sssd-dbus-1.15.2-50.el7$>2謊!kAOL`Fi>>?d   : &:W]dl         .  8 `   $66 !6( |8 9:m>?@G H I@ XPYX\t ] ^P bMdeflt4 u\ vw x y.Csssd-dbus1.15.250.el7The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.Yc1bm.rdu2.centos.org CentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64 if [ $1 -eq 1 ] ; then # Initial installation systemctl preset sssd-ifp.service >/dev/null 2>&1 || : fi if [ $1 -eq 0 ] ; then # Package removal, not upgrade systemctl --no-reload disable sssd-ifp.service > /dev/null 2>&1 || : systemctl stop sssd-ifp.service > /dev/null 2>&1 || : fi systemctl daemon-reload >/dev/null 2>&1 || : if [ $1 -ge 1 ] ; then # Package upgrade, not uninstall systemctl try-restart sssd-ifp.service >/dev/null 2>&1 || : fi&K5 큤A큤YYYYYXqYYYY4601b3592d313effe1a70c44167775b06693dc9b72e7bebc718b6c9e8b094b8fc0c5275ab2d9448f19885ecc6dd6f7d3652ded2a89a16bacd8d9645efbe8cff772a9b48e0b38bfa9684997635c34ec49327b8a45098293bf28bf5537b7cf23a2ff7df7df7aa3e6ee8d8341c0516b09a22a60410d4266f1547242fbf604068f028ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90351600b762d694e71242b33de55c79e3eadf5973dc21ef38076a60871629d9480db6d684d3acf05a8f3c54d113834827196a3a9864b3963fe45368aaf84c05fe7717e02cf11872a753e1d13a163143fbcc80a3367e3fde5e0a671db8c3a078218dba9d8709d50b81efeefb9b493f192eda40172c11b0b229de469711c5401ef15rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsssd-1.15.2-50.el7.src.rpmsssd-dbussssd-dbus(x86-64) @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   @ /bin/sh/bin/sh/bin/shlibbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.2()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.1()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libselinux.so.1()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_certmap.so.0()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.15.2-50.el75.2-14.11.3YJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh/bin/sh/bin/sh cadeuk1.15.2-50.el71.15.2-50.el7 org.freedesktop.sssd.infopipe.confsssd-ifp.servicesssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.15.2COPYINGsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gzsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib/systemd/system//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/licenses//usr/share/licenses/sssd-dbus-1.15.2//usr/share/man/ca/man5//usr/share/man/de/man5//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0ab497306ef73a79f3be0536295dbe6d3b32fc93, strippeddirectorytroff or preprocessor input, UTF-8 Unicode text (gzip compressed data, from Unix, max compression)troff or preprocessor input, UTF-8 Unicode text, with very long lines (gzip compressed data, from Unix, max compression)troff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression).R RR)R+R-RRRRRR/R'RRRR RRRRRRRRR,R R$R"R%R&R.R R(R#R*R!R RRRRRRR RR3? 7zXZ !PH6t]"k%j{}{&-򝍧N4ߠ6ޗK O)7ԓ]sX9>_G3ǒ!9^h->IthFom˅dף(|o6 #>2uwޡH7ڪ +ю wRCى%7]s@B x: C"J[wpu2f Snm|1ŧ"JÙXdA4W@>ݤ+,E: 6"WST (9"sdzV<+uܖ/Bi0j#R݇A8MwqĽH"HkgYtcS%!;Ցlk%#}e!Op^cgvըI]#r[MO\%%:h{1> mnj 2Hj*ocW[(\Qk|%-tfbz {;>nC~֊8Ť(H}92VTj[/cЁ˰CqT5~;T\F{2"xgpR?nc5lk.Lk ijϛ4O>]GGզeQymhQu2`@\Vd U$y*~]N"GUe-ZC8Iߥ;/&)r NO yDM~Hϙz7kIv7s#ުB{' "W0&364bI4V_fg,] |==4 " )8c qQAZ zA"b6 dw`B2x/]C£O˚('u;lnAbm\N``jٹ4[;^n9܋CqAyvjOJ"y=us4T!!1铕B|>#ʽ71*O˰~/!Mָ +$s#fC HN7(NT8}[YqQ[ 3yΟ{",ch!c=б E6 ̋<'|{GK>4g`iL)ÅFo3t0MNSŵq~,0u\d:g;wn1:;Ի5Lzl,[ XJkF(;d"@k1By;z,G(xvs^Fmȭ_e! rKe] qh'ps. ~]W:NDdoSMDQ{ t>s <)U'X8Z!K3:s,a [`XByr:j ͫ8<ƣ7V=d,&b]" Dv~(׏>󘿩B-ۧ 4˵TS bɓ7sȉ^h90 !Cim%w'q{Fw8P8Jd}${ޮNzPVV7ɩAx ܪTK̜Y5|huQ( > BuOGxIαjZ/RgIҼyGI5#BJoG>wm["H:'Zd$j cmz`45V_Ɉ*~^'!vnty m'GͯnwTyہe8!(َ'4"1hl} ^#K A*4 R&x1qUDȿ>N+X \M4CFZWη~m/䳌.tZ;!2=ʝ|sJVL}t5!R}$ S}AYH=ೈSXxјW&ֳ fI̍V{=s3jE?ԧ6 @"P IQɬt֒5CC-[ TrCU P" v=Þ9:Y˾7jYl'LA`A{ k#Lh4*;5z/}JbqVfqفfqx #D"wV*%6_LTş)+p1ㄜhf;ٹ+k4Q= y!z>?LjK6Mgl g`ڎ_0ο$Gˣu[Lo/>:džBoِ8v)R[b.-,vOʰ)+!/ ]lO21;*2G;V= J.kM։{ Xd)t^Nnɪ`H .eߪ=PῑڂnʦaۃUki>PO40a.ZbQ$pfAKԲF6q0T33';j] R(1)#U o3Lf7q5IŤq7Ű]5=Χ*]V߇1Z@s"F`$:pyc8}Gɖbu9KrŠSqi]OV5})#d| Wm|DćݖhB9 ^ J'"pSkT6n}$~o]{ğѸYz+kd$E|*t{vOM g]5e |,X#1[25wYq{@K+nCQĜ@E-0e b򛃉Ju@OUxATlyaN7:]FBD/;QR.U*tѣl0fZx6=N6(W#IVnܮzN$ Wd x*B 5zqEZhI @sfDiCJ6SQZlz|~y I7nh;lrK0Vw`2osN:˩;u-"Am+]MXVH}aTEURe"mC: YJrkþŐk@=j@Λ"d>z)ubݜ=, ,֭b)L 9\܏BI]vvOOUԲ'Zcܫ1c!G.$Z7ƒbžA;QC?Փ2Z P &P2(0g2|vd6lMzgV ~c^(o/`r&z]-wqԋ7C =d>Υtmªgn*up&Y}Ռn <ȽZi+4aTLr;Ե,: 2!1WBcx$db5663;PMgk ~V|L(}\ 㠵^dkIg65Xc쑋дBr"O@JWS0 \8u-"5V 1+n3(NݬDäl BDyO!_?./JB a.1[@\Wv]$, Lpݑ@V(:"J%w+`EH ^4t0"*.2`(ܧ*bIY"? 95 NUk vҀQ{G~1d%VCov˽^+q߼4#tfƌ;a^Cު\+f|E a{NOE/dؔO#/#` ə J(ܽ&wFIKA9:`YݟQo[ [ƺzQ xPfT>|{QdKK UJӭ\O5wNݠC(R/w7_羫1]+SJJxϱ%Om ,?2D"`rUo 6\[oϑ8x]9n7|V*mҌўt}[N!:1g)S\ :gZ0VѼzT TҨ 㥑ћ- h c㭟/v(}AƏxrU ~G{ cAX Sѿ'M߰C;f 0xXʇ˱^dTt(~;-TASZc@un\_UJ+\u^}elrlcuT1@)s[/MywHPܼU;sUzM3w>?mҁ"vz! ;na_@.>M:Yù$&)C 8fʫ0I_BJEA}Q,i-;m8Fb-O5U.]+X>iQ[6e#g&y?zdBNN4iHٱ,O&~4 ߿znZ˪g36WoS*gbCab{CMzX|IYtӧPL#;=k!׳fFO*u4Am%a9 a%;/˽Lk pwR=<揢tl;*XNY<#p$۠kƅ:mZAΊB@okZOB@$4*I( ds&v W_L udGe L.%y$8i5Hbx.?K_퇥Θ|aƲDOBrs}jo $:8 KͧhRǝꕨ~5pQ:'IHwUɌ(C9|ywA[ z٠*n>0UDZ,F $m__DTB -8+\ՓWp˫N;,睎|iT><{]9 iNm3(iL3cߞ JdIEn.e5kJp[aX1eT{p.mEhqUϴJy u%픞QW}H [C Fʠ'AoZ Ð.ҜE $/GpL~w]d)U#數v\t9Ĭ.)G(FWQ#q6cnZU(&4n{S ;Fع7tt 0b\NikUOcb/+u Gz; U/E\Q tB뭉MڄL5}Ye蟵 o'ݗ2buN!:#erH8k3LX K#[Azpn괄P\,!o A&3`O7eAqP|5(6JІ@YIP ky Hjv%?h_q ø}3JeMFwN > V,֘n8.u:Nycx$on*~Ϻ6;z+2n9>ՀHCW:M`pҬѣ* ro}]:E KMN6_( R)APΜlIuAufM jf@kX].<'o _.E5-<]0)0WNE".in$O-ʋ}J)Av>EYFy/YxUM6# 3)㧋VcPWwᴉ7;Jۦ "k:I |jC^4y^9< lz*uis,cp ]߬; W3 LRs0=4R^law٢qE8KώQJ)5 Do3G0dJ?6ـîioVfqn6,CW4Ԉ0NI'ϘDM ΣtbuX,b8Aʔa(eHXna_KK {6"n,>ܕfOE8ǰ[^nݝ.-Qko`lMϐeQ&lAA:z^6#UtN{UaO|y_ҹ'?஫ƫJfX۞=]BjĀ|*ָwP Fr$< ϟށG|3r h@X溒7!~xk)0?Z{:*+?d:W,(m^n9]~W G!OWb "z> tLADtW/͠ktr4Z&R<,Y|:gccðvoɒT&}XbUGKDucjڮ2$3v@3({8=hj_p+ny6eY⪐Z=h$秜758ǢzV/W>#Xn-̤`[bꔊ34N%_Zo ~t!NHS) $ @9 :wzJ-ȏix k <4 , FЉKtXѓ]~c*T=ؿ3Y$ڹhz=Qi&fa->vA{Z'ҟaF )m_(Ȁ%"S~Gl@Ye@bSF+׌5x]fWl>}O4ǧp 9!ؒg+wYsRKhX8ZAefJS4C-8sI>b4_Q\!˰}*ً۰F~77ԯ2<uߒ,#=i wBuđ !}EFT޾9 gF[(fEIAW)t|ǏNQ12yf׃G%d;Vj^a)}v }oO ڦ]gs~me?eqZSnv DJ?}:?r\ku` `|q$Nm&m#4 HN MvBs'LZAi:Y‹+uwSɥ&6j`Kzʞ^D=[p]+럸W."::wQ_x熞q{0aTEK-c1IQJhCSgN|:Kc5tZ&d])Tf5/;l 7{9MEw .3/m`%} ff}V݌|y/{с-ڴeȖZ`k;S]@ͨ6!5 8=,oe׬iD"_%{X*i#+)DܤB 풗FXň$'sn/Z} F晠=pwI4]^+/~i\ gp{}Sn4fYŴ -92s4e:$d,w+1!ң.RmrF>?I / g3øù_t1acBXn)g7ÅZ0vR0F,B!XTa@ t{$zW[<֜L-]cTJD4r.9ӖTc[W-dtKRx|KWU?M5\ NSe)iǔln|Ld̍g/>Vk*ҝ98 fM3a9sgNǠ\vF,TwᩖD6"\0.s)n] Csgm==@bQSȟ~7@Jn˒GPq-u{;vVԐk DX- zaLtkH8 ^^lӌ㌋*"a K  E`wœ. m 54.9Z,!.oF˷RTYCE;g?:țndYIi]&}h=\JrF#U ˿Z̐4̊quܯXDE.9P~krȅ4JP$@݊FUo'#Oh|ɛF*mz_||h"c%4k:]BrDpV!%\!%~#h1Xi┽tQouj<4VݥrZU0Lc dS&P'*^Eю,,I * 1 y0ؐtᆋY:b}+rWlg"rS/ca=kq=͋ȯ?{o-3_T ]o|(ڤ P Sb|txb8~) Tv8ް/˫-Ƣ+ z N R8\oh I27T3呰< tWDiaZC*Ĉ"qp/ Pmn*eZR^˟P=RGO/JeUd~R5l c)8 iQW2NZIsWܱ7!ݫ#+ [l7oe)  @FSO7e0 $2FU!po5Aq*ǤB)Dr#ijˊ/Eօڟƪ]yr*82숆('Qe銓g|o5G NөݰHϦH8ߟ8;!]WX`/3\,Bi/~չ錓 q>Z'I@j6))bE)7\B"u :mNhvRo~+0Z[OkP/1 "ɳC*0Rʫ楓-䲕\ÇC.wS]kiէώͧq"iι.Q#1@RE)@_*9F%Uf-s}k&>smCpI2 3C!?qV녉M.s0+>bɢҚbcXT'k'>Rq86/h+>1 Xo8Idy{]j3,?W*6cn`-"AwoT]_&i =| &'s"_x#bN2uRڀ*b"yLk\ȥ0,p ;l9uJ})25c_ruxs:COtY[A@fTD]i0vgobޒ6V3סY%g0nOYx!2(,w'$_} ?[81+L-U_'J>47"32y P4T6ql{mZLW_'4:}5b4ؕ|8mbOw:,'vh'LL|*?2GWywIue=WGO])Rf]hD ʙ:KK QwyBgNַQO26J7֤^c}̄<v/xDwa:#ޅdd۹_C_N… ~pe㛽 [/%@1аD6,l_Fk4^EkaVI,~!Jc#O^Nh+zILҁ_4P&q'[kw}~4,߾ƚPiF#Srm~B<:EN# Uϝg2O-X5qqANa!`vJ7G;<`Zbb<ls-7洒D?:mHmf_P䇸 0.݀4$%m uuݳūx|QHѧLv"ՃH}j|P:Xr>Y&0S1C%%Q2 ;_)< FM񐗖Qd+&JaF0zE Hj)_'6ߩ/]+dnӞVM8x!F-:C feX:4"{ WVB#9ۻ;".lK"KPFaH1*mpKЋ;,zXjDzʳt:(4D*޴+Lq08Ew&*̈|Sni}rBm /(E\:9;_ek ]? )F8Д.,I[78ÚJ-i…G&{oK=S/pH txg2770)mHI4X$OO3{u s3Ԫ6~KYUc N)|wUt', ]Ĵ6&bĕ,77al\t3EK1@5{%J1{>DSCw K  "Yh5IDL$ݕ^t1.G馞]kѦ(Z?$#7w{8y$BYM/H7Q)(ia{zT˛Jv5 Kţw\h< {'vC0aI(U ?t˻\l0/ uwNQM~8Osߏ6 P2 Wc"Pb(hpge?C{<@n-~MO4נNYICtܚUĞe$dO3Q(CAc,Vp\ RE^I}f4 Be{zY3!w>j~c:[:3 ڂFjPQY)<< $]Vaj44dMxy>-t!` IBD,a-F^=c%#]bhDETGA7y-S*%2 *#u)=}ʺ6r<"YSAH{) +6 ѣ6cn L9+2 ig+xFgDU9ihe/ fhOueuD'*&U(b{G2K=`ߕ㳣jɹ%5&ܿk_ېj}fhYu"nzjPEi+!Ì{DzVs2U#Ѭ˜[Msn;w_PxfSk׃t1D\>cjC* {5_!r 㻳Q[yɶ4!+1]f-mj[.to!^nýLXe+zȁsO ʚy6aah&rY c{[YzZ& VaUuOxД?:! Ŗyg=.aK{"BN:I0"4~9:,0zTܞ1bA3L-v27.FڒA7PK65mt(ɯҝN]n'l &U HghŎpU2;9"Cd4\Ixg+NOw4þ0|o4\頫mz@d;pw8-j#ЬaWʥE扉նW~Ӹ5>8^OڑVҖ˵|2k$ )Ӈ>v, U+!RC69I3_|٩Ǐ7I*0RK9W`l#*I?ÅnI}O3=Ovc| !p IEObHGdK\c*dVR5flN!]AE!9Ds&suQ!ai6ttr]{:Α3t9p4/4˃$sB&Yp҄+C=`[ Wp2 jccT^ Dg5Nr%vǼiӑui> ؁ܾbR}>~@Z )%0k@DɆ8E@`/cǦnSe[^Yf%ӭww1 -}Fu C%^2քN!-F_'gՒBll2C0)ԣl]s0FdϬaT(ur'%t; IPlv/{h‡ͨwc"d >ff[s)C%@3\js%. Up↔D)F'N I3o\.6x(kگ@zr-6=G1W&c?o&pIZtY+oyL"+n\WV#ȵsȩ"h+?nrO/#.+{ WB<& )~{^Hy*+ 83jF<+W"ŽK~h_ ޣ41.fCdY5NH%CS,f&&~TۆH4=tuzF-p3EfdpAT%۽ %y̏^r,]O|yK?@-MڭVXn EZ'+ s,?NWi;nyA 0(a _3s1]O'ݽWsL*yvk߁iE7>0y[Ǒ/=Bm.br\W "Nl$ F7Nٵ*`,%shFaģ9_[]*+kWS{Iڰ[yƅr^(ILtK 2p?JAS+@~Kh 1WXJxu8HPPSvw¨0K S:.z[b+;`09DN7f53^;uEzc]Oj}wtܢIWg붉J>9#>axqb,S6|)b^$s!%Xck0 ƨ^(v>LcLg0n7~4R867o q$c7tDŽҚ"zHo*y?KM4+iC2ap׾[[N.#Gd~Fnj5!miZvzމs9eAG;\&3eUɔX(xYs49E":: [֛AWhZD4e=|Z^36F&I3J/O+|yXr[kC Qm$~1%O72jq׊>FQ2tLD,aޟ$/;pl{u"c#וFY ؜Mwb^0b`لZlO*& ͘l䵇F6هiI񝎨nHm j돃pT9ĻPS#e飑3N3;dv͖1 z8`,gXp@{H=t)l檂ϫ탂b`yK7 $-,3_} Fu;KZD94-ZaX5*4j NڗyK˚93U: 4~NQӔhf>>.IG#Y a.{m[N㬵1O|sDJڴqM١F儥>۩댊3ǭy%ryS/@G(}`1n 7yy5D(:iJ^L\}Fs I[w ?URgsyHRx_V {ozJ3ᖁNScH)kFns_7`!+Q0( Z}oKđp0Jթ5M%]WإxQT.TI΄`j0%2_LSw`: VUmek@CG'R.Y)fi) {S4lZ߃|Wi}p=3YU;0Вsk n[(Tdx!&ЏY4K]~ ˜@o]1ATö=9Ҁ^VLn*ZiaopZ/,t3qs;ΥЮG:Tp='wmRs `2R˷[nhr^Er*‡jjJp!~xir)*hkE6Eei3#Ds1_1R>⋪9lO24sf"Juvfn8ófqlZɖe.vI:0z<!5t.u2NATA^KA0N2sdzu:92;ɻW7 ?@VAm p&8 cW;XM61լ 4IW)}>[fHuv=qs޷ǎCm쩚k@10 ?&*AnE@S|9aދjzXPvKTq쵯_ C8<*N"P`Kx;XȎu ^pљR]q޼/ 5:ʂg ak';a*%PTy%0Km6~!|j_iL* ?D/@='KN" 3xE >i13`IgOH=7hr7![PT.).<KzŶd&p8JROowBƦռb<6b?I3Pd#f!d+4} ;}wQoN&dжrTLC9?9*f](#I^7 M5c3-F0ag[ %o-gKx0:q[r62`7x$Hf*ʋm_~!bJu:o%~CC+(>DL%aխDjz_ą,BSf=X@= U s[~QWl02KwS` ߔ+'b Lj] ]DOL8v,7 h4I?u-O,49}5KjŸI0Pvc9鬋u1/LsD4{Ao*aSt,w\e7̧) Z\?}Q {1eF'~+)(rDo)*<|:Vz;m-$ X;kQwΉ{\3%WfJf|ƚ-t56˩șQ!㮹i-#.35>?YwOݼ8 Xv}!ZqA<P$VpB|YEs=|n&%.&QۚRS }gĻhӗ "UZ ̫~">peF:K"LSIaf;Mq2ˆrNrKQEȊ'F9-^5uQn6 ]4"VTDfos|R^BjXDTw҂,Ƒ1,yjUv{32N,amlެT:527x{'GMA3zN$D!4̆uKA.%st36w4g31m`.GoFk8W {;BcuNFTѝn}|HYVYp,0([{||X\Xaz 0h`KP#W&?pwH8 /2E_3H#;]> P}Nfۭ7*=( ll]pSϠeѽݛA=AIR|ݬ8)SS1u "✑b5w':‰!*wr۵ᙾWZw LN Yn!=%vDkeokh%>wq^#R& I = Ȩ3ބ47F"md`*Qd>?xڗ,6Ll8zg~&vyWJWC7sI1'pt6RN+ V&ȇ2C1A@ pLLA߶zy"ɠ ,m7VRng3VpHom>5!IE"V=(xD_L].KL-$͠=nvv1mjٵ!NFf9*<ѬsV|xWӠ$([}0I[8ZNc>Z$PILbBU֡@hj"7;U]>QdZd!R G2lAIUH$F;[3 4Bxu^ ?WNn«g7 (pś(ͼ%uu#EO`+d).\%zI4$b[}zϱ3? fI+ J'\Bp+]üH2G.Ly_rv0ʾV5S^/}ic `Vw"۾izF ATxZ'{xO-.u#|4֎,^݅h.b p3)VL(x:~U(u P]AUeˁQlA$DB(4Ӊ<7!WVwx"ßHLg6n*s78sv5M#l˶f[i#l>D&J~eptU)9vئJ͉B(&{(yT-eSjܞZ^DQƽՑA  UF? HT>Rh,|2uc/V6 VVgӁ'ӗx.Y}r6^C ^ ԙ bq?iopPEI_]cDCq]7\__x:"J %[ףC u-=F^ϮAZ3H'2:2ȢR#xasl{F~>4uwrݦ;Wmč֍j7獨y=I~RjKuu)V{ֈK u!n oݱGS^3~:s'ND:%5'P;ow<>(~p5ՉFvR CL\9xb#~,i#I1sFZwOSbԲOCH=DO)-rgDesI #׉4Ý[1Ԃ Y4;?~TBJ[WPERQ~L;-Dm@u,~dSS샭B’腽p.LnYp.ଓ0JaXfSdC *ӄ\8ˌ"3V?b>:d-'afһ/!\CvSjFLTTU\'D Fa2axMUy:<MxSb T@dX}Nsx (ÊȪT B?ȿ^Nȋ]bŎT" ^/p9|uuWNNh"@")~h;.XMU?2eYk)uDXeITYx\啁VNE[kN(Dz!w/@V_^,7]vo|Tl$|hڍC9ރvFX " /z?j-zVdJ>4I_[\Rrᒭ/_*_cW?O1Jߠd/G oχ.\Xeg:,qƽ-iZ8|%,ç|xz%Ȉ3Ð-%50 p^ÇO=Oc0pw`qV2g'oFv^D09F.xc] 55XGbuV*~[~M&Xgpeme }ްNy_]<'j/%d%JAy{w@I柭wi6D~42?0LФ#ҷ$Kf,?Pl$ hae,[[Y[PA Lh)[//?k 0rnn\}D1 Zi㶗ts9s+dq dpFJ4|f+c&Z|քXi?ҳU"@ X jb?#L `ˏ Ù!j ޡw6Ģ5EέZbb;"5}od :~L!cC^QpW:I<* 2=\+7SbG~XzZ%v9Ld1dE+B uS!Ia)6bh83ljq(0 +Z|<1+2^wnQ2Է;z>Ona+?ZV}&Rʠ҉s^Ib/Actcoj6!T.9TR'Л_ẸS?;SZaB*fѼe.   BE~ڐ\g>xpP9,oRb{mhJiq'}Aɛ }(@gtXVhU>TY,1=TôGQs_O0Wb]K |B+ pn'1 E{.--3bյ1PtgNn,O O{TQSfpc\QxˤDx[=פ#Ɍu Lbtشo姭| r i;ȵwlp+ %29*81i S.J=Q ?p\jG&LțbAS Mem;{J_Byo"+a}V>'vyn"hSmW$T|YS+Spaye/}KJ,.O6kqQY\b{t I@:jɦ`.oVAM3_K;y]mG10<3ay\3!WVsG(,d1YtŅ֖ܛ_NMQlҠEvPgl%`ڰ 9ڧ]c[uD S?"i?"K _X?ԟba _JΥC5:3j&";²kqhqA^E[F67⦎xh::C,Tiyɰy)W]R,LE53='%=n{i_\OW /*Ҽ'r7>˕딊Y9S@FTQL=OyۃT UhRm-ǛsOvJ]/LJs|IvMG c}0[R)N}h-}X8iHD92a~!Ԇ lw:Xݝ(/$7 ƨU$¾xỲɾ,]9T$Rֻ,iSY8)bkwڠ.5k1},y托dG"ZhN7@#e-݄r,0Ny0sۼi3h Zpi^ 2%lI} dG{Ġs,]5K4w8ȃ: ~ 1'_Tc nxdoH(o mS݄NǴgX뤮''1AfZv&=BUKʪњ\s'YxTy|[0;t|['/GvfC5X+2ۤ!+י52B>qN.Ы?./[_TœzDB!tHYy҆pf!+Q"o(E+G (Eg9ԕJW*1aV'P nIKlm,,[Dh|ä6}n60%5qƏ:# ɻ$,jIćZD+"tOa?tJ4/=F{Z)OG)Qu.4Ke![L]CHv'_Ϩ$ q%\6໽1Z/ >Jw5s946 .֤4ao,{b]qJHXQL+5Οn4aOTrR N# U)j]֔X;'}ՂS}yjC.D0+=T$MPMt[f_1 CG?9W%6CU$%3m/|iKLEvz~:mԋ$u[upTipIWGro4HJ6 {FhwU4XJ!U/ 8yB4'V^/Zf=<(W' EM! BFؒ\{HaTxͧQ}lX)'>kz]b%mn lҠ5a_i|U/HFQ+MuwpcujbhjyvY .a<ؕɲ9GրʚXUc3nn]K$CpBJ$H0!6;00"ظYSC6 Y[3:LXઇ)gΪ|囁M4ʵ$'k#byy+MfcpQ ?=nD\҅R~g!:m3<"xúHĺUi/"ZX0S/, xcQ=U<#FT7j b>T7j#魲 hX ei9[:BYdj jE9;1{_˱, z*K40l@]Ib U2g^>ϟQәeH@jǁ#>KwcXy-%o)`>km/9r O-"lQhu >Ν-u&G6SQSN&]Nc=E8Z|B57ZZ)u;'FL 8fHh1*DZM'aޞ/'3~p8l#)]k:j֐Mxp~\jπ܃_&{!Ka(e9ۧH]6Q+*`pׯrT*"هg|K\ ZMY՟k昍6&DEdv~X&)YXPYSs~XIgX& "_Ff 5߽C qa[Û|^ӈ>)P[%FX 0 ;MN9F XbF W7јj:,G.fKdN]-'/{*ޅ|%@=T1 n3*K;lD8*؍ G}&m MW] ,.AR7HtI$!u^00&}=A$jJ㮪w1a j5e$*rqK˿[ ī+E bds0XK$=Q>i \~{`I̥?Ƴ#S6͍3nO䵰X`M>Ui&i & B8 $%v!NT<\Ǿ51P[p]Q.-3g_ek@?C7xu?PLKBYh(c WJq`2GӶG$qĪ7;fX yLe%\HV' ^lOqWZ8*5όyj@' > HFX4{ewWc crqzAqC(lUqŋ+$uDTE]]!{kd$?72oNftppSKvrM48/ !Rab`a7 b##Od^^K'^iJ'bt&<GT3ۆX#ns>7Q蜒9Ŏs> =k"Luu?+BS!8zkfՊJ]ٳ+WepL Z p|JUaX~Z~Js-,Ow &STYf摖`71SRO$պK97kYT OË&Zjj ip&,pOPD96-FQD:aӦa7M ._b[(kѮKYbtMHғ?e7W 5٨e2I4ʷF؁, (Wݙ_ Yn-<әMx:܌'ϡz Ji^:aIN/cVFJ2ckh^wnZd/v5q/#8SK9xwPMEz0ǵuFS{PIO/{GLZ6y YIn&UE^WNjXƆ믡m tkN%\z0;9 PrbOT_yԡ6Cy$+QdxtjugJ^Zs`Mr4NB+©>=y֖5/#`D@_5O㋴K~wB>˔-5t_e7?K :?؁ |+[UYuxN8 ]=\~:9>ɹ{ΐ#/zop$qZewD2۱ab=j*_!v'̓69'[B4=~b$w{QP}CΛh²*z[ XtF{Ή1<鐟hi1!`t8F8„Jl𡦚Ɠ\T.[AmշrP-<630-Sp01t_TH'L7s>^H$X Gs Chwa3osOC;P$euCb-װbQ@$g$D?3aLg^p᫓[D$.G5F?ɷZڭmj5 ,c2 *N'4 )\m7;!M|Ztzm OC䤣4 fq1*P|M5I<7V!pȡqh]_{7bJ|e=7Y3t Z/n]d%Ɖ:_!ڐc_2"y$ k1}ocֻtq6pвw>meRO颎S&3J5{8m4f"WfAJn~d׋s{?k{ȯΎ1pz ci e~.<r31⩨f[%A#햬2;ZEne2BI-*Ehc݄]ˌj0:2L=jV8ǰYoCqi5?i omc"$PAޡ3p"]o\۞Ge6tnQ&dU"r ށ+&B ?C?ͦU ǧ;oFJr۾mvi{Jœt'*h>ҭx3dkNu[.6[\=rK;m9Ʊ,ì:[A?iq#BAD N\2AKˠI|wKpb0K7ȶ4Ģa1I S,ܘpq)EDL76aE9*ӧ(|'OV݊`[&lH -U DZqegMggڅ$n; jCk`@eF)y6[.Ӎku&7%~ OhBw #' |)A8^O73L][^5"3skާ.u-A* ү i`;*i#C \)<jf!xZ }_ k2[.T/wWcjxʌ!YI/FuaoP4'H:mO[xwҽsL;]l_=?%ɞvX*_#ic>`by*+uTUgJ:ѻ^TdBWǘ@6'=Q0̍yaOOX8=ZZT(^úgd]kVPxo+.5yAz#J4kucLU}ajrU=蹨٣:s`Tk;JmapsbYw YZrSNv=Vb^ }Ӫ3[H<u|g⭲Z49 H92do BAmm%bEebq{o2^߉{_> ݗ+ch3`Hn8C%| K?JrQ B"o~U3 ԫ ;gas/`T&C^ 塱|EA=+cQToR/9'8ȗoIbrq⍎S}2l6G̮L&'lJ&a%cZR?A1*|m2;&8~߱sUfsDx$z0]6yE2#ej,',Z`4~ДḱŹcpH!%r G{ƕ,]WzGId|u@|/QbWSsMGS<"2H]as]їpwxⳅ谀B&3]ۻTW 1n\e HHx`>Uc%ݴ=u:ݞBdUf%lB"i3n B9hʓnW*ukI'ˬI\sUP`"RW]zB L:½ΜīrPݰ7 j2@֊bEoHY$GU\C!ڮWUN2mhikhݠTZ\<ھ79$W9Ĭ_~|ˏ*fy*KqKHSBi7,9V/ǹz 5i}e>xW>i)(1Q1cki׿I"߂Ш*tK_Gs,[gDS;tLx\}aS BR;fwY8 s!ںDY\X*ÎP݉mX1A4kuWt·YDQ;>|HGX݉;;gLԤDvHqHٕ B5LT,$ۊ{%LJ8/Zy5(y~/g>qǖ,|CƍbDt_(2_ilxՀKmW* y+?T=F2(ˆgЊ=627G8H||iɍAaK"$4勽?^9`hiN*#:gy3]k ̝t }#!D.e6 }j451P5:,xq3-A$˄Gx1R5Ci db): ; C7=(ga #=AC1fcNʀ4gu4j\p[s6p̕U6x (kPSw! ))GсuRܽ=i@7#8ØIRO@ :7N'4`:vYR WṶfL ,@Pe .mm ?51WiTQ#Y[T,MؙstU@}㌦&ߋfZ"vM2% (su\$+0,$]bEӞ~ڒeYÛ2źթP27I_(,T҄:RˠgTցGN8kL < *ȟ%<PG9 j O n͛TF PXҹ5joN1g[e=KÂ2m]`K9нx "gl Eƨlh@2ވG'Ti׼!eR o&93 +ۗ祂=TK3CĮ?i"fفk5NԪ;[mI54[4ީHHvMsVדVYV4YYgpU%/@F@$`=:ܻ[=$}oRu"}uW q[`JocBh5We6!<3-A9Pޯ_ӳ4^N}\xX㘊=*msRiX2k"o[:S ob[%<͌L;#V؈?%#Ə)hCfGf.E.~k?}uM(d_1- bV$FŠ^3,/7+ڏn:h-z2<Ʌ&ފTצ`W:B%/R+lFϵ-/op 8A]ǬhLרSbYד Sm%eA&D,ꖤ=brnunR LBd,Z 8"6y1,eB)6cb@V&HR-T"Э?`[&EծJ|,SoݘoP`H%㝃BM-gYwsۨy+²݀5v;Rl ng`A0ݾB3%FYxB,+?qS_j/hkMaC՝خkB*wywҜ(B=SI<+lEE+-b.dxz&('KV}c#PxNY/ۏ)c氇pxinQfB5z,&fyIyDD΃3=d^sH#g!';^٬2il+F,iҡ; _ڣT./H@1m RhgVimJ{c acoaۘYu琷2#t9"J2. SC0f4^Ys@I;Ưrջf= ·%M-V<E 'H۞zg>M||G¯ L| Pts1CSqphpCv̬v6W9F+U}5e9,PQE?0u\i2$FϞHMDIV嬩I#7+U`;O>Bx;eΐ l_Mzo4VR_=Ib7 |Fxm4rǑ #ўwmd\5ˁ!^y @P*AS6cͥ3) bj/Bd45YlXaZ4T{v/# S >&-ɺCvBǠ- :Jk[_q#Pw4϶-lg)s-̩6J|ZST 7zZ'igiH&ߓǻz>Vƙ]xҶ^s̻\K6mJN3d[r["ku X؋V(OZǙzrAp]&4 }!KiWԼ@/fn {`` Su;=,EBt{:Xy8Ǿ)i(KbtQ>eMσRk(\>K;xנ0qUvc{3wU @B!ub1 4<6ZB^::]&ˉ$NS K= !Ҟ7H'9 rIE T~DXUl7:(VU爴CH_*zP0, e(VCtOS MS%R)gע6:Ȃ*^Av584>,>G3uсA K/v̿PWFmT< hO+M|큅/{sXk5z16/Iyo?A oΣ&ޝbݍj(V]_+ɪHpҥ.?Jj(s_uD`CwLXQ@D{fuCUE@\~ Oz; QOPXEV kncLA^my[@2C&Z͜q`;5.jMxrOy2]9+3PhX8x覲Xh. 6ømKs>Rr4T+Qƭ@T;CAmW r0wF9݋ leDNO6vy gZ=L0#X/J޺:F7.3O,sPm7 YeW2_[#ipQ4l0ϳ=ҷ( V#ՐeWgB`Y7c͔ 8S5WaQỖ0yd{RanWtDYxu2#7ߢݒ0wYgq Uw0 : f$WvWiCITc`mK-j%zȯeb־~nшW%AA @9nռz6h*<`&>ЃlNfBŽO{Y9&8&ʸқqfNjqIE pM 'fXbX''Xbrw(֥/py۫mE"T\ T֯uki]͏n!ܠlMɳwƛR5L֠2/vu/[ `J{NYj{ {_= WrQ늳7. Jb08@f+|͙x T(iֶEqs.\\tw{S ;/.xGD1*6RD#up4l#x#Ih0xOSCQ%rYl_w;=(D`{\b+y2K+}F)}Mť7){^1iu OmRaĐ9dvf::-WK^F pDNl . .{v`$ D:c|ҝ;~ (+j;Lx GŬ]7\D[)0i?} cs*g, CZx F:(MH*i9{Mol9mV7y'յ?e'l¹e \Th<{`fFOP!Sa\\Hb !g.8] *1Sz10V#e8., }MDG*~ 0߼ ʼ KqbJ|BS5f\*"S fPKSkǽ'd*((uW9S;;9.W ul7ܟ%,7Sre=)Z~.|S>n43=k 9Inb,#s85eFfd9}ejz*J7ۇ|}_[GShVӞ C=-8LJD՗x]^@ [U=sv,j#Ҧ; Zg܊'54`VUs!=\Z#;J8'v\$r kCcQ'DO7$3Pb&$W8cW 2僄& jBǖp9'H\$}5O:1(i<izrL8wmY41R Y -o?ugBt@{8hor0aaupg)edMK;x14(vs83:ֳLl6& ^Ҹ|^hhׁp85:upC8Lx)V/&1;p>0'Cx|BabxuupWLT}L<0$ Ќo F.*I%Ԗq{X5rk<55t PpU>߫ 6m%! X'4ZuvV˙ՊQͭWoI7G;"m']-%!na^{7]1^L%H7R1;[ bW%p6p3 \hr*h}{[sގAaF4'77-=҄DUYc rEg ^ݖk !up@GC9n q/SsBodau>WXDĽ|A^o_Z#w@*V;ˆw0o}Zɵ-FQ7SxԞwd~Ġ0a\GLDrfu (&1&[ۜ!{Uљ2!;1{y+' $E! UA:.W;'1+!-8=zsME] K߽>~qw' O8{X)N ЧE#R\|,>ayq޾fuYH>LT8SL l>Blt^㾡43Y$%CԽtϝN*;,t7-R.+`x7dӸEvjg ѐ5|'L UwEdN3vA^:É2XRX{Z6)~~'ɛӂG#Qn3 tu%fLU=2th&[CZ͔xL[HM`_t^7/sw#K,bznWv]??=V2vCGIt:Mz98 5]#|tA.z@׻1F f9p>A }Trq9iF1\Z:` a.Bǭm_♳_xk̸zm ocDV (OHn@(}g(;$N!H@Eb#?\%Z!kST':"ELOQ,LDvR&7poNUen7hd9˪rrD ;R ڡCTM” O;C% R5Z2`ڡt+ 7C36qKLs"#PR0j; UNjLEcV_vٹ:St\\3t)+;&ZeuS0G4I5nI+Wczw醠G$Hg?é*.?lbkNS0V"!/f_)pc>:$n8L>~9Rʛc#)y1Br=IeKNx͆[l9/QU=9u7:$L6c)|I(2$ǹ/6 Ĕ.x?2ډ 7b%NcSS8gٯ}"Gjhi2`ɞl [e$a>@X[3r0zGmgڲ)z:%:u\X_tXov`K]eP)"h*W':qpץvTsj?I;IBYT27̚WƤg/x+߉j28F`Z$ɟ_KȆaRԥ_J[VZ(k#Ywn.&1薼SC,2``=o6eM~-mQߕ:₠<}ql0 ;ǒHeik]2u\sV5.ZEabIf+"!ÒwPjIIzF"ʗT=^Aj_5Mptd>d(PP]tPkkYu_/ҙ ?:t- soQL;gBdI,eTs_HoMfC6'Tx <CRfyP;\'l&ni\ݭ`Ё=rXWXc:FG1[vh]d.F7%/MF6ʹ#`t=: aN폞#6BްOJ**J:ɽSk?F*'z@sfw )E-QʈEzb.~G+Ȁy\ +{dq.1F.Y1z',Z>"mPe;vg9QҼvSSp!E/JDs7Ke\{Wz,()Aĺ=RSu ts ժ7Iڟ]|9%}JB=j, uSH~0od!JZ7XL:xXO6-CPNMy2, o xS!Ucj`hE8؍֤Q;?zD)|Ckn&7FѠTBTB˔3mh5Z$>asp 4#7xkހ%Qro 9qN9j ŎuHK\`4 /ڔj8[ d +/:6~_0s)rz/KGT;C?gi91=g4OCBx+S"K$?1w*`M?57X=-gq  n[m^ K\_,텵Ed[QV@դO5h4JAY=:?*VB4+I M=$`M.mC6k#nyoE\JYzׇ&ٳ3݈,SdCGFxLetɍ!Qaue[ +"oS~玲xTUwiʽ <5 t64O7.mrԹ/k;Lιa/8aPT-E;jR57Xϰ:Q[j`1}!vN*NQg-ٟ]/|_$yJ9B<8OO=\vVK>ʡ=c{ךBK&>tQL,A5_.$.4XZ)6B}s΢~@ NFxRhSZNXeB UDPRTcN;8-+gReYABxbymw-<3/`1WR[ԋ9+J>S7S5>bc9d^N q;@9 $}皫~j;T˭ Rm5睝Y& Q仴sH2 T A5) y7L@:+pkCzw%)]ך*@dt`=f~pk8מ ޸&:EZT. WaxYS LuHua6 _CeiIvL@_&^/ v{OL\sHZ/6/xHJ>;^D^-ns\ Z97/EXd27;[PMPs8bdGqP~\fj`4ҷ+kߝ1;xe"h(9>K(u&HiǠ).hHHF9QS[c8DZ !YyH5k;NiG%ngHr\T󢓛bϖS Y[*CCjJ-I#e˯G-c(X`Y Ayh ]EuZˮ飋d@֎~8 +9ct%cjשּׂ rtmwh@:v|惽;tE[WX:v4GOTiZ 2RZrnY}"ڼ.'80qF5jȈ40 s̃-xg*dW,zIz Y6@ɽVuFyI{ʤf#&Ի\gh%i+3T hb9Ly f֬V?$9Ը3Al~m93ҕ,jGtB.bxsF B$Nqhpl3"_مıi2f1Hh<l[A3.N4;Cɇ +oEG# D(/qg:y[O N=$Ө:f񧝊ov􏷡,ANȆOlEyU{$F{m=6_pEb ]ٷy'J; OAi s՞q^pxdH TzcN ʪ: Ev7>> prRUj iVIw$ґThel]z tD?=86P?I^j3(ԽkH5?|K,=:Le6qHfA#xw!0.5,7+EpX4++o2ۄ4#r}ODp&]<:_On]*ds |RXS;FR`_f7b( nBOsDp'bx39P ̐$ y֠gPk!9!C)Ԙk| M&f==CAgS[g%5"34u = ˝r%|1b6FWSȬBO|di!7fK9Q*HϊYMT4!j/^ #z nڏ45lSuQ5ݙm=@>l[mK @J;fm,(~xbdf! o.[>z6<1i͂6t@ VݖOTZN0DjO5JKSf_sY81AbsCR^ 3Z V)wDGR0`&-cE)wbhH`TI%R: F}LEūڢC{Y9KUX1D9q?ǝ,PS-$r|? ,V&1v=%Y''2HԡB?8` y1_xˇV!8b+#Kr.݅VYpjX;GL)Q\{g{ݠ匎 7; GH* Ic|z+aTB btODžxŔuxNkP8AE|Bg7@~d+u4!PmP?([EK=MU4f=.8șEa"*`wU)%jsd(k0XAJZdX&X&4ʟ? >wImݔw<'5t HC45.IP.*\{%G"3] t8 Ʊx ds21wbCpX=1`M* kZguo4հܘ 1Q7dm/#BK i9e ^C-諠.}}z*$z8"`/c`b<$`̤ %3|"uLF@,m9.@ij  c>L;IZzƘNOuc'4H.]u׀hI \h`o8U{㝡5%7D' d-P'7kTЍӹ zeO 뺐H́ߧ:ܟ|7Y3>/i@ b6,K*l!rJ}i`>YpD,T@—B/ ʈ˵Ct~_hpM/a.FL7$mQ*7PgaatE(]pr! {PR&3b<:ҦMz6jy>}\~E8Di9  6oM ߓxa$So ڒkoYg?Xv-R!WFD"&1ɩ4Cn iI3T1 ^Q]vشUn|oOTHsyv6q7axe*>4we]Ej)x&(5sWɔtaƊI'ִvK&0(?8Z ҙ(៹d'Rc ]tSc~)Z `zc75TiNn)=Uc(wTz}\`1llk7* r /?3Z epl/a 4i#q~ԞIav7g{dCtX(x^Pîef_qq𣫷7M;rA%$+a&(?|Kb6BfѤ3N,H+1l1H[WfÜwX+i` ~E$O ӣٶI#'"k.6v7PIҢuaW"Qw܍<y!=DX,{70W9唒^]`,Q^iI{IxL'P,;}2ՏZ#B,-㜕 ;ew,KK5}qިr,Ǡ73f ͂: KO5,z}?=55Y,٣ϺˎXJu"Jtmsb?Zq/`Z9%b?g zYGrE*wp[h(4l?sŇ2>0z5^ ~Q{v {% qhkfm lsޮqSsP$y.Mfáel+&x7Ò/I B֢ X/ߨABS a^7HGz`w|%X[exi܈V3U-Y6SzuwƵ 6kuq8M֨:ǁ2fbKDp#TFI~2nMs p{BDOnbB#Ut\@]g]͏>(9#Kՠ9=),ʜu.ՍdYjɯTx]K?xDp~mr~hGULU4d8T Fa8;yn~mz.C啃ɃTTnpsiN)uX+I^NLLT#'D}ێ8[R3xMmўC#\<>r}ȏ5wO\f|`/ T8FgqT"^G*PT:+m qn5'vT%!h<2 j|:EYvC(@խWv(v &sv|YН$(IUF?w¤CM_pc)"^z=B࣊UM?O{|?\CVde(-+a(I!)z; TP_ e,Ls vB9J}[*r1ŅF/:4L 㯻0 n}s֤ҬdKu7Iȩ 6L*=03"@;| č*EJ4Bͦrے#fy瀈rjȑ.GNU" 56'W(#;ݒ}L;tY;_@}w k <v2 'MCPѐ"کQ]NH &aD,P1H 1Ň~bl%F,a '-Izo")Iz)29n@ dOr΀qu;Z:*gӫ /6K__cL6 eb3}ЅK Buifr$NG\w8?<<!rG=AֲDNϺZ=R5-}Rގ)4PG .T3I41Q`g];D݋أ. y5T p=wFV?.з?rűOͧxu0l$krv+xCzsаi ͅ,<ѭ\)kF& ܷZ|HK]2g_ cXim#ݟ&vTsNpM=0ᆶmP K2DpYQDLT,)c< R,{xYM e ZEo$#χœh#B͉+tgKHtX"Y ǭP4Qȳ: ںE.^G*_^Iп ~nlB@?)lE ^դ~L ܶg p\bz{֨M -djY ۗ伙FNO0c$oI_O 2 K b)'jFaak3 #O;|Ҍ9q/"'q #:À zl9e'9HeݎĹ0R:vCGAlOabػ {yVR8&Pv,4ۮџwJ]`NnWE[˧^pmkھ3p)6ςx5r8f)"6Q,Qc9/#{p'nPYMybqnJC ===Rf[z S8[&<ޅq,+%ky%߆;)9PA`(uIC_R-BN##`0jKِw⭀ &&f5{Z?pn&x3Zkj eEfd`xbba/lW6хg5 4.XN;a}-2oFͽcVd,Z|7r ¨˙A~n].hu# .j^kM=a4eծY#a<1Tey dl_ҙ5& R|~ J2\ 6K&֮hA'֐q:]MiRP*ˉ0;W3]R8cD8`Őbd_J‚Cop`sL6L4K\KUo !7{3DsNXF'OrfË$S(ҢN&)DM^daM4;FuڙP9+Biʹn_O(NS.sq\2Ӄ%K䫟BzY.|;IoEB*C[^#wbmpNo2ItA`~y1J]t-me !4n?RkFɫ]7f H?Xp;kO -l2D] "c/ Zj$z\7:Hʛ&1K {^у6\)%:oKzcZ{#; ΖLX5'=c^^*L1AD"\a}t'i?r_G +](N)kʐ7Z|Wl F4!.r-ĻsE%JǓuv . 73= ŒDV4,_7B&JPaVeqi›1s羲sy减]C- "r]DENBY0eT-Nb-5 5I켡ߥvǼ,-'ڌuM)rS2n5"~;׷W20.т`Gir={V?s?oHI F*:#5ĨHV%f( UgC/js/q멢cr l^peĆSg| L]h rfmJm &[G! pmhFUoyNREHFVg5GP\&ӟ.s!^.gKkqU2e@ 2 D /ī4dkyU)D UCCv61^7tjwkU2 UETҹLeŃwWt  g:ߛ$`B©޵,B)Jf8,?UO 4\7(6DuV/ir%CX >s*4[q]vVߠ}@hݏ+?MvԚc K6p~s㳹6Mx7n%l 7J#X]ׇ\]71Pe5+zS&ۈBNAY:ἅC7OD5SdzmNji WQ~hQ̇nϛM~>WD{5>/0 6HU* *fZ=Ԫʋs\+MҏW@_r)_25@5ePY9vb8jGUü-OA%a&>KwU3KP=#]G~[G#eEPm-)U8L0e$Z S:!WT0U~b=w\Ujzd[^J|2 C߀S% }Ua1W;_B!KJmE4 9o}̻,0^S-_P@9ky:}-ƅS_Ѣm#7p IA-D/dze4j:oUfnM[;&YR0-i5ږnB$gYŠtMHOO{_#/NIwU3N*)GUV :X1 rB"XS8/j2zfJjIPxyt)Y (U!gh(kke8qm۰LE.󔝸 K#OAh_0_m[iN[ۍLLfإATS7Cyw,-7>aEtf;hP?0ǪWzc~&Pdttt\2"TY̷U&' i$)*,;Sm74i%ƧyvĆ.k#^^Jn >_S KDzp.[GrKLv@8h‘"Lo^g߅a-{\D_w&,d_MIiPexQ1cJfRdz;Um"KSzeWJ SR+! `Q/_ `V#]DCQ]kJ9n-ab#ϹG)KL9|X+tJhȲ5!i FZ[*;uDT~>ӈlRxY=a‘oc}eSW3A|=y 9XL7~-fN&HwOXb3.\5Sb5wƌ(!Lw<ӻ#an c'{96+V-QG2/كTl^|Xsl/hx7zSF $cwӾSNl~)ΗoAWZ'"W1斨.$h|3՘YoLCjj;wq(_3C"1K.~oV I3ASJwA)) ͅv6drJSLi|RF:9Ų9`_ 5mC,ma%9h=YY A6RRrgaorun:iw [6!<ˊH37QvE(4.yٞʹ`Q(hL7!.J\0;_u*Cw+ù`5FZ|K ƻg{404Z"lDDB :⌋QKk 2^8͌qF9Ko?hjA)4.1V #hw|䣅ʹfLsI+n&„}'v~t%: Ȱ ߆FKg8OTMx,_/|lI5 'DW!#Xr.8>O"Z0Vۭ"tj+y~*[9]W_uV2@]-q9r}GmeS3b{(n R7W~vҶR;@>~) KxBOLΩ]}kMʑն)5"_9=*\ҳB)ړ|;ZΟ j?}7N]eؑF/l({ x)L{G6$WIs!8 ^yŧE͸ҳq%"teEuq& qqCG=D/s3: A&Q 72r?"a^)KR?ca þW#*vqS.$Cل&:N6aq}5VdLӀݯlWvb%! J=c pj&"`B {HE|x*.]'(kإD9ïz~;*y &j Ym`}3#{Qf@%lF7 0Kkԋ20~AF.I|?}aXk8HҀ܄\[LqRA㥻W:c o=YpFrGBۍ4 w kΩ}\y*G6m'䍴p-l_ !44d}tp &ך ~wl*SۿlB>! In;In6Lx"Yv_o-FUb ǚI*$,.I/|>~ܓ?.¼"ǂ( /zX Μo4A=byѮȅ1_F'U9Ao꛳5>b5Wu;l6 W뭫hCC0N}]IUdYOX1H gy2LpW:Or*iu8"ޣb^vVjȌ-w^NYh ncwz0VkdHH66P\*m% t\yeenԔnߙIK'm$oW*eқ3x֛"+-w~lW%:ۍ@? [4i<F:{) ),:1o?.jTߎ롈.PZXb5+c%ebpo]U,B߄)wMTb[-m3oAp3IuA;-SV}BrDSNc)H-NΪZ ئ2|4͂Bs8wAW-CA NN@ec3 #Yod!חj͒Q!#6V/)&zӖ4]mEnЁcJ9\^k' <~ x PvCċ!]ה(.gzMl ȧMd$?! Zy֦C7* =xI7Ŀ`!Zn`y-{<2 iid'zTuBU N 0?rܬe}E`ex^z(k!9˔zE}dzQWᏃ"5-!3LPMtQC[r-Z PeQ Z.n'} J>A'r#LvkY 8|+ø~z|5t~:9ն\OtRl" A̩rUrޚ[iݪDT3u\KAyThp,bh$q?nKL=&D᡾/:`I'(*qRdhlb${FRuz[WDBEs Ni+ &Y֣) SZk$GF1|ªR\"`r&? ,k; 1#dRS|ZK U%H=Kn#wNiDhGMqyN$~ԤAB-*3z"%9˃^a4?WΙmI)]򓳶LZCtL|LY1c\X!uszj[*̳IͺaɄN&tph? \atQ!V,Hb eG$!ejclLX+==<.Pcb3k}7tU،[S}:xy@6}M)査(Ԯ |n&j&7@#5/kigfvtA☢w77irQ|qn5?΃n@QTZ"53$S@!f_1F{+~1&~a9ݯ$O1YGURJwKbpu:q|,wes~FNǪ3rn sDŽr|`;j&oK@Q!hIcX&һS SlxbXJ~ޞkɢJpFpjzlkmd=ݬU~ ,aT>zqbݺ#M|ZlKPe9Cno$3k [ꈮR&|)=dd257.4={yQkm9,{ Pq򰛘`J,ZrϺr$9RIi Nŕ?KAc(_ 6 A!Yik}J4943D?')eOoN̲Ml7c I+% g wJuc_GMbBp)sNWf̺1XhӅB'mc@? s0 H >ESya^70J9͗}ȎK | x}6kt োaۤʴ<$ES~]!SsN&-h/ũ+ēܝq [f_|[{ ·et]Ag2,hT{d+ʬN+BHe'5DTǯP^|nL)ɠƣή4]'nH"iDiCa0w&oÇE2 E2RZ%|ׂ!Я !UX7e)򿇝7Qc>Y:; K UsEKsNj[pars Q`wUuBU@bהmضlWlh2 6"szeZhߩ&;օ Ğs F{"Ws!ka{:gu$DP]b Bg@y[W=ZkQ;}45]ZXId)af f0,amp2_E,Ǧ5Jk)/a!0m~hAgnNI { S6ӤL:a:BWrc្\H~OaH5Gf ='\WB&ZO%>͠B]I"na=@q{$gLݦsB/G|R| }MQ<[MoQHfw%6 ssb /BNWzgH#3 l-XKrFNy :,a Vg@"nT"8i`2*ȠL)B\kBcmR87Ye1sg[I;EI~}b;PE ]BB)tܼs!Se&[Y'! N-9S{| FͺYۙ"{ȕ0d3LBn(ACHg.AMoު$[HE1@b##&BGلKY3λӋL& k`=d:xcdB"8];Q|Oqh-%g\AjkJ&0|GܥeaL#WX Ϋ ]50+`N@)[gl8cl"k]݁{ugBCT~ '-ѪѾ55JRa-§3Y$(T!&5GD ;Ng y=$ЌV>i9.8,0DUJrJͼ6 3Bs1{it/n9jZ܍3 I17bt`QVyN 5Ņ MT1,9TNBB#}vETߏrNeNߨWGCEݴO"Q>o/@ 1 nnvysVb ,S%icp= U>V_U1; "6sgQg- ML;-t38 bFQi@qIBV Y7[!ݰ)NKpaV ,G %@hPW^?喚d$fXP"Rb&0L'}WR3 G Z.!jwϳURim&sX ad}-6^>@@r={SQ8ȭG2ẉ 6U1mn8O7yz>i-1DpEz!oPRG2SwAs~All5[zX4r aL=D d|#l|/r]VrzOtǷ+@.A g :b= lJDԿTU#:ެa^''!y9Xo{v(L"8Uyi?9݁_AT}s\mn !S,BЂG#̋= p"av7.,g{FM\u xdijŗ'k*+Fe4yS[9 P8&~u~oCFdQXS^f7t]*ZF ϪMS%ر4i\캃[BbjF85ewQd\Uܕw{) O`z#;ި&$= ( !hqC1=`<8 /^QcH꽐ud GWQ#yt-r%PҺ`fؖfr_S`?Bi]y+że[h IWC47!2+bwv>(A>٧Dp_dIȕF-ɬhàbLĬ F?0,eø}JN/(VMpz}UAYz6-_[ Ph\hwXFlXj/hLk) »SDIPIL|5d gj*㉖}C:6t8#lؠU!L2@$̸/'`4ĴE0,ơ}|hhfG~׷*lr{pJDz0FȦI.A|D'@nyaIhFVB-cؐ Jx<6[Crw%d!N|A=B_m.86Ȱ?ύ׻vZ(dYP7_Ӵ*H( F!%W!nfԮl|Ĭq bPY# DDj ADG0>v!NpM@?0E]A jjP:jK/y/?7زͲ ]Α+X-f"Q0R9-toʰ[[U#&lTO6h{ڳ[rvچd,//rȖa鉭CoUޥDemTzepݤ7>CN2&F&b:,曳 vKf[m!2۱I/v6 u2 dk(ABjI,db]}Tv$_MJe˽7N߬nƞ5P# ⩮ZbrA"֝Cy}~ő0#NZ`?` c뀛χÝ1%]j !џu8cbh0s%* ./1n"lQIVIXMVķn'hc(+sot:>^8W,ג~݄Ә.F2"Z-YXQ]j$̆08=fb:FvSF:6A1'~2ˏ-W0N< ih鋀)&ԛB:q#_"k 4,+Pi'HPU~wGZ>wjݖK/ ?y.*z:T\56x$vcM!穹]9iq`7?|҄fۨ/B&:pry Tߎ{zV+R  u-uhvKϻԽtK..dD^ѣl}ݕ6P*VCҭ$#Os>P oJm[lc7/+c};pB+J0ӂS v|jXW` 4aaN8=\O-O!)|QB#5GpRǢhقģT('Ԡkܷ|ɭ1#Q .bNJ+y!j|g)]ظyI2/ZDzm$$?VHyc GJ6QIm6e " 2*\Y~=%Q=&q͈>c˜E%2jLP]պN0gZwW±u<_0@?_yF(eP>nt!ZfwC8\Qގ#R75y@vF˜c: t<H}ĹDǧ]T=WBs/o 8ЋJ!zM 0|mYK9nwQiIZ 41. 0~.D.8)41=M!Sܫe8immeԦ!;JMHYEzJrX!V!dq;m,W͛,~Ams&adpSa%0 S%8pKNmٞ+t`%>"B+ɤ#k8H'S1p`R$haWeTgR,LQ?$K_){]Z4%ry}/YeJLhzW0U~4 rinwb*ÿw^PYU4rn:G/ZjdeI3|oiȲ<wƛmD/Z_Ns3]]T pU凹 #׊ͯhD CZjK]|`>׺ bjz|C-#r9 H&h2Wѫ-:JA$O'YIWn^ͫXV>5Q0"vud j O;>^`WmaYAN xC'09շ_~t=y2iɘmlcU ky)ȶ|i\A˙Hޯ3 IK *As&YJ=L\ǐ*g}6ʓA Q{iZ X*RS' zQ=.7ݵYΓY"EGZ,X͒!b㫂. 'Fe6'Ox](7{ȏv9 Y9-D}ΏM^( _ 4F1*2UX*Nu-Lҋ(ځaVPk&wXd =(牚>*d,@dC&aw"Eo}bhj5P*g|'bD4O8]pÒWyxQ\UM"vG>t?>+?ћ*O.\4J_Q n֭oVͱ{LhfmЏFP i2~zR,3,FDO=7d%r" IfJ tYѐhe*Ҵ[ymfȍ A߭(u5ņ[徘W3 6ir4X]ԔgܙG-Sd"fעrSm CcgCTA Weg{uġg;lR?D ^#4~%#35p}o<͖'3&=}!Z..}Vl\1^<"p 3C<>ɘz Tۀ9"XӞӨx)>vћnV4K]AJbNevXX3Ç OxLmyN4~cLyZ|ʇsՋ@CPJ}Tzo?X̒28 bCS7zփ/T2gGfGgn8}hA؞᪝# JdMsFxPzxjY.ߜNq$ ,UŃ(5Ix:s, {n\0=G%WFh6 A] NFCZN ~HD h;[̺^1sP"轌,̯x-@CS0H|=Ux(wQv=ٷ E.~Sv%&[J }>gUK]jމ7V|9AwMxUNU5WBBhnHR13/k>mXj&R7ku*X-Un'_22/,2m rrW7ݣc,C2jq ,{"SZ.@s{YGېu?(*fb,|\#'xt(!l٥߂ X/Gh3  2Wւ6rȊnᦘ#XQ#e1u}sDXD"J)55 wP}fLUt>?4D#hK vT|TD"+=X ԬL"@}m|DS}ȟ^Ǔq!RoZ("#,BI(0LuXuRB):z)u4h)r>u?/q$ԫ5%k)š&~ A9Md.`cq%(e8eVOM  \ÛbDi <?WJ  iX-bm_1sh[,EO++>TZ*V{!uzL7X^=o/5 GSDKV߲ٜ6֓Kp\!Mf)MGڞ$=Zߔ}X&Hz͸,je17EB0n6!^W x!\C)^=*6` Ped Yʊ_"[6}TMGn`u_Ƀk{=-b_lH@T9 }95Ҳl\xF,̉zi5B+'0 t\Bz( M47lAB֮CT.s$kpf(^:DR"1aOj'mc Il`j7P=A@;p $W?9oƔV)L$O"n@ V+xK]7 ح@D^Ն(*r~of7rE0<_ ^9gAOgEes]4K72j$8"r!ES=ّ;}羁@37\Kz*:'U`%j ; 4d?m[)27s),0S . ]<2A3 /i h3UbJOH/?yi@F?՞ufc9> bh܇0L*L]ҫP##0.V>BMfTpI@X5Ώ+]*J)g7:Ax~Z&x"b?fw9&QQZ +qTUٔ $>!9;TFTc!lsJ`Za|xq^׎{| Z:.BȂw/PVLCHx&6rda#4֣dW/A"fM&P(L$^%J,=w ڍGh9aNz\ۀ>(]Ԏpf+a_6ʷ6'' |IHĆ +O tNSڊ C=@ կ:w&߾zuS 3F $2\|2s9 sSa҈MO.L$8(e3 )Ϧm0ɑ^|t&y̆ayug4?:[_R.dGsgɲ(v?^GAmp#\3ُ1KeR~.#+|XYl/~\ΆodX{\nZSINV]K,;BZJz Jz`0Mv(]޽ _:*p,bω>6MnriO(< 4Ώ[G?$O!%bulg&|%H󗿋PơbYw~CIN 繮 1sknC4Ii_6*>J͒U5BjdKwt w\__z6Wd1Dϩ惎HK^~^6mh{XPI>EiL:/ NR u%$;#^F $VR+RNG(1r77.Qh\~!bͭ|oa)wl]6xIѠְ ލuӨ(c 32@rA2=N=RNpEy7EN(T_Bi{$7ZfXvjjfN8+"QkQ7A#smsceczFWʦׅGv~G%Jt%{l* l%I z!ĺ F6{lnNRޒ`G~q\Dq9:);yT):~Z`gAST_Ϧy 1 DI Ɩ N^ePDMR/ww1Ҵ.Oⷃfce;~ESv4 )E.Bn;l@uT1V5Q-&cS  CZ"93 q |fk|]y+DJf`,<@*g|B>2a㋍x[Ő*ϙ3eH+2t6-`>xƵU(DG$e(ݎ?Uyjy?Wfrĭ_k|hg,"cLגF{4~aPee.`A0f:fk[1n,r7J:_iw[M-Yvt"8KyBȩ׵D~\,]ijtJ E(dPex Ȳī95kR̴9"@j_  Jbv&?Anmx} y4褅=3RAmf~E$n[TiGcEdHr]naܐ˄+\`EA,Ua@-P83ke5)O;Ca[u.)-SZ8ǼSSE[K_kgĺP/qͿ` Grޣ ~ (H?=4 ,>[F\~\JF S/U氷$!rĶomXu .Fsl T^)jszSU-C KWl VD7ncj1;gٖc-JDxHSW!u)_|S=E'P!\ eI]ez(+v EQZăDF_Gg*;!}UUF9n#| K pvUJ/*؍1mɈŇR+4ωXkoOcMi犾C2R pf> VK52B`˦cXz)}i*Gn #g}*kB@?K%gT>-: ᛔP\<72ElH'e`;Rl))ʂuF!NZ`y_FcmWVh1apS9N&2٭ *(Z^˲LWdAPDě\Z%Q_| "6(DNQryzLk.h iO`ԦA'0FZ"&vmƊTpS֐0:eX>Ĉj[jjSJWsJ2{Rut4Q.ܯ {[gࡍ"X"[uY2%L8<) C?OP펒V{o oW-׶zQsdu|lӺ!GvuksNJFE*% $߲:o?JW,?YPe51홐wDC zi vuȎiCSr:vzeƪ2Y><OGȷEF 0ZX )^}]8gH f{[ B 9UzM:En"6$1 O,&PWyUwP땴MuK?Ϭu:pich|#^á`rߢp3xYMNj>Pb$Wh),ۄ=`i v[G>TڑWsG4$TEԖyz /+.N^7-wr8\C~svھWT ![p=Z8L]3ίM/259ClKP`EVx] z HW(kP-\gAyF]0f1L۫~ `:$K3tHDWmi$*tm#IPY, JNf#4˯e 350N#f{U4f;> ~.WE'2,M⎆c} McwR,r9_϶-FEKqDżx *=P I$;(f*$q;oTނeH0omL=?ۺFؿHjZC 0)nLr\θ͵mۛw.zZ.1OQ3@>enz9iq6w86Ê aږWAhEz5;O&r`GC3vq5/GKӁ8q#t}X2g!L0+ ϴ5j a[A58񵲆p fy#p6TUGAys7C%VV/3<c7 qU>#j~NYY5oǹQ;C2⎶ \iW{VO^H\x?n`5ǧན ^'ʦNǁž>ef2\+K0Kf׷{ƅLKb$u* |q쀲:?F85gאf|rHL]^lGB cO(x ~pv,Q ; 09Ѫǥ{15%(lUiމg#03g >D ?4yk)CX.YE4N5TxY94DAwЦɯjuzAXT]Gݡ=>&uh+v8x?TWR#(V3לѷ|uteIa_6!$%>FN5cGEV9n6|رċP0{|͂F bXt>=gf͚Х?*w};ܙi- ,S N )Nx4KM-uIb ,xğ HB#Qo5HېJ0ᎌS>tl$0S갓g{ӇZJ HxUez`ygȥ]iw]HC aHVKzл+ĥBvܞek.6dsLa<|=EOܺGօ۩ tm .WUw;߬9U"-9Ϯ(` X;pcoc8ȴGWu$udwBCfO)o! CGiAIp|3!/ 2QuиA~ aeV̍ yXEϱx A1GWmN^:5/d]Fy8 `ȥvL͸.`Bg}V%S3ԨٍCo rjՎ[~ݳ͕E1-RmX8Uԣ3ʣ <68GF#' (exF9ߏ+AFHl$t Tt7rΘv&-9J^!ǹ`=fRN;uF m3{cuG~x S(INuꎀr/h,kAhX玫эrzi#rO*N6,pz,L3[Gԅhċc?+r|uS;TYJfsQKu @!bQyξDl,u uMnr@+6Er"ӈb‰i084AR}`er;Ciu<|oڲUu>qEFM?EOFeC%Qe@A h =4:8xjt4J"M1Zp [(Z,x2v!g.BbM*tslh0oje_;)ȞԄ*^D}bO Sge"9ǮY~Q҇  K0 ~xt#gbs*#u+>R9DEQB]Jgz /UA96<``?MeEzP(sA|UB4Kf=bHD)<2+ :mRD{{ԟڑqwjfgMQb"G}\XscVew-zo?IYXw͎mVa%gXw8-^%=u!,rRPqWTJGظ i4[ce"UBthDN1Xlb| Ӥuupƾ(]y2s{Jݺ =ArpY HWT 9B+fMBp}tюSh Bm,<Æo+X5DضR×7guM~߰ua .xr EXjn;8FB*ʹ}Ea׍Tn`?? <C]ٗO_@Z8 ^j9)3S̸[G>Q y'ħW`c#Z(!{JƹRWm j,=^"ZQ_`=%A7' ` R‘AmcSLIs+5X}Y痡) g.h0#5Hgw652!m%$fS#ȿwA y) (dywiDRs \" nLkЭbQ`xw @RfpP9JJxoe4 T$e[O'kb@]VM$7#WT>*YُwPfQ^A_,hIicEj%04],]м(kThamV7SG"1<훜y0/vHK"*P{ް(~? o?rnٴZŽB'|ty+v> Chx>jv,|T} " o%v6U73̈m}SivJ3nև0/Cˬm)!_R$IVa6oJȿ$ɹ$Qj]l,:#g<]H'V;\?zz]9F |\Ř%ZtZERt;%MƝ>^W2|H3 q՘Ai@.qncyiI#9:ʭ= GwXYL\<Ƹ N0PNbx «fNĆ/|xy2hGKN,c/EM:[ =4!'+rXjR}h}g+4Yk8ABW)6k6)C5̸Eg@MQ|LqzM^gE^B/|;[<$rb ,,xpec/ #tt,~>D#pۘ꘮Ese_5oo_X 5>O->|^?~.2{HveHPeAX w1zیpl,[& erg3aS&>&;4~€%*=Sǖ9Q(d!f1H 1S5֌=d;`rx;:=2vd暬sUT${߱b8 a܊JptibMJRj'*u:An;#pL}dUV8P5EAު֞oϤ%b5{VP0nW$@zo}yl%Jt a/DGRC)7sLh.d1fRyR#T"tj`@6wI%ҵw[M^rh"S3\7{Й^&IM*mxP|XXn3fQJ^HP%1$DF'2 6wzjèj! 5MH %zIbÔt,)u*;p9+q5_£)?l.ɟlFL׬TSDX@* ^JPU7G7qꗙzLj~"tJhhgpK-+Ĕ(ufgd.Խ0G FLV3љ"ا1gD\[И37 *5І>OBleL Mw^`T)!ZO@VkCRB/y6aVӅnBS#aTAo7>z?͘8nʏ>83nnr@|F4=[c& a1pcD'*&C<]ݎ%`pz 0toxLvzL!|zK ^l$`q=%`%`>U\rJ 䵫 C7@RrM¿9xcʈ5nkۆEPN4˯/4 Ǚa#5 V| dٵ,,yT6|(X"iH~R8vRh!4!0 ;‰%#^}&, ЕWFI'^%gׄ  F #ii&LZ' W̾xj<8E#a5K#ó$J~M_8dt]N4V'Krt%;Kc^U;Z l] PY˓{05epj.:蘧idZLog\#rUYd>~p*R&CRŕqa}QSvndફMV/ۨ p;_O OL6nڞ ^p賟k Z >nNt5^;zbbu@qQAxkӲUX[ܳz Oˡ78p#ly3wޠK [k<ݻa !h'KQJ{]I1a3׿N4st;v |EQyJ l^v ~r{/iKC0w&2"Ywuut4Tt"^`4k&FH+ Uz& <==PVܤTjn: nbFxC|-Upiﱶgi8 B$ҰVc$`)fq\ӌcg?{^Ґe7p@:n]ZvTcyrA0.0 ~DS7POARxa{((Z0oF{<=|Nfj>OmsgQF.D@nVm^kx!+@n7cc!,Xu4Ob0 (IF͗s |4?"f'gTAJqΖC Q]Rv+˅]&g}.]~`{MK~M>24c_8x(C Z *YmtqM)$/ن̱~{ZLB_.=Ȩ y6t \{S$X0o]"\rrĚo]FͷG^jeQ C` >.Bi#8Dq>vL*dRlW,,bƜ3C< ~ f9& RSb&5SrP& T.Cdsݎ6Dy/vux:5Wkmn%v4lQH9=ʤP"8&4U_R*C/9AH-A*azNoqCF2>j-wSڅpN0%z8wN#&$ٰAk~K[uLzJ^_,q8oT'OP̼ D$OS .$|b'?\,}Q,\K^"dYq :"ŗ?Xֳ{]u]2b L WV6$pvF5w1cv9hy(LM<]U38"v!HlNф V{،>%g,tii|BۢBgKDp.ʯ()Rh9i!g1;rM Zw):E(\d|+ũNzE_N%6p7=(EWt "`R<WDjO _ ƽ0ux 07Xޞ>=c_&$WyՀ_:x_׵`eZ’pW֧4?.DӋq$XT"-KUAz,/ͪI0Nem4nG=}k v+e;~6IF$ OH$o9uf][$+!5 B~Ug uT6.~j6{ G}VKB(}RZ_<<3-=Tm ,J(Eލb +hvթ?M B `rVI*1\tm^os[(f;( !*Z@ gkm,yvMbߣ S ގ ;.:]! YQ1:ZbP8ʜt:êv:z0J7_:5 YZ