sssd-dbus-1.14.0-43.el7_3.14$>M݆AЦu>8X?Hd   ? *>\bl    G Pl(55 R5( 8 9:bGyHy$Iy@XyHYyT\y|]y^z"bzd{e{f{l{t{u{v{w}x}y}VDCsssd-dbus1.14.043.el7_3.14The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.X%c1bm.rdu2.centos.orgCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64M>M2@MMzMx@Mj - 1.14.0-43.14Jakub Hrozek - 1.14.0-43.13Jakub Hrozek - 1.14.0-43.12Jakub Hrozek - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1422183 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user.- Resolves: rhbz#1418943 - If a long-running task (e.g. enumeration) blocks the sssd_be process, sssd_be can deadlock - Also Require a new-enough version of selinux-policy so that setpgid() by sssd is allowed- Resolves: rhbz#1405584 - SSH: default_domain_suffix is not being used for users' authorized keys- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)1.14.0-43.el7_3.141.14.0-43.el7_3.14org.freedesktop.sssd.infopipe.conflibsss_config.sosssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.14.0COPYINGsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib64/sssd//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/doc//usr/share/doc/sssd-dbus-1.14.0//usr/share/man/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=749b96bfcda6f01d3af177367c73637905712219, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=76a0e57fefb9fffc58488cc4b0c0cb15e3bca565, strippedASCII textdirectorytroff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)((.PRRR*RRRR&RRR RRRRRRRRR+R R!R$R RRRRRRRR"R-R)R R%R'R RR2R,R(RRR.RRRR R*RR&R$R%R"R!R#RRRR RRRRRRRRR+R R RRRRRRRR-R)R R'R RR2?7zXZ !PH6]"k%{f}{&-򝍥2K0ΤpϲdYNCk Qmy.~) Ud(R`^]T$`fl(w7k 8NELvnIO"9ZAf9A`l<'rĉC"6kT`F0pt_QuW󊾵HЙCe+,CKի33ZR-{a]ՎzyBL(;TCLEF9ƤvI]Av*=BWRpٚ4{Dn MYcrs(I_1,ی$r-~ ci\\OVz ^M6seo5'@i 舊0aQR x59e׌t<x3ׁSMT┕_CʹClZEpQ6EϯNs3Ԏ=*rMRCIX&-lJˇfmhJIl̓m\ =U4\jT5g݈R_({xyD*,j.TTeS 3%$w:sxxT0EcN33Z\X~LHW~.K-2E 'cn*_1h=K;""f #Dk'2AsY]ó q'(${#Ngo*ED{R4* ]ULi C*u0cכO iL ߹oT|tl @yFW\<%R5nl犇 -Y,S*ߢly#"^,r_Iv#I/=GnfOx# "ۓ1#kXw:7X חB pGϨY9Ɵc;G|5܅E8h#\6K0xM"[4[_I%t|c޶Nal1"ŵBG.dѾ> D}r$2C%4lmm#7~gk-Hr֐z4|X|Θ5˟LJhcᖁj+W'&)8)<6Skƣ@;Q5gIԂQ)okPϋYy nquTR﷥ĄP*fT$fPZxu-;+@KY̎[?;5">k)ѓ0yٛwrdEDov{FLS<,-!{TD{W }*yKvY 4΍ FX%9*6'38nOn^:ҷ}J2Ra|glY2vgV~ZE-3s 1fY'?a 6X)W~H*s|>%Q0bф1η1jrBg#zOBj@7oūJC\2G)]mgKA/jh]Kzd9f$H3s'@ k^>^ݖ</¡sDDb|C(xus]sJ=^ۙaX;t=O~IᒡQ)Z*ڽnM) * d|K %Q&O.L3@Xѕ@^GkEbQjѻm`s )*cGTHp+m{.SNte9ԧ 6-ToJO{􅞋Ň ulAq&.%iQ,r\Ă\aϲ #usDe}C8F(B1p7fGM_MShh\7$5MQ])1JJ~gr?XI\ J釩R `b7z@aκ佬Rq{wťTB25JjЛ3U쟋cS9O@(<f~Kܡs  ^</h$jM׌BYXQ=QˮNBCDRܛ4pP)<%oVBYxVv:mc(PiSTBnoֶd&J>[;Sʈt]_QqW.->ob=?K٪V,&WA-9|kƔ9O)\.wÁ_Pj6u7~^2 4N_b:lެn S=[ ak ?/S@eLQaj ];9I*I%f7Q͐Z)_gWs,AIɃV2co]Zr(U@1y VZu_ ')ڂ P+qs*߈Dngm4 I8Nyt uoÉ1;WX~6\;oԂn2m%|ϔS{|혽<𾪊/vCdAΰ1t L=#0VHF;CK{!!{]#_s3/KGM > !oE#b*/<$>+)c}4QFVuc |X| fajBZ3@PtghG}YXi|S?iT5-Vh(cw->2sWEՍV7 iwUT~A `%,s3̷:݇Â68hױE7΄<͆wK 6HaYchh( X"T+ɄKHؕW=Rp0Neh䦁}@ދpk@/cBnp3u78/+,*5,|c~896urB\S@ָ¯ݥ0k@yeƜr ܆n*?K{*<3'[w"6u3hf:b1z`ĬGCu=/ v{Ki˂?pCNJ;XZu]l8@g%d~!]ٶB>t MOymͩ􏌟:f~˔hg+ҧ_V:ȅ";F Tp-M4j' 磱,Tfp2WT|Ī]M}~>ROz.4l䩅Sڔ@@}SЇ[K) =d1%R66uB!|[Ujh@#ofF?@Sse ޙZqnϞ(skLD|:D;O\ H!ELJ(:NtXǒ#_]sVD7C rba|LӞQN[8޻+dD+W_j] HkRJQ!@+4{~p—_s, Ib}fͼĎMvZ@1ċ޾3fT6Xj=׻yjF&r5QWAG}mCc{ۇsTY $ؓ}D6 5Y2c|N؍_?!{֬srq; fd}zuiMs+ٛeG=0 cJbg_0ݴ73 4Bl0=*c΁GOP" Gj{h~]X  ۨ88-9}NTʙHp0aǭEl|&2_]($D'/$R#͐M_&](+L~^` Z8~:m L"|( " / tpHPnЍ"X}I/SgxW/Z"cDs`l>HD*6^8vUjt,+AJ/1`D@/gV&$ubnR%li!Qz-ӣneLVz6 :>§U*ZR -bja&R7gZxpxplP}$|]r  9OɈ8{Gs!2ҏ6cF i2[٤C;RN[xx9<.l2 DOHlH36PY;qTMJy$cL~,1p$Xx|0Ƀ{? I@DW`fA"xj mZkhjAנ9ljR! Fၳ'%>6u$lW֒vfӣ eA|j*VO `$[p>@_*Tu%YMQLvՒQxl-f;柨(IDMq%pJ8Vq)0m;_`u a;$!&P4b" :%E}¢Y{6 m=[$t am0v1NdQ$=(~o] JPu -q9.I% VO![%Bm#.вC綾@wv^xB*$)a" 5}>S2k y1]\}ķ0Ђh123OE=h 5qt}ք piuY '?ɳ=%a'OeHS#N助5L߱q;].Rj2420PvL2vՋԦޜ1~`h!=85T;&/uU;K: [pUۼ%tZif/7^Ȧu$4pEi{eMqgavu9߃XD}0 ohB&d8ɛ$gg)6ϙʃӅF>_*{>;:ן}T߿.`yd2L{턄86'z5FI[u>0NB ^A@4 wD<^$HGL;dlNv=&h/Ov?6{\RxbIRXC3Gf.Q1`|0: Ev4z(hH͉qaiNjjq=8v> M[A݅Psuiˠ ^mK!c*&B2'#|RۺGb @D'.\)r˿#6M_QOD$ &ک{? HGK"SزawqډVU",❾{ Og(J[ALFr3 a C NwAKNvT{MgD a}gjɁ leNsf!<Cn': Ԡ<34datL_<Ӕ.m=z9Q}(SA9 2G@@ eSwƚчǍ_G ~lO 4iwo_>9̹Nไvq (G:=!}]\}0zLB DOT lư CḼx zI5.v7r۳w/lEʄd UEevkP&Vz$ >Zyw0-lg^րԿ]3C?vTq XgXd>~!瀳8eJ@ O/fS\#-=B"WH`-dyX$7纜 XT^"m5mx7M2`K~c4ZVw8h}꾣 !Y1AR;c5Xvn(c)if^Tg8_eӻ%zKyuǛrĮH/Dtl5ޔtufǏٰ| :RLO D4@&ќ6а"9N/rjF:: xJӵj+R):C=53Z}zJ:u[ۘiyqίm߿έeɯ S ‚!0uH&lJZHf F ۆ9t2 RCdE0ѐn 'l 4v 8XNhik C6l6Wkm $bUG}$,Z#"e}jJ xSh^TVA1]AY5&*eu=V$wa8@1l}dVWRLmV[P|R^*3]5Eu~& X@f_~2`V =*~'BN"ҝ`2( `|dF2;z5dz Qkq*u~U n7܃]"l4Mv'*1=eVvC`4KH+1W0SV8MPWʇ A~ӛa9df>K'zuBL sIs8 J)y vt] \_#ϸS_r>^Փ `kt`U d!kjl 70s,PbތGȀ ڑ{4vb// n66D lᆍ/pE\?:eȜj G9E6X+VZy]_D;xG}pg (hm)ZQ(-DH_RB#}<)݊9G7k :'w!gT^e~"[ ˿n"U{Jm7<5VO>ʉ}bОjyT|mL yGel4qJpYmB8R33Çxoc|mCTD #))Q蹦@%ʀN^w%Lg]ӱd=޻ L=́MQq)x\/anb4 AېC@o0pL ~R![Ѷ8Ft EB d5I]lTe.V BƁGe#y[mO/QC>dv6Jp}1\lB'r;S5b +IIߢ^(7φ_歚LtatESE_3"g~%d!IΙ`KNWDl&o_*|| 1`nSܒ {51Su 3-"^s /dͥ[BG;#+QɄ:c`nLДEW71„2ijnqXHZ|IJ."= I0.m9b- j=mx\(02qpH_|NѰWTB2D֬?RZ\?r} kAFK?n5ZX W 8o6a10xJU=q&L[Q v{ !$';G\CGVM/IF KzŲ[hppef]cѺ|(1GR_'PT%AZe'Ak4Ge}?h3:(6&Y&^Igқ kz.@/1满l@7LߛO}Ck}Ѽ%o͖qܦM!\L!_܀MISOύcdXߡ%RХrx`&E%\P٫dPr-wXT!Hqu*(7KE@jn3qD]~z|dK.Ҭ_عr|\ޡ)ƕqRWUjAo|e_@]_*[d3i&f}IƙϷ |³jBCY 8?@(>C-^Bb'I'I{"P=+fh/h+c -qx=8#ؾNouZO /T F&:Yф,vlZ"HS\Cof+:l.ɌÜɿ@L|>vvhS]P^iD w ~h ?Ie:Y{0B|sf|N`@ʇD;E>j^sNR~p?j}'P`Tc@,f.6 š2eFW^;)icQFGt&KeCJ֏? թ*xi4Kwܙ2 %Ѐ:Õ|vۘN_{`)qccHIq ®cS 37;NKoA.лFf˳rS>XCaz=}dY~O>r[n?WW޺,޺+aB]ผYCً 'X/KHqWRaS6>3hXqHe4@)ӳ1W&6Xx_ɘhS—~e% K|x($`ms_pAq7 |XHN5T~gEs\ KӔ/ QX0GokXFG8xUэ'ʈ.tM[О&'])X9ḐXޡH"5L5wp_"L6ž Tl=0XR3pA>p8$S}ۑ\p"-˟|Fq6"pA紮Ѐ49FBl ,l' o 䦚QtSckР 4q骮nϏfQ]1A \%B./Iˇs~?Q#w[u#۠lr6c`XjQç[uA6HPNƙ7 }5 &QJ]Ns׈7h%l"Q F9rG^1f[Dbi/f..Ίr8/P3"dB]CØ&P[!Js`d}Ojhz31j<3a,p ֨?"z4Àbkl^'|̅nLGϰ4'ZuϕJ0 = l&ڽ3+57\D\]uUo~O%( Z)JA5!3n;<&i܍aKRrń)n^KWm=:ʵxH8 ݭr`&B~,ʗ 3Ǹ%ڽGG5`Fw~߮w{d|t.0O՟t## Ud 9?t մ7UvyWDݹX eLS=Txr[Ie+yAJFoF& 3-7q)%.Ҥ~&E_O5q %l/r PJ<2LI: U-@x >d훷 FG@|1s)Cx]5&pєGgMzPaǽ$ .;E 2e D™Ӎ!ѽitΑ<~=gns %6RZ_)Ώw8}"% ~>[s_' +  9LӬK 5WR)ǡ-]hru@󰨋U)imRrdބFIsa0֣qEdld({ӋZl"qMa{$6'J>bὶ(pSxopD,klԇno_Z }`IhMVx6/aZ+x k*+FꥣRba-99OZ~'u<)DvKL*(agi/y|et*ƳQIyWv 4;hJDҹbs-K 8Q qdzΣ^Vufn_˶;1jpm8S ^[,r$v̌neT%ۆHg%AOuDNrX>a|&-f\Xx VKjv%I%.Z.~o_v!OGnYiՠ(,3 >](9k"g Q&Hʱ{}E_f0k3SRoN4@UJm4 b7mdKEKn4Qs7;H| JH_s%W#oi7#5CselZZ_,Z7@0hȲj~.:FX&fP/?2ZjUL| *Q0X'i~~n! ~{+/Jlj~Xu,sH#A8$|RY8DMbl|POs?FoKĹbe])/Z;"(b ZuX§>d8Ox|$ XMu.Dy` zf-LMLl9WәRN=ub">)Ej(-sZF  gl(ѫdQd<3 :ە-P2ל]#%!z>S*ǀE;]fߕ,1c/I#eӨh 7e F}?E}p 7 ÅqY,U#XW)h9"L,_\@%GgW@$cX ,s`M70%br| f)i\_;V+dE'98ڪi!GihE Ul;BŹ_C{_ d^\zmاk * Z)Hꤻ$mc3e4 )DBBj$"@\T绘}9i+4eD:-M9_''@f1I|z3ey{h' G¾˳o*׍d/l'0bļ!7j `čn~).T@Fq#2E[emlhw?*"B.(_}p.ۚQQWA)KV]q+1-@Lς˳yys:#2I ^-q-4h E*D- 5›3pG9ϨV>N$^$o˶c)s /q}*ٝ)>Tʞ\t@J_4S*e0}<Y}2_g=bt|=<%.>T3zJ6ݥiB1ZI˚O>{]42(@rJB̊F΋R : Å-\M=c>ncL=$,OM!:4.QSo{aLi }bsOBwJ$+.ϛ2MV"Kc{$)gGO1(7?RQY@9??lU|\U9RMg!u3}73RIshp)s8(p um ZPb_DœՔ 0b-f*zbA$ (wB) u5?L ï~# Q+d3B y5u4'`VqKV<~N_$@i;~J_h'7x]!r6\ :טg0.A V]{u4Xz"U=$rA/ѷ`l $ađ]50a{HVIogZ281u 9Ŋ OvO@X\g)"˞pl,/U+rUلg(rV/d6j97~2]2ҒAtfNR޶"oiuhҙN7M\k _hFa&FH+5FF`kfK &;aRMin }7ܖ? J%)ฎZOń1:み7d˕*}rvISяFtUxKL]hU8Cv![zIFP_,>Ej숏{-QO^2uXJHr Nfԩ Hж}vH#.z#BY'{#JaZ^_5IkS "@U$ s^*+  E(Kc9riW<@Ù%O%;K%ooRY9s -P?wGEt$]Փj! m/qkr c%-l醔"Z#:J3&Vo?ۜWAGUdm)92sri,y |ղY4k ebZ+:"=t˖F] . @V+#%VANSUi >) OD 7e|Z/q#r$rb2)\iMGO}tќK{hl qYTA[`jzSTD.Me/ b>w "_ B얰׶p~Z-!?{LGua-ǐ;hGi` qL y)fv˅Jc, VczdؽU:>b BeJ #[G>IrR⡧" cER\{LJ3v^uk3wjm]%e^*X意ךٻYW+N$!qsdJ(R Tf!zÿQ##w@C@5mg`?Sۤ?+PpquoV_e&e =.CB(0e1o!R~Մ2QUIdP,4Є狲Y'S"E!ÎoO/3 % ?ԺW\ALBӗӰ67+[M:!1ßMfA2Mb"m[2wd9伉[XL7M/!+*j;P{̩LnFT3~cL!B25tbJi2 f3I M=ũߙkћ*I1͞ƀφ?9bPDAtnrY^X$O!r[=J"ko9JaHJ[n^RHԷmJÊ|_!GݓhA\ƃogĎmd]*Ɗ2kdWGǾmOIM^vU-R(GHkQS%N*!QPI=5zߊܹLxXu:EyTolsb0GK#^'^w_ .;܅4ȡ/8HWd*`l쨥HqNT;#U"/7$XSv.hCELzu2X; ȧ0ꆳ/T^ 16%'tpo&iK>K$k(yE.Mt/r;E\ؕqiG>[૰p6Y ի>-r| َ?ؼ84π(-:H_$M^W"R3QWe-!EA7V6kAo\@?̅Ge,Ս2x2hT*%G1zgErԌ@֖O7O6uNzѰf4H=ۿd2tXy۳7WDxި'Ɖ-sٙ[%BԳ E_58 pXH*NpN/넿ᢆ3dF M,wC\Εx;B6.\D+UR&r3G$i34y"Z?.:U^J^c<9,SF93 њxnP^['$IHm 1>Q$#d?&c{ChbdYLw匲e'&f;#6D!>B*?No Je e0 H53>jApԆkMLGb Ew! kNՌ 2- +"܌&h7.P8:Om! KsBXȈ)Jl|ou@_FD2OrM3#zєl|G?f:]aLrRXOkzkM4I6@OoSssVf[Iew3^@)|!3 +.I۫\xS䱘fo$:j 0C_FnfiHi@N%Bw}jgވOhfIbXu;uVQ>23HrHL~C%S (.+@=|f LiQe\#Ud5qQޮΌ7gB3 +AO# X]U(96}/Hpk]@CDyԆ]ߖvQfA/Cue]F *)Fe ԋHxPV%d=R#LO6YX =vcP.űf%YdU~pTw+mYCw%N $|?~#ʠLepwqpf 7A0vnaB?-?!K gD\lb)oc:D^pLv;|?ҳH/%R]lY,M{ Aȏ(ӡkW#(w6bJuoyYYϙZ 9Q;ik'wh@%}%z5 NmnCAл2_^1*KZs|z _6~h ptGQ3^vM"% Cp hW@(ս%%~!㾘. E{WD8!m.?6w30 /qE"$ LE>jl+S),%:4z nyޗܢr:$rʙydy֨O4m(de/yTgiudz$X혭uU횭21$\V5~(Fnu|_YIfF+`a5No[A!YJkv7%?Xv֯PA=e3Kqxu|{Dbd&R '2x!Kzsq1SBo\Rl=nj0,_ٗiLfI,;]{/D| rRY,@i= |u_vS;QLZ'ٚ#o+e>/Aؠ=>\*C^k|H0QN}iusOWEҢȒOL}hk{LowNRi~hL]Z>x1sO\[fn8RYIM[P7m4˭&N|5!) aQ kǚL=[2c ls'j#jW'Ikj{x1;(zuK~6&fo.[ . 4MW2t͈7ȣd_ hq5h!8K~:xٹ F9\)?vH:{ T3TG0jw7I*hiϓ|6 %S|K:h^(xsV^aS{rEbاL,( ԟ卸TT&Ҁ[ KgH5B,,)gȌ{LΛzB:Qߧ^>Qz^yתo)M}6ᅥOHi Vjo]ؒ&P(}^Ѵu@BKX?w)9AVs3?MQpLjԕVRE\=oOd !{䞑/i.hs]2`BK_'L15l]K lHOO#+p `lEP<mIlo+ikn˝>-m~fp,H `TxNrd:VNqBlG(LBsXxV/+͒CksKSikӧ.}A* N[>$1[^X2?X23*Lϡ¬TQPN:N.0wweiѰJ$gMh`4ߌi7Mfd.q"sh3;$\ 5蔱.5X涧χ9ƎV]ӊcAJ΢AOzEe)"oN vhL {ЬCĖ2i'> 2#Ks}P%5ەbcIBy:g_Yooo(OM `yeQ3SI|8W1s=|(K|7P/- GbTcX_ + CZȳƣ2<#ʰkct:HR^_}-1;}c6C(Z[Uzӥ:*I,V ?2OVuV \ms@.\H]J^ AbAJ3P;P18_t#O_aC#`Fgؠw[>~;lŻ1^]ieu2f1K[G3/+M~^2]ʟ(ڟR`hTʛ,vmYoyk͋N0m’BO:F3<'  $‹jC݃B%ZٌĹ}DjBZA3?:ez?gP'S[mhWDbx "{ƟٮpKhkv^pw9? 6ƙ0Jت> 柫A4Ln 1/`g,4ycp5~M{Q྆ {E$2R:0.3E|ly\HZwآ͝6jma#|>v̳Cjt`8/nIm  rV5=@?QʢZtb(ω]WI/]Y"X8B x݃10 |KmC'끠ZC>F̀$xW"ndo.ۢ:˘Z;2Jb*7"q% &r%mK WTuJ4_U* Ӊ>junǘ0QdƏdf)˰v߻A FL'(u5xT,~ լGG"|EL mDpMŁϲegbtd-i?`Ŵt{`# YENϔ8-\b/(9Qj:g,!.7[~f4I7[ʓ1vUHXSx~Y A7 +LIF\`s1[!Z+:vwm1z` nV>Q!_ L`&@Uka^)Lm逥E5 .4 W#cY|P{%Ȼ9һL^wbJt ׁPW]e3dy?Ɣ0jug<2/)#~c~!ߝR~;̺IUbuYѿDOue㤄 5 /u纤~gQߝѰ(0JUŧ浚7َI@k0ZejdM=35%2)O[DTXw2\S"L\;_$@fl',}G)u?C}x`v"ruXEudԜv"뱜h g?g! \K]HN>Ls.vRXKy&BO2s}qmI@b \^b~6E XPb*~[) A:{lWeV kF(tzM\G a<_&FтL/"k7H Jv#J[Zu΄+[h,cEMO_s22Uuۂ7æ2ɕbI06u,2oQ4ީWj[Gƿ^? J۱jy|mjډe<o/DMrdtCFpIw?-2^1*wY uY+ /yJ'edaLXcFVq.#q]+X#~٫%pPx}XAzMm0O40>{0_}ð,o^f.UqV$``M$f:Ё9ޢ8H l( ;»(}k_0qu9R^c_#!D/̞Ams'WҡqHz[#֡1k_#έx"$h _HH;AsS@w~ql7yisӚ nuBb YB͂y&DCZ7;IO<7?/* L;o7f. 򘋋#7wPLPMNOzY9A J@ǘ}ލN<}֛֬ lF#_k?ʬVC rPidG`Y]ݶ< {r$4''/3WR"#x3d`5 jn&nZA2D|v= ÁIw[ew׉W_@E3^IS˸V]*Ǹ1M@E@KZE.ilӯP.٧FSj.ܐY@@!|SNXK41.e AYQڀQİς|ZUIEAA'23C\/?SmZH˪=ǒ=62\\0'R{%}~4YZn|^>gv%32XfNDraTiHgkTAMBLG`QPOv_~rt 5`jfY>͸%?Hjm]|U9JN 1HM>`XeN;6sPQîL O} $::Bw\Hs_Ќ)9KGZuKuO8DRD*D7Noa3s2\X(y[5Qa.=ژ/{V:t p;.}j+ znd5ln@FP \UBJWn{#s*FJ xЧr[Ν>1ۻ|=\15ДKbr@(ԀL}fݷ{x& Ο0?E%+e-j:¤K0ˎk HZ W%q|t&ޓuWr%Lb*-&a`ѻu {0}/:&gu=FbtiH"F`&QMý -kl { PwR`$3 ~l0#R0ֈCn0_@h-ʡ+`9NW=}LKh`틩uJc>Sc`xƛUoAsu"Ю-K ?g(j: ۺ]4IgBӌTݕ#f#"PSD&NMz8 6>fr諮1׷؉U΢Jٚw*Ez7  rGme._+{oD0+rLit˕R ]IȨ~dwQ8A%%+ 8 LlצRJ[H ,5)wm悕$gϹ;Jw4@̠`rCi5πo:Px紌2WSÃ$~7f/0s'9xb|/aU` 3ۗ:Է't]؎_311i8KXzʛ4LyQg?9 Q{YXo|fZM;22 6ЮPN9$p&ɑRv?]ot9;]ivssͬr3SO^^gd@;{M02CIqu75԰iƓNpÒ@1hGGWuTj1wfN5c˷}3(w˪xw5ss $j;\n&p`5r B& &xAeD=w}~YT(`}| b.5j)Mg}sUu罈0,C(Y5f$vbU嵯HnmQƦh+ W'iXP,ʁ^ \1O&MIk[EnzAsMy,PJ16v)7fsʱoэ aD`fNb6si6FL ℂnb5v?78-2 x릯nZZ[3W?ӫX= q݃|`Xh<.$&5률l"\=ґVjћn :}$ {'7",SyJ^?;}T*-k^pwC0?&}%ھAQmzqo=yZDRC-^gǑ.C6T8 6P"G3x-'-/&ORU`4 "||` w9\*Cl6A8:Ŷ;#*CzӍ?H F1Bi=q$pdFoxS]܆HH.eYFװSlG?4 ~9#Џ^hg.HX7?Fri H*~Y(Ϫw :Gկv, d78 WCEQa6,5 LrEQL`Y`l2.K[dAPuYAHH  JbGi:dFbԻ ̙@a칔yC4_٥e#bŻ#ױKzwH~),s̍}2xN5ЍoT;ԼؚI5Po4aCU[zBZt[YCe`Oa!.Æ'$Gu#NzF)9:}s9f9fRkϭ0)?]:%2x3ꩪXWҩ7?rnBSi!D}㳺YNTH|;:[YpϔL.,eD\9|%pG-1l/}çiiW}7O(X^Rt?J|?É$A2KY߹<x9tW`[ `-AġZ췽)=c܍Ol0ɾ1d!-e\IIL_WHRYW/_( _9 ޲lH BB#Uv:1Ø`:*_'E::̾āÒ6I^(/Ӊ5\;*/6,)' NǴe,6kn Ȇ,rw`ytY |DdU<>z5}-Fo%zk;%Jq0[$>uh6ׅr:9 AD L$>w/hMpyåc QKA }E0 z[I,JU[EwxUhKԨS h%*E?jK9qfp`e,9j@ÉP ?ju:ei"K f܆?UBNsHLR0ps<q4Re;\C H=^ߺwkT^1EeƏb-қZkQS2V)M?0D}FWM`j?^a#T{{jOLVMTq(:j\yFIh!' Uټ- U::8r] mj$6_ O'g![XR%dT?؆+{8Jt5vFkY!Q7&`}t>31uz*|pd(=*|Hzi0J9Ļ w߰g׆o3 p.tƏ6yUD]~)i͚>5L1F mj)Z lj|P|=p#9P0+,P(q:=K&hYhHoOZ#Xhk[vR+lL?S7)˼ <>hRڕYj6қm :UStK9+|l[&PC1ٮKo!~~qnmKjwO3.Aݳxc|p8vTNSnp#jgOYEQ`pA[7>_4rbUVk~Z( uı Pv4ZlX|Ik֐_ Tcת]hV"XC ke.cDo㄄h̄R]TUsevW>߆LȮx`қp:|u?#2xO[_[8 6!nc=Bs9[ʼb9rLyHNKPE«\u8+ {`;}(!r.ѡ|d/S*Cv'~(&,%߾kU'M4?0@7{/W+":CVP5G1[OKt=]LI^R)@ L5p rKX0_|X+vɫjm~ 4U?~v*73j]1I, FNј<ʶH) K!vpXquET!&Ot@ֱHk>:1HBv]PØ&t5v`ok>V{*q;Xuk͕}~*CF]gs$`hH~XcM &]NFZh;c`Y}R[g9'`;GSa`򯾿KEtxty ,Bک})l0t]T6іneuUgr`aOԟDb o c$$̬pϏ=\!,C, _s\j,4\57s6#&cfMлL a;I jiI4.!=3ѕ{T"@Tb_g!b%TBl}ywY*:=:tkVHnkOxKaz.MZV""mRPc׉JHޕT5gĢn.}UFBs)sOĜi&VA 8A:քgآUl)`,Iwa*A'aו7خv ėq*@E]Q `7- dce)選ЂK߉-Aa? C-x)Z3E]ou^9X9%?rѳ/d5S|I!lm@n m1Xe'BJm:B/cR%PV;.@XI aѴ2W zꌬEqa%y QG<=ytwx_EC"@#Bx@d65gN_öq ȿ٫a6 E)~K+mL1$^\c9CGtV>Vf\2jI4 _^I[(OB2ULN嗅)XyrpTxz;O_3 >;9I *fnrj&x"E}H{V{|u<D{sl?Ưo"wnI?v)+G\o:,*뙥@20RʹV`V{ DSҁLVr0)w2w*b;|zk=s:yhH V@ "k s"*WK'$i%>Y+M s\$^Mܮt1cXW䇽uHJ>JX;yöV`9EN%zt\b$R Xyyjl'K?&Ot2tB OP_zmo$wR"@;sp=:uZn. 4PjShֱ̆]Xv+#Ih|fB?jQ"<eK?XEߐ)kU#B~s"acpȗ=I!^<=]%0*r+\Ȗ|#g>χExߖlEypk'3ȼ\4?NN2;KOe/ONWe$N@MVZ[QF.4&[fN&7s4yT.}]hoqQl^JE$#2ݫk˸l콑 $ZGp{{Dbvc&s %n֓&īH<}P,%{hAur );75`ݺ$/Vu xMv=Bq,(I0 h\'8K_P}Lb 8R Z$O7~7ńT +NЏm[N?83o6%Vxb*.<əD_oJo98N\:Sp$}P'}yPYaSIʱ&{w:ӏ:AϔƦ. rv{4n3vF5e~(qgxh3ɳd}iАa׆}vfQrqOY@u΅ *pv;7nL#mmn}>eOu{~z ̫4 FR\ 2YΨ^'eKZG\N_sNuďoLAҥ)>BCbg Y\aOT / )^ ڮiC!`c1\jFrmnwt+˔~ :@j.ٸK gu'80_SgrhbKd.ԁ)p lm 6@!xUϜcrlԇ*Ue#VG)r0P:vTd-[=V-\xd v~vv RW^HzKU`oo&'CR# e[Bc [3aG ';zyC0_jqUO" <C˲U z x"a8!BN .[@t\$Z9af|Qva.$EM '1SF7}T ;nB0RU]IzOBth: aGgW΅il[sr5$dhǞG2uddjbD6"3G@e*5ן]61D{V>;!|(sukZZ?لU0C+)XÓq.;*0 \ Zuyƈh"+>pE*;Pd f(](CAG>-FT vb>G4&>y. SiGOk۳ h2HhDt!tP:?\xHU0!iDumց^Fl%Ь#tqp~06VZ/0&@Ik TVkt2%ar&)',W 8Wh',?`c,-?YFxmkbfߵ*-, ^Z k!=:\?b{g&u_,n5Q8u:noYt}6#jљ\dq\ @ؙ"1VpGUf܉T#hT[]3{+Ջ[_|{IA[7觗Eu3OIWus IxD ' "$34R(mKSn7=ik &` ?[ӷbMl10ۚ|~yMHH\ɠMbU]QEúQ?ziYL[V]yLx'YyF1kB_?.sBKoW}>91RyLxN((}(5"#ydEYh} C;|.@0do5㱡S*:9kIwA^9/1ݽ<~Yڛ( m3Wy4%pO ֝~˰waٕ :4<i" L3Rg ųk_{ [ YYd̞!dXX!پO;!FC#NsCrރn7Psf%5K MUQnX m7o|+sj0n-;~ ?&wtOt~M?:`H~*IrunmGN]|!E/lcVc8wz@Nx̮p5 RXu^]K3!ycEDeuf€6ǵ>]3b6W%bf"78HyU]<~,ֳ!Aٛ@W "(8;By/HD+М9Hr1gɊE蓾u jdpLWݙ%]H#jjFa5Cwy˿Uc(C3ځrLkwM%zK=ߦQ a"(Wۚ4,1'lB^EYW,kgÓ1*d.tLߧ h}j-zKu>[_Qf,eQV#At!CelQrow!.h /`c%-hnCQUĄr?] /!9uIR2O2 ő72,bEyHF!^>|&>+1M_3V50~A~2m ڕV1̋\l2ύ)!|:2. ij k,RQɲ8ԒG)占 0U[NtSivۥ0׏3վ ZLӱ*sa1 (!R3ࣶˣBlXjk/Q~X09f׾ue1$P ȉ + ׂP- Cvyiec&F1ۯ 7ɥ౱-Xq w&(Id0"VQtˡq,@^>\DUJ!)I+bT "|?L҉(uKfobHl*E8N߂Aé**2&{Mo3}Axf*ԙݧ;skH:+T\ 1 dxܝf^K45vgtGjrYbLఆgU@+GI Ba3RGN2Ok.v .`K cϗ,x:[UzvVu®ZKn=8@ȧWEJuPUMJRgF(+.o Y%]> 2R>ӻb'OJ#>iKX[w,uD cfW؝;HBr碷>R䪿!F2 H9ꘔ@(82EGVi<,dYּ FgsM݆Z[>MQO"*Tp$/N̜?!i_O_J6Zҫخ0lJ{2{r"uF[x3 {l|uXEkZ QONZ%qc2 4z;XPalڛƠbvIC L/h/6-4}{E9<i62AG,a}龲 bEx;Űk@y,nr#1Nۺ n^lسt I/e ,٦dX\j[*/ ,BD` =K4;nN~(}5:pnYO'HsVyu dJPW#VƗf:CÜF4™L[jkRWJHc0yXZP(CZSnٵj#ٚROYŵ ܙw#Vf&1YRbMʾ ~2MqS W3`E-1%,'nAC*}[8^Ag ] tPKxt)˧Y$ fHˊjLӕ@¦`+wVɄSWE>aVҺ.b+1ZHaYt@<[ &*JsZ[ΰ/.3ɮO OhS|1;Bt3q~%Cz$>j=y]`Z<. I/j-| sFD CPrgp52@+d(06*{DxSi! prO%ěXTskl+Q>O  @9$S͖񰇢6.ç_TOj x7WTLѹOM}(m-~f780I)KLS7 7ҍikhv>t_ kͷ`@zg~TLJ.Dy^N>JE2N(|yP4ݾ)I=WmmErdNSmgݺҮ4LRP uKڠt*GWAv G%"S7zugklߌjE8ၡㅓI ĭ}_C?(g pijgh@ m5@qMg@38Gk3ai߳IfF4¶t̐no_Ctl^4 0nfo|W32fD>٦Ef7uf@@LlK)b»w1۸dًzY>|Dwħ mWXee |@c."VWU9q`p˻+W?"|,df;rn ƨu->d#O:ށcٲY%7Q8įm)E[T\18yaeY=GĖ$mҷXD.^(SOX ݅-y] =J,Pe-cYNWo;VW8^`Geg9VKLd#"7'4^1k|t%$ gMoOW!Ki#~(b.AF8QP3l/R3$Ѹו9C?^ V`b8 IEo'kc/ Lԑr!йN'iͣ9jUudt#W: b>±v20&wj+j:Ȣ,{)'\+\9?x;zȤ!COW`.5cpD.U}l.\CQN"&NH3c&[USU9ޥCDVEnzdm+*x2uDCb}g 6CmnsMV\Ƚʁ@usqB=mMN(+Xa|-X]_}ț^vTQ-JcyacҷQ&]~hR\Mb>R08MQmBU-dƒ q^wTVS(Uy i@yLqk)xNM3.@Z"C%&3nCeCo k^XC}OO `U7hq.+L߂J ;$vwNBOR=%0p0D-:+^ 2|Ikp#/5'ZN?U b4pmش^F Fȉs~(⨸a3Tq] d1r/KluPf+{w74^uU2"C5EvL@H1m/և C( zl=<ڶS$Ε#`揪ΰ/c`"%p&Imb%}֫Ip5ܗzm`*-2Sf1IT姪xjP;)8L7Y+Q sRڶeI*h>D*u_(GK@<;%"'R4]1t==w|ar[zkL]yuS\_{~)nBz@/k~1P<I#@Y"oiӯ "ː D!^.('  ϋ2N@`&W"Tl5bd2<] k3fB"hI-sD4R ?o#6*#s6ҝ O>D/zi&͟9ƑD`Zb5㦦VǪ?Ŗs&gJV(G((Ʀ|W Z/_c~5Ak=z΍4AJ"Ah1D"GUC*h֣HGF4z!DŽ:0%(Ea}d3 U~xfB= ꂜNP|Ş<ŹB Zr/8BT&1?^Z@T84S0Ms?cu:8+]ájsVA 7=xȸ1%=aHL 9'}x$Fn8JGJtYK4HCgj.XNHmuyt#rZ8 Z >yQv$O$dAF:Hh4`ЛЁLۃ4#\˚aRO<<*M ղKfǝ0y3H]`7G#0V44*^'7 s gS_G!Jn/ ?pd"Xgq9.R:L5:<t60?m3߹x_Fܘ~0箈bi~zp`%2)QG>tCg$C%{A0l!4"g>i &f dpWT oiEmi*V_^L[%/?% .It[D`X%EkQܴD;?1#;IScz.T#‰@yEqȻtr@+0VDc,0c`MY",k4Lޮނy]0Wi|\dBS1XJ/`YCMrJ"B [R~pIu㺀<Ʒ!LoC"8i'HQf[e @3T[)Kzo &Me/2=Fr@d+}]Ԡb6 DjtS{N!wę #Wj;FE ww]vqJv +΄׼A>8/;RKyE!TKK6\cM13WpEayP/ZŽ$IR(Ȅ_ tpjKmn/F[`dL'(v_rO/§Vf\y}z: CFQu¨Y9;`nz7 ˁ_*ͤrS(l鄦o lٯ:KpQu#m+ gWuE4| @2Z{ n0Wxg#,t޶'ڿ&nwX~WE!ñ;r:W􏞁D[ihzJo$o#42XTqH֚% 'MgtgK ÑvGvH_fŗXrպء~[ i^!7wz*<1YݻF??P[R5O v5s@o:C6h Y4}}7_͉Y Fw٬rvf 7o{,"-zȚY0m􍦞 #d.b}{c/Xt?+)ÌGKFh~`o g =¾BA=t\XHUw%SW&kŎB6j .ƭ|Sz 儸"apWrQ9͸R9(ǧ'tv7i?Xxjb-?hP6q{P@qneuahYWdGDLxRBt3̫R ѕgXmRg.5R{)Xb *6%(H) {׻~u2~;W-*KǾN#0Ӳ]o(nHA:?P#Cţn#3n)z'?Ж9o^nd{w~ףRa1H,gQ@7lًqjыkFFf F^`6%qM\̊SlRK|ej$@]ppw5PK<fWKi R߃-W|М b/ i: KɸY{T[[W[ɸr>BʙdU2Ƅ%}d6-:o33;cfB#.H~:]^vl/'m(9Yink8i SϨq 6c3m+>*} 6F ͽGCV tY#v,דtdߴ=3Ŕ SCR8nԮZrFw]ƙ V3; 59뭉 ~SOΌ*]mئkLCۨ=FpNgb1BI1P͌ *iԔCfP1D uieq Hxj[l32BKj|t )GqJŭNQL~KurXY,V ca!?['#h= Tb/dSM<1:HbSw3ӼQZ`ZCrm^qм^]r~zRXt-e\ى ?>IaHgKVy >&ǖㆷYYm&DS4r"0ڰ &OݵG 0VaVrկ9ziZ pqoYQT"(`<GFtG_ D P̂*̐p5-' 9yCsBq.Yw&O%/n0R  Ɂ0mC"5,h n?6x1C))1:T&#FS_)AgO*εʵhPLZVKN BPq4gqBolH@QZBϕ.'@.h+z]mCعRɊW@tQ`_C "gx6_~&J _ gb66!oFCbh:Wl-VM]KRۇ~>+܁𓭍oTb.KF(ʆK.GLE:&8ch6Lb]KSY](8Jg@!_`7d[ H3J7ʁ1u&r[V gOGՏ_0-y i?ހc-A cժbuOz w;{)G#*W67HQʐyU1 8&atѹ^-eŰaŭB9ه z[[s|9(4ef6hR[l4%b]pӎ ҃VZnoD5~Z+Kn͕=ꇵxJ 6J UX:)g>)% sl@^==Pyqp +:a9'֩u|ަ/Nߑv' BɦFfŷٺi̻k/ Ӳ=! [nLtkz 2$h(*hgsQ\4 .V+oZmx Y9UdHe^[}VpLK0hg;Q(])6eK=nճ▿H2؏Yx9 00x+m5dQ#<#QD4+vm,.dlK%Q nT=N;rCBQA(Ģ+(RfӝOϡ[B U8O'ը;=CtjG1W~' eKL6qJ! ?Rye0b+U͸8M4,"(U*3h łٓd(Q\\1 <-/E:G!!WH;H6P{qbMAع>cDK` bڥ97*h h&ڔχ"=ʆaF@,}=J1Ζ~h>+;Ҏ79k%o>>ca1fG#/ 2t5[+4T,W_!/fؼh,s~Q~f́dR*Łڦ;`$qRRu)tnWYWe GGO2i#i~?;z7-_*.Y$::'S7aA'^OM^u?[!i+8.(Vt|nc|>#XZh^fVFg[I#POn[V(RS!,){"j d*`&qe1|/3!R5G!c&I8譧BT _=OFqDl9ldyJܫxsAPqz\3"~H%+/7}s{)pl]MdRtdCH닮G>4[ 2X/ZLGB.Mw᱙zlRztuEeY`5ž033}g#F#FiP<<˲F?Y8 #+qGV?=d5.+Ũ[&pZY8yHPSVPSo0iU[€@b'FTIwUS1JE HO>\P̕T^WfcWy+QG?>dT8z9W/u+xQ_h 0Ǣř((}q޽&\My0q%@iGmbJEh&w?{'gCon-XWwٮcWyOdS(0\I?(^g\gTM! m!K֠SU܀PShT ِ>vHιþ $LYʂtq]cL!\V;*fڋm0$ǖ-(a !\pL]1\T%ɵ\ZRToQj.2r*wC|\9x!_Vȕ9OTKDT`48$EœS< (%HÃ3 \4!AnC}v& KKV$Xr2z h!,ׂNrQbaG Ax `ɖF+rҠ֋f-IckA]*^]=dPYNo8+횡.ݘ_5нę$tW.;1-Ep1L]Q<10ۚ9FOU3>YMDM-%/lPG'3|<, ]c쉩-ccXDʭ:j5D1a8WBϔMUH| kbޮm(Atب#cQzAQS!RI']{/٪G/dah7nUw!v01F#h\Rrm*vT ·bnjW3Q;ϩB[d?;.y.HΈWfI%tw=F[\.6Amo8HjT$oN;W qo!G07Oc2h`M4JNYu3yf2tD@R{oe 0Zj Ѯ}q_3}w^w^DnL`12o_0?Ľ٠)2'Y^wm-V"EL)aG0'`/J.ȣC.1^u:|45h7O,)g}r)0aǸ}t3=J{-;+-TÇ)7m"r]N-yqWP_2݁NOJ:&VPl>5jxRh]y$ F3zK]7p6T bQW>1vy{Sc)Yw%o(ݒm(1.NS_Y=VyVKx.h.1߲}vw -4 /1 eZiLNaLQZ g>J%z9vƋB.M2 -<6 CFA}!V) r%NWתn/#R* nOB7g+sIk8yKcuC'ҊijdpϥABD]vQP 1Ó UEyA^ 2Qz#e]JDyJr6?dӌ(k]ҩMgWɣ6c戧a2OU\A:[ rU~g0ʠ%o[ֱ'N |%2T)A$' dĸ"g. RZ™-A|qr*-:"Y:*:Oj\N?zB_HjdkZP+52ee>.uSבh35AMjӌaڇlB fSހ|V% 1! ɼ7XaRka5q4pAP9M wP!&E੩l##R[G=NU_ࢡEtyBlQ7N'gmܥ^8m# K-,F5rY?Xu@ S8-<W^.X!=iߚ%8B Gb_)[Љq{22NDm5ȹp̃UpA @;7⟈Z2|~M9dPኍ;S5Ku2#yI.MK/;kxd?)7gk栫o);([1$2:+~A*X4$d,z7!{~%۔!/-_ƻ++qJp/MϠr<25}u߽jO, ݙ)'5YƘ(͆ aL'3>-xxg<1?͹ Vg !f|XQB҇ˀ/(ԲyݓI,|Ip ph$*N'U^d} jTHYqGmj {f\Е!";(D'?Tβ U]0SsgfI~GT /R.a ʶBJz%u:~TTs@8!ckrA6VK[}gjG=Z9kT&&`{NyblDv[Ҁ~FWL=2+OZz2Psl>\ʁL@IL͖]S^DdCd@X1;:F3 :8`ǒ5OA0AV|E-eʣr[ʺ2V:6`w5BHIQR)6~N rDL+e߶ X^JKN7"|ӈG/tئ6s+?*N.br %AP GK!eaqOp~?T3d4zIO I:K8Д5oT&+:!mS6HFO)B Nr- _jmF#U 7 <)mdRkh{'bUb)s_`i%u3;BTz62oKfЧt3"=KkcnّMACs&dyp)B8#``?8&VhvK+r:P| ˎc̊%7DbjT.wTdLt&xp%[Y{,WFORd[QTfoE8JjT?ZcC r0< \Km\m; e_F9~d y0m+)b1k#\GZ"V_IJm0=nolRXZ7MfkpaHg? kRׅYfgMIDP:זB_8Ee %ê?RO^Ψme|jR-)paV8]SX;`t䡁:$ֽؘ!)S76iQ*0Lh*L`&94;f&,s/ ) ` @ҘDɁǁzi"!rKAhjgZ/fnKjt!W+ژuu{]γoA'dwQ/n9kd w-?&4aMfmDo#̢dۍǡGKM=?'PI{ m'K⏼gY{ }ʊӖptECK+V!D7 `GY˥MC(^"zo*i%HzjEnI2]>~7(kh|h`$# n4="SnIݠ%0v0BWJ?+z¤TY3Ka 6>ً3(Cv|V s!QUmjZqUHADW'6ܬ5c+R%oNdb5E6hPA@R1?9flv++RgK r;XˀE6 kl=âv#e,{~"0>cNGLCUsq"p^us ɀlwS2,$GЕύџkF6S C/7u4ޘBg\Wa"N9*~jujDTo~jݨf0IxZS!+\`В>{ơ#Ը“Ej#t)-͒Ko AhwVy(ML_gs›(;Pal#i_{O] <^ҤkA 7q`#T+.@:^p,+ў̛@:b1dT9m{},v~9Sa\P/Ͻ/1CMeyz6KU^bt0xkByԠJ_?Cœ+WC .7gМx[%'JQ__PƘ@*9 _<>~+q߲µRF憛ewfX4݄{G@*.lZMJP4T]ؙPC:qDoɉCL&P(h$qg{@)PR*\R4k:{Dish[ZFYQ1,B.CD'>e9]6{;OoRPR.x}@<8]1܊Z%NÙ*3,-YΩhB񻤲n[x4I]Fպ?LSBK ,*~XWPpPn6ՊBU]~yTU T?zrHg0_r ](d'yÃJSZ̽vo9+ k}8{.Uzw CJ"Kg됗xzB3r@+/&T@3n.smRzS5$ݍlC_!8zuyR(N+f-3ޮQ* >\qe T˱ 4/mH Gmł%Q%oRrTUeH?fZ 0Hweĉ @S m㎘󇔌;BWs "L1fԺZ%9H7xַ+P.^ A,X80D?kϻAjQ^ %EȒ}nrxkF#+"{M϶Jݭ M85m3hYF$ ڳ_՝w˘^6Ƶ'Uyb-kպtRYVׯVĥzgh'o')Mp棸ֵsX`1Ad +͉`KJ% 5F*f3U`O,T ;3Z^h8D5nt0 QfAdt4}> ,x_.|7Y !Lvt+><;v޼VKO!vٍfwt+~m Qfus0 nѫT+' i˕Κ\É]xd$?x~`_|6D4z:DXfv}\i6WP.T"qJ`G_̿`H Z CHf4Ye(Qsn͒ϔKcɜCQđ D3r ء\F׌\_ nX)&8qI*J*I"KbgRi^ }_2; ZKs Y̙7CEyfʧY4_N: Yq}mlgXNs9Q}t^CU* :kSdqQG{~@x%_4rR&5Rr1 ,_ZQ%Kz{г捌ɰ=„ʬ:t7eA+!t1lӌ\q;2mNyZDc0a$%|7ӌ3J٭o-MKrrZPwz;V7c ~~sVB$.dw+Al*+P^jVI5\h$EWs }q MC0\FkҿZEޤdrA=ypUAF&ɎW-kkxpU 6A]\q>QѧR}pN[˾h;:ʑ7_l"KZwgP2*w_}k#P촙+}.b wUu嫫xH-5X8`/U|X_^"94`ɨ/PآLȊ02 LnAnf1lqu0֕ QUAXWN»ƜAEC-XJ_ v%O_:TޤdgjѢZ7ym3RY;5JRؒB; j Mȋ2c9 _n!.NH!%2"[6'Wm@]lWM\N6RO8oz~%$s94i {9Z@%SJJ8'9dcy'.?<,Ldu@8'8S}oeMJ]I$`x^,0󥂢oX Ѣ; pqK?Fc\ tE]) M=RJ@EeqYGj =ƕŨMyS_PW)]܉0pk Fn}ek7y߬he3? dȍC8Bǔ/#1:O<V)-lg:S*SYgOs7N=x#I,t8փRS ]`+WN>&i0]\D\ߪ"%Պ=Mҁ %֡>ho{3h6aeq66ٙ3v^F Lj׵2OUnUq}H`-Zvi<LZm:ͿmD֗f"bJ&4F־zwP3OъH; :a 5h$A\ЁE.6,r *tIkԓ$"Y3MmydAd'KZ2IKIFBumF"uꄪ2{!L18=l\N%ʩ(4TE;B9iCpReh۰$79gE܇ՒW!JrhV˲f:%?WP##L!9s$kp6:yk_/A9wA\yƽAiٗ5j/5=:IE'VfU I0S)2}$AC Q9a\D>27{SV%k|Z_XѬ\/@K xNO P ޟK-{Ho !5ƒ/4</$r?/C [Ӟ9WU5jCG񮊖ԇrڰV 07&xGMeg{@hBƚz'#WCdqFHeʕ@muǍl=V :}³8Hn߽OW;nD}4rB{dO&W)w"9UY[߯h_Μ_c´;/ܳHLqNM8{/ ^קE IXj] 2:5 uN_"`mT]Xӂǰ੧4`g1Bf=Gd+a+E # ~y};s /Fz3 a|魯(IշB}FFpc[hpe|2%9H$ V9՚DNa‘bj:$R)D0Wv:L!Umo&e3wD9]J(lZP2ر> _bOO9fVEmJ+6L 8>ݛyDkqq|Ms#`7"}4>r2CS˘*AI& >m%Bikb2sАwYvUZs`tdAК=D^T=q\+z01YV.-JtjSۮ_hy#*ʣj..>7`#Tf5% K&)ߙA!Ʋݡy8[vSc@u}t`${6AHqdT؄*).B7Tީ$mɞ3OlMC^T[!z`&g[ڰKKwDY#{o).|3:R^N>9c.-y)qz +A}lFOUU,S]]>RO:yc a*]ږqh>DiJvxdWn@n47:9LlhBəN 4wUv$S$d?Fg4s^}HSR"L $:Ylm -EhyU c!wV?/T%3 =Ȧ@)Mt8mzv 7eL\?Nm nzWyhDzKcҽHV a;n ^:іrcV#TC`2 Gd gܥ G @`f'k Aթa+[BU%5c77'/@+:x? .>.e 5kh&<-"7Q]hsQ?xD4.B3y8fiJ*6\ u]x4$Bv_/hjH?KqHf7n4t5*X>UtVcT+/#;kV_]]Ε;.m7uA0s(J)d1|>U8|pޕ=->0~،e?Fo0f H)֜L+I$Zf5ǺW~AN0d-`DIg )dJ)p3Ap^L[HT_j휲UZ$Dr*U@S8vG V<'(~`7>ͷ/#9H=C3z,af5|QLkS+~FL@qY DdQѽW}|Ze9CPSJU;4# kq9NQgyQh n -(P&HO*;v-%tbm"w,"7TQrطzSu78+۹ 4``[!5\ٌg~~> cPdȟX>2f}Cp;F蒭Ci&$5kUf#6M ez6g0?lJl;>.Z(C(]_up*A|:8orE>]cgC#X*]8vA. ~hiboU_ i Na1;P:'tsHDv ]ҳR 0+CPG !1zl!ٝW()7 Jy:f#x Gy(bAUR]1)0B4~D1ќ_ DۏbR0H`i.Kpshzz*p<H FI" gb!KUк}ӫ<'ey{{j=w C Q|Hd W9H!vlfp̑M,ڌ q',0A2 ݿI^fe92O 0Pp<N{_kSH-v}]j&1B\}3"u 7{ n0YQ*۽s˔mI< el2RHOfED:/fXt .NNIzYFʌ] 6p@%Q_Uݱu_@q($6uHJv(:bgm .&t{l]ŽҬ3s.1^`};MYd˞L(PIV.\ ^gj3:= 4̈F"U}ڮ(Nđ80t}![so/hEbոH)G?DoRl+Qx.70YHV~\ J~:\qWwlCrÞMVǖIs$Bh[V@jmU}NNIL(o]̃VYE_# SWo}:@|7hlnc5*G&RO!Լz²a-BvK|ĺ0MDl03̦ˆ-&=I>Z?cmc֨W&U_Ms5(X%q$1,]=s[f.@SPBb{.ǥMbϙҐTl&}A#02F{@],&{ih?pQ*~dQ_uLxk  ȹ&6e/$[ž03<&i|NĄy: }o( ָE[/ϘճC%bYYT U4m_@[>žǹWpB @Zա3Ȫ)92~ԉ0u3-OJQ)3Ԝ;C X$"Ҵ=8gƄkd|bPNЏhd8\BbBŨU GcԕLcSMxѰ1@|p4փ M8-R{[3:uS䞿Bfm! Ɂij sGVmQ~L+Lq5 >XIp]C`/ܒvN>iK[{?.T"їޗm(g_o@59A}[o"=aD&HW{^wʁrc[xPL>!ͳ%,uaBϒ4 iiUMQKZJP!_w([a*?UnoRXro sJF.i=aj pJG$ i0McA].Uf]ўFi{|;9TiDa+i< } k{LŒh0ŻI7ƴ3]<{kƌ8ƅA#JfaEޚ.[?ּD XTU;Zzi> ނmF[.`Oe?__Zra5KpN)IsvU$h&2};~?I 7[A}-gzQ:ϤD{Ym쌁}0KZ*ӕլB˵t~$ԴjzAŭo~m j߭ӤEL0CQ!u:H'\ KB gRz75yH[|ӎp;tpR@c?nF'ap^ky"a4Usk#f$oÉ5\z>uk,Q:V؍(=}c¶")L{;D'0mDyH*$4Ǔ4k#yYfb›8q\uc0rBa^OEkZIi%'x$f͈{ʙĄv:-NDiA?L0hdD,Sp;biq [9ӱ=X}`=QzD&$8;ӵ9t(e̯{뗴'&VUGs_¸n bMl77CDzP/e3;SdZ9_ܕY<z|K^oOSN*l! UKYB,R=1o[Bk(ٖf~v" EWpwSN5v.IsaSD9qyP#^*OwU$i̞b8P<h ys<kRmMo 6y i^@xPF,x__I]$64$skQywN/*Yjh]wh39{  zBbiK,v7VDܵ|u9LI`匊Jv꤉N \;9Y& #~ 1n/ڕ26%@r6 dRd_=7Vt!b'YA2D yU?řfJ eK1nF6P9yWPjX:-"Ĝ"q Y% b^bxؓ̒E )jaQ gD`.aK.CǓ7u;B!oZE>f.#v7*j :ҀY|-V$?ٓ^jmQYyP嚹6㒲67|"aH!VmwSJ$9'%,#Fl[ʦ6!7o(o#` K3x;0:UA=]=z۽lt*O>-,Ǘ kJxŭ;X_hP.H)NQRM y ;H;ڭ&f7X )UyFND9~zHTPCD-uM Nto:IYB:ouڿ