sssd-dbus-1.14.0-43.el7_3.18$>Mbfτ_ >8D?4d   ? *>\bl    G Pl(55 R5( 8 9:cG{H|I|,X|4Y|@\|h]|^}b}d~ve~{f~~l~t~u~v~wxyV0Csssd-dbus1.14.043.el7_3.18The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.YTEpc1bm.rdu2.centos.orgCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64M>M2@MMzMx@Mj - 1.14.0-43.18Jakub Hrozek - 1.14.0-43.17Jakub Hrozek - 1.14.0-43.16Jakub Hrozek - 1.14.0-43.15Jakub Hrozek - 1.14.0-43.14Jakub Hrozek - 1.14.0-43.13Jakub Hrozek - 1.14.0-43.12Jakub Hrozek - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1456013 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1450125 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1446085 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1445821 - sssd does not evaluate AD UPN suffixes which results in failed user logins- Resolves: rhbz#1422183 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user.- Resolves: rhbz#1418943 - If a long-running task (e.g. enumeration) blocks the sssd_be process, sssd_be can deadlock - Also Require a new-enough version of selinux-policy so that setpgid() by sssd is allowed- Resolves: rhbz#1405584 - SSH: default_domain_suffix is not being used for users' authorized keys- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)1.14.0-43.el7_3.181.14.0-43.el7_3.18org.freedesktop.sssd.infopipe.conflibsss_config.sosssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.14.0COPYINGsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib64/sssd//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/doc//usr/share/doc/sssd-dbus-1.14.0//usr/share/man/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=749b96bfcda6f01d3af177367c73637905712219, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=bf5badb5d8f3f6459bf927ebb958a1bb9ee62320, strippedASCII textdirectorytroff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)((.PRRR*RRRR&RRR RRRRRRRRR+R R!R$R RRRRRRRR"R-R)R R%R'R RR2R,R(RRR.RRRR R*RR&R$R%R"R!R#RRRR RRRRRRRRR+R R RRRRRRRR-R)R R'R RR2?7zXZ !PH6j]"k%{f}{&-򝍥2K0ΤpϲdYNCk QmaH2@vI3R٣UbP3tf)\uD= E6naiYt'ү,#,嚞2x]r#27 azC&\7hK[EGC *עvքpFUT™ie*<&ɢPI2>k?elb,Bԥf_#Xr|xkq7K-B*а[ Aڡ f9ƹ"K2T;'u3Rxu)cbҾ[BZۇz;4) F1b 4'%'z"sIhie_ZjO~oCu8X+(¹ϣ IgjɃGJ p8" j`!m@rvO7=D+Ki,*FT5XS16n_(ips[25*'VDllN~g&zSZtz'DzxUXj`ױm0><#۴Mow: cwVs+CZL,"O?2&3N4a:r3&%/Z @c1\x(kvt.OJnԓh!yAn.I1f@ Xr#R.18#Kn|eh4wkMޭfW/ (7^h+f-Ǫ Y<ζb"=BM\)hۭX6)S3}Dl܍F 9G}'x9 ֈfhG"$]HF%}y{3Lm#K/l:}gόmO-?#Z{Ȧ^sℋ=ĴlմaPu KnYQ1RX[:(" 3V[L%;}Ros|C5ELŝf|jmnR8ή4 Ud]3!@AsA?/H* V>z"ј2& -4$rMj.e:81u+]-_;+5%G&!ſsؑ(8,MS8fFMrbC; fU:]K]k齈VȯI3{tZUΜ@ =H l%Es`mFY|\p6˜f:>57-Ve//[Ѭd3ؖdZPQI"ErQZu<75ɚp[(o3G.ɧ$.XURkON.CIS:Ssr&'T)*Nz=znƑ'5H%{C=" 6`~1Ean khsV 3gzg( 5夆f \rS#}-5i*\H7"<&rS;ݨ&x 'PN^[R5-fPk"E1fΦ veoZtjۺv {NF&ETD'JHok̝RWq%6E֮}Tc % `gMNճܧSjhJYQz}yH,?&jONae 0\f֚\OemsR1*3Sc6mwySk-7.i1)qǮy)ت/Wy¢ A%ʂ3l1Y¾_TRw:c_$v_5<{t>5EZy8@:̦$]*UH87BFOcʹP{@˼Nꎥl -wdWOXZwy^~=tK3EayG;B{3̞jdCI'gxB«0 lވ9еchC( U*L0 'TZY29ʫݪX<O~̟w}ԳmFtE>A id ⻓TKq/몢tll^<+Ե_8W|A Ah' ۖ NtGZ< CPcw񌵌S5!bAxg.ȺbvS^J$`wgA*L *rj9kr&rpK6;'TPY=Wy YMǞg=jB[h?Fk#Fxfg[OE=x_*Cb"+Ad?r/0X.%] 7hxl:fA7wh&(oQh,!OUU\,O{G}#5vvRyVn1v}ӟB"S4=(9PUxLڍڢ3Bj29;TTоZm]E~EqVlkCg7L&-kÜ.Kk@.iC.[4NXoZ`0;pַDb2Z ^-g. wOM(fMiN]"Dz3¯"2e=\Ji.׶߄E6!Y]dwX2%F/}|m*qWHrc*VF qĶi@4 #?:lP*qYTZt<ߜ g,BSJkkĆlAZ9, ~wp^r`N:"fڰkR[dI[Xkͤ;ÃeBXn]63SFu>- ]-PY6}eZA/"<'wD@,iOsٛY5V!^zˀ&.$ ABG'kM;$ v*tjBep O~S:x*k2/+ʴ_jWAƥQvɱ&5$c~^*iwo9<=HJG .HL^< )k`%)!Vb[j xf߸Svq醑z@|%b)YsXvHw&aL3+llVLJUR8Q#-1]cǫ]&C#_V=tMKHѫBYL=i].ʚ'DJ$ԩzؓSځ=p1[f&)BEQL񻘱5J63Z7ɠhQ?`U2S[m1Uhp٨$@ @4m`"L-"J̐C/SZ)64mYO.#aHNO{V^iNl dIQ9jN,J啈dd&'gs$OX6r pH+BT3tWVO%:#cь=λw;K8U(4nn{:-1 pFܽR vſT~]Sf2'Wh[+7uYŀAtS+'{;$2:& ?gӂ0lJX2(S(%3 ]# <+a̖98.} p~,ΈeM!7FYGf0Cu릵Q\Tw9Ŕ*Al*ˀ-:Z25Ky,d!+NN[ck1@]4WOڜPS 't{a_X2%83Nݑ9' DˆA Y8O& *`d`KGQ0hpɆ cϿŽEeY~p-ϭ<&ZH-I3HDzQ+_}PZ~fFb6 Wm{. [ G2Oh*eE<8Mr}uCh!} CIe,.Y|_tY}0byN$h2[k6K̖ ЯД,:iJrCECyЫ, ?2/PUw@`3A79{8J/|i:`!=[eudpi$TYNgѽ>(w,.Pf.vgHx/t7D.D,~^&|4qk# *#:+zeaO+n˰.>9iUk,"pDF:զ]Mf-)=GWQBJ"C'P\(35U\jhdgd$}{pV]דEӔ=`~C_ WjF@4C/lu!S{FuSH*/tmnj$:yyw:8@,˜Hc"Uv\ʄhPPٴUm-HS+Ôu R>hۓD{P*'Ƅ@uLzPs.*&EӰbgyhy'?0+l(V$ ^^sczvb0+HUC.hpsI[38}k2Q~f,;ۻGsRvҿͧ/=: 2tr!W nh޷hbqKԞWT6_d*R뚩k_L REJT!Ȅq_{wEFOaw2S29k&aB3ek؄Ɍ˗r Lԛpk7*1PF$̥얭>ZDlfWҮ%1)+e)GBugՇN IM?+4r ?.]c>6^f]=- &<[~0Oc_@CV_'R=ϛ5RhRU9s~I%Mʗ,E-Q%K]Rd6z9 `֦&l=w\}ԳI),$0L"<\dۈz$@dR +h'^?n{Y| *Z/OfEC 9X~U,(KoA ,]rS\cGY9̀14e7&uAanS$5Fu44様~DF1.,O[LMفY Nl[st@::`C}DDULUG$&id,}k6[L';JT.$92^˯<^d]{zVȻs6^ SYl&)`ݙ^R3̈ |2ۛ#+[#Ϯ:J+^|]-YcX>sAÁ&W94pZO]"V$a|QEз4 n^OlV!x: Ʀ/.CrJꙃ(@#{/jPج[f _M<;UEqVǀCeD(ܒ瓼׬+W? }!0zUUR~W;{/ #r.(471U.nW8iUQv6zHsSE6rF;*2{bt e 0"yTH.r\6h `IZ0F|l^8~,rE `ν)6sSWMZ|ԓd|f!K&w)@)8Q섥+/pyRXzf%0!F%UJtRþbV8ujLxS#F|8UA%Fpٶ(Ro_oUuG%ᔹ-j8+`wƕr1jH ,D$~A&26%*cKU]{(0f]:3%ʌ| ~?kVoKe&;-U 5m; "X2j`ǼÒe{ z64hM.P! }6a=KPDՂ72jbF{_ض!rjFRfn ͇/\%;z]3zDĠ-dZ\`eҲ46|ڝ |s J_^ύ|S!d2-eYnղ%i˻_ue5PCBΣ4( )G 9un?>To/Ƌ\/ar N\)]鍁yK~L)Ag^Q6gA!Tr}k9wtBN(,pg.hҗ:lj] ;#iʖ,0ۍt9ڄ ='<AƟ{#XqKf<7llٖnɔit26;)sao[֘P2pB91cTwN s7WI2hҴ(<$ <%/VE0Y+{K6, ͷhLX.hQKYs('>G~=c!V6;jh>kvdhu&^dۇ\tPej~B<&Ҋ ? }?U~q-y*j&"E/ dyp-X̼uJOG3pvF>)w:=N9~+qu1h02gN*9/I!|ZX/GHr&aOgvlC{t@ *m6>1?dbm:Hci u:H }l"d,ns)q$; d^ nB{zK#ĕk'#3a+ӡp\se>v.&> ao(=RmM_/s_gtd CG'<|Ѕ"C QTJ $nöJmD_5#yt\Nu# Hf3S]1P7"ؖRN6סּxaޯa"+#xD?.o֑7q|5+LU>?"Q X @+ᝍk1@p7B_Ո06­lM !E=,Fh|&X\zRq`?W$TVbt6c|spE&i$JSGX]qL` L=|{ԣq_)*FFƪBJ @-Al:J ${d/K|Mpc#^Uq\5R`O7;LE' <+qT:7a$ CM]{@T,w{-?jYXGZkpN, ⮷pHDAuiKe€QF$_ k=!!(:L6"[/K,Q4N@:9TiUf?Y1NzLXFhڇt8N M\,DsT4't<ދҊ)Lwi # UTv6j{Sߠ~UG-Q)@VBV\<҄q&PY|_xd_h-[z xod3!0.w 0;0ώrw>vl?z՝h(,Wѭn}wffToD 1@ 1f^݋+R8nN*z+|Ե0)G<E>L ~Oy- $^+2pJ4+,3v]72j@ԦYY|`9TN;+lAa FP6t3R >^e*V?|'m^!( <)~W[$0 a)@xLD1|*)_VOM,p`) m 5q+O/!cR) v{3΍Op(ߏI`yQNf&Owy>Gdt`;+g.80ZY1B=yzM5%xš`4oυߞR;.9g3mCMpezԖ~/&9FGrTth(ڡ g}l5y ޴&|FfwAT(uC>+MP|P'}Jnt_B@WFJ49~/PDو 2@N.ΫV8~d;~,lI_ln r'v |+<+$vx})Y]pW"ha &t;" j\j8P l Dv@x.mE}>F8 5c]_d { [ؖ8Z͚I+ʩlroeQc|\@|`5__y3sk,znsKi'J !$P4E1őSy:~Vn PD\O_>wa%NY؏7|wώ[5RܝIph P)gYH7$iT\2?')-jkG׶C+`ȗjGڜq\ܿdq7S(`]*H*mL!aHE#w ]t.@lkՖ8&$ UFQSO+@/PᕑV=ʛ͸]; {1 !.eew#TkxYR d^ڥ&.aD]`4h*I_2n$*=H>k6^߆yX-)M4x*D=AWϜ^ntI' *01SSzQmWWdV.;oz@1RQj|S׸OC+wn/Q۩oLK/@"fRնd6m:D>z L´" HJU^AUZ 6=?I9, 7""27u.Nair~p,[`wD͚M43e}1@s$ĥwJJ 2o9MxԹox!1 fZrAMd {JM(j<厹/F:, B2ZE{Fu YLV3vbn@bg(mi9jM =[Zd(R S'8/\\U־v%b@|\3l.|WE,oLI8aآw巪 ϙ 38>+2~8V+I J7eTnEvҭ{*avvjcj.&,~+MqaežH$D71j{ 2Pkd>^}۴`:[8% ̌ņǞp<@:~qtM&a _=:4Q}\otEQÛrj{tAV( .85Iq57|+YoeM֭}*pحSYKWbҏ'pD'L|*O"q5=(wY|EY|*ri \ȋ.AQnh&?>J{ni}n7 ,6 ZQ١д*XB fW0m #X.]&9jPzN%8?!, p1w(hݔj~1ͯ}Rn2HXȕ|^ǹGvy|DET@IWB_&:~ FEаsWڝ~5XύSAl4YMqR)dIjHmm;$ SUzOe Ƥ4).DXhlbP/hucʻU;d'sXZۺwi!i^o>Vj K~Css|<-I!I/~S}C&ႎd=.ۋ7vt.7ʆG59h@;l~L)a=xZ #Jcװ EYv[\;a5݈:?/rFaʭ:_/w-f+))zW|ݏ X]Ce%"9Lr5]Yڐjs}ð2/ H Wi.Ї3j7\P)dUFN6_wAZK~pP/#AG8۩Nnh˲l)-B;/H9'r C8uv61;ÇFnv鍻 ::ܘ-^wUQcz$X<. eO2-N.%.;\W9(:Oap׋kߵh6}kW3eqHUxN%GA޲ &]Mą\,aluD&2xMIe8I.T> 8]uu.^R> ?v&xzOKBmX(h/3"VDfFf.\h!dm^/5YM%drjH +M>Er'zׄ: 2؏#*ۚHh1r+K0"4)mk0֑VivQ{W$OYM"ݑl xVGuWꔈy57n9sUẇq7.f*ɑD0;#^oAk͠اyğ!`t8Dõfc.ZxX he>RN \13245{[>-9 tC Ћyantw ?v:ٹ4ؙ0U@ +]5 cc{_r7Q9vZ`+eFjaߡNB.F\tUH*k- FLPHCҊVS&'seDϯIݙ:e:|(;=]*wy)82 Ioʤ|!sNA_*-85Ļm1ڔI 1\A\Įà;Ci i(%Ig0hO܌Uϫw3~~/N=x}DēX|m&۬]} !E\΄<՞{y^ 'ǝ0X ΥaJeh1 h@þo̗SUБtM{I$UrA' =Kh=vʧ]vnYֿؤYڱ7vn>qvjX(7Chib|]0tZ\ 9F͌7aN|? fH7"Kiٕ &1%vgXyQMfs8TCҴՐ :{pvP,PLkh\z Lg0뚑ìuJlE=pX 0" Bkh-)ĘI ޣ{ -֡w sU N <e߉7i7(!Iu޹Z,?+T2 1Z3&&V1 Q)֔arU/@'+}ϤPxJ u @)F.t71v}"ip.&ِW+kJ^ӹl'VÑjcćh,Ls(6l"C ʜdh9ƔB\jv$HQOmg:<|;W94rˠnܒA96eީtYr؊ךɥ&%\ծ?DEו$I e5|Z5v2Y4RɎ~ \n5*K^{sȅv -SZFK~[⫇uЎ=Ζbul7o`~ f9ȿo:)(NySLY&W#rjS?\B# $ OwWݫ/˕ҿe&] 0D@68/6t-s 7[̣qGS 2-knMcSWi0*'Βy9J$vu('.7>{[F#OiœD\BWOrg*\=2I/Ҹy̿> 򃹔9#j e@7CYOhK~Ռ8 ~vQE^r&?{'=;~RgJ0el!<ڤe*5;¬"|тrwUfxW=ݝ+Q>;9 74!eȷ<7wwQaF9^(:k!~'7zVR̢{9m? !V@:=<5P'˓7x*+ve(y>h:Ue [WX10/콐檟([vз N{x/u&u҂8G+rk *F}ic F@DW ,z?"3oT*{V"y뉤OOruO~i[43JhBv j&ɔ{q#݅|'\uU_!?B)VW1V95t VwKKg2<"$I/]^84|/'<h{V 8ښg '0ͽÃO %goT1McdېuP I.4k1+@'RFO`΀Da '4*)L)H7ac 2(pLf@;%HWŎ cfZr,"lS<RAyk¿Lʎuj]!]?1M'ܼ &퉃ij =ix=rPGr|4m o9i\;eϱfC[4 x:rD t$e]m.AbƘS⩨~k[KFh!H"JGK4V~+}d蝷]ߌa11W=kf[ϯ 19Ωi9!jgWq VX:wXlTdϥg>oӓǭX­T>nM<0,D)뉻9;gqfћ J"fX,? & @X6RfR|Fx2fѾՒ0:/ G8oN׆fey?ׂ3a3P.t(4f`jz11)Iqޭ7kJIl{rc,5 ?;|ueϛE VP͐7Q {Lc=|{ ѩqwh0nM$E@ӟ] _QwA2f` mv XPj0`Ԕt"war_-28k\Y`?` jIsuB>^ֽeo- gQ.u$яjG)# FR9qC OI@,%slŅ2~ ݮ~ OBqTyv[BE L$3vH/CﱼeSj+Irmڝ\r5P@MEkuk2xkInr]z+2Z,7bm;(J*WgDd?{aZb48@y>mLBZ\ ۷ɲ Ecz@{q`oRq/U eM$~ӦBXcv+ oǴx 08cyd$,z0!iG%j"GxlqvBޭ- a"JP)ޜJxkrD(B@l?/yXtb϶a(_2F8eI8$CXiLQ oPeOARۊyj5|CD*Mѩ*^>3iLLc괁xq~T1\~.v$o-7Iz {GW( .i;\?j!cL{LMTl<8H% u8# " ton[ /裷#x#4硻 eK5 rU7]ީqh* F36d?y|, LXHUq;o՗)M3 1m?'2:+H.BHBS ;EA `e?.$LNlb)NBibgBǍҟMeY,nF6ΑL`~sZ&%vbZi -omGɪgWQBl* Zr!AS\p_|yf3''OhΕ+MA^9ݐ$?4@_p$M4@B~ͱ K 6D GLVb)5d|%L&ZLJ۾" B2+2^$\/PfP4.[¶6/tVF+E  %n3FZ l,i2o:W|7KmHT9A'@EFhM>qg;70ꅡ Ԁ9PƄoz%edyw}J6vΧ-I ֡9sC!DBj!0u,fJSf*G k)ٻ}6]OC|<)M jJܵ'8:Q(< `9tV1t_uSBR ߀v cfoOp^~ ~ z?Lsls+ ɝ.+!z&xY<2ndV6_8NHәSԊ!yOM-r[E4 ]LX }H#/iE7>ʂhpVeJɧ߭5ee@hɬ ~wF*yOhlRB$z2صF#=M|V!jȮUUbs?oK1]WH(jksV-$f8bqh; c{{] qµYۇ+ l뚸fQ֞ܕᓧSeFNEbzs;42)"". 'K,`3hx7Meۈ ة 8ԤsR43 o[=[a|V;w I}%OGi4ziFCB ""IH7+\~!q'N,: $WJEµŌ*q^Z05|`b Hȅ͖yQfzmc~Da? ʑ,QVd@]e0e]ٌ*sU!Zx\ѶIuzɲXf/k} `J+eu;b7U^KRFgߖc#>[)`:r=] { [JVF۠jmrY~egܿG\D58-󏬔O({h4'zk2iO%-X((ɖ#!{p=KkHݧ+[>^q319&d{UeHP0X5}xXUPfoŎ}Om ?m5I2-[~M9yjiR&`v_@)MYPq~b Dp^'."uF{}LM RD`q?6jPgPo-sGG Lץ?gJL/PpmHZr8TE ʽ ~#N`]M"i-rjoܝ'7BY֗Sk+9rW:DSϣe1m*鸭[ $!՛b;lz$['#:s|mf\7J`b.F~aYްd+;Պ@xd(tybE:s@aΎUTꃞrb{KoFiOp#/rR"o5>m!o)G~ 4NMW,T^)s'=$Sױ([{ܤ5 a>ew?QVBKM vHe {$/B)\s~qwQ uf!AZ忛XPݰ Q=ZPA5b7UEbo "$"YXYmQ6Iz} >+5݄ee ]U\F )R!Q%3*s]Awʋ|X{+s-S&ڜ`+bY0K!)JH.!d?S%LT꟤JB:0Ok#m#tÈvB^> Jջn){t5NGC!'V WGB`SjUmV\gYm.6Z('{nTTĘnzDk~ _δþ C5hNI\j`՘q%P",EAG$:[h+ ̯zhdqF}ifrL5oχh-|*CKrK+C&!{P ]SO )tRvyT ebY͘px(EuzĈVQorB1DHx-Vlj#oh.ʼ ^@E_=L>C5d/2qTh3B;P%&Cn2dm욈8O}"5AfL4⩞E̥Q4NԉV ^^50^-2"ќMR{#Z`s9 XK܇'+8ʽC*@;Ә8[~[X`ωZ<\np!-Cb&t@|20^VoUbs$\ fW-+y,l@A `xz!f`VWiT`bdKT#-B8@rf`sBԤwcɹ/4BbE%J` ݛ1&}q[E]df~3*1\ycҮ˰͛f\* +3"Ata `|񅍝DkQ{i Xg~H6SrzƎj_A~{v RȓO)GR +OzVHwDSh?3x2L-P.JxԑV{>-n5JƇz8!kQy"'k Oqj4f$R_,"ٝ#/\';#T_irj xl7 {ZgGQyvoD`fKT7̫&`\g?l2 }(e=E撟}Lk&ɀt}%WPh xfi=!:t2vm0D?84sQ{Ԋw{vJ RW㞵-xoj"zH㥟l.MDX3ۜ2Ѐ6v^r&3M Qq2, j\>@ޮl6䃠-1gH76):5zՄ).%φwVYA!Aɚ{),|qSB.qS7vU~amASQD#܎TW0G_vBLdwCa-$T4\r k5ք{I??Wt`$I>9l7I0FNJ54se8ӆ}8F2ޑ8 T(C%tu*@8υA$ÀX& A) Զ4~ٽMylahEtKP?;s:3MġdΟ2"^s A&>=Zb9I+Yade`/ UeKfc^P &_0_z0}FӬlClCThϷ1LcA< &1Mї97TM34N ]~61C;{}1RTJ]5 3iOQ*>eI E*,ky-+;1% 2]4UrY~w,T3J߽ZE1r-=ض$ӇM^{ZЄo2sf9Aq]dJ30$!Xī :Le|s;Aȶsk lPWH1S5XOq˝3]& 7pjg~)pϟ BO*U?\,Г6QZ sy2 (|6FCu8eTy]3X:.8 윩*}hrM1@WN# ZGڡ#Gnp>7\?D!Z:[ IyI~T yAC/\PGghhFeYp:y3ѿPodA]6dhv5 hwAx"۳R --y8w(5QF5&@y0ڰ@ IFnv5vP)[/R,yOͭ5ON6ܥ[*ED-HəN$i" ˢ;ixg6y:(L_+Tজ~uoʅ1,o_Cjpm5caWZAOBJǤV&g[Fh2o<3 Y$Ba ?+*O͛ /'ee0H*#%vq/0L*7|~b_6Yg&ccOVyLj=|5xuwŹP#^U&L~Հw:x)u=WUtي/ی^(Emxwr,P er bD?lwe&dh  bBؑo#9;C4&{y(\ZqbBja| rW\ړN}3؅Ɖ??b_#| Q:2ذ/kj.}nj]|ۈ5T(o[!fßodDsh=00"aZ[km+lh8۝Bz"` :h(RN$lS=;o^M_.r ,_JugcWMEw Elmׅ)tFDZrhg ™ªYV}8e'p[*E喘/u8|b2mee] X4\0;܃I5|H=nd◹q6k@*IӹHSb!K34M`#*ìqV9`:1^Ϊ3n/,~b%[Pg!\ Ρ7dhofVGl|7g [xP\UoŇ7Xr39Z_s:Ź~Ϙ F$e2WGi {rnUh`x$ȯ^jZ 튯[y|ј,G4Bc א T`TD J6O&5"{jb UҷN'ID@ rbcM(ozQ.arHRn}QأmtPKEIFgS Qq4A&[ĬʷQFVԨv VW0J!hSd=-#~Ο}@/3B}d(ܖ1A m+>襵;}v+_?N6 P#]Ɠ5wYyͥHo4}V>]&`JJsF'cavu]2/_v_gpj`tgƀ -N9v}H%^ iZlh=8-N261_YZm)}FJ>Mi׎qܯc]5}кjNBݾUztY/- b o;b!ӞB*E5qu}ZIb}Mvv:] ~t孾I@Gu L*6}*Z/AML%]@Iwƹ(9aiLNfBXqo4E$)췩#[]:A~+r{ Phʅdqi< +$i4m2ciGBI^mrv<Qf%2>)7Q/i"K1_;M ;g:шRbNzSJ MqIs#9y+Rgw+ꙥlV^fU5I0lU\:aM~ +?V%U98U1u궱|dxwY]lW-ƽ \y2𾴝izP2$M86oD77kN:~y2[uCux%|΢\]}E. 3 yX"'7Pp4φeiO+ZC*Lps\=4iXmJaPq [%=G-2F 0]֌Z?u@?d|Uc{˸,}Wk]NKXlT5l@q(# yʧwP\ CpG8 y`h7Vp%>LzE~9 Nr:mA:MEblPdh5E`*ĭ[Ei߄ g%sƎB2LlV,|ђjW(9*: pF\^/ WchwRV8leIEryd\N*#7 @}YtNJCzOw{R ښ`דc_A1 z*|OGFL$"3q!0glC64'HZ(Os")@4BԓzC(Rao̠yeJD{vg˜q͈MK0zŠ9 :$!c ׎QCWnE)^9xqS"2Mv(BYc@`G)NVW>D{ats@lr}ZtY:!*|Wm.@M+A#,fFYp:$<Z͹/Kj`d=<cý3,(mĥn*}tF?Vдt\زnƒd$}8c;pBouFk+pFicKfvrXR)L-,R7cI^JEqfB"_R {d!yGJK n=e_Z"9hJ8nuԚ=T>X[}UlRr<} *g ="gmc12ig9sOOT^1ŤEJ݆#JPV^`mt=w C-ckDa_XehmRkuחIZ/fm3tVp1<~'õe5(rrH^̨rkx++HuirU 3ߣNUv ]ɋ&֐4Pl卋xqP}8rZ +NHRryBr'hOonD*dj$4 )56Xe}}9_0625X=n,eNzTZw1@xS! '߯J($ 'g6}*B c1}:ɃOA_i~6c}MCy-D1{TjO`g7PM~[PpߘZS1nvx y&dؚ,t z-(#(_E2"kH9S kJ9CY4amry٘|Օ\A:r0}L#7O731J2XJm1;M".=tNecR\ōcc\mﴵ B*jx/=nڃ8nbyCe%h z|I{CS5QV^M},4+.˽Mز3F\exQ: JwV1[j1yQ|F$4!G*T`c=?eue4jGf\\9Zش(P6i:ÅԀ/- `Ćlh U[#RsRWנCU!]cYufH mXAJc-s'&gMQ|4obpP*\*a"BL9,UPYސnEUCV NRʓ|"Od]A'4.Ex9똝F`sqѝV=3)ۑSo\e]iD;\ỺkNۨoS,N*(cG\^^ӣPo,2f(TfwQeKJ21I~&|1⻩vl2caoJS[ 'k󝤺yZ\aJS 0vKP1MTxP9ysڹşH.ui} 񏠐U+윌fg(^NOEma"Opt(($&9m\eՏLx屜>I{;W&m:"jDĖ71l#SX5/SW˗u5_jesӅO9>DF .<9;jKo =4* c{an2agO <(zlnth K-_t9JZ^ <6b$3`T3*wcuV.kJzv},@گ_q{eoXk$cD.`Cg!0طlNwZSfO5 vsǫ9ajϨ 4?.Nz* ^KalhQ$9rIl`rjon%ᣔg^)c\eOZƋvȰMg&؀VD0%zizP~w/Wq۔ WWyuŭuqQ54ԕ)prCto :{rКUv=zɟ XCuv?]51W˵6NTܧ%N+5XZ] 0wUDC7/r9s$O- ;)t̠nNz\H Ee] E桖r--QݠZF>ǵ w~k%Y+ OM8A7vEA{^"')d`_k鬻~-1I$1Œ% H]o7][{ 4XLDGe3||9_ehM^hdT{k 5GOcU)wy%aK)zkc a+2_4yko#I8/' Ht$35fL.mTfFPWo/yz%8gxκውdcApvl*su8JXP^{v]@@ݚWn\ >ov B'0e @~6"}fAiAmYP7k $aTj L lޛ^%ʵzf+}d)=J4bM{T)~S{_H;}2"_Jސf ^H:~Zta5_{aH^8[\ C օB3hFeCS:^K|JYYL< 7ae%Z j9Tr$;GjU,.x2*&.UKc)wu  u\!jpD8un1k?wҧ@lrY-& RxO;_mӜ}3k7%`w{=ÚFg&9i$0 IɌEٷ}pb([Ƅ ֛"'~Z wX ofxٳNStw@0L.̜M@>Q7Fmc F|y^ܛ #k+Q.WHZ`ɋ֣R н<> wu1 Qh]>d=)\mÇ QWmk:9l @Dyh os\4@q)YvP]lb+>??hOAHU[Yqh`08%24|zBcg_OJ~faL8GHlwul _PI|I9!upuL„' jfϳr&u!~Y[O<L\^t;Z6Lcߔ_ú֖~%vQ{m!Uɭrʉ [pP9˫bJ(J}Ʒ^R. ݶZߚeHb҂R񺷝Ǖ>=g9' ߝtIo~c#X&xEnM»OOMtk:JYdh!6ppMM?>юQV^=i4\!zG ` c<.2!UG dcH- )r86E;QґC3*3ɽ-v?>OjVFOj I`$ I-~nm%[4tYӹ;5kևA:S'|ZI)&x旊.$xG i G=j ;p3JRo`w{cn|_P҇,.s^`XmΆiFlQ cU[īx+Iarzrv$i&|*Bƽ\E'oP=Ø#ޠgf_?by.QFS5W:}k P޵2uwDYn'WIßެh\obH{ff E ߋ1eL< 8H&_ܒTӛ0,K;Rp1ĩ IR6-C[EZ4j`߃FsE5욣PTnNcǚT'~PU@FzPӛԥHT8b)G\+؈hӎ^;ϴ^3!^e-ZΤ1e^2w~*8NoT,cYYz86q`sD%YViUB܈ZәL=Ime9<{O~-fu}'uq0\&% a ;ȩyF"'"./snj`FaLGd6W D4>dc}$5bLc|:CŮ6Y*vD!jrZ6Rl0Ϸ7CU%}Ep~{Vs$r("Rx\(IkdAXzw:N+If%JvY;zBH/zJ =T@ hc%j{ u"Xuy|TZE.#q>(bC[Ie 3+"ou<hFv ;Eh!$wBӜ~BPgwy.hĴ a˼\7p6j mqr^q͈Ow_6qlte)"Y=eҚ;gf~Zpگ_E 5v?٣& 9HMv,sX 1b-s.+ekXnhmLںgY"P=f= :W^O 6_W5}BOtgh+pU Y|C_aZ>rJrhp/^5&0=_4wVLmk|*|9߆_اL3ۯbA IVl_.8YcTUguJcR5Zl ǔb")i36أ=ve#qe?W Ec50fׯ\AUz ڹi#G`~S sR)˾q,X퇖/7 43 3IVUSv;!oa})%ǐϗ妔jj v$ts^uZ892ē ۭ~bXZRX9Sg:9+7dZ09t6v.a9kg5-cJr y5}_k:aCvc6P^;nj£? PsxrQƚa)b7d NV`ۓg&0YדnOoV|Iic!|x/ ?3qPR,'YKT|emT#Jd⢽BO]>$8 US\1CJxK@c%?6' vzkPÉ)uVWq;- pK>L6o[1Ӊ1(;Kz Fʕ`q!PƢ{'|Ǡ.ȏbE124d&s4}iZWp+jgBDqAjXv2mj0$ʺ!>7nCdUb 25E+e7W7ɂμrV[*V/F}FlQuc<)r歉ҿ&WEdtT#jg ]m"?kޤA|l%(BrO9VsP Ȳ%ѭcGp(p/ i6C%\06"މ B[4Pojmt+Mv9;/xtL(n(ͅ X Ͻ?O 0|S؂+ECIee>-T],9Q!qV13^WiFW=c_W3hy89ldU_+{>]%BI/ʴ[UȦl[1fǜmJY93!?eiaFF^}d6FAR*KZE7j ":ܪh==[9 m2Ti-@;viڥl)uLm {M%DIV l~VZ9=+gj#-)|ڥ~[꙱VCg?LfR֎Aİ;>>! n%^wj3IS׫#q>fqƌNw/R8$0ۖh?xw\`\\?>[ }\xeV)yso4+ SaQ,XoIp"Gdpe!P6#YTj!Y}Qj CRrC| W֞9vba YTr3;!9N ߝ9MҝɶdS-2ݒNz\ jht' K3Yp<2zE# ;ǙJ~YH4j6&cSQ2wl8~K5yc>$-]6*o6|h US_ Dm|UೋfRcN#QcHgW(](JF;j &nlLqgɨ;ݗ1GtUa}L(G2&`eܺN|xkzkSʯ5ZkSb4"X{uȀC;K"iVLJ{Seb/. ӆgr/K!:M3;'g{sӾ3ң,`05f׹(-d[LA"l-O^^eJ8RYr6'C' 7WV&)Rm-kY:h5i7OO_ǝ#'=y'fe׽΅\q,3@E`[tTNz8ה֡@4'NP: 0댟zh?ŧfX0^D֪al0y k LTE; / ALyO mEYܳ% }%9ˁHrOō2Q+Py܄wCK;/N}MYndp"uOJ`r#nT[;kn]sm^;*YI+:߈_ڨOiTjK9٦'6X麉*Gن3>F>؇i2-f~ JbC2V!Q9@W̦R td ȻoH0QXAJ}R*0nşjfom!t$! Ȍ§:^~!2MJ;` tXj]$gmVO̗D| xQuxbX`1@BxZg鱢F77傗ϒ?dJfNL''|vu/l)+)\gv$3: ur,L a0Nh=X_kjeݻe?\/y,Jt΁r%r&䝪m d6Ilun`B gIzhӌYC^șk'(п^F pr \L]T< ķb~8o W d I9?Y#^V2%t6RkBAdG4Fq`cR6A >s Z+GaSrfA6q%eQ^x;g|_B(#wZ=ׅ{oV_yuY6veiTZ_å[kű|Qڪ3{wcaM.J5.I2>5g|i :j[hB%Ʀ+ʔJ{6tfP o-$7X^MWWKZ?%W $:~.3>caN%Q}vFc_Eqh i!eeYZ9p)9*؏mno2xuFJbZ] CvǒsVL͆_ϫ`F>!Wp!ǹH"[st31F,T<8UDF7'.WJCAm(J ZaFSjsi[[` z^N&9T.|ťV>^@My * ydY9zd`1\H?۲$R,tZ>\v@QXp^6o_8>fLQNExB23Ǯs*yM+OWW`ȍСp# vܥf)檴wUcLd/ Jb9++^k\Dz%8@.c£+8eҥ>@9^5Pc]ߺ&ʆa'pf}VOALAH>I#_·wn4O'sPr&q㍕kO5ꃭ wV6I/yi4 <7_c\WOmNJtI6)qddT  ޣL~WwXyH{ϋ,ųFyӟ-%9_t)ݴĆ"s>4ϕ@gT r{xE8>{$[xF+igtzD? x˲`H/G&" +Bd.SHEHO<%LmN'P:5/K=氹 +Y*Q|wZ"Gi~XzR8* f٣?EaVjZqx4;4䏜G5Y/ 6g=RRZbkaeK}? BcSPg<1u_ƪ?/Kwv4=CĈp~/O|@UM.e@ 0T{jbwd_8 p>Ѣ%gK8o&kĿa;t:׿kޤ*d'$Q&'@c«K@xvYJ<'mxpJ퍞h-qN78Ol?P)Z{?Tԭ'1Hszus)5O: %ImW&H5>N5d{'W׮KK2g|Z_[1_9)/U5YbNy*_r pCT-v=x$uWfgd^yD\| ,w WlưK8J֗$ {J\Hǡ;N)c2m'-! [ߪL,zsfd*Kc#rda n׮InpV2l2^1#ȸZ*kt;Z:El,5a246׊=_FWuy_q&fcRBr}I(^ڥZ*7 u8!uLP0$K(೟fx!^ClĩQ|#Pu[X95||ya$+fEU?w֪2 .[jd3a e_+Qn 7':3Q[pB:mQ k:a f\I<0*Kɀ[jUl Ɖ"yb:DV YW÷`ADA@lfOGlb*|nɞ^WW;inw_Tu [ޫ. QƳ9,5POޓ/i+UKla(ٖޏTd6K@ M6 &0ax41?獬kӝ%| ՆsvT̵o)8w8Njd09Ab0>|vHX+彷qt+.xK>vz2ׂRҏ%̴;g+cMuߏl!8:'=ŕeVwZBiLPo%ڇT/Tq!wN'|8W̩Q`=FDŽQUg_%$@l2J)Zqclrnxkc N&!hIJݔN ;H/y,FkI? Q*$g 1.t GC#Z?,;hߥ?+WscIUM*xZ6{A+d\vi6x׾g6g$3$@Yk]TyrwBx H)}W=0^za0pcTw. 74FlI5P"xaگ&8J_=N?j^,uj{ѳ*/*M姳Ƚ5+#""9U_T(#IԊWwIJ ~͏d8+x-) [:f4 ]4%&TJÏzcFwFfn{I`O\Z{m;Y#fё'4w#U?,NCiRWàcԫ%t.B YUnb&vF=[J嚐3X8%W)}XMXUVL:PFF3 2ǮbU&{#ZE?)Vj7({OWbrJ_؋ByVpDMw 98˯j|h  Wt̒TWSԊ?<\vmfڹ62:g2J7*kjd\GE_ߴkxgԐyvw2n"x6Ҳ/}77O'{N(vPPӢ0 L46QAFU|?dU`df#%^h<8@GpuW"-:MP™@Tq-So_j"x(rJ0zN[<>(4=HE^a G }]Kc9Z t~RF`l(כęx DyjM, +o7h?U-H%"h.x^RrhP_\A#˖DRK[]rI*AMWJ<}w[c MzZ0%$\jA%) F89<$ oyf7. [ "ΡA޵Mv eZn'i |rG_i<gOjK#U4@ؙ)Rz9풐=qzvU#`U7-O^[3HDҜg!$xOж2dMls&bn9ӃBJǸWtX+;ggĪx׀o y}rW4*f[M ^<MCAKa#Yv>u3_M͸qf?`eҨ\NtbuTPFHjW\\aS܂Nܽ<-)n+ 3m a n'~Q`LM}1mbs4X׸-c7l8k ; `2b<fFtU>iYI.ƹ6DGw)x6)T埭M:1dap#ɉ(\Jcmu u'A%>Ks]Л?zcYOahW3kwԤZVԵN =?4lQW9v^LR='q׈3_*a瀬;{nOVC꾿fsW,Ls.⥔ى_H9eLmd}"+^ʴeN^[7Q!ó@E6󵆴aym%eN /Y!_w.M*B,ך Atm:ȝ1| qvqb=(''v+[ *i֬T W!|Ze`._\vt8UK ~DQHNTn{:Vͥm &tFG4oڇ4班iGCo[![}_P }T1Vrٛ?o tbU&3X>xd0ow+cWc%ә蚌l,#%u=8Lw frrndj緮 M@iBsӂYfp>U1¹ vK9K24ea ]B$&ђhhGD-~:NT~%Y`JQ1z[p'vi+ N.8:Խsk\ ٓFU.&k [ :A|;p& "jV& ߆_p XȔ(Neq/S/7%9+,h1Z˗1r*ty]Gm !ԊN5)ۊf ZS}䂓L÷z&歷(uZ)LipXL1-ݵ#m 567Bz%ʛ rp,;;]Vee #'Jwtql|v={|6&Wl&.K#k\F3y4\Ym¶ OeduZvm:wؕKlaD{p.[f m~-HQ߇l8&z}4ԤGgрW2Jn d%=Qߦ[2䌒 E[Xka7ܣK&LؕVF1tDfR0G0ِ"L ՓeyTM!?v]SĉGe1 UOi4k"JU. חzs^7`U#Ƣd~Gl]4? ׳ *57Ƶ 6 Y8ޯ<9I,ږ8v~G)R||IǐH[~]cѫ-(xgA`4}#Lw=7}xQ*6tuh(mkuJa4rS^B%E#fY'$7D FfjFU{mK'O_ Y\aC"WOSb%Y1#DѯB.!F}'p~(`:ǥv`_U}3mןx{x|D%&B?x:1. 87;'}%>o)_˿4`up"<}3‡6w҅VH%UĽda{0^_|"+СAI#{)lAU?\ZC=y`E_cOCN0@H\2ڜY79 .ֈ D(}o&KSkDЈ@.Zr'[(6,8;{d7`;}JFh![]N¿8k$P= m,yOIJFFqx)y>n)wM=*g]}C>΁j‰>''CuocrJsKca&7ĽD>ebfN7h>9W3ǿ$ [~-FMƟhMv6fj2Jތ-#4xF+n{겶W >V V]nK3鑱lj!C"^W*&cD2m< {.'7pjMevkZjN啌_ڎxU7 SUz43ZDx{B7@wEpP*$"JO)vqcFQNt@5Pa+iyIlPݛ=%;됺hX`)E se Ҏ\Xlb$ΩnD¤%Jd`e+Ju֔ZwhD5lT%T`8R;[> [qNTCy)}]jxNȞz<|Y|ΣR6 Rv(YVGsi0vxp9AX@IzvɀC=t3ӀF]QO7רVUJz\4))1K(ό(w &MYa(2Y\׈ 6)vP#7/L5*0VfNL~ b/fѮsأxQ(C:X?^'Vr1m*6« Yզt;.[^/Z`E[γ*!(8L1Ye-:2)`t/! HX'r^ջ&5#"P?G$; ,ujEyWf|u0V`K082xc,~ڐ4Y;l|n]gb\@<Ў!YQwBb>&u^yꝩ[ L.DȳN0{v ,n dl)LezNrC mGqrIplֹӏ.X6 F?L (2$vYKoX,hn1JfD}&ozIѩ "U:kRؒ}&wwTs60:=&S}:t1:KؾӽFN[#btv 2t5Va}Jm<ᚗ`JB,'M {xL745a:P] 6O^ָ!mk|P`1$@v4C`ބl{a2bKC k,@,|d}t:o7|hAS% Dp&Z$FY(q.l,lag傄uyl3h*3zZ VY7GeI{d,ơZlVOL`D,D7)n&艖(;imdD9]XzerVuPw5000AmO[.1 U@]&y,$!0R @@aIm}ޗƊd& Z8PcWX6`|9HǟUseMi g~~NAfa th:r&9 mgШY0רzڐzԀYao߼zN)צE+$śʹ"䷟iRx5l G 4z ҭ|2?= h!-)ag@8L?2l'9]:$o WLc:4LD{ݢma?'钥+Ϡ /(cdąbߓC/@.0~s]֍-qb+=N#=KS^98?!6,,&TEYսu]>Tk`)bCr_K9L,cF* JhceJC>01LqzrD(S*~ >,M K`>CFiS,Ʒښ}Au*7NOѾᓩc2wq2  $`"RVҰ4tQ@SN+& ;57 qܥH&^p;SB:yrPFa|j[^%V%.ODӈa;QK<<1 ̞` P ^}]+nbt4X"P~+~ ! ͑9Mi- ^p njGXN^ߏo;f [9c- 'm63ھ}?LoJ?"JN2mz R0t? {nNhz2^%}>$ো('uӿ73tJ[,h#-$gtDƃUVndy fC8Ԣaî"FkB$P@&bٛ3P1I pta| ;6BElfmKrO.5Rto˺e÷|P5} gDѯ }MlBY!00&Vi@jPJf"rx4 Y3c-=`Y?[1M^p#0Jw#boa0ɩP*\D! Y:m8./M{"^JtqKY[2s<&xkb:4?y6d@<8咎ʮ2])K|CiBh}~-"8 s"|ò)H3ӹq{Z/\Y0Q׬PE8s.B3Pd18~%}qZݘM-0.F6J0^{Y "l$`<1E.M Na<ž~VdSK  a~=DWhsgRX FxN2R,$~L*zj`˃@iH%Dd>2LW<@n/1C5!jh+y;ya㺗kLjF7RǝE)a֫ߘ Sͩ0 c(BEk6wAݴOؾrN8Q޴^E8 iP$WrQV)SHI~BM}㤷8V ъ1-}olKaPK%.+>`wơ|{-d;MLZZG~b׍t\-h:J^\~/iB$ P@ȬEZs1=Fv~;Iwo?٨$IŖB.dDGq.PHEz1PEf78W5#JVْa_?PV}N񏕠M^_7\?'ižqTߋMLr̨\G9j!bkOga=tKIk7 \bޓWv7-+PL*8ǻDRpulp>cY~m;t;O=W?E;I鲴nZ:'!} +H,,ڃbHJA$&=a|#l;$=f_]Kx68Q>wi_T=xRa9ZGb5k@-Y&8J4GVu1xIyq-/f=i&QW#٢2JP\xV#R0JlH싕>m\3.8ƿvg+׹-븇bWE/OӬ~=m 4)p&SxIt@l0YそH"{kH}Qhxbbj@؂z\={3'7j~XEIXVVO7;zš1;Bޣݥ'Gn|-b%3,8{Q8 = PP'N&#2a4.L@1]-Id4|&>ST(_f&Ū4 %߰QOc|z&[.NOR9oϯ~#%ۀ-{KNl0"W){HeKA=+M?+3,* V k`r>U$ ` b U8{|J6%{A%lл?tj2X4\ъJc(.g~~=v|}OUJ :.Y>{p=G/Byͬ9u׸i\dIH5>Z1zgD&;6]XM?\f`ek3pzbCME7`>P*_]nBkvgjFlMxXQwJy:1GߤS^R^J'dcCL;l1$KBKZy|Qcn؀.7h7T Pq(B e3}3|c(!j+%dɩ{\Kzӧp}PP?ćdtlujGʔY<,1bIu aQՌjÉirjxlB C$C52"ҽŭ [/}:R+N^]IZ܆Ui; UvXY` 1"^/;+w~,zŒnkV_3n=U[Ido,NR1:~)@(I ktIi {H&޲T7o[JKRhvށY_f6 "KMz1:3=ɸ6CG9M( js3X/w$3$##c͖ 6M@վkJVSĥሷm[!%z1dkf<9_R|¥l^yAg0HlIYsq6E*}vAǠM”" 8X>8ʯ/-F=̪0O 6m`hm@-13W5"2Jjp=V0'ªN7bt-L4]V$GSiJ%4|FϦg=b-wH˚/ko%V* ^5|Χvfa|o]ʺgy꥿rX9<i.z?ov@I2װRˊ81+."ŝlI@$13md87:A{b2妝x~a ;kUMVu=ܼ@ƾ%G{%l L>YEPᕰ;%+Ӝp0SyȉI^el{q ̻G ٽ T:V4jᎁYnI,8Gsl-*: ׾,ɔ⚽8z_ΰ!xDnm/X {9棤797~qcw;!<zkHVٰ>i6/<%N`&)O!Mda\'qxdJy`gu/`?W,TY*9b u%$>aPD8S4~{SF8=,9nZKhLo.0**zhFsQ&g9=[qvVm!_G⏳hOmZxSEMj^ANZk*Lz-[qdހ cz&jpKoyۜdKoH߷7hK-~e8.ѷvKWx]_$IZ ,5[6[LLp0˂m@r9|Ac 5E}D V Bzg;&Ov|hb:x9X3S.YB&D* '2۳@)7 Egtu):Й }pPzX t${>N@zL i7wVsȮE*'./[g@Bl|㥗iX]c&1Edoo'm6 b~\&Sg _d +7e:["Rd]J(IX޼nz2W<ۢn7a$gJAI.umO1)B{nuwr\ȱsQeڣWsp}HP` 594-I=H^l??( rD-qe5I Rύo v PyIP`_L!w{'i]%BLKI%Y붲Bf{9dUS`Q7wDG Ѹ ;'H y-( 1. Lt"P#NwsҍjDҔ qyJ7?hZz3WL1q0U:~=@NO٥H]"2VMWK/)Hdr{J?r=hOOݩHIaaI$hJs \TRʥ/y&=$*lVy ,w凿j3f֘ Lú}a/ R?VD: c6. E- %p6L1#^nJ~:1#vj#˰AU@6f\`yn@T9s8E65-gF\Iv{w{RDd盀}*[@l zIQXh`I ͙N52GW~ŝ++vmˠc"bŧ[+ɤquAqQ^pL{9?[I^[q"t_,")He}9t&.lY8(V8@vuQØ0̸T)@^o6%^GQIy"jYr1n 2"f1cu5EԻѤńz}ؑN쭚ab_AiyGY5#|Aw,X4s(kNiLެOD^- H]ݿƀv.gER>-RO*m}~ EeXw|7D/o*jE`~f2T8UҎVXQi|a}ݠ= o`VZ#@5/}A-&I'*4cWeKvP3[9w/Vtq@suVFL+$DP%lw0tbߩVtFn,zg{o|Yw 2ȧX+ZyB\AF. :_'y$.`0mDjo^Hjbŝ)`SWu).Р65f9cM<~(yoZX7X.ͦGD{s|f,3s8 J|cOyt6Bo}7W^ ,- qsٞHV;;~B„HH"pX~|B3z|*vo|.>ЮI^G) jL]^a5N{@[$b t)©leh%=%y3Tm+\Vbq_A}> 6HՃuaKi'/9h׸XM4 iTH)%QSJ;g˭Ӈ1l`-|7#2'd͠ATu: @Ut0(I乗0Rt퍌l̝N7gg Mƿ՘Iʠ*a@,~}MfB&x{Ļѡ%Er)Lbq{U9]xL2jE5F`ORmGwGQQ^\^C>i cO 6D4IU_̝h!P3EJku\-Ux4%Xrע~O:E(.xT6#]_%\jNZاn+co$g
Rcmi {7Бy)YuLҶXE|0L!ב7xG/8 Y?GP PK?yvxv玙bp@{z]DyouՠRUl4 T{w^ W|++SJ/a%k8/*V좹R, Bhedxœ7SfG̃J\XF-dv wQPUP7IAcSஜsǃ\4$#e#Ig!PDpd)}zWj0ݼ:ٍ4eZ1i߹WXdž.}˞35SK!+n2Vkg*YFwg|Sxҟ9S2mBSaF'hʃ>5+MT0X.[9dHVaVMKbqAY&V3)-gohhb]n {wr0E^@6jUzA\2v ,)DW!4.axn1z'HrRC#RHn[vRߺvˮL^?RUN^#>Auo}phC d5JD#W;eZC􌱰BQ1?sq2o9']D] N<)5F0)e{aaipMڈtɽQN[76!l-q560t ѓ$: -inr5=ٶZd iS6}Ay%^ FLj xf{6>Cp%)1ԫ$jeAլܨŹvu ٿ,dFG sŁE Zx?I͔]U8u[ksXYຼ|,vG{OXV8*e{yN>F`ʜkrZ1ȉo|!ב=#v4-OR !'x}2,5TEpMk=du76!LMPE e^(9Kx p$}=`EeyIMgCj_BPf dֳ۪DuD(V9rE L=V"r7VeV ƲE !A+WmP:+%:Ζ1mJY9kc=O PseAAP<}LٻGວ&=:gfy +R]t;.ݭ|Uc돔}qcav?nl\06sxQ/V :OVP{h6`$9ZAUB#g7͗AG̞< *:N"^Z,[&vm2N|tI\NB 7 D*\j yA ub3ޅ"Ras{r5Ӈ3 Zq*Uv6D*B*g6Vj'%1>^'SHChF,UQ :o )[3HɌ.f/D!$K;&mnFᱫrp@+HR\g Bo{AN/IF)TJ+Vm[_UxIDD9҅W`%(qmKOό 𗑏nR3c:>xP'F CXo1;~u>:9y)lj"2&7*42CP (}MԨ'"!gR⎈ gmO|[zIX;wvA"G81(1@p@`ej/be9,ٙ|/^brcT1] keV]|rpn{W΀ I?by‚Ԏs65ڮeᑸFIwXf Zzs0znBE"i*. |-xxz&6UEbBF z]aGM *zL 2җftaAo J gUh*-xM:o %zfBHpx1\'H㳠CtY-Am%O?̺ٚWY㉌TޠKJ Eb<|v2zboѰu\8neDd =# LB%/ܳy8X0㐭{ '6u{/rJ V|´zܳ>~=V;T2nr_(<1;˺DZ_fyv< `Rʜ;6ͿoD?j+~l3#"*'qrЍpE:EiҢpoP 1q{͝oIJ5,RSi-?0 j /Wc01pׂ1KBI-_SHҙq){@OHaYa?gj+JȄAGg3h>FPfzT'|4'iI^6~)\# `*;Y 3TN.ytT F ȘXBB*X GnoA1>=(Yt%iEL fVoJfU QӶ +KNޓOvyԖ QԠaaG`ٻC>ۆtyQp5'{;nL‡x1|D)tZ3k}Ÿ[AI(˪A.wdM7]D&GJNVsH|v7Ԁ[ʿGڝH9FnphBt s4{c*.R3eI?鵠^c;AyfR2xІP^NZ؍]lNɎHmTWeo(꙲0STf$qcidsm{»=`o"($w5>!n+R^uR,[bq2g ڢ*09d!ѝ*jYQAé `8E+0b1~]!r+waS-2@}#2qFirg.K%dŢ7IRڥC(CZñ* 8l]cٽ3H\k2"B2zEonjt\b`J0N#x g!/ q '1J` s ؜sj#Cع1d\8qh@eoN}{EBzB>OŘ%1DzzV;dwA >'TVB\׃:,5,ꑴـ$GjA#۲_R 5@ZDŠn&m/PQsP1Y̺s9CQ;Kx$Z Tl`+6~O>Qb[^Sl-LRUӟӼh(ρm}?fTLT!0<]O=y}4 Tԍ-aE@t4D*O郪*t<==JjF;wFU]_| {A@i7űf-*yHmq-D'!1>+W@+𺚌~_?_гR'GRZ;D'w&1>4gOco3`oE0[$YnSY- jM?У<+f[b0Ao~rC]{v&yRaHa/™ k6Ժ08as^ S&FWBE|5D Gl^ -K⢲ޭFBb-d>hDmZlfc*ǐFı:UDboڨhJZ0 hёZK"&7z # 8D)=6qo{(e5ރ4ۤFT4X~j"렄7`f(Svfb&:Pk.6}+F&CS-qz'Y"AiBj]}y,z=KXDf<[RSh-eIC9(zuQ\ TVV?o_kq“q9 d9E=㎳Pn4*J-NF)ɋ\nE!:|S;w}T`AG▊–=kOiT駺2AR%8]s#ɥOȈh$Oaŭr.T?ǂr\?j{Er?'{kiW` /sJYƋ:~+:c6 L~D*1v6p .ڈT =G[RQI]pK mdDm?̏XrD׍Z](o |!E$CL n悹\X6.+D% c}N"ӧ5+ښi;"*I-*z8a8}5xt4:YKI9D*qA;hN>`d=H 5Az: HZ`BkuPRz$usxq)( ڴHrn,il͹wG2,A^Jxdaoeyțut ;H,PIoUןf> f(-$B"-|Nr/)hHv33Wȡ>iX;GIH ZH; @}mQ;aaf5rE&je@rQLu'B1x7>{oc@cN6(tL9~t{CT[7ֱA8Q Ǒ?8͙YWoX%mq07ġ UziĪ~(ZR?l 40 N|^ZWZ={PY?RϪj!qd$nO HC Sr<OvDvD+>iWw+WӇ# /rD+>DH.g&@,ue5KiʽyMmp;be +O?*'b$۱^1 ɆM[uDݭ@Ccu5&V% 2,igDf3D,:Qv%ܟd,,KG4G>$z-tPGZ̘9F0j%n.[Phw|8 3XPœdvg'O 5m2vm7x#Tt1ٝ Vݪ=zepu4 P.9Z_4!c޶9pCc`FHc놥p {WRoAH(UwXٞQ; Wqюo f̿v!o1{pwgw4#]hB; 忆vnxJ}|ܖ On-YܻBfbN՘XCN-.dzh+qA:UM6:L3<ᗕ gU-Nb$qV(X: ; z > ɚ3V./&hFs]$X!-.FB C+eI"1@iJT95ەr;]6Uu[}䮙hw^pljn#l]CSsc;g~EyxPh8J5K'̘k3"{{a^y[q|5,K={ Bň~r'ζ. E#mA:ne)QGy-%8z9-=K9md7scϷ~9(Su j.9Pd؊4G]f w[0EĶ17a#Y`@a?T`]X=h)7[Jj\jyO:L@D8$>g%q52D,Q9HR;\h?X܏"TfIhG"A(zO$T`%63YJqɇtܘ]D+$L`3w{pZؽ*B6ps 83~ABnCLj_N=o!< 7JI]Q"-C2i\[wd_n rJσ jQb-YJJ6w|Eiͩ"`?oz!,qǏ Pc u8z[nDxlmi~7Xo)86JY'_ѨE"ZQ!| A0 < էlzm#roS ki;dO #TO{-TtZo[pS̐v}`¥~*$-X}TJܰ['NГׄwSSA!C]d6jm'JMA^ ~@x)5h9q-cKYq;WPOsTD~ˆ eךtKȕZw3 Q_*R_pqH_1|Eҕt- סhG8C9WM5TFf|(qCH:+!_*&DUCRM蝂{h5-nt:S>jfP E\ + i _WFƂPNŲFYX`F3 qf=