "3֏dCt#o'DBg+'`iecGm]6 X{_6ǂêkScHs{idkv#*r)kh+@w۫~,2w{uwd^ =!аg8 Tތ>vG-`]|6lZsJNwMK@rŪ|& ;:1O nUќL'Y 0>:Jzǜ߷Ͻ~\>FeX?k[\4&6Hzrb,2i(9R3̘|˶t` zƒӻﶲORmi]\9&1x7Ho&biYwu&ẓg hG>B0&Z(SDJqܢZ֙݇B-xϋY#$Qօwh=4mx=@u+9~u&=FM*FTV?g XhMV!iZ5̛&+Hۋ&x@dhh= n$V*zktI܏R-49k]'52:&lk1]㢞tc+0l[Ԑ5qifk 2l }e [}d(΀OrU6BIi~b3}RUfjm(oAT35bȞkE;RFK *87%㉌^\ ^\lqyAh3nY#CפN# ]TI!l Rbzӫa( DrSط`Po~3Q|ǽ䊐H K,0\u7OB.{+F .Y1z?axezNh;+ې fKg-VVl&H P -ݎWC#{E%P-AR :Fn8,:\+PumLn UG*Xb*8p vp+^1Ta)6a3 '02~fPZГ]ѬE&oHئcbb\Iy(k10N|{J$]p]f0V\Y??Q-$3+y8$Dk' y JfD2w30{n`-+%ZhcU/mńOlb?O#Z7z6;[0!OʎAa*a6WV98l^]^ NW'Hܲ Ke =Z݆#vlT*%:yCn7P|MiQ-@)v h'NI~jX]",;_Kj>ܵPRbSuyx8G_EAaxI\"#rF7=:jӥElT_ DmRF]0fD+NFOjq|Re%6Dk #v p+tF #K>@2ǘw@h-7͈v3t /Elg);ޡ~&zpv'=v!&LiV'4j7s׵!FRǺeb+iyt^&u*ᆇq\/&k_;S(Hb4Jia'вz5f$*[)GsW.gT\~/pWudpZ+dy@=6=C sV 2,}sP3<_! Oalnкvr<)?}R5GW hhʒq~&n`\=y VV[5/M^[\G4 6B{D%9JhN?ߢNk㔅#=&dwt'f0=٘[8r)C?zĂ˱ Zϗcbb͠ !$[Zcu.KHk8CI_S*EՄ@2O. cFk?KvHBaN Qʊ`;QΞhI%JH(Ay]/HJwQshdiJC԰^o)|Lr^W(@Ӗ)݇JɴOyc}O4E8g&?LsuOc(]0&T*~sZOJh&g@Zx]r 1钑2^(TmF1P{v:vW$.*`:q}]~0%-7((Vd/ͼ) Jp1Ǵ 0Li<Ӫ~{E=:5}EG6vZHHԈݍ8DHgQaDiVVry- ao逓Ͽ1:E9bbAi>=Kyfc2I6:A!HTaV 1‰kjG“x-'4ouc;DEdB 3h'bp }lZx9b@0+cۗο6q֒wT|ifaH[$] _N+S {D耘O$^SQ$!fdIWK*tRJL4Rߕ{t1`PR W-:E{F0A ,mHժ@0M?JPm* K(̛WUuL=FO8_TX.q.xbVͫ|؈Gi\hfb{qjFܭv:|.6W}%rTސXUAÍÌvň؄:l T ޲$0.W͂ìhdm/ ^_jRa+h5vK\ǦB E$tg@Z_п^h ͖!źcI.J/zCqX|]9O'Ռo,!r8;d) 0a*4+ՉefNqǹآmL=g)I}l :1'+!=qoh;TUzeOJLfMa"ؕ _?+rޱ-:g_)Yeǘtڟ؛%EH؟O lEC΁_%ezOLv%ayx߇5y?~̼CsXTvu߸S ;WLDp{4r64rʫ,' wZ1qXop d3VGk'#0v:'>́:9A&k 4Ƿ90_XL ` h'V46lѰsTŌރ D^7n}Sk%S5(_/<.O[B^{d"z 0{Heձh)[35M"NT{U45-}t_D{%m8TזĚאַyGSxwZ)Zѭ/t8 1CD8=ۓjgI;9nTt҈-P.* =k;f36?@v 2$X呲 29[evV1|Ofs@;')a#94'jKY}nM+V;O=Ay0BL>yO [(R>%Y_UY],1.U`44 \AL( %=,⁥9{룄~#3YYX<LVݼ!?QV>X<_ WQA+, X~v8'wpvknee= f 6w>Eð(Tp2=@w#E0Z쬮))Ko̗@(X~"fǤBɃu;w=;KJ+`:t+kLZoay1%iAwܶZ5~{ FT*uigFxi݋;ezg0Ba:^o4H)SSdQPcKV=_ g'2ڨh2JHk_GdM5,zI8HsRF@:_R3<;b֐vlŏ|#b7$׷{Ay];F@$,KX ]sF\#aޒWc]y+!IJj$@x0YuM{m4I8h"щ˅ .E0yF\D]q.`ABo}H2m$ 'Œ[~%CelKnϔA";J%|7D;\'} OU孨,+Q[ ȱy KU `*EpvMKFSRIV䧿9eYp;?hSi÷f OJ<0\gX=rB$ڙC a|f s:3'[iLftr# ;l<{ Q<ր.c0&`$w{`/7 t8糥oQy 'fR#y[EP:$|ُҍg;u/GOuv:Fj '"7A8aK',. "naOo x}͵0&BPFJ4%<]S";Mӝ3܂`e&s_\ѐ\ AStf \ giꤘ_qO+<5KҫVdHVzECۭd Yym`bϵ,ֲLPchMRH }E[d`&j+v(UkCc]7PpOC~׃S["Œk]B#Y/bR(<یE=["Rt>i\JɮU;г6+Zf=)dO]ǛWYV+oȋ?<[ vdfhO2 RH&bq_ch_ bI3k_W ./~ (/NSbŬ$\(:*h5H<ŋud+T7*?+5P:i~mwR{*/eŌP$.y"@OhotP2KJeFr Țta*vlrbB˼xOJM2W )ML욜vkusp@_۝.{jڗi#%-X{Fsa^wnReHce]: mQZ~@5$˨|qSKߙt:M4Kt L--F~uKBs23ʽ&WݙË^Kwd2|es]Oޤ5^|or1ҹޯWv+Z^B檨Z|TglsOT)wc4_kYGGذ;Kg:}:Z|D3&>|k 1f`pId37)S5̤WG(2싪Ϊ &~t:"^|^v;B>݁s!x4寄Z\3/W5T[ڡP"DHs`$5{^m\7GMRuNW R~#fUGxn1 ltm SiX?+]@w k{Y^25qfggff_ HW hL"Glq@51` `|0<񏹵27 ? M';q{;f[15ГCr 2#+Ǘ;IMWΌ:Okk 0cm}ڙUKrYߺ 3>x 'Atx9߇PSf)בy} jx|kJ%у?F yn}=TWiVa,`مӦ|T*RIBqCc2XK&©\ #4h-dh"GVb3o}H<  y̡;NXSZ|.'K[* ޟ\Bb*sTU\ ?5$-ybZ؏/kz4:VĜ3g OP K3+0.Uaͱi/^|0sIUuIxj(&z87b:ЧdʱaqX'=xO+s[WL3!u>^kuFZɓ\ݨHo6pRMˠUS6LXLp~ ؞q7M=ܽ'ˉ~͈ڷǴz_㛒T |dsEOF6tΓ$ [!^S (œBxߨET &D`fkx9$B5`"MlMs]fZ/WSQoA!T}ӤmQmy\q5$+ R!WVl™ݍC2S- 78Q>-n\o yp!ɖ̀IQֶwo~Sasiv ҧ?5/Nr_钃Wkc=Θos3f/#tꭷN'LcİNW$]p-i1Njb " CaxY:VKUνEv~J4ٶ2q. "E!Ӝ]yg S/rX#-vT%3Omit[5ܓ1K`!5{d|,],@bg|Kߑ8$e)W,yqqwT'fxHYP2c7Dۊ[V11ϭ֩xsБʼ}VRv{aI8BS<"/ i$`x[Gӡ:n?$\߄S#+0Vew ́6nyx( ms^ ^6[KNcH~,=-2*(2)ȖLT[vOD{>s]F V`[ŏXj4F >r3xF2ً1Ŭclڲ!`eC Th;{guCQxYǺKX@á#%AY3{Z7J :yfbj#oj;(ꖠv gP2bX30(;pEtɛVeMN ʤ^6RMHpVa{嬼F飊|5Q9DUEe8t˱0_D%EFRh̖. @\Ů?_?L zM,wHHӒ;w:| kLvܚ:%_6O4/:.hBd眄B9mX}k:~n>1ũfcwÚߎVUfN_67b%uO`+⏅y|EἾ.v9pW͢ /3OF4Hy!ڈh'.$ŷb|\sg]ufM^͛?Æ~%Sz_<~ŏyE V3Z01~x^U.p~Yǀ>i:hP`^=֩CYD-JmNw+e[9?RxcyӘOqByD弐edA?C' Ƞh܊[ Gjs3Jc;C ndH͎@buWq/+\#&_'lPE hH׺ 9b?b 0Vk R9YwOG|墶<$Ud,ӴC~djM2%A(4H1UgLY6E}w#ܳ. ^ ׻y`"~GL#yo%gw{~7/ ߭ř}*[kvuIQ%^zdFla0DAzM>Ԉ3'  h]#`/9C1zÆdp3NM0DP!孴L|E$y󬢫k{>HZΦK'Q,$vkxt>Z foBs;E̊g߭2?4$p^GV`+ez16gQ2Qf=Ҍ(;~0 &,yF.K!" $DpٸCā 6Ha#c юOj8N\^f)M4=MqFut>elk3d~UgZǂD8:uN6*JG]|Eņ8SdL~ |H">}75~ !tP偪p?",o TIZGp̉6+'п(1Nc8=vhYfvp΂+mnQ @s{-Q(fꇍuW5l[KNn^=NI he+KNFLV $!Nr0o&dk?4BF֙])Yp3]8y.4Djk3̖=btYfۮrJ4b求PgG8bZG]U'nPFǍ>Kos3ʯ_&ǕvO^ )Y\#vΔr<}nYб.,cTԎ ~JvWTECm^'*MIzA:f]{<}-"˼qԜhlP5%_X~T7p!}REkTCpD|V D3 0r=E j]dOZق+M!c:i#5њ,7O 7B˧V9%ıюx(2@fg^i[SPl.ܡ2m &XMU^#HXp~Vz"9s8B_7خbȿ kѡ-2:g`~cu;uk70@2kj0}~Yհ>YĘC;&7(Rɕ;.M!Dq)D0:}!=cfc}&p2YigO9q+U—i$hqk3DgO-oɛm ϟ*xHl=~whUaJmj8"Qr:9\8!q>_$uSt|5ƈs6VW+ZhV!;yBj^,-.SD޽ fJ7qRt.9]$&y5^!4=x(ZCƕh|뽑ҲO֍@l~䈀R3"yߩ֯=]_x]8% /AOjrzxMJPDd~Hҽj/b  ahCa:t=f#"*N= ADkMG<-jn=ƞ}bmC  op*Oq瓳@N2|ٓJPM|qVuR; miX/^G<1`&`&}9:k,X=֪B`DyNbpSͮט-Rl8 LB`=>mE1;;52"Ə#FɛD vŐSNHGUiA.'3^|zU@r[lI6rZSE8e%pjAr*x+CLOhqI3mlRZw,ZT'1*jē"KWʬ TWI҆; r]UW}|=/햗o:+Xs7z+V١-fܧʊБU{҄lkRMαq6J tn0޴^<=,hQ#~+z K@,If]/U#!:3Db r'<3A~KY^ivR9fMЌ<OTQ  k/!Cߙ(/.'$DgsVMJޡGqK_ޏN4I%pRI=SügT ra@4#p;%e<vk0&3@6'[28ÁG8j7%Z6 pH>^a[)akoHDV /AL@㹐kŖϳyC@wpR3@ji㗜f*)1( ,qoZIћ&YMjepvÓp?E@p$F2^A#Acu5Qɚݨ[~m;rO-rI~\jY^fvR6!䚀-jK T F*q ,Rhmf*>zP\7֤QVCsOkUL7N: ),2.S$gQÛ^&s[Dz:pa=+nZ(&9{m̼ dW`>w9|(Y.GM} pfCCI|";LǷ^v/+Wť53SV"a09'KTiC@ %g*3= T>ƙ 7@߂{q fPByu@8ĞMRVc.m(\f'm{Ե])H|#u*N<&X7Ip:ک$U~Ώ7jkpdE+.=RcY2aTE~ 3㽺5X]XFqp Ngw: $X9/Xox n(h̭XK1}I=Op6z[Czyߐgx0 db7`+_Ny:ȰFPZP ܏id:Ykp1^${Z>h: ۫pk5zJ_]sDaZf.v<@ 1O kh',ߧTLW{ȘqC֊+.TƶϤhKL? ΤpE vq5!VbۥL9fၕAn|A;kNaگUcs7mV1j:.YOw`@,Ɲ:{"}5fߨrg{cU/Qً^ R/b7?鬛ݳT#LP:Rȶdj]-O+,eQ\yU+C%&c$$70 R8EB4nƨJ@m3^ՆzC,]H HĶxV:G^: >ީ ViKFOrq+6;4iįeޠxY kAƇOcvҨzZi%ȿOXI0#*}! AdK5w3CHid6v&uRerWA *&.B>V؟wǼ#~_+_8Nb"6]2ՓZ? !:6Yڶuu;"]rU7SDũ4--X}W-r"TWNgVBvw$'ߪfE+sӝËxG|dLL%{֧_74LwS`4gSۯGb H x+U$`&IVfBҏSUA<K{6Q: w>  Q2T@Hr隙c3d+A%$,ZqC3{y1VvIk₿Gl\,r探#3_013WXncXk~Eo;1bęǐ{h/QJV6!VzQxZaYg߁>\yT:J]d ]:9bbsG=Skd.>dOfaXάDe&MjGuhfʬ0bև_JA$HRDSٱ[FQVR[os2cm1l5A.q+I$COSA2Qp=C3#')25k*IZ5A0a '8!웉Ihw &U$ x%غU|s u/`(@])H[I\+_M4+=H)JO~Ik|d2Ζ|NTԹ@$$f$5~zu@5 -aߛǹ9fr%)%LԆ@W`g0A<@yW5b3+74 J&)fY 1Jܷ Xv36(WjU5q1Bjv ~xssT~HɃp\']m D3o^Uaoz|@Ru=XiϼlЉ̑\m7nO߉6u@mbr*I`qѝ{`4ԃC4PHMm#%} e9шy.2,KfSKHlҞ m/r;גPyC^Z4>萢ʡ [zЍI$? :ue+M jyȍ͕YIΛWu3#dzl={'8Wy/bJg&.s`fWv>E$NR1Eґm/s=3#I+T d>& D`w7buS0\⩕]Aaos' KYBqu^Ͷj;ԃ⹩N cz[x ̳W!.LCof1b,`eìws1r o@9v'*Q,MAd}!Npe $ J?KGˤd·4Uv!(@E+a} n"K=:=~,yJ)go1G0`:rntMV+y;S_7VR"@+5,μ%_Λ`l81`t~<sܮFCG u^A*IaEғLi&]6hJYBbf+6/Řj-(GГv~lͥLiT1 ԼqN)O>`hDxt2(zxh0GV Ik8SbJza CvVFln|㑾 qzҼU02ЁĐ;x ¡vuـIۈEnKBP >>sRɸR/bM#|St9ԡ 5_▅~hR3Ƿ2OB_lzQC&zR̍[ɱ{vωϤ;d5Rs}|L뛙ew5qF&ǘԊAYZXE0}@qTI5qDAe vBgs"'>e 8 OyɶbZ[K$Y[忶I#l r4{CĜT32xKMr{!Cja!( WJ4| /U]p;H! ^o lRM7aW$0{߲{?.-}? :ka}O/ ց_9b[e,18E6 꽶y7 Uër<} ɸDDj-Xײ2q >U$)JD(YLൄ@9 xZ 5D">t1ڲsݼ@Hwی=dH>ģWC= (ܿ0n}@ht2b鷋ANF'۠4 CCoPgbqqp??XD>b3s$ AgۭӮRiE?/9V2Vl,U Hm[޹ҒwYm0ipXbRLqT3Tr'v|3vg>j~?Hu\ID,U]r@&!$~RKNsYcnC<樫~P&dX RƷg Z~Kwڈ ]f_5H= $Dw2'Ji(aIن{C os(դ=zb-?U濅ySV!V<j 7+nKQR&U7}Q}]GJk|~RPVO‰aocȐw^,sUllЬ]N`|m\7lBS b2y  *^~2R) ϰUMb*-ʢԒ .O~-#B:?_qpԺ'|#AWq,(oذB|d G߻Imjx}~:A` Y͑P7=?g]IWTA7#wѮ״ʖGA GJo?SR0 2#$8b"UEUV?|@bKf%yH6J"OVjkMĨ)]qO@j-%>'ElMrUkY<-<ΌzG4o-!/bp6^rRyN6\/lWkN'#X#0pExh D^|D(V?`5v 3J1d4 GJ\H|MyeSCT1H<$x) +SȊ!vl~Z-5D8&R Tqb:Xy&_9]BTmӻ);@ώ챹<9u}7 "&`O oԫcz^D;LvZLUPY?$f%b,+Nx|P˧RWͥtU "\nm?CPL\ V.F6ILv_$ޚ+yzd~"㌪ףr)FP=Юe7SN-dĝi]'Q|¸&ۭ[[0[Ixn B4y,9UoKUٴyi6_&w#>%ɳΝqȭի)%ڠx̦ j^=5.NIg施*Dlh@\CITY[!to/` oôB6 7 kbW3:e7Cu2- mM(T0s6;65's,y7Ho>sEH*-Qme鰊`:=NtI5ؚ?_<5 ?X~kg{i3>Cn'GIQOeGHpK7o3sA8T`|VjLJ1R}/mX'~H$_K .`kD rq;y2Dzc7N&HB/ :^I>?Cv.DcHdz,^ p_K{" :'Qk]J玂~An_8Z]YZRx[SLNYE(G^@RiwA3c:pAY<XnVinotxmѹqFwx6Z$3FxgNfxƌD=yQ`D0{}'LHY&À芸$"JgWS5߶>ˁC!Y0Rjq%.8}RbF:\dgcɎlc?[} G$+$^%VeC6w]tҴv!5õzT1I&&=ͳ|;@e'?{C:V?ÐC+ejz㽄ۏ|Dsh뒯N2'T5vT͈Q^%qtgע/ $Vt[Pa؟*DZٽIDcn|YR7e:2j=9ڸ(&70">Z#IO#Zټ;;Y;*U-ԙ_5W֐}\s?<t{a%akO%"D-&T}f#DZW3ݡUk=ʰMEcLDZfxmu,ې͊Rr3baq P1jp3uj.I XG%hSoGBoK\fkf@q܋IL@n  +DqDЪ#Y;2o(踫';E12V O~7U dKkZL Zk98B1U&Xe5=Y4UZfE];r)@? / K.k2 /;jvp$f$Cwļax@T3NүvYvL^G=07^Ҙֆ?t>Ku^vj?. ʐ|ŘxfJLn_ \7MDAԌ^#Z$=->B %ڗ+|"XoW!.=v3Հn] \easrҧ˺lce4DXXG%uUWJZL;j~^̹BaNԩSrB?zb3|s̥ƉZ$j ^uPZJjh jСST:ЊXUl2އjDu\Ɲ4K`WXvpQFْڎnon)Ab/Y4q~,mdvA(]UrB,yz1XiTjX״Q#I7{לWQP;:`KAPkw4ueWH mTao LL fJ >e)ܰ/eyiCwDO6`u7Ʊ*teӺt*#V|n xO.W N\Mr?4[j(7ѽ\+8ҴEWL;BĬcϥu]sUDg >TS540{4ˎ'#Y:\8#}ٹۙߖ&Oµo |E*WU6l)Hb ˬWvr|`ȶSz}\ D{ȭ:X ſfұg߇C^PfkFnά˹X{ d L& lZR- ķBE"LUڷ h)eZ)b U7qވN;{BsL):j^RF~DtF>Qz8G e,0u-}r6}|$'DT}3ZV$򃔙pXLF}埪ɪe=]baf ݢ9ف j`IGEYZFmˁpq2!u8f1PHd2Fk$Z`{ ,cMi|FҰyxzQ'JC"u]Bi.ߙP7E(8>ӖD[%f}^,?(zJS<'{o55`ԊD >ԗXKubbu%IXc2!7Twv[_q/j&/F:%A"WMhٍIXPUPΗNENt ( v+=gN`Íu&K%H 5!?H $&eX*@Wc~:~h66˩VcƬ i㙮huopXg-J-m2%Lj,k]-0;{'|о30pv_aڞgpc>aϤ -Dוڞm\_׮ Vvy Np+:Gݜ8[h,ƴB#&K]eQAggV#tw }OJ}6 .@IᏣf aq;},^kTTǮF,qM᰼Cj& .yTnM3u8 a0A3 e}8$ :6 'PtI'ӫ4өɄS}0bre]sn$w}mS@ zU.bX pzC _8_G>@<ȣ ?2HgsDt3Zw"e[@9kL j+SZO%Udga(NbJxN<[iBAA O_eh)W -ldVJ''Lq}=PG*ں["0#6 oW gƽ-*=vLot"%~,ͮV/ d |~F~̄Qʃ!1NϥӍQ;WEi^hN2f~OhDö [AM"aXˎ>51W;v Q/ۚh+ Gwh: 6UAU6|/86F)^HeP8qˍŔ91kڢ`olKyR @ׇ"њ'kmN?Bbf Vʽv0dS*,{aڂYo4kPꔎOgnHFem}'W)rrV]H#joYK1vFJ*$5+Q,lws:Q$!\yS&B%5DĖ;9hyۛ}P(зea|>( 0_XOE$ k6ŞMhwe# ):tQY9W1 oȩ~XH9X!}axa9Q).ڪ'_?[ewaDQJqFDȟgbu,z_KC(M+)mq %ӷ[ f?4;O%gy:u7?ɒ΅freҌOnnY$腷P~)I(+ &~rm>g ( 2u^SchSp-Fu%궖&9; 3 ve9 }K"!*VI;+@} 60XI< R[6! B(0=J}(]d 4qvn ^UeOX2Ne?$IƂWE4 C,$QX;f-6V KF=qsӉ[[*\d%2i2 SE̶2h: jdUw9O:-'!dGH7R,x43!;=  Rt-`v_=[`w"pHc#Qػ+G wݽLIb-^xg!0Ez*t=GA;!/]9ŇCycdķ;vV`KSА?dZ2_D&}7! m|姨rPx1\4p9{i%jFؿ8EãT\E{Qkc30xeuL=; y26]ZcD&3-}߀5CԐљwÍfVAqSƤnPlJXjȥ1ԟ=2>|'z[LeP\뎆V0E3bZ/nQo$(h1 9IgbQ!.&.q'^ɡ!{AGaƔ{sRӸH4[ ]uhCr'phtA1nvuN S"zF0!7WAk`6A{,'& {}@ib/l$. ay~;.,񺚄}ߌ^j tc2鳖oDsGxGɞ$u:zIc ,'gZOЃ2!Mx YZ