sssd-common-pac-2.9.4-4.el8_10 > 6 6_6 3!pQp)Tξ7]mtZ`f ]mtZ`O7Td HKШLl:L)цgL)ljț= ݑ_w.FڻK@9ɣ}g'grB"ro: Q.&!/VFB,b>m[wm$GWS[fW~GcCί^F#>u6Q}UK"+/Fۜ(m0pef'/'eWߺ .[Tu4N9S$egZ_vap<P?@d ! S  (<Y_h    6 d|66 6( 8 9:dG(H@IXX`Yh\]^bwdefltuvwxy00<Csssd-common-pac2.9.44.el8_10Common files needed for supporting PAC processingProvides common files needed by SSSD providers such as IPA and Active Directory for handling Kerberos PACs.ford1-prod-x86build003.svc.aws.rockylinux.org#KojiRockyGPLv3+infrastructure@rockylinux.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64%KAAA큤ffffìfe+c0cd7d90db08d75b78dcb31b7a7db21d9f04e6ba02a0522848eb4a2e200c97798ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/sssd_pacrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-4.el8_10.src.rpmsssd-common-pacsssd-common-pac(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.3()(64bit)libndr.so.3(NDR_0.0.1)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.15.0)(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.9.4-4.el8_103.0.4-14.6.0-14.0-15.2-12.9.4-4.el8_104.14.3fGFf! @e@e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-4Alexey Tikhonov - 2.9.4-3Alexey Tikhonov - 2.9.4-2Alexey Tikhonov - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-33957 - ad: refresh root domain when read directly- Resolves: RHEL-27205 - Race condition during authorization leads to GPO policies functioning inconsistently- Resolves: RHEL-25064 - AD users are unable to log in due to case sensitivity of user because the domain is found as an alias to the email address. [rhel-8] - Resolves: RHEL-25066 - gdm smartcard login fails with sssd-2.9.3 in case of multiple identities [rhel-8] - Resolves: RHEL-25065 - ssh pubkey stored in ldap/AD no longer works to authenticate via sssd [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)2.9.4-4.el8_102.9.4-4.el8_10.build-id0975219a34696d350b82d8c16fb05302552f18b3sssd_pacsssd-common-pacCOPYING/usr/lib//usr/lib/.build-id//usr/lib/.build-id/09//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-common-pac/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=0975219a34696d350b82d8c16fb05302552f18b3, strippedASCII text0RR'RRR"R+R-R.RRRRRRR)R R RRRRR!R%RRRRR*RR RRRRRRRRR&R#R$R R,R(R R/RR3utf-851eccd2c844780403a75a926c5adb386bbd05ecd8e676bc71ccc9e45ae563d46?@7zXZ !#,] b2u jӫ`(y0DU hX3gۏK\ࢀbNZt,^DCRzl<هi&kX4Q'?BB٤Vc&㐔~VBS± MTl̔7KU/:7W4ΐjTw.y-\# M~1k$LRi$yi)c35Y4grzH".نe2Ɇx=З~]jsmY,fd}!kspQ޺ӋH % (9ð{%0=olz@j>Xv#NfԘ$=mn#R:37eW,cdFb|\RCg'ya*<:Ft,ryfƇLY%O]%B7ϳPܟ.$AuTď!y@jaI+wVP7.&aF-2R1OkvBqD[pt"wB>sEmI Ax133R RېYdo955?AhLС;LT~@RLg@úL/Ϣ?tUA"sj%meS?THX;F҇f~Ckfrqg7>7ZK.,?ML%7e5T0j6G¿d'qDZ(úZP1ʡF} =_aUyDwrf6)y=s|loX2;'F[Z|-ښeᐂ{.XłϪWP}Hܫƛ3WSx S1kZș ࿾{&]XچS9wyRpWn6e,Ȗ[ .27KrDd>?TDVIX,s h+P.^[ڡʁ a#>~cv3/&P~ m-@gaW &3d1tphq[=L^}.3p~#/o+/dN*R@~%}-x=RustgEn# zGLbN:ԠE)Ђ u6+T@5FnH$ ]hqP aca|;}k)z%$J'xkE_E51F͞¼dՈ{-,j[0tݡ0,[j,/"zkd$ܲ~!ę0P9n+Wc+#g~2BXf)W Nryt,/A;!bB*,[E30;[FRP{[ZZ0P:K-3 jR86a.|ZxrΙm| YiW80! &p+<0E8~y<aĦ{ 4QyNm|]}y'}z4:*+ap 6z܃íj/ 7F; XLx}Oч86+'Cx y9*˩nP1Φ~W:sLo (A~a%x.u]r9tPaɿ?ދ"=Zvul3X`~TLt^j B1 t]grR8OI<̘7B{(kY'8pl~l w\=)w0 ő@IRvdX!~;t5ڏoM;9!ELC#3߄Pv Ќcd4F.|Px(C5v.G0s1x`-6U$6.i4e?DxцK6'E>sVԽ561rͷzMj|erE] 1.žǿ~!ȝ(O-;bᱥg6:=fDuۍ6%=;8BQֿ?g3%_ò FY| gtiGam6,.Y A V^xH%F̧ak"CuR)*G~\ؘ˳*0tXXEU̷`(RUppayzH6aG?X_Ըg5 b̌-H;ki[,SdgUVߕ{qj8GBPC5+FLm+', μRqy:yGpG$𬖹C$8R^)FT6;gˏ5IyAfWBbax$RHX3 7M)VS'pOljt>i\[+T[=u$!u2`t"ߟ!*}:s?@GbL~{KZ\S_`  *ȭP"%A-vU,b!q/orʤaG?=kjbW)g5 yRFB%6Nt 1=DDVaT|M{]ljl=3+=K<:ֵ85ӤR^'BWgM? ~i ^eS8$3 A~5|=BAfr_*͋&^}^HF潈"9fn $$.͜([\v bO* 5 cSW׹[V-1PXMiK{G/1.FmZگ tR>␞F~|ZRŧu(ng~edEnKٍQ:-2+Nbc j; ȉ'":F3W[=ǐFxdhhL3)ֽ[InR yIȐ)D(o.Є26fO%x#GBwi '&T/wBPJ):/-+sB4vTdI$E /f ̦±ѡwPpEL=NLd|YkjgI\֔ƴB ,mI t4iJ~\w6`.H/ /)Ϊh->3;a_i&QBM )*c<.5ƙ8o? sou216/s>qt#i7`5UK e by@w1WUyvVEs{}f58;¬C q9 ]go]ju@=yrDu/9{j~l OY) 6߆_.h'p-/{S>~5J'Ϲe?K8:ue ;Y  9ĦKDQ>ybAq$ `+F2uh,ѪoXj6W#8bMIJUL<%h[l,FdīR-FF"Ou#kRBP&85f~Yl]IQY{BӃ2 V_V7E\W"g1.cʔ}YR 3\ 3U{#q~t;'UZnqJ!dzG^޳ԟu_'˺rtSGo'U?o#y>h1IuK(]}7m<?\uhO} ?% >B|/6 hΰ<5G[`vKi5<%dlIIsIHSON`LoQ׾?toY*+h@fwl&6i r<}԰NP aă0JonÎrdYR0x"R幬cѿJ;S@1P]=rvV/jFPi5.L]sSם௚_. ߧ>ɛEX"3YT:T>mrs2%]D^luN]U!8`Wo{ucH*HepzÐMCSK|ٻ 6)Rۛ2Ưn Z0V8Y?'3.)36g(~l5>wxa --̷NbB_JMv('u9KxQ:\ep?:>T?"Hᜈ CdZ캮4媿̲f(%OL鱜,*QXSUaNYf{&yi1d?gi2*0R m$_H b(tnH"u5 8"|Ss'ST>u@x vֱ򋇟;,ʳ;Gy:cH?h !?aшFuC Һ, )WձhբVOzEhg1k1/$bUJ&6VseUO'CY~.4 _cY0]FGv8H4;0ޠa rV%Ǥ<ԠKHw]ְLp.XToz5etħzNcƗMs+'#Nǖ,ק*A#ۋ +L5kzQlDqe:K~*KGKw69%1f`XB =tLvڴ#+%rn[u9&2@^k)~ \>άcHV_C%>]t,%һiRZǬz)`Df-6]<JQ{U["Ejt$W",at 3 WRZ"aӴ XC,'db-']>Eʇ!IeǗ֝rk .8R *R y\aRF]2#Kػ4*3z=jLP*8\@^5mY&9m;-کo$[0p[3>B|LVRv0a O@d<> "r@wZ@'N^;~lWsYDk?h|8tuRYk[Vp&0VLbkZ,wb8("!l 9%ge, XȚ8tl.nَelQ!! ά™5hT׶JX.A2`W޵L8ձDxqnsOͽ.Ɖ2-iIsڭk_]. QU 3b;S\Jl* d} g줪`CwTz"Eh HU]F9pE,wXFY{w$靉sb) 9ZNwv) xqVǎ֭;MÜ/4C} U95hy^@AtsR(Bu+a^{NcC@Nʼ51&ԙWO33M k|_ wЧ>f/rOSq%5޿|$ޗ{vbGƔo] v_Y',d%Ӑ)>O|PduM:,,DTbJCM9eK4[8wy8w_pxd_J/Enȱ+]V.>[ ?5x"q }m^iC<=fJ,er;OqWWgq~.Y1[I.b3iC۳Sɹl8I ^k)AсiCPLڞ(Lϫ1 i@^ՏXG+TXNA TR^)TᔂaʉZg"\)FdVrX,C*gbkczߧ:%"OcV_N,B?Kt%Sfz= njuqm%a^DIg[ T6e<AY,>}I?(,mN@AAnʛX ?T-܉^H,1_ìN0 ` L:71VB-WD/6l?5r7}^VӛK 6ˠ2OcX>k6nm p:}kD8ʯ:NPǂ:l[tԤ q43WzZH-b?wT1L¾& kǡdE* !x^,u;5py"&[(*4Lo#Nv^Qݒf.a>jug^(A }.OqHKdUkEؐWMmB#a%z8O&ٳ;9cc9ZOUNnT WwlQ[ש| )rn<@/2,x$_6h O%Z-.7֜=ԔvEaizeTޑ,-喩 %CʫYAlP4jtri6)1ʐWgQJGr_8[% ?Aa֚(\8âH :CE)Dc# b 弶zXB=Z'xw)%u{k $ C)CbFƃ9) -m(;&la}{pMׯ{cj]B Jfr6X&QQXtYr$bg= ^K ;Pf`<'1"EWhB}#~xE*0ΐ:YԦɲ$mF`2Ve?SGsSo˯T:WˤlI?ʺ~hpTBeMYMN+їTs%D0䆖 tygʺzՎjAidE1 1YBf]v> ~6h6%;XE#^NQ#)bkьq1L=2,.kʲ¥7(a@2`"!(1@Y(W1@uB]IvNh-,ӧψ~D;-(r7|W<{6!}2<-V*[[vzuث#~.ˆؗꋔ'C^CdqCNLm.\* S}ڳUA;1|$ÃZ]KC4T4bȕLk7@;S!G^*_$mzVuSreH"UU1m?4Tq}KElNzmoc'EYGr[svs-9Ia. 7<wxF0%Ec壱E7&^ Ă-Ν>qxиչK .de&Skq6.NjC"'Y+dqqC!;gtReX\3X%JCk%hy5Pw v\* a8c!igIkH t\[?ۣ9E8&Ms(;LkYfuewV8:lp:ďNHBįߠMݛk٠'aY̖tJuC$QXso-hwe/<zJ ҂`DWPwͪ$ isKÙhY#MU.dP_n ^{{2:,Im}/7<q ã;ȵ +,w0%=[jhue1&4C"z[ʠ$UAii-&}bmO=) bnZ<8 ƄLpE/H`N*2&'\*j!%Yd\#ߛ\](v_N*Ld -pP8Px꘽(?p'%"ҽ2GMvfb^=oy0qlY?_9i6/ݪor[GU@.ts[;H0[e~-=K՟Z,ҟkN&b#JVlA!|vhNM%4L M J@!W0?K*at 7qVK@=&dxgt$(YO'[J ܀m6yd(dnǜY.e })wm{);%\S'XYPgy}}$2E猻n CYIzq t2 8L K©r!{Y"&o93~M#. % \It@0Qr%}3q8̥ܺƠ]ܣ- dib&Eҟ9fZH9rfNb`7!6:E0Zs*9+Uj8U<!rg}ikʢY1w U P(sA}WjByY P#oIk| EU(28 }нjXՠv 8kW߭B3)ŗ;BG cJ{heIc;>ђtnw}Qp-QCΜMXt;QE7^uI2킘mOJ-8&HZ$uvA -s%ki!i ,MJOιήkWEɓɭ)}G dM?n%R7u" 4(|U'j6~`+u#8۶o1Զ3} ݗ[E89jI*8|>t<Ե2 1Wb\wv*RWDmԕ~fh(D҂TrE`}tMW{Ęp*0B B",*0܃#`6XSe!׵7i*]򳴵,<)֒9R .*h}S40ՠ]΃>FPQ9\v ˗ ӝE$Xoy*y~Ki:f)6yE!c7RPUm2eZ5Qu¯u0gc>d*m{s'69T8:/J}ĖQ.W2 (xI7#\zD^Vİ$[Zj_8%w ďdY ܲi=Q&(M ?;0W JrB,_u أm5'~oZk/g T>c= Ck–S x U(,Q*ɢC*]zP\TˆA?%`Zw)@]br40nW_/yfA}kcZh` Jyk!Ǫiɿpt?&sg:$K=bG~;[o0U Ѱ"8ᱲK o*0 ^kY?bަ`OAա/ U"!rAPi.$F/XOmZlUWU8(c`qe3_lJ DHpPʍ-5\ F)71EWD3#2Z`sFi'Q9wI@+OVY?x cDŽ)i]ް(WIk=w9z"?xJDTe?C6$Wg G h479Oit*)X N(ЕZfh+뤋j:{+Nf^a3'Ew̚"f"-euB ̽fo^DxJ9h,w\ѩ~6mA2Mq>iڪOT@20 ' |[0G>__&,>3כg#LXU"{Nw|nzc3Iؑĕ[0<pun9F&AMs*h#z8 i(TjTsa!̜pjL[ryim]_FOqXugM=Ї쭞oJ\25*6i>dO|xVȕ5kEZQ/jvӜat㵊 ɽ2d[* 6yxIydS,^;yi4 ޻Zm_˶~HyKg m2'W*BŴmǛozф*RO@avhtdL36)U΄APޜZ?Ǫl>B+DCBPA[ds+%Bn#LMEצް{huw ~gN_+z#2$M8GD~Mr|e[&\`0]#9&>|U ƈ XSq:ӮzosE8)ֹ _!>F=QmQ?F+fC野FdC+ y* PG띍L¤s̰Qh%Ɛm%\XUڢz;1'f5,Hw;L8KK!v;gAJN&>m!ȠΤ ,'& 0V~DOo(w$b3@ިyyLn>=⃨=Ȳm8Pل*uV/M_I/tınQ|Q7}çqF;vC?A_@'o`) !ԧ͹^,nAhLE1 U:@ZjG~p/;GT*TF^psJ_8\ӾLNj/j,Aׄ!2~#N)} fUе+r2HZb5YlvE^t+Ӵ4.wJèܣga,2Nc m#=q aFW7Г՚+%AA=ܶCs;P$1-T@sA*;@^NVeB2[eQ͓WIg̣9EjHhYԩ:f0X|UCF fms00Pl|\$j WؚY^h ܷ88T0l8˯ڑaI$ ?.`]babB|9"BBZwc=z+i VwPZA S,,\r!$[Pu}N y C7=;:3T:Uً~sX#ͪ]''{kue >X:&WO7x~Hd^s$,ژsw`T)| 2r#n>=o6x$/RoM\g$Z'!<fA@g«LhJt2q*З \4|3ϹKӴw_[p%T֚53F0/eqlo+ RѫB>ПD7RhB'1قR윒 dՊ M$אPzv9SiߒAЧdNs9~ݘbqaOɺn-vX\Q__G$HvǓ" 9Fnű1'3ޢ9#ݵ_2e-I=C~<IGbkրJGs pwP~dg#}-lR8?4ƈѵS9̼OP] zHZm6G v@{#а׎gsE prؼ1 d4["z;k2$]%XDD_E;Sn`πdAH3vϭ0փ Ptj-a>9&ƥB3x3 +omTF8E`|^zU_=h#6oQm\ +rקC2^N#5E4_I}54'lR+=j3k\&*D{SUa8C.{),3(w0 6= %-Ye¸?R.TDBYGbm2 \L,0`qwc}q({lӥʢ;&U7yZ"$A_Q# %4!gӨNDEk EV,OֱΞo5&KW8#2Bf.JB ӐE\}O:c0KTF,:E4>v[+rO~Ȑz||`8.ԑLV:U?V>xȌ["Y4BOţ q.! 1d Ie _jeTT)0j:m =ɍarյqs"EˆTSuyKfljPoNub#[M[\Kz܅qˊ>-1>:pȮ oD| ^0̢*-ҷXW_x1SnW_&-O;O󙎩$EƇ!x\6'WUXy.9Bj=S2u[A?YɗYMelǴ 9%Q(6T6oOkuv#Ji+L_M=d~I6<%.[g-RԮЛPXW}t?F~V)|a!Ljɴ9VLa#z)%>msO臓XB?vhKUS\a ӱXڶ%e9:Rnav i~U+\ADN)3i FzY;c++3#nÀ `ytc](W44UcQX[Wm?\YONjZnS&\v CxOm_n$w+AK.nq|E`D?"NcuTbTEakd PkĐFG O%T}yڕ6vv'Z^A$*>U =Mpv*F[Ye:#VkQNM0^0Kэ#Ifؼև &T^s4bBvZ Ko᛺!v8bЯ:&Z9OE!ViP"ϸ0Qg)_ M9=J:T4;lu$ O'H0ld SLT/fߕ%I:%Ƅ~7"ͤY715e*0گSD<Õĭ[o7THZ4zeusH!]pǫ)4X*Ҕ-cc_hIJTosW9"+È-*+Kܚ9:gt C6 S@iwV;6?7~艋 etP0UOH,s.{>cR]`\6$<g $`}p7agCb'-"tra ]3;5(Nv/٧D!w/ 5Di+lYEAfU-p.9lI<ڇg|jN$uɲWQ&i%֡I݉0#{{uyv*v'ٙ怓St)pL,?Y,Z80["Nbo4[PPvn."zz}KÓ[+7'@<d3#ذJ- /᫘x.4l×;V :hiLI&WiLڲj-Ulj ;чc1o=Sp)jmCc8x-m_rh{1^7.UfL3`|IK4wp:w 0*\@dSJBxw{]_kWV |AIP/8f4JS~KXFlX}Rl{7/E‹itţ־\'91'ėf񞵽 mܻZDP xB-2AxM@vr!Ik?ipPM#$cP]ڋN9)UhߛC}]_.ER`ڲ:bXcoNu+XEwaB*6e9|MV- Q%6.%cYOtcYFM츱=$ l9cЩoB~m$-c4R]N:Ϝ2E*s){4/У mgC;~L.݄\(zCtL VC7zJC~nj_`>*,ϦZѿCPvh#҅{v5RG`#նPUBW@rt> Gr|*܏#h6"H#ZOPia t9Pn MQ-yl{\l#I ԕnVR0r9&%5)œA4%{-Ak!:kEw/y3JrM8_n0=uN.f}5/TZ WPa@g T'{Aa^gXm]6&umdMF1qbU.#w5hIlbT,2VŕLSww"xqr$i5!>'%"^Usb]4oeP`SOqJf A!7Xaڬ4 OrV78:Mjh!^)-L1.\^._-/B9\H,@vI\)~Vl..WLhB fJCH㶺 9c_@d\ҿف\MrSag<0@G)f2KTP-ħ?F.)^"k6=LD4. w%97e|f(TD+ Gîel$GM4B8QjBn6 B[A6?l'e`F -k5EmfW4)h؆@+>Q ێ/[P>$Y}v=NTF>=15GFHsP#`{ *rz _t*HI$D.?ͼ|ڥ Ļ'3;}-:vunI@wW7L6LS; zmH[oɝi4.=ScuG\lZpwd7e~+n#2v!ly( i8 kWS$˙? H; Ҕ͔N@PpbSO-F{YWT 5q3KMhx'U,-~S@L/YǦ,#^pr߃bAG,"{l%腒" Ȃ~/āC\7R iWwnhH0zQ@a($OU=*'NOĘٖR0t-OR?942]b]n9`.?5Gaq?*vO޴Bm{` }--PHϴpm/Mwd";̈́Ⱥ40GL#F.y8j ݿvKT(@[_jb '#嵯Q  šG '=e5<<v}+/E< 5> 0Թݑ1:d85Z:QٮЇ}t\㡁!m?ȏҊgJ7=-q~LG M0)HYWD63pBA_zh>[,ݨ{{h..ҫRԲX<dZa`< m+$ra՝}ZHQeT2ݏL3򱬇!+že^M;&WQd=Y[}{`V3U][;x9ahe_p:b,lMՅ÷b#k$Z`lC"'b5ոOH V-qgXNj3/weQiQ/p/ݸP2 L)+cnͩBK$"4Ao1p -tj#>|}bů8F8y@g5Mۀ3N`e)V䍡e-*K-'-=x6}aWVcxk qMY(6Ri]o&/u m8`Ɠ&'"I쮄։SJiA)KuNDODˋ-~f,~.lF2tz2Nج 5fm'kZQKMl/%)ql*iꉠ\ _(=и Y {>u4Øԛ}Ƞϰ6lqc? CK- 1%fXɍQ&M.o1Y閟N!!&_@;_26s?]G%2ca[ӧh cl\JURߋ?E,w ^O؇Ek6ƾ$*8KY(GzBi8iR١cP G+C: qA M[gX!Bfܗ:p[e/@P!_?2c欸WZy+l`2x#}D` (cݫG¬voe2s!B,Vkc we,6F!t V\S4FnDbHXPߪ)pLs715d̝lt2v_> XZz 8.qիQݥd J(1Abν{ׁ'F`S͏l"owl{mm+N՛px0>4JYt޽"NBdzs/֚oAW~&7yqH_)S&_:8O*A+X!m,)/$\V9a/~XvZ5.h;2ykk8oW=b 4qc -F%&j>aX Bxc]]'49dn KeraЬ-:A- o"};x{Ռͬu }:?5׎VD]]E#nMCRn<IZCش48G fL5u |S.ߛM.:4TʼA8#zg 8ERD$^<`D)2|MV{N^nGzFVT:ɹiz(7=Nl{Up cn|*,:.s,q; l랕Г|Jp,܁pj´`fr)lkcOGFZ>Ym}K3ļ #HDEE8#話:8Rmy#IjғݕX~ST‹kKnZtT@8.֎$ *qr0 A}-2ځwckn,-Qi_wCJ݇%żS,I ;K ϟɅGfo,vт1gؚWVElDOzjP{Rpm;[A h0Ĺq 5aCD,OύvN;lowVJOriCJ1:1;1J&_\D>yv&GY2=-&+qRxT'q75:b.M}Gv`ӽ,feo㚐K˴~:@VN^ c+0R-#,mqLU ˈCz<*@_M^\~@H$scќwSMn{R~i[0֐t0KҹtrFW!$qTJƕ zQ|oc؃^ ɎZ`TIӸ˻}-O0TEl+Q{2|k1< (D$XEݭ}d۔e (VJjҞQb,u)>,ks̏+5i mDҝ{L.N"=T]&􄽕G6 m #`oD}yvjKV/6fDdaզdRڥ`+>vkY~乕ۇY: Xab1>8#Lⷄkrq0P#A!'M:I ˔g${& O8LTҋPd_"2]<=wH.⧞RHƀCWC|hE9^۹@ Ȏzuτs) HvSޡLsf "{1O1K|@p2ft^+60gYm8 .y@?=xeGA1bn sKʹG-Z9`ao>P3n|Y8k&qt|O(F[J3k78H&2;nCI$Ӭ[Vc~Q :0~QֶaL\//9ٵcX [}TO}~I"ZB#H8G!f0I,M|@EػXP;E;pj9ܱD׊Re{oW)^.x5mL0i Eե7YuUx1' 5{݅bdϴ\<>_kx~l&p ncs\ ѿRNj<:~scxŽ")Oպ~v>( 6tY/_b/ׇn(:eV('JI)haJ#ĕUV4 gݦ;U9z5HE7Aɏ ]팈I6LIt9_LQ I-bW5In}Pa!jڥ ׉-Kh 9~|{R06>^\ELzJRZN7nıR ٽA}!]X1ŴЕbDwk :'kC  -@˨vZ>5 ?0C- /"cH5͞/?VE9|m"j $l,ltHYƄZ4j4ozw=kڠ aB's4:'d:sXjs$E & $A`AUX}[ZX/۵^^ۜ#h :ڰߨ]⬗լ_jɈA% )5u([u$;>"s6<Ct7]ћCӂt&È}s~ABhlk6'ׁNm0^gDgE>nŠ|u?6ʙ io"ZLC`2jm5 ,{M})ԎE6J+ 5+G11WnЅ\gЋC}<9Q/etXpyV;4&-5TMy^<-e,0/DC͍U'q۩K,+#M&. AescԺ UP9,GH9Io+,n7#H2PrGJWɌ$:V廬9Ez$!`p?ehBʹ$+>WZ׹L^7N/.zdZ&쬨faŐ|?;7bO\D`Zᝮ=_wo͍d!n7DÓr9VfH<ŏvZs!-zy> 5r,-+iFF >w8;]eyFh.nsY;M.ː9gQ'0o$܇v 6ec5kKFUt(]V@3ɡYens1x26Yyr 3잟:{G.B]Xo^H Dؚ0oH`9$;gNG9j5HQaM-1hP& cd^5`mQei>2dq 8[@K#bȟǀO MN)ʇ#zո+V4ج1ɪY-6wq`4'A l O~qg1o7x I2&:ajvAYafI5tLS~TX꓉fN:fe&q""|D}a*;C>}\լJ>c8MT7u}}]6}P8B[O`~8:Yg嫏,:.:ؙ_JQ'l:Pix9v:6'O%S 6\$I )$cED{L,/ҐiLizu[Z5 !!(6E5:Ѽi-5[KNMvu^`2д2F U"-K53X6Y /?ŕblI̯xMw9>tPXoVXa++ Ȩ)eW:Sp\u6!zOO`1jQg+.cDST4_d:xȄސSp1?*1) MUKXdYL{`McZ? 3d6$r^jMI`rƵ-na0Bipd9#I3*û".+h4g~YI59TW Q #?WX>@}4~_rl?LK{*7GR~ii 𥋮[, e{KтCY:z5KL᷂Y!AVeBW) cP<:) d|ndž(u'V 575ť\vfP wSV49_ܙ-ׂ8M]Nl'3jnIYl:9~ف`r^(jbG?ʻ+enqINiww@w =a(+Ax*MOl%hLҜ YS9սyDx'ɲ;?{f@;k"Uw1r5&6Id׌nSw:'gCW˹bw`rWtC I@HAmJ^?EHr 60 |k9Iw,@j Bl91١Uʥ,&flm{(Ώ88S{2ocƊ )7}9xvyO\} O5 ZΩQKA|˫"B8قe+<w{O՘ - ?Z#_Ii@d|=%|0f\M7\GHlN^vEiQɸScńKuD!t @=|2R,uZAqGvHpX%L֑˻LAO%<LJ&_U u%L0IŽ+qki"`F兘<}> %qlfFR n߄5 Z=!-o,1jJY]phlꛦ~ӶpkqT|6m6#lxٓמȿE~;& DPEj*ACcd>Q]{g<`AoEr>6W[L4hE؁Β<+ɪ0wihƢěܸ@Vh>6/c -bQ\fqF}SU~\ `xjB"2hB{c[_ɬN!@6cWI|8҃:+VJ--#ӝa MD8K: wLjZsKSᝏπj]]0Ԁ"#(cՀ*2Zn,!;Xvͫ&4bWcM?$1?32?eLؚ- };5F o=23')/hCG=0=ǖ&񡾂/nu uX 7%CN(҇^h #1vڢ|qbV)Eн:g?/khbDz8E!*k>߀ѓyÐK/H^.֤VaYj@;cucT@G%814Q7[?N]Bsy`4 tI FRiDGYB/yNǩ0܅,Rێcg ' h8oKyq`ѣ裁2A3B> |l8FWXʔB+zBK BpTJbr B\4ӍYkŢXl}q:h pЯC.5n ٓk*=^E~vG~h=Q^?/ȩW}N6r<& 4׫r|I \c6V1)˅WA+'Jz_ko ]p#N*AkJ7ra6}I߆PtAi'j (g2*f ةOM|ϸOkߪl\Qc _Hu(_q*Dq`yɤ=7Dr[Ɠ&DЂHHgr<]S) -D={ W[ Mfam_I8׀1zjI@[sq#Ql+%#Xqb[%kooS: x(%{WJ{Fi 5ޜv؝XRZz~vO} A$T(zI:N]Ʒ 䓰,_f3) Hc `ωXZ*]O>)pw!} MRsK`56h;Ɯ3`A|L9mmflXu@Hг!))abQ6DRH wFs:}{P6#? =Q#h0g;VMޙ9AV켊 kO*+ᮄFtĜa/Pߥ͋^Ob9r,-%vy1xΠxK)h\xTdmԸ ex5%|H%}PU޶ saOC yU(GUy/cH<_-WKzE>!]&eDRbD-U\V)R-ѵ_ߞ4mG ]H~:MJ=gT/Z`.4^ޔ~~4j~4'8Zx=nAm.?w~j$cVמ* Pqy>, MfA*A| of cŕķE? 1v[܏n@+pV.N#~ 6-ym<_&o74}lndgNRͼk@Q'aC=yaبdZ@zb߽d(VͯNl[˲? ΀k*Y)8pExkw-q7ԭ |jloâw;,YV)G'>z QGl^F77mp o!ʼ%3DT(~]!l A{W$wX*SHڿQ1+Z932nQk"wBJq%gG+ ?gvumn:̎tjy$|$ {'ͣdE*z|m3=@߇ID1xWwyc1XU;.'L-%ki,u ÿv ᚆ!V"azM{a|NuqaZ):lTj^jI'W(l %m4G Dž#`*؄L'E#u.YꍋP_@M Kg1lm`OC72yw@3K %(Xq5[al:x,# Nu[BāYgU<5‚Y  5|m7,$ 畅3S}cBHC^ԝ1jR}M9.rMSPuܤa^gg98{[FW4[b@u ‰QdPrߙQA;Mpkhѓ3Ctu+Ely- יZYǡ%E[z}/61pP e@w")Xf.<~Ґ|]I!9>Q <ŠlhIҵ'g?w0?ndw* ²ury{NI9@Mv@;N /(t?5p;hFnju~E N{{=J]%LL C[h;@D^q]LIu~u37TpW#x} MQ0:#XOFeB<N04'`O"ioFӉȟߢ \*bZNC`3IIuW T]$jX $9!L~2g%`db*M`GeOފ_ <{dF:h7kKtsI<YBoFDB+!tBllUF "@XM 㽱vHz1>q.@[٪kMV<4X&Ωm _"ŎRgk@ DS7b|PcĺnLͳc44DB7khgF(3D8?X3ִZpPz.oߞ:Xx=w2.lӔfनx!@tTx;r@=oDg-{%\wۺ峌&}D;.5 MLό xC\ys 5skiG߬Rƙ-Qz&퐲=dOV ;IQJG)A_:dڔ%R-^Ho00YoeRqXdB+}@LhӨޚ}NBFtc$+#DyL-edf d}W> Mo,A|cGڌowUёj%wyb_2LQ4ssǷ(2\,3467pHd((*T}+~u3?ƈRbi Ϥ>–S}FN6]LtN:vH-ac?] 񡂻^_V*=<59T{ kn@N-+  ca|f!ֻDdU<qtbx6irꮙ.ʴҁ/R&1$qm Z.(,@l"p<Hf[Z/Vv/z`>PJ;c&?a} RH٭]>gUFn~R2QfR=*Is'2-(WfKGM:&U6ST<`(c>)u{lQ3LC~ȝb9soCc}l<V+ (MF?HZr*\ǁ~jiy I-;BYF}1a30]u(PZi)ӻxOrg D/Q.cSoG6@soo>., y CPQ>gߨX/3eq<0cai|fimy{R{4?sAfk7拒;1뎢<b"߀`!PPhO 2+%0]jCӅKCpw y4@ ѻ :֜nCAND3h苯 ݆r'09E`|0xpۤ-Vt7@QџYF%.]\ɏr5uJ*g nXSJn|J+MO)N&mG@ Et*f}\4Fn VgGD#H([xf-ȍCleUJk>*+/ (!:;.AS;\[M:dԲ'u:!3\-)Qr?J3u U;ʀ,gIt9Ю1ĶI.0цPX.k 䳵z!sCFtNḈ3h,J]c槹zhr1.UJntCLG˸T 7:3qd^]\}]vb?%zÛ+R.--fD:`3ԝ ,׀5*>,!(V[._|Mht. mEye(B{L&38MV¸x e%e([E[HjL gBz,'ʟ6AsL-KwhFlww+H%b8pI s3Cj618iڗ; o0t k9*NjO>|#Xuz(:)|퓩ͅ'Zr#U#It/+ ʅϫL,#jwVN c%#B)>oRг^S=j!lKeEJwȌޫPIhxkH]?p>wevxfߍT%%]0E,1xT{{mHw"F-8 0{}o~5Bi dg> 3; mKDQ):9 Bfx88HY\FJzx:YK_V>i!':m#%V>͓\ t!4.Y*? _]2yR=6 5l-L/œCL=ե'\vAhXlDM50Jj*VN+x4Fq׌َ qc۱x݃| B *1PTXvC .,w٣L1 {R^*%0oLp@qibQf,#HI&oRf|:8{Zv>|*Bc_&OT/u5E M^<q'lײ=vEcO5X۪AP >]x\CE-S>j YM\SgU/m}_>n!)wC˷a kpk|ݿ m oB]M5g`ˤN2/ʌ7߶g4 d&&aҺ1) E/o-ŠV4 HJK &UF+KJi˃$&ֶM~}uHw0BzcyX{srstq^ U "uc/8RiR\\Ο45~!g´R` u+ri 5^qwCʁD{o -QNz^f#6y 6jayFew۪_)R= 5meP”>c2+SpH3C^q $<|6 meS슻 Í7M嵬#%nMdW);Y(' vpc,QzKֻM6{Xck2X-,A 7C=LJ03V?qJgYq| ?!WohsviT\S)bK׿LEy XOBԞ!ȺX?<*̓Yu %u-z+=^TĥJdΏgd ̾T1^\_̡zg]!xq=[ bh$MfєGVZ*Ut[%Lױ̒4sSjJQZ+kr=*xR>~rxr᠅@5qDͣ3$g/= nLvO|XFtg3 9.K~lUwUDxD:Ĥ@Ygv$OO'DC+Yg KCJ;PSNtV:sE"h;g+rK 4coLwnI k3[P#d38xi:p=.no @_CrV8lN x" R/ApzEMoaq:}#YR 5_^k3} buV\E`X$_7-[7Uf;&824YC"1M2;V0_eEDg|ހTJKODSa:b,c+G#[ǶA\~ON6|4+lB{u8ASrba jU (T<]:S!.,pg)MVdwڎ>:=Gc!c`PZew;zr[PUKI'+$HS<|`y+ )l @VI2`3M Cw0 |$ c4B=ŎsT0v]w,0Юi+$ b e'Pjy.#–!BrϭYc`2RzDt2!,03Ȑd VNaz8yA׺m _6D͚[4}>+=kI"蔖=66Ї. +`ǯ296N(-Q)p vKV± 4??zIzzgbX74qǯֶ7}bBI˝_JFf(D]SGr ?yf*{wT$'Khi_B▗K֤pgǖ:A7\m1+f[XU=VU8\WR;<{Bfު|_9z#i$ͣM(Īj~Co۶h٪BE3rbҢů|J׷o\]W$Ơmn 'r\3&z\F'Ȱ>bj7mvh (YWv<6sjPM٢sX2)`>G^suz ԳsD~jcgTZ0 u.Edtv\sf]CNNm.DYfeOcf/P%5s2&o=e bGN4rD'B~a!i"˞Vq4Ӿc}śCTB]B@,Jj2 Z%TQҠ'sBfgsQDy\y+[?Hs=Z(:[3u-КZ`yUU ^_Ðmuyx̥v&nw';xEɳCc8BZ/7@?]׌hYlT)B+Z)`['\qfعBhp9rQo?ٍ)E73Qn+" %tA?KxwRgVx@ /G_;f 9[\eP%7H/oߕd|j(YX$ie2VmWT(+hwU~ ?"C[wq\`UAeW.볐B?63b`I`?ʁbSX[u"j#=ݖ= J?D<ūp'֟ N&$pyF=}_ S)h9K>#čO]O:F߷%F0 bqr/Ac%7ـE6 `i/5LH5Uca"er8CC'"fQhA'l}988tYmtR.&,h^&b@w_va]2۪\ ?ӵpwq0jfAh -[{m@p&űc!e}3؝[NM,zQV:oGUƳ4 ov^t{j]ïʐ" W૆J\=B G|"$ z!4kJswEm|rr)>A|+kf3~l๒!뚚jUe3h*wf&r(%' hFҡ W axi=/G mGʍ ]?o9:UYـYɣ0y~"кD@MPs.c(3]<oG"¨% sHGr=|V%u?+@Y]&.&>5_(m:7g9T?Qm>I3_+Q$̐:{ c{p'\j?--2\}j 9*ФpgொD8"~ػ6ܰ'[@TwcVt{O)L:l/cƳJ /}+UwB܏1I&80 "|sQzQ2,2#*l_Hgr_76^9.Qɍ$idI,Z jb!\AKPfEU -& 3Gr9ɈoP 3J QqkHl\e 闡ZA}%jKPBqI>X Ƥ_G< @%{[e0b4 0* U< XU6tP;B(Ƒcׇwu@ɰrw[R֏śR>v!!btր)W毃{n4ՖƮ <5?Kt7!XyS 7P5 Gc =w9S;tHlےbk3K?V a悽`9o DjEހ]`u#gzr,e8}&mn |зXk>D? raT&z~XMKT).--62zG邁  0~@&&C̹//I ^OДպ*vſdQM\;R o"7lb{RY{bV<02[C9e:N",W6[eZś>PsN;(_pSq}SSx2|'lՏ|XJd@v=O A?.#gAMD"($?\ՆBaDjSת͖֠3cŅ"59Zí8/!E< SL|ìWfJy+͹z8ITIYwQ|1aDBjɰ1tϥ 4Cn5'ʆW>+M] P4+*_?3zA3dӭ v!m~>!ՙ*C*5tlT9wՕ8z% Ac/R 67mQ p-L{CY^QKa|{f㳵еpu&b+i껁RB F]tpLc)y$ɜ< NL嗔;VU_D$߳ۓ*'GA$#hC&IO蹅8T,%EeZyXg K7fYg8TdGG;mb^ (>毋S\(!۳9]n4v4ͣ+?)&WK(#"P 'a WN>Xd\cbWT'פ0UJϖ؛_n+PA0-)NbAYd 2D', ZH\Pq| !lԥ7~Ec4^`sڷNiOˏ3P5&9)ZAS/3K15A}T*jJVWi]ZP0A`ly-8^v#ReTXL3GG,H,c147'#_mjY+LT(.üNhNz\/,\F}c?ğp<9wf)V=G!|fVRPx k1sдrNQ`T%*,T#y@ё0lV:(n-\}fb5sZͬAd4DOiǠPߝDž$v5>ݢJ6`M3x5 [8)BljYIKi›cE) u.4M9;6mcUsN0׵k8>\ǁK" nvDɦC.=dBф $E23"\b]daZZCMTj daA5SA 3MBWiSe<&] -^ZM.Χ[э%o[9}tdP]D aTM ؛_{]\Ux%iXW,=a֜HrY!Pk2WxdF%9ͫpN_۠EF?xXρmeϊغXiB 7Umm Ǡ""Pnn~U#iku|:x?+TpWH){2&JHߐӢ`Z%PB˱ 6{jY},\栀n_APd*RN3M=Ots[06ŀ!IŸ>|.8Q;m5p0E9D*> J訮PնETy1r)A? ߈![Rʣt-<f9঄vV}. +74'%u.=Ћl3@ i >CJ[V>!5'Z{< !ɵ,J4D^8'4mRO;yYq(f Oc,\, G$[p)cF: F[VXM2Ma;1yT <%'*Ġ܀}Pҵ(,%Ԡ&p:xL:KRdoZ,*$ nsNK8, y E*%M|krXJ1lˈi#r5/ A5' 2T{wqb1U9)by b: T#~&6{TczNYƛutCLkvT9IK9Dw>NeUBT}4裂"7 r!܈fB}Cwg04 hMXA2?2/IN("]x 7s<U%{ЂvF"L)%׉?Ci*EotN18Wg7֨'Ҳ*EZ0(a2~\n^&}'3OA ?57U@r#Nq@ԑBRdXAo\etHlT:ԡ2mJ0O'nmA&Kim|O' ?;V&\ PdrDkW]Lo)4N~9}pk˳ϠqD#3XL5rG]ơO>p~GG9"d26V3MVA neT3 E:jtxrbm7ݦGߺx7n!t⢧ S qj:nR1u#ri,kJʵa;-@q\+&˜d TXM"``olwx݄ӌ$CJ^$&e,5M1805mM)wxH.u ((*C$碝AhŅMʜ~B0ɑ 9"(Fa"QD/7d2t"!^pv4a5f% : l:J%FQϰ?3VB6B2^Vt`մ\"sI .h[ _V׍rI%{]#94#=2Ä6!mA. .`)K*C: @qRB_ BLR^p1YRZkF@B )UYS3gߙd M|j_2ttiqGڨ+4m0[@5/' Oθe@5[OJqX{M~ď@"kI|pHHLm\r21_VdVɃ=Y]+>zv[ʱ}tesAfJǠJU ֣%/P(v|.>Rn 9WvyTS/cGD'/ Wrq # п@Pꂫڂ C| :3vJzSyqj.YԋI|7j{zLS8ϖRshBPp l@U@W|OŘ{pt:g~:{.g)wO^Fm1KU;Zq,*QE|R~p,w;q2 4tGo?jl)y~pPM -/ۦ0(ml 9{vNH7>g%DɷƷGOWblB&%xY~ϫFHj/MpoR a602?uՌ},$NS$&,8p>?0He{45c8b_\\:۴@qN ,.<O;?.btf3wb;ߑO%_[[8;A^~iG@:) PT޷D"5In<|Z%S6F?n\4 #3 ,PvݕR‚&cwMNuRd CM,, YδIH: +>GlꋀKקd0E4z0ׄЈeFܘ:|O !_:/$-k{`$!_bt‚KB R _Y9E'J]e/7ވ)wNgEǍ"_ܽ Bau U.XlDż΍9x+'?c8ςGϲ\O^8$QV"y"u&"!W j\DUDbް{q9(KO"ڒ*ϧƍRP>&HLYUico -^h_=0g8J1Za3*5;504+T-3vھ'пU7>%LhokN2^?ՙTPO. ea1phG@. 8dAD.[nk|P04U7%ÎLu9KM[ןE͜< fI"AOW~I=͸E=s&9,APC=lҶIoKEWV u{n@3(41$iqyuhSjڹv!9eK*"I:J)fE[ji_fp._]\ V!8Bߺ!+QFhælK22AH*KLDA0|! ~̫I#69;R |mj݀M"tV$*0fQZ\h#.^_vUpK" k@{&MlhkK2w(G[X0XxwuKʳ՛ᚨ &%]jlE|.^eW^ 6fXX>D,3oɗU~؞r{}$I2}_ZP gBeq˩I%a yyG6>jW*,nL|RO$wL;4GCKNZg 9{nKIuC KՓa"j"^@ s}?dMbW!HxY^Dc{"9zYNpL4Lڐo!2y U1byMNO&O.I ݊u6ťq\=cc%p0N2dp祑 r4L!*quIX{E5eTrD9 \BP֮nItNkvXZ:b>BSlG42EӃs:+39L4qeaI7xޕ6U۾#Rm]k{k&tB=/#ꨱ̨\g襗\ri%MСGojsߩ6He$եFJ_9E9/:x眀d$zuRXB*a}}rvX?o+:!5UD^EE6P$2Q:!QN},  Y2O[qWyobp* Z/̣C4;fB `@8eob*`sM D jnFΓ>!C!CN $0sEDUM>#P#戔PG=fRPn?:6,ھ&tJ㵴KҚщJйݗ".幟[ߣVJYezl܉jfdzDWE>Ȝaue9Oˉ.su_ю]['VH1u"QIʌ[ij >(NȗYxs">qJK爱=O)i DJ\3m)da@T:AP6.E-NRL6eEpΙɯ岛2)[E%t|BYo|:Ц TL!jNJhΗxBcSzgpU<%h.ۛ"&8XJ:R}*xxO~A@]yvADI}5H-2*>ͤwK~{8CS9-Z|bMEz7xBW.vDg91p~$C~օv{ < 1͘D 4>^h!AKGNV**Nfe#rF{^,\YrSCvqF]jkuV̲v=-ZfcG,/Lٵ#>[Mv8$ccۻR(P#@S'!U'FCYn&Ico^x<(o̽`lH~`l*R BK*L+\m XsIҭ2C 3Oa\8$|K&Vud7C0eG,mf>HV5V5+>,zc?d%|qū<v  rL9~U1b|gQFͩɓa`a&,Fc[7n@e%PHP >O0S;hgSA{zy9NnE"T! R~{ ^hO1+hIj1Prخ ?B'Qb*ᙔ &'Oն 0luG`E'nNBHp? u;o"22!,nK94(>jh&6|g2ZpSZ܃[Hc܉& ڮ [!;}.p4ߠ~up.u?V#skD{2'{|4$FjCNw1DyΕۛ0$|2SZ#l4jV ϩKΓlwdK? ֧Ñ/v[ׁ8~Rw̋)cm[rAbl%JzTTrAgE2/R;4\ٷ'π 9 GJNBtO(/) T}5ЮK8lH@EEd!k`Ma[i8^˭q*N}K=lY]r 8,\ >~;YT2}n Tl'mj~ffyEAwpB!Ndnf<&l}k4yg:ۇDjH޾T41WN2Ex]Ln%//"ћz8AftU(|>m|j%i`WqEw)[1g#&|#7o0=GG_'mP(`}[B_PSEbklӈRJZuD~SnUEh(!c0b711I@n(`MÂ8뽽8Y>ZIZ&Aۇls3S|TD =rb8L/8zqz?*Ddr'Q|ڱ糩J Ȼ[u3 @ch'%m* 6yX|}Jeg,P|ە[ٖ6siyx QE]xV7b ~yI07&= :d L+g ijo' }`?#PѢQqviOk wP L_4dOuݮy0ڝ1Ӽ@4r^bXz|u@kB r֞HȺJrOEe'=&ZT>z1*gj['9.IКRvc4@#hTQTش_YXd a܍i`cFJ2- KeHs|R×kc$ 0?b`P?_O&0}HJƷMGFH|ah{y.]gXvz,UZQ59 )yNWGQE?ebTE?pd ҈$MMa~rZ8ᅨK&7{ U! Feڡ vʊ1t c٦4xnjKg?@a־.`W?#=]v0_ ͎5#BEܒwf+Dr-37;)ԭ[3@xbZ&8/vOփfv0k>8P浜o'*P]8[ $9VSH!g5UV"z?Gp~TA(HC4*~l pJ1o9a*u()ti1&.&RLScF[OhL0,=VpYphʮ Sحg%XU0R{WW*%FT r(^MP1PcYECnl#ivFJNkyQ?(`6xG6.)q! (w#X*:4?&K;4]njTAfeJH-'@thKZV%L ȕZ'LʺbMKS!xI`@6$kCbMĪE썈}+=W%ǀ -2x(PdRAdmy$f1 [^|I(Y9 gPb??+㑬$xiQ-Z-BC%'J@c"ʹkPHtKm'PƾڔT r+VoK+iDrFXZvu渽0˲YP-,y nz[9gNrk|@" 5*rB%YVy^3$IcpXb  GWWGĬ$mv^,C㲵ClW|G]׉6q"UޣD`YуyFyazz)?Ar`d;; o-6uY{^ ] `wuoJ8v?G>#8.koǖLʋ;5gS2WN:$e +C/lYk]9 [98 TMu*[k䇀gğ:_Cw@ͦji6ӝ/7<"d~# UgX+ |!nLy7~{i} sb,I yԳj0 r J,c Ckd+L״UϞVr,k]U%(^L.XԫnA^TqE\؃EB> <(ePk_\n rbvH;P7PHT.uW m a )(N }bpt< A=Yck&"yrJ?i,|*յBLcܡ$ivzGjV4JRd2F2usjb]|2\2%{CWN.yȃ$ Ʀ`{NmUQee&(τ*[@LNJ>3z:" ,]@ Q=9|S:eѱ#svh~P{ta2@cI_?oEv-P?-<8*#ӏ< 3D&5lސMP}"@QӕݳER]c>69pI VPv mW^+VًICklt *#2S?TCIHgzr}/#'DUY&3^4Ƒ}fVAukF*5- gZt'ϢA;;w6+DbWo+2Zjh?gK>\a /d3u[(,._#W_b2p˯U{`t>FJS.σZ~Iqvk1ٍi-gZcfu(l>bamKfYp]Ps .pTV%K] >na(',sd/_踔J'0`L_˘B*moXT|xEj%my{ha?jIiT(|t+h}*? rG mX?|tǵ |Ve `AdAkn Vw쨚hd3aa"EW6$Q{w1&oQgF z&onm4uaꛟly݁"My8}PXȜ ɉ^y $j((s8[&87֕oY$wtdL%(%juU$,b#%<D1wcƅIff:^:l9S%VG!"ő.j 9p C?y&Ұ9i5@*o&zI+hV bg cEp*',-ENH9Xc q ~əw@':|XFCH@i> TtTEy@mn7Ej \ +>gi61yJElRM!*I/ja>bԺ+#A73ޑ+N(8FQ=+OfSgLfҕbZQ_{zPEC_GP9HE13~2F3nBe 4.`n9  @\B˯ MrEry^L۳7e%w)x$tT\9.p~/i@@ d>K) QSI?7+XX +l{wroE»qydYgw6w z(=t+c%{SQ( ДʷU][I(Å+';eg7q1=Ee wy&mREQ ]#GIzr`sHxvͩe0!B_VԨ',3qhV$cUItDkBmwKՊ}9`r T`LХ\'"Zw޼O A~6MXfW\LR:pHÔvΜ_с/r]z!-{,3Ţub.!($p?bE.?6'8}z~ec$YTwDcF[odi>ϥpv% e'f~?&MPF]WVXԙ9rAkQl6|\ (s6Oh 9L#:i\8H?YVvHܸ {~Hw(P YQru@ssm}P2T.?*C/.phKGbLًcF2N[j'x  M"3vBڥ(ɓ:eᬮ(ra4 }q4W@KޘA- Jh~Ӡ~Vª!Sh/uH҉^,9℻yݻ-0 }$FC];{0ƙGU!&1O~C@'q/PH1qblC*} (ՠ#+H8:Hss$մ %m<܂굝'݄J _]L_sɫҝQԘԆ~Fz}"M46@v"H_Ȧ., ^<8J.֍PCszaEVM|H3sh)Ё] 1Evy.w}aP.sn""K@7#+cڹ^bL*h@Yf=>J:(00yybSmiDBhƷ2k oaYӴj(v/0FWwDH1KO0#AA2 q@ gP\SVCR.i3%}sf}92kf%qr(o7a(;n\ >cr,}J*7gcipK ?*ρ*`2d L:`IJϋC[5~%y/K %8F! Zi06{~xk>ٺ\7\c}F ;aOܸ9ʞHZSI)B\^Mv8IQ _dq#y?7jg&;@APbpw"wzz_LI10nK7?ߖdNv=՛3D(W daP28ơ!j_GrIF Et/p审!fͨy~7`k#/$?8 KǢ7\)"i=+WG5l,IkzBhv J}{zEn7X"(ջL mUP ZEO{Dk-n'|…'סA/q=RGꃖç oQhJgGDQ9>B7ԫ 74K ܨ6ʛiGpݶZFs3^y[QyfKw~~.*ޅTFpY"u'e# :q$wPҸrjյ7W Ox*u:xAl pfb۷7z Jvc 3۰S ̪K!9xaaM(I@oLR@p'3_q|wfچoILvwV߲NX)+.DYRr 3,h0o2вgYN ,K``mt"&nP BV:( ?u'*z0aZ߱!=M.iwA-̝@ᓷ}|8 ڂhcE|NǼ+Xn 75x!Ǧb -D$_)}C:5Cb) mźG!uD]ɱ̬n$P<3odwıaM.rUd973({ %tܼ#*wuw6 A[1I.=Yi%f~-VE|>Ԋ-h~'=Xб?au3+1̜2nwGEAlϝ9MA}8^e> |Mw";ѵ i#Hji@z0| ÿWt w/6,ITVP% q$1 Keΰ;sJ!޹.8$1H>u'9iDfZ <ֲ83yrL/D um'_1K*`2K%qB+g2er1"-IE3[qQVw qp_e@^|/w75:BF}25W9*+wڥ=}nrc9%OkR(/ɚD3gl_'<`HPWD P0!iy!`cwTERnMM!ZQ7 1KJِ}ŽKgd#: P+B$%mUry5s(#l r\a/6օ5-Gx,Ji6)@=/\|骏X8޵MJgE!1Odεq.פDd07kh'[;$ ˤ呙 %qfø a|N݉A}Mk)DzV\{1,t)~Rap's%[GJNP;r82WbsIJ6mX(`2Q~A-Ƴݒ|PfNP )=ҹۨwwE6s qsL,̘(~V9q,{W~Obpms= `?OxG{oN՜< 砎x3(bdKew%-cBBk#(Wv_ @劆,UkCjZX n-C6 nq*U:wOptq K4Q0e^4{EY7m-#-lJ` kc./4HA8+ X۷ Ysx pp ܍^9 B;O dzSpnß/̮nUC}ˮ褖%Y'ߝv~0zd96*-d-uich4929: &!@ {iŶŗH'3 Ļ~mJy+Pf׸e$=XxggSѡD4$D>y?+|3I{аf3/($0Fqs)Z4d /RGMFy*-ZRl77MmϔzAr^f Xs+-?Ȃxr wJmֈZ"q/cƢDJa<-aZ>'U,KbIb:o"q Eg"p*K`o- ~:GLۋMY0|P}RzBm8sСPY/OyE$IQ͂6)ˊh|31`xHSAPa k t&'  0dLZOa^!ĹˑOwNdFl&otϮpynȧN\)qbs ( yVRl !yq~myLe2YAX  8bS7:f:ec]2/{n]GP0Ӿy8ხć3xemZ{\nIy\"BK3]%2Ν2!lǥcYN7#13qG""`I^.0 6w9LvBoxI,Xᑀ㟫T=aڵPuN;3RBPxZCݘ*Rtu #A|2 D!ep"HLE7cI)|aiik>"^SBrV&:RZ֩^}g"OJ=Wk16ˠ!waKf A:w4Agi_)jH5;Y~MW$$aJBAWiӭceFd^9@{" g{mf 4W l[=q|z}%:i>0N#rL NDw CH>x[-[At34U9<,脌0ô70G,yA?-~S)9~ވgv@1܉E>.iǽY6 ,W(VMšVAe]?ԗ3 i'䱯)|Q}ᢝ8B9]#lԟ7sh[%P݂ 3PWG[ȩu7_4ƒL#LƦxR`T4)G KJ %s_ wd[YC:9]-Lxr=:i?.ɴHB rtkzc:"X\?N^[S_: . 2w;&4\C=tnfE9VF+,1^zsv"4N@Tq-+ :͈FOʽw;H3j&BxO(̓{>QB!&jKAQO|N(cU-ÅˍǾ9r^hv)EQQ4׻BnaN\4Wge:xHaҘ-4 A2e/!8㫶(2bR苡"3+,YJwt6 !Ӡa!@& L]4- D.ǞAK4˝x-/Nv>\q\".8E:'1(gWu@}'G2J:%T#xYWYQKsUrYɼYCC'N],shffrd5W6F4]e r]}`S8nj8R'9("X[;q7! A)“%rs#q~o_#|(ŞmgWTC.t"j jLЯ#E{ͯtm8@#o3r[o(5Qҭa;'! r]+" {5K3boTDѧЂ #CeJ fwmޭ+$v;,鞢ov<m3NmA .C.c}3v`Rv3a1+$[u|!-6OJl[&EF`$R݊yB$Etz(FB&WvͿzETYF4849I}TN1^ m)sN+ZC4pmis\S֛5ZmU%0@qwIhN\YO;\Pd<{f goEs[ F݌|Un}`QCmƭigduWD] jWQ {S/j֮4la4*鐞CnMaE]oދN V>kn>xӆ+H*( ,Z-Wow=Ӫg.j:UlG2ǞL _wtA[kzD̓cLgt 2SwZfW{_86Ϣپ\^ܻW.#=0QS"yC,E [hj]e#1"ޅ@H?x p1̓xߗzcF©:XXjnקsTK<)?c짴Q Rg6b'* ҜYWkNHMwOz`*q!LgHnjχiR lU'x. iɎ/^5$P|+cd3VBOAv"\K EAQww"VYGׂuEn6)z`0i/4{|L)>Y򵱪օ(W45-Ͱȷ?֗yD0SI,jiW4o y y*3T襂HuB%y#{UZM=EcE^3S">%Yn"-,Y]6J_'$m=#g6yeFѲh3kGk3 | 6 rԴY.k$nIdsƱNfދ/Diʳ30YC/KP!6.fT]!D0O4,}hCMfQD2p.rSǾ;@M2y,ag&zҡwwA&CjNI;gd|降/"Dή 67<tp)oј%+N!h9O~تoЌVPˤ|*C {'z8mI3b*[jeƝ,V\UUiӇ>y6T x`wr&7|In`h-xGx)F*0֦aL~MnR[lH9+V5?:'/`BV4K rkcq^Fhzn9+&<^Rup''(@+6сJڔ>( b[m_ڿ/Df* cuBxȏdeO]| qd[/@B0E{%@wˡ?,&R*!.|aY>J7Sh*DLFmnhDyHlT<);+ 4]@\4e|;bXU:2 }YA)Xil@`Aө[@ t8hi ?}GxRҕEl$^%kʾBޗX K. dOwrb!$|CպO Qw*JӧDŽo'LRG! _LA̪RD>~ABܕx,&f+(:iO>wan)}̪ķp2ub:Jbo i\螈nt5! lKוׇl+ߠJ7E']ZzbzdH9T/Y}B{}s^2Z-ɛ;0H]z'D4>% Td@ h^n*9Y,AN*8wGEdP ~,֌!8KhGFZkPBܖpOU<;~{MVե.k&vB"/zErÍy;R*Lv= 3T[|l(J#]|Ŗ[?;ʥdP.mz,gqLBoVfh kR><<_"9G@x_Ua _k?Wt3 ]a\!↑A;]ip*hi;5)o֥* VnZ}H 5ҭǂL dz ,bsжгPIܖya6@{lO8GR@{Z ;m#=)A~UϿD!!rakuun1z.៳P1,fjΤY9+L^P7D'y!΋9Sj't6g/3dE7G]wާſͻ Bb7$ IU4Gj)T՛×O9u@1Ahӷ2xÁU[T818qo6K*rDEj/M/LyDWSVARUK.uL,h$|z~SJՉFa]~RG QTyI%IQ[Z灍I$dTK+Ͼ`$4DP06[7-m!S6rј5@TЅdV`ftz s%A Cg yNHriI.. >dtXsJNp]eOg@, O`]@` =T3+-Y_VB#kK"pwSemut '#߲ XUXKZr.goyWDA6jbOOD2Cm61*IsgiN[iRq_Zdֱ~[WzΥC ۵(ڽ3^pdMd̒>UEjFU&'@oܴdž[@@IlLWX,=vfV,-*`,iR1r ,H&d /zJUZ&nI !(!Fzc[$z<^z9}wlrakMDvUC/}hyBV\ )=DoG8]8R2lو9>d xdy9-+ 1h!}|s٘iNގiYW4AVVS`^g8dj!>C$HΊ3zQ 4Wٝ&g7ۆ5[ޱ 洸g^*xY/XO0Mto{3|up?/Bkire< SQ" %cg!.ёyk&lIaڃ<:M 3)lb<;YK4n-qPBH(xv_~l&WtC뻹k/ܘBDXaWNkS\Cly;1ޙ>H,| G2r5-zטl8oBs {dQfOK@fFkԻ-#bYOVd,z]c:Cr1ǖNfP_>G%mJCb1BRvtPi/hVejmp X8XmZ,'7H^V(wGJldIRӴ+3E }aHM?۬hݼZFJXC,{*-V59s "A?V|GQDN7uqƪZIZ#jAy/Y(JmJ7}|oNd @ո=ɻujw蓊MXj[G3d%f̯tDɈgVr3f\oy6*PWM F-o!% UX!ѸLQQc3C MBg0I#ĩѩЀZǴYN*&[뤺IA 09u~ie`k">dRky֡ &s~x;.cS,o3)a!, Ԇ&)1圖e$'*L=DkxJ6\<;m+8lJGh.@pѵ׈3TgHIjjN+[G \.9ٳxɅ|V7T7Sd0{ռkm cPZduP޵[= QxM[Y~T5ٜhe=_ܩvJ#4+/Dld!^[6Ed28nes2T@7/w5E.0PM~!>P~!v[htQ^,fEuqH֠ ns$S&/, 9 o/qҷөvɠZji# mfٔ3w T kwP@Nf-#4;G: /wĶ9E:J EENvZ4"= 0I+K`JG:Zv\Zx$w- W4 9´;sgo$;N~6;a65 tip˒(#GHqe|# H_C8~K$H}dX1ԋ91#['/<l,`"o3BRnt0k/[4aCߍUK]`*dT:XKtC/cb-P ~p҄ l4M뎸ZU|Bz-?v/X#Ua;koo-DauZcUh&W_GYk*2Yb~!@va(t5Hp|gZO8F`5 0R>j.iX=Џt5NV v٩t,Tȝ3 &SK6!_vd:HAc*b.aj! ֐SZV.QG};(33@,3TM.ƣsd>F@fguH@mi5H?`IhLc`^)[=g($tj:-$Oɩ.,H$v% }`_⽗q%XVkVrE5&NtV&wZ`h^Cv3Tm#+ ij^x ϐ 9׶h|+ W%U>uKT*Đ*')$^%7 g ƝTAs֞QR]=Cl~2B8[xU|P+1)PDfpVLAyq.?xh ^˾M1 8iMuqhg3OԾSv*fP,m|;%-~a\yGv3 Ek:kJ=EյJIuJJ+閯7so/X\ӎ\>f~җK18b^K[-Hǫl&-H z,;K1{x8gW6mgԺnUnJ!t_\Ib# ##Jަى1'gsj˚F=~j n4!=p Mڴʤ .ˁ 0L>{z׮9^)Kڍ0Tj׬'Л"EԿ؜'07wXV k/^2OYs &?UἈ k cq8OP6e7W䳏P`FYH61> a=Qk̬דlݩMmve"-ԗӹV{TƋ?Pxai+ 9ol@f T MlW6?iRgE~%ҋs4ɦIXj e0 + OqT59+; jlSKؽK}ʁ}"iu8&1<9u/+Sdxo>M PzK} t$.f`# }"?!)}s}֢ʂ$΃, Z^?-]JV[yAdf *aU~;P uj?a)ݾƜm<3<ljK> ݬi.^h£l@|'F=9{ I V?)XI] <ǁ;I!nj$$(5O1l[ }?<~a1p4-AjgXcV*Tmǿi`z!3/HgaIU=sM%)' [4<̕茇bA +rr髑cNȃ1w.$!Zfz~(bZ@N44d mBD.|9aC{lBeEȥxVJq_1PlY9bqPvl9N(*}Ќm:63KzOd*XVsmy|`3z[eE N 2*G~wL~)me_s^ux pb (Y$,gHD>XB[qK; ,yCS^^0wϜǰ Oze?8;fݍv,r͋W/iL uˣȪ\x\I]J/ [Ě!` ! 2ٷbKK]_RL%d?R-cHY+ CLf6<`ym1ě0'֛{/M?_O\Up*KSOG^H}Ȧ9 4VeE ]Sk1$,dnjd>s1"ܼjvddDo{d\IE*w:M(SA(m0?Fl JRezZ/ KgVj61d<*rS6K7]W%!/>zTwH2ӕ&qtuuJPT[|ڙ\`_ImzޑvGpAsazIn!"} GGbOPZ~ߙij =%Q7s´ 3т]Ҩ'hm|Bh7:LaPLAu'}K6yNFtu"!''Un4h:Hl<>绡䋫QitCwGq/'u)gYK;_vJLu㆑Kʋ2Q2&0ܐ.ᤏg @?dQǝ4*Q޵EٴZj@wT/ڐS`TxfS9R"9hZcHEINMǍ֚Y9MEBqy&I2T `JI&aՋid~ACa {bl;e%ЫvPFTŖ;@+\aIR\7hɟQJR2$łˌĞ2z1[5+\zN DW{;PQ韜C)(i6\9 T$oo@CԵ?X[4$E;&ϋcb^] ,l t/ *SZ(W qޥ-XF6UbIbQ~>M} '$#+UjNp0;3%%n~Ӱ(o 5RP#R՞աgsY(4 .l {2!, -tɷT:/;+8:rAz"4GzzʯKxh{knל?zqLwPm,d퓬7 e(͆% $ 0Ols?} 9:i$$q?BV;Z ޻s^kҫ,Hӝ&8mw WU~Dxcm-ӥi& tdesy}Yf}TRĿ$GRݱal?M`,PNK-2nHB"j2_iGg鮟B. zWyǭ{)!^ם#jg glHU>{|-<8a`F#vL:4˃vʹl>oFtȹ, gK\&3jF1N2iW#X76,}ZJ 0]P;#Pg6ьMȯ_Tff0iٺV={H2ڸW}U} tZ8}I XKBXThpv`-# MƌR3[;3b\/yF<[ pwe}!1t:\ONu^)o4'썖Oi fnمv͘$@޷֑ǯ>z 5JJ^V^7+&zVUmӈ(לze40&XVX/9o+ H!?גl2}aEqKjvMf* 1&TɈ&puJېecZ6&.7 {=^(g.1Z "vݧg |)S~A\KDYhȉ.?oۭ'OԵ"Ln+Ys쨅`N ʆ  $`ɢehܳ(BL:6Xp>k]bW e̸QöߺD8Â9׈LySL I!t_͞iew34ɝd]. OWˣ}ܴXzR<;13E)\*Y[|qpB@K X؏,P4b&l,&W${_7i*'?PtC"Wlje6Vs/P(9]bgҼ]5$>Ι43i |EkwHhpmT*v@bY2 8+ - 7P^C$kYXDxx#%~c`gхVb!=ꘃik_V{B̬W]89TN|>j|ĽM81Zh>,Ihtgoꧠ- (*;%6WbgOv)b|כ}+!TC+#I}ITXtB[gktxancIwԁ&P䷩:os'֝krv>Nɜk}(NpXZT_Tͮ#E^@62qO9TF! Aِv{ُ֏7,ᖥvglykcuTѿ9=hO4U>(W=to ï‡*((Z5h5 ʌռTӂHC峘E߲{[T\q7<<>` 'k'&TYMЫs٬ ibn"'`<@U#!;zD^"a Mo"nC1ɅQO+Ue06gnɼ3d} yG/ltqJ^`R~sR06Lռn| `Vs7E؜8Y7;Hxk[K8nމ;0&\E\ht{  9m-w厜 2@r: 'bgL,,onf-W>_#o呭0'yJK,|Bj}{͙ADeTzX).j̗ fG`O śpRwp=icO>Hmyv Jno yL-.u{;͠WX8AqC Հ% ɷ'QIC. W0U6Gҙ r)6!I"it=D%.i`b ?&o m3YS:Fsߥ=~EDl$pd1ǠnbÞx:dAuaJ$iR[1.{O0BSFDMnޚ;s_"2jʔl?mS@ .5T&_{xh>b=./ bg:E/A,'T`P.iX'"p7̟rCV6P)cpo.=Zϗ'%"7 6 ոg.MmF@VQ*S +#:n ]'9Lֆ,?}L2J@ H^֑OzǗ ԴmtCȏW4&hOT?8Nߎa0 gKOdcl!DxK4.4|GQԟ0,h<fC6ȈkaArЅFG8u7x/a޷FSqzaA@䦙vfᆍb9MIBC L9ۨH<:ea ?%i%9 xw_at^zqk,DuEna St[!bRZdz ._GKeް wjes<3umZX&@SޢA!(wp8CtBtK Ԓh|u,.U LF{]1_ÞޤWZ>Eaڇ9P,Ѫv5B!E]+ypE`<bH*Ͷ))$wѬJRw}p /p1Ҧ|(D%93¡+vb]q]Nxo`'ck _yE"*qY}8b78jsJLʧ Q8q-9įQ}q?Xfmʗ7J?fytޓ?_sBN_peVEVN1{'!⛞Pk t|uI׊;4|(! FS9X{3E g֨B"@rh +AKc`G6Uo+4- g;ToT+;YŮ>3#V{Ƶ`X`^Sp&4q467<_(ky0ie ɤ =`DÉZx[ 0S}Y'vMä.eaA+ Wmh$~ʮy!'Zt,Z/7TCy grfPCCc< :P#3 ƒ 0\fh`(NKOg.%G9lbޥw0T&V1lۺ/{DkM zN%({VM3A#ObMJ1 ˨?hw;-_l.C!䰒0u3:chG.Z x1jX'7FcC.JcpcvEQNV2+!`rSvŽqbٙLsZ⺥k}"AIxQʖ@U)*#Ґ/&l^]{YtKCOK67U=gvb] z@cٺڱNY2̎ !JpƄRMd3nE `XG߂1 kS\)i>9 feQ)DdBOKf;QԖR{1e7}X$*rAڸix y պFm~e ݯu}a >߂;gH6Z N۬7̆ Rrm|^m9<:!6x\H݉`aL >ո+i3`Or87C)B+_ 8db a-kj?ڈu*Co~ٕ-i!Պٜ{DZZ%*D׍5[M=Y\?t̮=_XےMJ^>D /*b+Ԣ-9(jcˋ{Y+J˳h'5썌#w]jƘ(?n!ToV)LH qOI+j9tS0ȫ<6b*Y҉G0%n#+f.iYq6@c- k`K ^S+X@Ÿ~a~m*T<{4oV" ZU795Lv >B~ʲSFy$֚+@O>5BH$ 楥O@M.U5`+tb!n듉Z YkszB褷@xPP LxLo~YQ*&_ħvvP=Ψ7m}Skmgm%qPꮩut+G ]EUz߮ Ks)Mɓ}AD&2iV~t#o{WH˶]ʈ)i1oJ @ .e^dsָˮ\r]jYj9\r[+'nUiWڥdA=%|=GHʷ𰷶ܱ|Kԝg:N)&=n/YR~§If. dd˓ah'> !_4~ rPjCvoq;:fO7Ee窸w5)² SY1E:'Z7KR>W9|OdԦwYZlu܈x&{@U:7V¤&❼.$=&Hij .oEcKzW$>w\Y*kcKCAJaazD)#F>oX>^x?$up0"t-͘Zrg:hp^s),̤OYw:g[ؤФ" BoN]SUzCnkm7Z`̿znQD{3j)vsb`TiP"N4nd -E D9 Wd ʀ~4C'%Q4މ[q7MyRk]Dp#vtWN\͡0M꥜aQ^On :N ;\ ;Ɯ6B Cn& dȬȏdf1Us*%ͷcSeU=R!<@Z}{[MGNP ȫdϗJZhC?1ZgӢSDOM ; pJu)/"KQZ(#Bf]Cho\[m)(g>$M-s7T\vb ;oѥv?dw"f #=V ]uɳ~Oo>k®oM֎qz <,l+W ;Ў eU'3pI~'.zs<=7szxsRE6?#_B2^v2k8+؍_AOzx^WP|݄(I V7eg0.ÊHwR|YOϦهY^G{`~<|y?*Ju2 \,2tÊp3{>#5Oʆ H8@P޵ pCa\@EuâE iIXt-fݪ/[*nFUע@+w-Gjv1W.հg8}#n@;'Mޮ&[Bğ2hN$TRLt4oÏw +4 ׫ ƳXJa3HAБ_we'&$+pˊ;XLQG׀A'4 (zww N=q٨,@)9r oM#"yBz,sP u:ֹ_̻y0=F#x #V ~ILLbZx]ƋS8ߡO @)WjSdOa]@O%xѥg%71ޅLuj]'n o:SIաjx7>uYp|B-%.uR_Bo9KGt0V%vVDS;Ҏ2024MŖAНxKe[ VR1_|W:&*tRI.̘23 7LL`Hl򚀐,eϼay;"7RZ<b]}AЖUUػ9z?U5-jLQt$.ӸovJ<ƫ> G-/q` c}?Llw$>V'*&|(`u-~A8)T`m~_;+%Ą@{dS(8ɖMtf aףk$"Vv`}/ }rqCؐ"}'tTty̱H弯[wશfR糖뗂Eh늁tv]U3}޳={jwv 9/!> ?I3=@5&ERA8ay֢C-{o%ڥiXv_o8T7R$́9 $گ) 3JRif^6lM3۴IFzR9]poc\#wr cEZ@U|EٞmOgrx'9oJ{F"t00ٱxE] ڨ[JD;5d03Qv߈Ļ/>%l ͚hWygڄP<)I˸=y[ źE1-//8 36FN_E8@h -ji&D| HRtH /kȠ5P@Us17_({_|Y iE .926OQurZ aes$@U~MA{VSE쵽A!@z+7֮2o"Xhc{lZ7(}%i?ZQru=ňVwLxs_}Q}ϴ=A/FDF"J 4dqu*sIꝫj)OyQa=#ۭE4 *, fgܹ2~ VIm86Ŀ9 X* 7ahϼc>hȂ"% x@Ow6;!μw ok]ȦjL&*¥toL6H!qdY~AaQ{wn;)N3a 7 Qy*5jC=lK|5_-1Kw,PPmV M g*D9khdE)juWEa[ 6:qX O3$eI%#FtbSG3c8~b$^S;. wsW)K ^ dsqe2|/ºFs>6_M|$+$%7ضfEX>L moP֐B'[GWk%GUs< {*OIJZn]glSQ-d%[&:/ ׯX7A.SXf.W.]@g _AX4xD?WS͟V=g="%nĢz"53|\" bI[*(QD3mTk6Q?ޑʙt*k\AqF[BˋkRb`ncx΁)?[{%_ny&قăv_ $aX%Qs]F /-i&DB1NcKusİ>syQGNuw8LdƘ-fNAD3idݡ-*\drݷ־<AvvM]dĂ`BQӇ?.V|XꍎU^=Ud2>b Kȩ7墎6CZ &Mv|1 E_7wƬsAqM&KfD"XdأR3rgy' _"̂'dDc^'dm0pcC+1-4d? Lml0@-Zxrl< CmU|9<4l˫Gm! A#%`Z/ ?n<_ZR刪HjV=D8!p[G,"$a~K]Ub9!L15' {!y1'̪ZDА{w`0("`bS8#*v8k%80\8#fa۱EkyBCU&#72c|T[5wR޾tK I~E9yN6'ϮYʿ9F`AC#%F\ Fݞ0I (msT:']+f/:,YɗWj*?z.@3f̅[V#W$z