sssd-dbus-1.14.0-43.el7_3.11$>Dž3MKA(?>8|?|d   ? *>\bl    G Pl(55 R5( 8 9:bOGvDHv`Iv|XvYv\v]v^w^bxdxexfxlxtxuyvy wzx{ y{(V|Csssd-dbus1.14.043.el7_3.11The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.X~oc1bm.rdu2.centos.orgCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64M>M2@MMzMx@Mj - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)1.14.0-43.el7_3.111.14.0-43.el7_3.11org.freedesktop.sssd.infopipe.conflibsss_config.sosssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.14.0COPYINGsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib64/sssd//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/doc//usr/share/doc/sssd-dbus-1.14.0//usr/share/man/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=749b96bfcda6f01d3af177367c73637905712219, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=76a0e57fefb9fffc58488cc4b0c0cb15e3bca565, strippedASCII textdirectorytroff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)((.PRRR*RRRR&RRR RRRRRRRRR+R R!R$R RRRRRRRR"R-R)R R%R'R RR2R,R(RRR.RRRR R*RR&R$R%R"R!R#RRRR RRRRRRRRR+R R RRRRRRRR-R)R R'R RR2?7zXZ !PH6 ]"k%{f}{&-򝍥2K0ΤpϲdYNCk QmM-wr?,aIVUz#=\f]C7W܃wxJqezd)gs,ssYЌ3pGk46Q]ƹ乖u{Z?xb0J4gvJ cٸx~s3mqa[FɿC$ˣՕY57_ˆ=#/wK484j)A\Vݵ==~k X!_}!i,:YcgPؾdvqG4*wOUKV(ƦQ3pԮDozW/ gqu"&j)\ݤ: !9(aڴ3e%{nNsbZI#f8<2ji^g-Jvy&ci3~%ٿ O)*|.!}HY#n Y<P—B-pS@`@t(:, F4u9A֟ Nl@ <$,M BFrp(en;$#&&?.k{8 ܩ;_ʥigَIʗFSv BØC\GBmbK).ȴ ;H <ÆuVv"x }so`4D;%WHWG H@ip+V1S4եmdb>604wfA8%q'/j٬nĭljR4n"YH?wJ:iONL͛,Ov [垭M鷚x C)±I8\`C `mhrGg( TbiFiU8+^hz,v p)Bway)~4Nv>DX޳e֜- Y`R`6-Ӣt'\>E*u $k+H nsw}3oli4S@lލt?56|jDYPA{lym.na場0YR;mN`=pf29tN,7$7 N*ŵ%6q⸗ӤL:vc=P;42;)>er+Ƙ} xtO3hT1E5+xiІ!r|Oa '# JgR{QX{ʏއV~`ՕMJT-U9vp,{fQ75 $a[b{[M-씀1P#HNxN[޵7- <nK\Pfe]d.2Y}7~ u1[nf7נse j^§ >Xr܉R5y*ܝ.7mpZl ֝Su?.$|qړITak5딒ses/f`OWԞ͚ Vsf.ZXYpZ.<춰TnҠg[" 4vJABno1xEhVGš~}}1"N

6/[ocsq{EgvρݣZȢ9W2s7 p'CG]2&@`т.Wfϥ+T[e㡷ow<m: t(Ƭ\;,pSu}HNm֊M X ~r7.`_{(gٱ0g!пCnm`39@:տ< MZa&&x )ihӱYYzJJU@,q׫tTEq-ݾp;>>.FGsRZ2 v;Ȑr4.@,c=,3"D ,0|&3s0&}_]?O0% ƀaE5v\ (Tů7 ص-$M9DT 6?hx 1eAa2 <&/H"1ץEIQsf#hb !%y.UrNȇDA4U еX+Go'9 `a({##-V/!O]~ '%3*ҒSH>VY`٤`X1.@q@b[4!dw+4S.eadBԧSz1Urlr6mAzq$۫~Aq\V;5wsFpoA*%{312h{ UJf}EΥ1leQyKfqA*oƟdQ@w`A)>~=vQ ؑDU\5e01A7#LLBR|E~Cڿc%krJi 6/:4{4O.d^y݄!nQBhq83lx+i6|jF\dĂ=#@NsYU5dU[|;@}]qXrҫ0nJY0Trn$^c-f?m|_H%+]-Nh@Du73$nwv\g!)´/;Ͼد5QEM7eQ)wg4C ii@yuGk񔟴Դ'DڥA0euRˆ-d颉r@ԇL>:b-ޣ܈,}+PaF>,ГJD8q>3%g0+%-i"}A/&R'mD2O33RhfYR(#RXX1h9r՜<}ieҦW+Igk3ۉJ}Pv"aQKd~Qº GZ̵C("JQOG:ELڹP[;rLt{s8FE)]嘨oo E'^9P$`#ooJ*kgl#؂FޥkRvETvAA:-Ahh8w؟mA^2wj8+\ȻΫ״pAbsoLY?rljz di,UHc4{;ScZQ%ny4X!,K~2DNk>K? svA*oAzS|/vx`V5g` hTqsw@P>a 6 PRVrbmv.u>q+!yԁ*H t !e㉓I|@Sd9U&HYVL"5ثq[$E9ٶN J%FjxJ/ud/f g<(|5m(*pNRr%VD=m4,c#,Fw lJRs?0G.>LVJOCi?4*ޡu%c䌖I*Q5 ͼ ϗn j,JCU֒A(j8R'Xi7xkY ,ꤣ$m.,/AVV3a66k!A";7[m=BcJik\(Yᖯ :-d]Yfw}$Q$LJ!5xNnGI66PtgPz,xF^vVmP!Ǥ.3|lƧ"(f`{g.| ҔޑTm$mm'NIj- ifðKصSrrtβ:5͎ʯu\ƞY$ = V`, X7B5{V؀K`ev0PIEq-$grh&k`TׂWAt[D5c1[J.dY*'/c1\2~zϋ_=/ډ2HL-.$f$qC?m%e[%icBC *~m v|"On)%*;ek^;os?rF>H G-n7{%QK!s&/e.j`]0UD0<<xv*Qa;7ddzſN~熆靧vn)OM[[Bvb|EeTaXu2%܆2~yLw'X W<9(׻ V1Ь;9}˖|%u♣@f[$tea|CpY^؅^ 9yZ5_Lk~bF>sxBN؎{pf _a{L/x^,IOCYT>(nH>͖:G8* dVOޢm@INw7{vԳsgC}ZOAў,FeHn*%k_>Y/{77=}z>{$|g Б{ܨ{lh*E L9mq'l$ 3@i9HQƳ å|D7s.z>Zdo euZv8M@ ;bxi1xG4GdҰhd3i[2 Us LV,`pr;Z}u4^ImdYpTK uqO# pwۂ&|_ȼq 凜#.#eZ/D m8 ~dxU+5ԦkG Es /71 {sИ#`z˙=Vp9xNdɚ C|hq2;tj<n;@`a㢳q >liy4ʭ|aFL ٤U[$.q}ȒPnADD b݋Hm A?;TSs\kLNi`dUZ@ hwJY&J _^Zމ@4XNUq | _ t2$l |. c`ZfB'PjE3wxYx>e)\]͠VOR ƸS*Zmd GᲈhfM{(#E>%|QAYZ}o@p_X|LjN$>%ZV~& ?oapKD#w-1% 7B'Zuf~6me)h )Iҋŭ?nEّ^83)S]1TK~%ݲ?]"_S5Й{IxZhlBqB#uq E-l7kʮZjT C+=k8`TisGU;LK#>IJ:!|{ܽ~p]9Ք1kvϖO" C/g 6VmK<\KM MUJ;p?мxpHb~s.5 ñ3PzX+ȆzybZ<>Qy=)~Ki xQy =j'D+ SGkv3;}zeVLGi5t!^Ff/"HYRh/H4OxE9H2̒sRl ]q?cS\`ɾ n#giݙN~V5~Tથv})׾?Ȼj_IQ(Hy;Dr{c۾ aW1[*.?Y 3wL?c? ';׆I+wub,,JR/hM< =k;bx{RthçzLxӀd}2i"̍6(#&"bi 0Qԟ>1g!J޻^A Ȇ:VB,/]~[m$&a\ԝ47F!g HT( Ԋk s XNVios1JO*|8BbcNgơ9Ђ }r8pt߫Bfw8x̐*X㡇6-߬d=FD7RFq Y2myf87¦ޠ<4}zؤ na]A:5"Ub+:* ϼ XuVC{==;z m"qr$@ %9c7nőnk *Ɍ\A|1e8{h^]]C ^ kzkyJyhM]zկtI(@h$8$)VO:{o$nFhqv?DPV@}O#Pyv1Y&H"*+&]Ǡs̕LGKw8D& }z"V B[ QӉf H0,O dH4_g-e{%_Y?d|HW]jnFD=bPSeD|V~vL)=ٚ}˝I,y*N [$iCuk >QMtܟ|Q#Nզ]=Nt"DTˆSh[v)7u*R"*&u+%= \&RG hmڶ) cf4˵y4o(u SYq=>g xjcbYJMuKTԠ_C.sLf:b>T4FFKAĽ2-$|W-Wt\=ƨGGRN% iR;zfgnu9o12 *K}9iuS:.)٢sb wITz8Mf=$NEqWsU~մ(8$0<8FAu{?e |m rᄏZซ BK83wߐ]K pU9}v&p8BF4Y tgZfr))HA=I:lB_IEc#e-)m ֝l$>C(:11y"!kϒNiQO6fnb n>h^<`jXF Qܷ8 E"dSf{TV?;bz7˝#WqWwZ`O:p_S+Q Se\'.'Fɒ^-QTWUaDѠgSpG"h*Ys0ַY4跙$7@aoVjۻNR ;nR3E[eMϊ?~B{W m j3/(XfÆo?-k^/D2K0y3dgkDA˱\ْ&3[m&iԊ| QDjĉY:l-<F+c^[Jy7eu%Y[kP;:kّx!nKP?\k/n0n3GƃX.")d4uAK; 9@3-pFC)~%{ռ \R-`ObxJD'忔ޖz.'@CW%?# S.?ז>qcuBUf3)~?Pnmj@# /%;/FP*slޅ%h~/e;@5_Z:#gTRELB7'_f5MpT2B?FvqW(]}[B|uL[991 v[eYWrVZ\nKO m4GSg>X$90waW#tH&(hi eԯ&B"-M7t3K?Q?#k)OvP$&,SÌ~XAw$A ^ 5l}.S*]"bVxT4nrЌA/O2.D3E3xfF I"(&Rs;Ͳ$ NS2 g|0a wwڂ%3f^G{k{0Iy4L͠':-4{.3 ȺʄĉGCh/;g? u@%74+mwDbhgwש#R*m=`0}zh/`x$—ϬYep~vkfBRt .)CjbGy3jGl4g'kb򘱎9D[/Ν^ms ,Gn/|fGN,}!l1|&ܺz)x${uf|CdB8"(dW?~V[<[K,8Dx} _dCj<?+"wkN9FLoT.,5TOFo! wrwF - vS/|!CR''8h):H O@F!}MZ0?bsZ 64@1?MqΟ T2re=,w(_:Ѫd>ӢD?͔4yơ^1eU.}TL~6ٳ݌\8FM~ ؖf%/S=H%a:7GŜ&9$GXg | \~~qd'?IEj:֢¼Djnۏ4_h+LD>TS2:תqם#Z1*'d_+Vcd!JRWX*8cLXvFҬC!@/_J;2PP[MDUBPͯ;(55Lȳ ݼpqupi]] DC|?ZRej6%rrQkD˽^Ko\jUȟV~c3 ;mCDBʿ[9I&MIkeD{ljm* cD]>#n%5>_'U&)XѺcIБ ̓HR}ζPϰZu*;bK.0;ME o Dy D䏅88nh[˚Y P+U, DNDrXjP?9rUȒgkເhEq % ;ɪJ>EcԍHy"928*PI.Rl` 4#p`JiL[<¼^wE$|łQ0Ǐ7R *Tׄ+=!ĕT*ATkzp2d ?W@s3E몂 IuKX{m#a@FZ o)z4ZT1~iT9I"B9C P݆B= Ұ˞G{@qυGCJ8OFJE$pOKmZX)K0q.2?;Up7l4HmjY͎57@ ؠ8)rDړҴ K矄O7u8`Lo{jCA Zx_7dk,O%WQYof͆!P+Jxr'9!ͣIC^lex_K>q@'՘SG*{wG(Hm ay[a#γy-tG.%F9_S3OE@uaݜkk%b=o0_1?oqfk :|G:G C5MD-ti+X`Ha3|LGAO Ĥ6VcakYa'$ |jW,@| Epmo^ efYu{@^Y~:41^P/?A.X,;ӯR4z'믾 bM7iZJްH~9iiQ5I=.3 (eHS\'ۡYg<Q\9+F;2cs&S\;"=Vkø4S0錋Q(6pҝ/Ө C2s %c=hT[\g.t2t\(,4.s*~3W{AJmǮiՆ!$Ju34UUˊhk(`ExS̞Ի!INA~Dek"ܩ>R:bEv6iY-$-R nlHerEԽ{]Jٯ D%0meJK?0?ױ|Cg-^+8nokvҬɓ$e(?MA"btX^+lGGYŢ;^mk:,d++ m2IKbFcr)v5Ir+=tOk NIVc_ tT6RFZ]rxh!o㲝rOSxRޮLޞ ie!e,Fq7Bjﲈ{;|8.xbcMf5OM0* + v{1}ptYg() ~R~EK_1UdKRk W.Hߜأ}Q r4kO lG%a`qVT $3$U%\*cBAAV݇oOcFh%!;(\Jl4T`䧌ꁚPw=SNׇj=gLsF#LNƶf p0wbVXP 0^d4Pͼ,m൸ʕ7*zyV.C 56nRͶk\=쫷QϦiީ!<~FjA _KѺs fʎclQfuVԴ#DSZJj4}꒐p:t,? *;Ë`qЍ#=8>O/T% Pte!_l1J^R#ZSB#,ÇR4IU{l/͐A_?YR!D5%+cZDGx~Cd I9ȝ|S ݽX F9΀_čf|O؉ǁpԮ>밅:?.];NteP8(g0?PٍctӲ|׻27U6@ 1`GPnm6ٌ6t6 l$scZ0| Xm`l"ҀH)yTWl-xKnCr%93C$1 5]^dgcc9` fsA3)z]o~[F!.UŃH騆t"|pIżʸM XI+)0KB4EwB @P- _rxb5,u䋭rmAR,>5Ew-e_XOЋ~nYg82G]GNӭFtV\"DZfB0jf')%hkyVt=bNO],@I亥JxeE~Q }WiWcTU$~oX59^6{7 OHh+} !1^M lWssMݕYomw3*[roq2{% o7Y`ÍN(--FQ,XzboiczH=v?m,>`rLNmlxMK?HCmy{VdDAtE"͎eTLkocuRo;弟dY3,K$rԄYʘ83~ʃ]B O+:u~)A[w@UFkTM -J̧H,Ґg{ƓnٺrYVPRY#q$& yW%(Y#Ily1HRj;,Km~W2V:|3\CeALLۙ*e΃UKW"w76J!PA\mȭg4ׄ6nj,+'[]Z8ԱnZ''c4!A Gj{TZ?_܂Ja]b:yc{G~=BZPJ2"oWlUơwD_ۺ47-[tuiYDjì  "XMY K][-K/AQSd[#cՀ0}b$EbRڦ>m3:Fn%8}qb6P6. ~2("Y2 %eJHҾ6+:=f=Ħ΍EW ;ELGڴ U=bw&D@Y%=Q -ғG r}1 _5 mT<vl= ,zhޝGD|d?OctpMz`,<Ʊ3"KmU+s5IR\cb9# _kjGZg#6HMܹﶰ.➎RWDL,Dk yCJp[(Ms|c<G>2rpyqDRd VU,QY*?}}b*t k0UJ̰1/`4YDJqoyH H)a/Kmsgx׬ʯI #5/o6%I DOH]l=՗ZQB f2oc@;ZEX,X bIaqvSF_8Sdнp%#V+t#C>*˦3+ȸšo96D iBH[@;=s0juxAKpW8 0e)P3X69z_t-&ײ'W)y˽zn{Pw;=W4FȔ9%8IU_m_bL)GCt3̨61fEPQ^7~HCۇVYYGfGXO7u00LQB_Iܛ 5!d%~grb@1T"@\@k }P 8,e0 g9]ű'0[8ӼD6"HNK!,ot4R,a CP"/p,n?zQ%"IkƤnE8!4^j^xlic L)⥎_y*ykP$C?>B'A&j7Cpg' T2X^A/8RdLl0.WsU!:ۯ<5y ºXn";lI=$\RGֿI 8,K"X٥^΍L` JBR/oiTW.kr HTzN!å $ӊ/+|[V𨥔cIކ]xuN\\'LK*/%R1fm\ ФWxؙ^ li06eܳ.t>@Bm$h<]!#[\Iw{^5-B3U+s̓F̺dE1`rn_( nB-m5Clo/H]1"M+A=Fy^dbomFrb{Ί˕56[ q.M|P`\U *z DԭjRZ).BsIz8t(&1~TYEߦsWد #s#?S}4UeV[FCM͖P+[Qڧd.z/ OO|<}xqr X)bU( s={nˉ7ox2H<q_ ``K"'G*C߼ 1њoCH4aӄӡg*e{qxQV$N6ېN :j4=Y/g LW/lY"WE[g=̀VDCLo Ju5^XӓK[S*˄Ӌ)5L[H) s-vTQ`cp;^s \4&C;XXn]ΑNSk<f́!,,e> 'G~ӄ/"wraJq=k"蜴iv!qb,TE9JYt̅BONd 0ڥ %Sv嫿%2 G^ X eDKE-"蕜 8V1bP#K- tUl_|E0ZBk`H (A,x|Pշ ;!D<&,OfT/mE LCt"[òp5˴V6Y+Od\0+/fjx7wErتyHFkK:ȣ/bI.ul ק=g ]G!0! ^Jk?0/R5+26Y#s [j\ BgǓ kjNM ixbt89iș܉hr JA0r,A Jtqt#!.M6ottڐԠ{UET|d0;#5CY  ߤU/u4C aF-Swab6J.-cOMb,I< S&PZH.X+ X#)iA{AEVه_~rVxoe<'{ڗ<[1 DrN:4n -SA,(6e/&n͓#A%Ow|VrW%H`Uʝ(wmH[s~a&/$Q-u>뭠P- kLrq^"c%=o(4BU[ ~=.(g"Prr$#UǟI*y|{K|6SJH[1gn̹ՠaNﶡB pS}ZtHLT Gk9Xءq&E@79^*6-߭t,j P Ai2w}U^iMA,+7:MϏl VdMpU1@T)BCb2.8/tLŀK ¥%PWV5UM JDSbEm+pi9,oj(\\|־pXۊ Sk=Ddpۮ6p[jH2/h,>wŀo7 @qGr_^q?Nd!?gl~4cʜaYrkǃrNeè(`I+K-GֶߔC۶I50 /c^'Ԟ52;y zB&1 ծ~#/fq}DO33/uhk1쐘@Jp[|zLLsf5F7xƯo*bG^1+K߳NvQ+ENX-̧?~2/t39VǙ o%8\5㋒3W@tTK$XpIEegZ`='BX-2W>ǘ+8؅*Rpv6Cl~eq c5ɟ8 VۭYZtv+5/k'Kb\g*2]LWF\,-J R9ѝEODbR}Vbe< C|'zǼCL\#>'ms$z"զRՙajgkNMI%5 mo0a (loTo2;@d7GtۇP'硆U&*6%Vr 8NE>zMr.֡SC\)p; Z'Ϲ{DzG$coq}U"B;|r):7 QC0ch2V o1%k1X`1PPr+S444 -vSwj<cX@ޱDzPZ83F& ťʅa\Hˣyφa; TzmpD½{~_C3PzryUchB ړg/yxj)IV=fB D% ?tid7`^gD@2pȯ`/3b5H q8([lz:xc]@18=n"9M\Q`zCio8 "b<MZ_^[1U=EG:ւJgYc-DJNZ+~ci`Y` fy#t'(|~$"Г7lLÆR /JjpeGYI&gm{tǍX&Ez*;fXgA0~Uq{#ʱ×50hA !'PE=8 c#ӟdn~%1~B7Muu ~)wWWQPؙnn jqɏa#4]`FGnkC!s|Omf@8P  ɺGzX0&Y]|CHI}DO *2XjK,=͈X~> ٓ~>NgF\$p"ܐ7 8=W^";ekNAunX.V!;;Nv6^xl,W׃dVՃP3(' 35W84nܫ\nxvS,q/qA1qh5I?$N/FKz=';(t^'`ZOaMWW:I%˾ L[;YsDL-?'W+;v_a{yI "D;х i"pnCĞ ގ󠯖ɣVxQ)`yx%Fr}@v]f{Ɇ5Fo ep @ǭn3:U.Ow3V}e7y;.᫗% "Hhtn-g}8qt?#lCyJ!UN956it暴K R;!\ოlYяB!ke0j3@py%4!Uh\ӫ#isYSXG=2((i(u?NKl{$QIGཚ#T@jFKHLwgQ2Bqn,}s Hx]GxJ'l'rDe7 (lJƵvgĔ>x]bɊ_Qf~ 0fLXPI. R 32a|e|-t>T2( e<"'L}nF#fշT[d=4 EYbєJm!\qm=Z,'H) ރ5~C+'Bi4$c!i!5Es e%(KCk=en?XKFSwYnxsJG"tX쮓> _!‘9_qv!~r#GQĚ)56z4FuR[qq\6)R8hzhK#y/9\M+NOwJGpu;E X3UF Ip_|l@qW]X31~ވUEwrC2_h'"{|Pw-1m6P"8 ZڣݚӁ\ʗa&1(ZTT|˫>ef1D9uytI|O oL}c)opl1Yh!&z&: (Hs=l$^kCΘQ|Gpv/6ͻf |9jlSzQpP,x^2#+{TKP(< k4,He҂RS'O4)}@j& M@ZnLpe_l9h@2FLE+$lNeDu loryM-3Ws' nºƄ償@1C[}026|c+$9{ߑS=/BcYn7^}AR{Mpg- qO"YxuduKX4!l°=X. 0hÃ|JmL1|ff Ǯ>7;7=}bݼAvqYN;eu&ee'2iԽ#ed ?vڟ֩3Vɮn=yr}H B*cLԋ3ԔPWxi;pDK<y[9,0*Xec|XUz[ ؊{Fyu~P7]H[^r0 _:: dö}I)įZ9Y7VM(ϛbu7?I볽2[SS{T١̤{N;auKiA.ڴMO+V(Uڪ9QQYVhn]9xG~8g4~,y+`?W:ľUKWQ|*,,ko"qm >|,.cRTۄq,gўM3Γ#ndu]ʖ**TggK lu N"1SͰ~2XzX t2ەaeU@+ro8@O[@IXm.Q-3{-az}Ѵ{(^ti"l9v iO>|>Oʄ@8!m>{t8l0[_DppOo`,^6*" kEk/+'v{ Ί%4YG`qW&AYS.I}%ah^6 ]"E&EK%ηSїz3`I XuLq~F#zI[m\V橒ZpglV( ZZ  pWh ]}8J$;vtWm<- 5ٍl: o|\*o$AG\ºZP̶+?IQ|sKvnYۖHUWQ~JݫAUM/ie~yf/ e[&t/pfQ`e}r&i@`쮨 FZ2ZH%.(-'j+yiEй%6 )EA"D)hp^qG)JQ2$nN35mۚb%v(77i*r7vwX:}dA_|J BY %SެE˅0ТP\ӉlL)5KRjz%fZZu_;FP@q{> i\gLU|'MstF&٘dXDM}2^B#"%J~KÑ"[nLE?,G\廚eOf1ԍ 5 9Fm،V8N@p m ԏw9CH+z,GBfKxSEZj3g?Ԙoͩ߈S̴iA2[_>쪎X7XV>^Ha/@.up/JR?DXx$+qTK D\͍7ʖFʩ<b0n]`:-+6t(ea@6orhw*ؿـSgcmkWRKu~uZ>9`PVXy q{|aUsD~m.݋{EsI/׻Z&\.: l]#ZbELZ7>` a/W1RLS}iĄ 8:<}ݦ\aMPt-z::6s> Xt"c4yDuE nnQ @)](%C)ѽq>j[/ie>ҋ4[@J>y3,uqѝ$O5QS\)E1F߶ګ*Л_²;i)H_r*oGsO^E rn̾kn|9W6`Pf&NUX6ܰl"IF@b" 3$J^vT)0[K$b.,{BYuJS/;j3^)۞M^$ oE_gm (L$?b$f.;_դ"5 nU* h ;Z ɚ6K6\W6q,>87p"9Xg~8jQr[JΪZمTEKQJ@Α |OCM ^FJmbKDZhJ6$ڹBh_h]*iNTޟ28n}fX0 Mx~H w_F#`SqAgpUٗX! SVt3+A&ƹnF"BlmOEub/ÉW'Ú#J%Sڟ^a٫c^htBH֞T.#4F%dk ӟtV ӳ] .Β= :+D2V< v`4:4~5-gt&fu!^ԡNg%+ElC}]IQ∦L|-ScXG45t[@3%9L6?۠OI*/V)4Kݿni:qz iʼjWpI;NEs?+GBZ1~oLmm%4q jk_bN `6)uK) &YK¯*"2^ںŹXf^S$>MaaE" /0>n%7I2Œh8g[x.ľw]ppj tc, pL.C,?x\TF,$t? SkCkb~VTF8q(Bb54EBxx&rs'`BtM:Ӊ J]/eg"ZȪ3pb P>13+KjԺ^-~<jrA f {B\Lkgd9c`DVW { SiQMUk.ǗDrH  ن_6Z#).>m6KTW]5 ՘j,ߦ:bFF=oE`#єtTH'' q'v@gr"hXp & 4jyBUqVBC]X$v <`w pSǻC;6ԹʂU+%R?͑drlS}v<)MCI Gh3/Jc#:e7A\MPΈS8n v9]@.,}?=T,lAh T?·˦Rpp5D^8yW:!!c_{o51+ q1·ɵӁGܦ69T|NY&_r(AA8"5׽/&y[1m>'|Δ};E9'׿cÝSn.Y7=~_ηlR.;*E hj4E/;IGJYG/=CRaѵD&Fҕ+|USLZǐM4+7⏵AG?a ob]zsB8ܣ B"X=mfqbyjl[I`<)ȗ)ׁI==FF=@HK60OT_;Q\9wVp/=v,_I UCdfzLi|ώzQpBn}'UD8nnayh2P<6vȎ84P ' ;ء7KӺ7`>(5oz6Nx:7ڐuZk8 oW@n-;o6nna^&bk-4n f='*6R޵a64ꭎs  ~bpr^YVIn|Xï׶>{ʁ8Yp?ΗLZjIK bhh?>WL|7LޯaY.2Fн`F2,i f 8ҽ6J |kseOtǼ 0eDԭOD|6Pޱ᧻"_@1K|5۪k@ZZveHHd F{ͥgem.+3EXvɉ'fֆDӞ[1 ՋwV,|@pnR:̊DzJPRM^5S5W50H'25c =l0ɚ&z`<1u"vc/QBi & 9!k'{tHfxMs̷tM N-Vnܼ(@ƈN@r21GlpGy rQNf=J_Hrs=_.gŭD?md kA<\9I|22ǧd7fc81@볬,zv/yD495ĺ.b -6+KOaڲcИ8NF c> @ RY7pnO__A7ѵE bs[hU CUfQ? pRRa S ~Ql;3<2J)fx[\WmY-`)#m& XS(FWCDxߐnaTTM@*X]jZ|ߵ"ՠ| nLC}, G-=k ̮Kn+H3Z`g6g.xm QLP#wVF-J:h}ۚYieThZ"sO5CDr!I޽Zv\{a7>Nvdp_dfU?I5&u+WzdwH!حLCu}? pj;/@h9Kl'Kqvm\0/L*b <` ?G9R~{> txA #\ol"ui"gD3"W LaZDPljyuW fz,cBYH8N4r_%iJ #V[n6JKYd7WkvN{Tb:PZQ0nd{9,Fĺ_t\o{޺XO"^\* 7cu퐯5{P Ky#7^ͥq~W#Ng]Hݏ2;Oy3re7? N,"wI>8L%_C7vdP+$^@QK0 6 \ &èL)6~^Pi~v m1 1t/l壿߲-0Yk3k"2߂^1FN `tZSؼRU\O',; bPr-R@ӃǠH܎I(r w Qٜѳ k\3ۤr2-cF.D :B" &f)MaWUIoBL:JJ KùR+VLsF#)ttp|E~Yz=òk02 Uzs :,}u/a*)9CAܦ'۔} .5LU:c-t(8:aH#UqaPG ᡃf`E Izu]weJb]ԝԓeϲ޹BJyGTF1|ʙ={bmL1V ZhHCկ&s߯-M B(팠(x]qlz=gc# -}klzj#y8G6G!q~DAn84lFk盱5Ay'!d DAHo#WfՏ0.7ۺš :L?1W1e Z{̳LcjĉYTZ<fN `ܰlX \ݱ)P$6Re0(1~ a hvx]d(`9t%+.Q\&zi)ӣn8 dmLĒ>bi3C>[9KY򩾎Xy7{@b)9+g::H9A-u9dNߪL-uHc*TB~Vڨދ wcKI)G :\X\P~؁g?h*l{pov_kq˕!P=)׫zﳸ; (3~ϒɄcf˝;6/7tcIOQ"Gk:[7% K6cjJ7VTUo Lfhv5y)M%0&By4L`^b5+99F>DKB =:5fS/})X[r幃k!Mb0YSUl~ꯂ~*Y 99mLA)?# K%"t)r[jNr* OHۡ" ?+$̈́Q19qCLYVuyPd D:V71x*BECJw9 ]"styeN7m%{Œ*9`39b]?OT5qZЇ:cIVT2Ls@?P-w=#&%)PCDCMNg#lQUF2B Uwpa ˿ 7sIQւ49HA4Bs.G9n3T+%!F`fHas uڎ7z xRY E>_ *_̛TCpŮ:vTLz/i,AmpmS[&y7|rf+)Fj`šۼ?[ nYM(5Ћ/' E_'i1Q䊁VKlJӫ#=I+TR~ҩXBL݉s?luvuY-ol~\Ԃ ; X-u&V4p`5rLz+%ɥ65/^Ё{U"-;{* wrT@y˕F)xrJ6+hIBzHdV 5{rc = Nw~!P5C_w'v Viz n_9}zJf%j:08%̔^XqёvGɿnS@Rbst@(֬Fn%OAU(6q! !F,6٩6|gJp8Œs(2J nh黚 *?{ a\zu|`Vr};5coʩ$f.gX5u1XWflz`Lpf?x3JM4UGH@j|5vt&!HI6D|_y\2g}qTr5욏ܼnvjE{6ft*ϔՁ." eE:,#/k |+rmvU }q@m"{` R))m v Ng\MoO/[=E ^[g.,)~1fg;X_p]gҳ22bj:c0uBWr:UOQ%DAOb+06ݪh>)Y&Gs2 rԉL+04ی"HvQ X]SNn)SŅWѼT&hXCeA4 2V+E{OJa#(6gܴyr"hU6j{Z|iBg|}'26bAd=<\R_o 4Q?dEs/$3. A?] |7#jcPMt- 킜.W}~IZq.FjhQRhampk*| VÕDs?^H\p&׭NrTD&tl)Ø3oK{#?$bUNw`aE|, ,yO|=w\^OgoiʤY&1FYyjGb[LT OsYH+C"2M)Ѐ/E1G9/Wljs+-rb+OH2sK>')Dڀ< g߳`8 9!}NC!:Ŗk<?C}sɘeR/ Zr9dg0K}Vrup/?Ur}Vnw$)#<>;F^A444K3mTv dS섉(Tͨ R鄡,j!X\8\yyAqn𷮉+ωʑT3gHgt RF2x|aW̴k^jWqIN6vn{8qJ68MLQ %smfN#ڈRll 2zcQqƠONMX{bj& pN#ޮ6..AºZKt J׽?>xk65S:&"BIj?tZ;9ˮܪq(ݠf2CS%\l wc%~=/1Ip2=iI9! ";?[|}/R) YgcV('c*Enr$+5#`:h?2 jSb\!uzN[nW ЗvvkѫGS kmKͧc]7fC_3iw#ggR/T;6VLV?'X^ZPf%K M=c[YgxN|6׷ӣz#7R3 vt9:oX,9x1BS{ل,la>0{&p#X9 :Y/)$iXtkqnK6f2\'[. ZO՛"u̗yFYj3%Tel ccizK8N0ӃDNgqЦSVS/ e8qm}c2 !t&3%CeXJܙQF3$oX"N""_0M3{q۷_&pJ@QڀYfevowv\u?kƳyWh;PO.$[7&̅CRPL- L|颞Mk(Ng:=}8z46]g<;y0&є:C>kh<"~f7F`)֕vDֻqL%0mQK %Qkz92mS{M( mu Tca_uN0{"f [1'FzkwlN2*ȹ5P>`(]ێN 4%cZkw쉃ծc ^ :>*Oog'C )U8e[:ӉK+CA8:Bs{zTy?pg4|LpB AڠY58p" ~-@` =CDiXlU3>=X#n.wޅƗO-?[Uw|{ .d2gyh 9(D-AOɾ M񃺃&P=.pTK' &{Գ_kuޭv8.S ;pwBju)Bmեvqj(#cZ$nKd de U/HL5+l*,m^I1-E 6AH?BSR=16r{#o"z<.z^ת7k?QIfz쟮gƲCuQ^oLj FQJq\ׯSNBI<갪I \6^F$&]vlQ/(~zay6kno%mHyۅ&AԬ?Zap³X+#nyge[Vu )dFeWXE3.ŠvT!>1rZhW,ԉ9b 8^6vgˈ?M]+-] 2߭7Ash)MK߉7!pAx['%nzVGn )a {FN3$%SS҇29D*0Z-Mc%APu>OxPh G>3!,F5Q#Zd)q—XZ;#Son̓/F$Ԍ혲3SY1WrɥaR²Wxq&Eg3:HqVӌCvm aJǼ:lnIT|(ԀHnճku6*]RjHDA!Gd1\%5[ͭ$DLuO8Q.+Zz@\C.*ȧINk_f:%hJC֗层" ,(9^=Zxpㅥb?.TQàaȆ"K KHWoAxq2De<_T$Y`ׅ4anL"+׬nH\"3hrwGUȤ#Ft#x0`fS0nZI/o%X3M~ueDQ L-eKGEE.˘A3:yLHWr -8o+Cjɕxޭn iQe7<.ӷ 9\"A{V1bMyS6'6$Ez`pMictڽ 4iξ!(Zrn:GȤJac-]6m/Cgsz27UlO`SKJ>n' dF$CiaǀPj^6}7&}b,kT߃[e287(H s=yb{n d秤b zH+wA.\Y˼ &7]Lw[0sQxzEϰdaZqH> s='LXzW<2rΛO)5jZ+{/;s!N:3),M5i5=n.?yeb)o^^X| \0Xc-%P = 8ufAMb .b ڕ[Ypxc(_aX\Qte6c1l8ɢ.;Z~- pei: AB{&*>C685zRzQdE=Jj~O#B` PB,7!59CȇݐQۤUL gi+bG2+J5E֢OkL,*huuVW2cP٘7U ۗ q܃5=%R1Uj{Oݲm:oAA0T=R`V=&/]![Y _}%$|Y43kN ey6xjWÏw;;)|Nztl}+-޲P@whW%*\rRF*l%T_LJӨrt lԇ ?Gi UY#:Q>r"cyuC^Ry?!,[Wp:fb[ê&ܡXKj/6cgū"O?_FqQ)kt<"ཊD =A6`z\K .=/ a4ǰگpF0$_hHJy9&;҅{bu$!\?"ķ:}Cdriv(d3פ+eZX]*2jPZ3VkpKbDF%A6ԗ1[4QVdM:ƍFjK#Oi2/  Y YyA&[GS SDΔxMt3ΈQ|+vÌ.`^+!I%}~>:+K>ʒ=z._W:zr1./AaBd>"IM+eK+VXt!~S98xĎ MĠ&Ce01?_6 0kCtδ%6.SgHǼNz]1>*BaKV[5ь$}J3]=7(` 璊 hwb, 툙$B@6'f_WMU`aEt?}ubcZ<0 ]_#+&5/cCܭa!2."JQLRPQ!{SW2L3$ez H0o5 ktD?3,/#3| WTZ*f+(9NݭF9$sзJbL[:su {1W1A$dZ6jWL}?eqHj ikBЯ|ɚAqs8Q5_>$|&(+_SL"ây%mcq6o|b\%fbz~`arsCE7bzbs9wK5zSBρ'k!)ةbaϪпkoΐbf\#'>6dŶ⓹ 0 l=&}VS  U8pG*КJ=[GO;JAfvve&e~*[+~'ˈHw;peaFo&mj!k"9G4%V'Qcc8K/kniky^{A$Y>a[3lr-+?,]r-;wx+hM0c{`r)B4Q4RXJF!30bAC =`,o"S,NytL2#FkpY)ZDf̭)~/MŸaٟ~yGzv> TH$} nT]YPCN՗ָk]Nv*#* eO7xև+X$~u=A< Ukhu.P>L4Ҋqm'R9dCaS"jS{TWbL{L+x;LXn׃lbcw"vZrVclvm%p0^{Tz@J7;.xt!a_NRӽ˻֖{1c}|2&ޅuKPbDޚ<N+}e3GW,1+PҵyǔT0g˄+? ͆v9d$)څ`{[8߻TS [ i  ҋDqN٦͝4ʬ܄2gk*. EKhxMdj rUeDLXὭ\xJnoI H9÷%Z>n\1)G/xNSD-wݱf:>h07ZBc/_b>a}ϵQrE \M#f_4:|ZTn%A/ 7H$#sk{&NguJE5`ĕO¢6ncqNӠ2(:TyJTW[~hף?6M|hؠ5 ds\ 3뢳k )xhjiAN0j2bЦxMF#Qz1/\ H=& ԉq_ Rޠ{ɅA}7IŃ4G.ٙSaO6y~>+J>KH F |HjaaԁZ,\#ydwsQ2ؚrԸ!LH^"޴>ZXڱ0Ћ$w:A8 Q6i?cfz_I&9yOQv|M1at5v^N+p ||:߭c#hĤ46[҃Fr[),Jܮfȓ6$V3megHvUJK(6ooC1y+a\w6Iz:7TQV7~L[F}QƠ"ʸ;_oXVGNJSP@VP ӕ|vc-ҥ SPi}O޾R\lg -8 AW"c]6E\BJgƗ)5rRa/Sƴi4VTYru{+kf_' \^-lvZjٳ_ƟJ^*P) ]!3D&cXnp/\RgjVq7t}G~sӐ[" |yY8iSq 7 gE56|?SsZ%4)ZP@qՄT9p MF\ǺU\&xS8R2L$#̓LWP8+ 6prAiCKW[BiKR /Q7?٫-}p!SBofK 2WJ@_-J^oc_.gSWyB\pL>9%62VД >0iu?PPf,Z p:i'JrS(f3ף֯\Z85Tj#lmx۟DDwH&¶}n?@&{ ݝvBB4C}눶*_G)Q qֺZ0_(_נ"k傳^#jqYKmwm ݔxRZ1@Bʈ.FJ =`{Q~5bq~BɩC0j`5E; C iK/-Pl+pR%v nK8!m E=o6_e]tZVB! Js'LBzn+W8iU/ˊKtOMa(]e5 }^9Bw )87ZƩ-E#̸5Ul,k\{,eVJJ2U4zhƋǧzU&=VԗO.Ƈ0C;; >~!ӆUۛ )P!MN֕PRrf,"Er+hk0oW|U$@JfO絵u얭<RNnr@m2\n.'Q6]r575w\n{L̪{q؂B>D$qE_GU*5iKfq۵ʒ{[BxnX!t1?MN%<; lF8V\YL ^P5oHA4] iPy)^pɏ J7\(;M,'ysx`* P2 ڦ:·{QS nhnt)to}*' @j߅&at}=Nc̅{~,dsU'Y9jmZ c.8|]-our7p"ʾ 7$LזX:C6vcg|'#|Ic\8D4Ĭnԏ>8@ԝrԝiAhJǎ15{4קg?FyQp]_4`n@kMs+&A"!Ry8p Td:U]Aj?Lː jr)j0^w>$xկa}iUA{dc"O0\M(~8[ulS1@orYSҴmS/_yeܷFb\Ɲh;0d٥fv{LaJ[QeU|9&=!5a.0C_˩\^@kVMW'C3$VN!H6/rpT"p|IvҖFݢ%P+S- cN=hrί9d2z2mfASГZ?'=821Ւ)[hmb{2k`7Yrқl v΂:>7BL'VHE>R~J,n>8OE" gp%3H`9As3łr- \ 8d͂@WjɅvXfY~pE1\ /9?AixMVyLǔe)(M#kl)j(GK Yrxہ`m])FjI ! P/zi00\Y |+.)"|U9iycw6XJ)aVf b1;hC~WV$뎜 NuZS<ڊcg0aE2ЂZ ,İ?'RkY)t[)zni,(?XQ~Wa`}kD,#gb+'ȔaL$Sj2WKѲEj.D ~ěMu|;L 5A$H~fDJ!uI-< (&Bщ݅8anXsq/ c?p V D~893'k5HzՍ]w°+UzְI[by9,}1)r3 i!Z:m\"璞LU|XZ.MDa#҈wxZ.As?&ZodG^ {mRש3UB{vc[F(]ICO[C?]T-[jo/#%.-@P0 ,r'\w3P(} XKy#ЋvKl`J`o|h]{ dG =ڼhBlU"jXQ=0dO Rl2W87N2 ^!\/+d.q(Ktq1"2YzNeÐ'.0 h}ú`PȩQyv9Ho&?D'!nUy.oQ%TGGIU ׁOeT4U-nO4y`8m.c)tl{4/>sײ#'U\bJ. :`YVxYGʉTP)Y Y7ÎcF|JK DEYm2 7\_ܬ~G]- wPV5 !'?վr[yl"qȠcwyEߥ\nO۷;F˔"RAHj (1lN ^DG{pwxe: :[GXTɮl7syP^V^ ]O3V8`aOH=b\BXݧ-/7Sp %@3lM aUzq(wן$M`H>=wp]'*@U?C7Z_ys4As:),*S[qgĒ$7~ag#Zl7]Fo 1'em wh503qњJak`g ]Fٔkna337O"KVlrL+=D#,c e:(t/0Gan[bS_cYeS/~,= "VD "^pMQa@8l X*:S\c<Ȏ H9f?fcڙHJ}44 6?Z2,/=׎*,mQ?oK&e& +L*<6)%բR{9֙-X Ǿ@`׋FT+tVEt|p m N._'8 > 8a6ESf|v4Wx7B`Xu;WKG̒v`VKiذ4a ](`B6z x0?ab&%=Md94`_k;阝;lYnݯ+~Ӟ*dlȂ_dsx>вUA}c)E,1Yzz'y{nôSI9B`+Gki7+m`fubP:g?tFZJO/Y\jrVb)-vM*IwʫF8X݋,En[}/l'Ic&txTݕ5cd]eIa٢K#xށ֒םκ?ݪdT9y "aje3$/VY+†( PT a!팕죋߯4VxnN0m. s^-(0Qɴ`'1 S*qxggIbdȷ)Dd"rS\ڥa[ߠ ܭ2af@yA$]dxc07V4@>iŅ.}3nm^g5L!~Jg.Xn?6BѨo(NI;~@'ۀBfZ^BADj?#ڑmAyZ"lĂ,s+͂庆?usKhWN6Ϟʑ ĝ5Xoޅ4 zP~좘ĹH8IJx2AJd}ʕAY]N}Zz2*AS!ނ+ۭH 'kRRo5u{ĒܹM+!5h3h:e6.ɥZPTqq_wf<;/wdM;o/ϥM㬇*ƼSNKU8E" ̯D vzMz _wZU%M/uOo(.qĖk)Ejuyzr'6Ǵ'gE=c1zsNKN{[ˮ']piS0r&t" Z j{XbAl,q.FT:Fם .$<0،v;Q!X2r{|b᳢ |< RqCp=3bv?< ˣ_%S 26;?ʺeY4) nFMcXWй2Wm$]X^3J-rBw5 CMP.Ղ쉏nk- |}3@F5V"ږ7U%-meBpw~|}Vˢ5q0~.J_}؄a5avhM8&_dLkq]0<ܽaHIM'lG g86jZ>$ ;/}a˘Y3k-\E v>ɒȡLfށ»i^U`;qL]fkm:}GM|YTΥ%Q(gL+^Et0+lŞS:%A+uLÌP'VG} e![xEUhjHT.P^|8݆bj@u$'Yk2U_;wm<4MJ, 3#Tz+txQ|U>yl.{؆~-T+͍P݌zeyxWj0YG‹ {CL}cͬM@%'?FjB-#͸ҳ"(0ۺ۳i3gd^ I%9cn-MXϫ@|'g Vd,!@ɺ2jG՝1[p>Da pu;Zr.3BV ߦ.rDE&gPމmHni#J覔V yr%'6TLh4AI-VOǓǺ`QP5j9ǚUݿ.rd>>Y2\ݥCƷM?AH[l@v#|UIϭ4V{cNu$6~Q$\#8(}6=zNKƾ6g.Jעb@FjPO'YVY&ezF֤$斣,K&6+X@qN&J8Avr60B.4wW.X[rTv/['Kfe tD߳C 1eW4xᑤer~(^Q*ܯMjyq el,U%/R1iPr&-3-,-/ ,3ȠGk΄1b!*꿢q_2V3[&[>sȘ)yF}[jo:bƽO?n6mnUFNVeSVhDMOڐ.BDTVSz2?P.\ Zs52abwNIOw:evU%D4@`'[!07y} sP^HB_we_kԧ`eݢ޷<ԑt̀x:=`,SnZxY9nCzr {.Qhy1;J=ՖjO<)}{XL]3}w5vq /Ύf(C{( t”5k;FVc`cOqW\/jӣ2/jMVꠠ~u^֙.}a7nF$Ea)V6K.ݩ,f$eN;z=ʾ fZ)7]Y zѽgE~r*($ v. fxjB?̣~#gƘ3r8_iEnO`1`TN'lɇy/3Pї+ rn[PSRZaJ8q d`̡Nb^)/_r0Jmo&$&mRܙ_e|Ew/7[fYjWjdQG,FIm 41"m՜';9)t?e{|ם Z.)dej[ߩq;{^ ّ|{g%M@#>4t&M_Fxg֊ B5́ &BdF--+Kp \U^ML)Ӽ \E{Cvp {KO*PP\}t&T߉BRC2DZ5V#ʢ¾(B0uU/.7sfg.b3cRXS"$X`wcPsnV7Qu4ҝ8;1Zu"3gxLxfTx!Cqep2Hc/q-I`Euu]ҩ fс'#Ӓm"{Mxa׶N 2C_-N#Hp[RJuB!tQWJYLBKOG RЮJ(3QscӲOBnⲹ3 VtI \Qo0ll,.'t?sw,w鱃Ei+&Yn¡Q #K TKX&+@[Xpիku<o fBnd`DMѣ-;on&MrO}JgSJ78x-T33_o4fK2o>`mE.>< :,:\ݭhގfJt L6O`NGNJwUJ_$~Dg-^Tօ'+4rqCoM&.pmC>_e7d4hgz:Z1&2gqK%Yώ4 ,x\3W \ݭ3*MB\V(^l3DN ] H3y#;ͽĥjw,(apܨy(+ +dX'z}ꔢ^pebe_+ ._{3n^%ưik E= Y \Arz]WSY}b{ 屉VT^z)$%Yc }l,1W~7?*g-JSaM/6Pif&!V\Vbmɞb󬔑wg%Qº/hhr0+}|'FͪQӈt(,SENx[4 39c!R(ZryYO ?=f\rT\L'ڞLKAsc, 7Hp]y) ]Nn۠BY`eS"`;Fd ~ΑlD>c Z_qhT|?$7Q=z~|zɉ>ঊɲXgwm܄Ā_4IcX? odΎ˳jƽ01viVak;[8U}Y ^޶c\c$gMZwL I(tk; Cz*kNj҆N1Ḟ)`"ňBSUǡIq1!%ܕq6tcl'4g]|Iv+"<Mux )0Nӯ$+~E$|v,XŽ8[A]NIܿǧץ3/M|Mq=zSL V:ǽ厒 'EHk3H2 e3x'`XZkxC[y8U[$vl$^]2؀zWr.Ji-B;M:c\#IŒ.DJcI<3]- | 7w hPp5V kC '~!@mm6t=vU,PbAN :eڨ6Ud.D>o\(UOt)fۮOJaq$/d/zeM"뻤&bL$<}SWO0Ra\7hd]u]ݍ -V1( !LƸ Wg+Ye"z *>W2NƸyaNB)Ğr;={_gs55~L_dxӡ`a]i{i2IDhw\60Dpax#Fqˊ+T 9 iqT}z7w{S O_K>tM&/iskkF^sޢ80<)p=Z_ErWQlS1|B Tȩ4O&f sx}e% \O?0̵wsmGh/)?N05D2  =C|'ﺦ+RB8R圏fpNLe`ܼ>BVL`}EaEt뼳+{NP]x e!;uqv=8ix gaSv!wUJFWq/$RRJ\. ^R #t{taH}yv[=#b93%fjь< Q8$f}d b)I H Stnz B~R&nK%|aS-jhOiC:Dl/tysR827EԭK ϐ3{sq~ dYCt3ݖ? [e. Sv՝%l<$o:ΰI uDx}?eɏ¬K C[^m}'hq/`1)XQOE"*-4vt༙ _D_O򢹤3xj2prKI{~y[вKh{", bpY}>.3K 23bޅkٿ~ǡuAg GßK 5Eի[$)M I;*FJl-{Ao_2Ax'ci5Pb-^#2[ռf%e_UI{e*Y&H6:C;tRG?t%v. //eԧMP}Ql>kc  סLUK670 aCQ 1\.rށ:G?3 T˼:`>a3d8OCJSo3Ļ3F8ha; hG^}2{!?RuA+ZáuG/4.B,^ T= < kj K7P45n̏",n ݈rc;@TZW:3ffS%cR;-rurUnVvb+fKTVS2}+O]tQ{A. &RޔMA}J#awp{AśHky&?- u׻M-UZO\`׋,QRk5Cdw G;RZgAOH#2َɫuKX=^MNMF((kn5y '+ O B~f\K{t l3LMbSG<{Wu-J߱iTFd@T@Ld'qW)Kf693c@X,On'Ћdp'?tB^5 I @ JPnq??ny/iT/?`Bq5!I1ammeðÉyN]Bѝ18=u;˪MAN$`"+ g8GÈȂc$]wKĢ|w -h -!붹 z6ϻ 2maLs)Cu3?7q] m*_[LjN@ Yu2=;Uf^\LaH{=7B4Й/Η}CMS bA (y/HbCή˕ڞ8 V7ƖRŎo M0̒w$4)A_hq!P6ڰaۣaF%iLQ>JxePt;{q,l

NJ)#w!j\scHZ,Lk;9g =KaZjx ٖWk5.xQh.AjajA   %vsOg'$}.8 xXaE􌯤0(8…"Sb/[fcZp+A$pVϣ D?#پ;etyoX켱Q%KTfʧ-P{*,sG@صkw8(3^x`(/!2;{`ktT:fJ K 5q 7&A,}XM)%]!af?:LjdZZOwlzU!Kmq}(n%GΤ~Yg i66mm&%l~2._0ԟ_ʥdq.xJ6'ɛqB.O'K5Sיj5C]M;AI5K XIf6 J7zRћϡ2نVͯw;heO9Ӥ> YF%/<[jà5l9ŭo?JՄuh^ nSH8BL_իT*MIF}S+jl8e~v yO<8p~L2k 'g\5rC `8}enl"]JLhz,͜OAEaٸv&յ n yHV?PCo A煘,DZYcdK~,:2}*¸$M"iq{aG4==?'I& SpRE10ȌƐpw w3*8at0X҇='% sAD=a`j#Z[_gA 09~"b #2/aM؝573=}!YJ !? ՁVGwV?IIoqz%nPF'B0E`-|KTT\QT+^=Pck6f R>/(҈;)܃ apQʲϏ2Y1[]\!,1L뗨r|6-BsC?XHQ.7~#oF>؆7i 7 8!=nt5('uxЯ)@_ ^P@%^/΍b$X"?p`B*Io:[OR 7lxXEV*ۼ*]}#—R%ҪZ80- /^ e2`΂OOg5z%]< ZBHE&%$$WMz9xʱ*2?cФ͋ӯ%[X w=JRcjl&zOMeS4ј=F5:#FÛK7?M/rQ`jz.LLKa̭|_ƹFX@ph:!۰"MJUY 7d*.kf宴{ ݎ7+57q@sRR2}P|bkrMAU~}ԁI<2@Qvn__w:A-L37Ry3t8BND:4$YK9y/o: 퇙ƵzurZvEzMrńKPu}g_d(Y Q*:8xբaV|Z mji V?hy#9~ȥa^{zV*ݨ)[ mGӘՁۇ&Wu:2WeALR7:+QhRxo7 A4|  BFr轱HLA#9IO9؊fC1P$l7Mq@z@&D8 8ڞ5{K_wz%c WS~jZ"@>$JZ>>Nvjkt tW,xDČ*3S@o\[UۘJ(_݂{ەr4r ; 'Z-_cR F\ }TJ,Њ$#66BEPL6YX%oq~}˺T۳8"x&Xg.N`{ ;!1u\ٟu.&Ȟ1~i˦iP]WDݱ\Gۭqr"`O޶rr]Q(-K͖ OQ yA LjN/,;yȷ^&[E*On0zrShTg[V)RUD?wn UG4/&7|dx]6%H /Ƴ- BhZpwꔶ鉽'¯m ׿Y8"~ LvQv:gi[ócvLс$OtWlf.hjKZڭ\8eP'XJ$ه'X ŴPx#4ẍ!5jer\g \UpiqBAlGW+"y?ZO{x~5L2U^}>MK:f䓘'[N{6bo$3*/5 Hٲ_3AVʟ;wD[5m8ZqB|N sԆdXIA>pH pta5O2f"Vc| .*NMG?O]|(IRSAȹ;82`J+cS;/6NT>` ;`G!M;/ FҌ#ӵnt`hTخ`i0nZ5% ;Y{h4 &EMIQ ;r2z?;h4 B+s((r0S g*k`HFV F^OAl[pՇaq5RCxe"KtuxE aJќf<7NjQUfB aSa2ʝ%7|vD^ D5=٫(O8z G9%?ªA?,m" ݔ zvRa$LGqVEq9aɛ'o;A*"-R `d%ATǺە9*a mX=E&ΞW9Z(?5)XxRc(bϠHqCoFGm_3w_aS=$'OA!ݲ;FA[`&ٰz5~:aVEKFLU\*ߠd5 _˩A@T>[ zh_rsE>=,72W LB>G$h h@q!O4}X͒6"qr\{k6,=41Dv AMRo1 ~N\b_:š/\|CH'X<ٔ[VI]uxܒ'`>6aXR:zmr.[ ?#R*S.:띤RL;{~(>c4 2?e<3/ .ʹ.E?vӈ]Z._ڞ(}]2?`r%6Ζ::)13D0p{`0w+ZUFFrS' _9&Rke"Wd+Gg_dEyZ+*&Lx5k0k;gCO%Gr,|)ϩoɮtMk^95}CW6Jo+;n\ qQY'.MÑ|.m !OICrZb}OꙑYf,Tvf I{7%_:\c6r2$2 Hs>]L7/]D 2ar~퇸g痶@9ӎ[(z6|M ^C^ݼuz|1tM,8lO>ݖ߲.ԞX䲔`Kk2sqv(4}ҒS`#2&*=n-+ fskbpusU2Z>N.lذ' M>/M2+_ )7Qs3&?mv X2Ysxbol/"eR,Y2W.ͽ XVW(9IfxA&ZH4 lNv%.rsijj'M_?WVR6_[a;ծ&R{q&5!)bSBƑR~%uVg~-3sAaq8Wu- :_>n0Y0C~A[.@ճemЃ~͝Wx\;}ZkgAqX$ь` kx ="b9AOsO~tWKbfVR67/FvV C)kI1V(nZC9vXH(@iq&(̖SuÓj3g}(⨊[q=_:r*IwLQDS݁_Y xYErcgf;jzvdpr$ b,a]|  ŽVSi]69=ĕZq5H,VP0K$3ƍL]c8T>e9\12֔LkwwNyX}[]ObҞ˜`7˒v1K^:\m(R:dԅш`m-%ʝs;ՙLIJ ]L}3' vOҳ "z` q‚n!F-Mg7oH+8]sZgcz0 C_/{ ɕSQ#H!{޻$q0r1hD;s1y;GL5?l?rnN#BjV8VD@k#\0hHD,X2S}e29n&@ud5ghq!E᠓LGa/54r#|6`#MCkX+{ofFse*>UǗW=8tYb03T.a%A2c@.n ӥ8Wgd^d ,mոu$(/0*J}bהRlv1bL0WR#i~ VJMwG)˃'9=U+9qifOu,j-Clh\(7`WIiAR:kuQܿRo1vw<(mCgu~3DgF{w<lk1Ae4ca$017y gɞ(Zd+M a/ϣ}@(s,Hzl;ޟaۚvA;`V/*~y[jڳ=GẽMi MÚv:.U7 !,j2߂vyfR SvaPf8kUNtvZ o +۶Jՙ?l^_ }? nY2ѓZ 1.zW. dOp̣0@N~6ZoMr7;;YzZ^s w=r’JM7 !-kUMxK.K[C*}*!4!UGY X5aR$j .=ΟNlz3bs˭~vAR3+#xAlAp# 7G&gΆ.(RimOU.~% tuV9V@gZ]fG1xئD4}Hr`!z*\ cvu)UC`n#jӁ$Q| [L Xóm .qU:G';fiO7%pmPlG3hCǕ}M1ZwR`4nBt}Tj3絭E"`Um6 suF ѥf7KbYf_KUDbfn+8řN ;VPLLl7ރKb 6ϫa{b-a".OhحɷH{2WH؁KUtм'B__ċiT^~LwaW-Ԭ^~G9!: I**a.+gD@18Hx J2VA4KhJw5;H)SmZ!y~1k߹/ه;PDYӦ0ݾ@i_~)V)ounul9}rj]b)Uh"^i! #;gBjulZrLCʴYfAJSG bǍZ \I'Z(=vDY>TmR}^wV=CkЄYukc * G[˂s\y [%5seeus0}Vψ>R=DF#iVL0֭Fc %Hט/OQY^h`5]OB~4~y+l" hm|*;Ͱ*yv_Mm5R M B=/EZid r*J+p9 S@k:omgPNH`3j Y C b#e?sxygϭ UI"Z#|PfYv Jl3=®S~ݡ' ~ @1S1&gg=pj1^u:Bmbs# w.}X@12n2*mϙ~lq,fh:]+9WşBO=g; nM nghnun._;-XsfyjAOQOV՗,/$QOZ{]Ar4F30O.ꃲ 8 gF]=k:d>jKܕZ`8 6-)_ط* x'#iR1\kgMu&#ߜ!8nF/Vc4?_D >`\e<ًh; 5=5ЁyҤҒt/cKU/ZG<D-ql-ϜoTLZkSAQyyq\N alUjQ zZ ns/,] o،TaUHI16H ߿yC[Ttwѓ)]FSл_@HC^TE$Vi V2' YZ