sssd-dbus-1.14.0-43.el7_3.14$>^\ 'Ń 7>8X?Hd   ? *>\bl    G Pl(55 R5( 8 9:bGyHy$Iy@XyHYyT\y|]y^z"bzd{e{f{l{t{u{v{w}x}y}VDCsssd-dbus1.14.043.el7_3.14The D-Bus responder of the SSSDProvides the D-Bus responder of the SSSD, called the InfoPipe, that allows the information from the SSSD to be transmitted over the system bus.X%c1bm.rdu2.centos.orgCentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64M>M2@MMzMx@Mj - 1.14.0-43.14Jakub Hrozek - 1.14.0-43.13Jakub Hrozek - 1.14.0-43.12Jakub Hrozek - 1.14.0-43.11Jakub Hrozek - 1.14.0-43.10Jakub Hrozek - 1.14.0-43.9Jakub Hrozek - 1.14.0-43.8Jakub Hrozek - 1.14.0-43.7Jakub Hrozek - 1.14.0-43.6Jakub Hrozek - 1.14.0-43.5Jakub Hrozek - 1.14.0-43.4Jakub Hrozek - 1.14.0-43.3Jakub Hrozek - 1.14.0-43.2Jakub Hrozek - 1.14.0-43.1Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1422183 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user.- Resolves: rhbz#1418943 - If a long-running task (e.g. enumeration) blocks the sssd_be process, sssd_be can deadlock - Also Require a new-enough version of selinux-policy so that setpgid() by sssd is allowed- Resolves: rhbz#1405584 - SSH: default_domain_suffix is not being used for users' authorized keys- Resolves: rhbz#1404340 - Use-after free in resolver in case the fd is writeable and readable at the same time- Resolves: rhbz#1398673 - autofs map resolution doesn't work offline- Resolves: rhbz#1398169 - sssd fails to start after upgrading to RHEL 7.3- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1393730 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Related: rhbz#1396486 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0- Related: rhbz#1396485 - sssd_be keeps crashing- Revert the fix for ignoring sudoUser case as it breaks processing of rules that completely lack a sudoUser attribute - Related: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392946 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1392893 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1392896 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use lib64 in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)1.14.0-43.el7_3.141.14.0-43.el7_3.14org.freedesktop.sssd.infopipe.conflibsss_config.sosssd_ifporg.freedesktop.sssd.infopipe.servicesssd-dbus-1.14.0COPYINGsssd-ifp.5.gz/etc/dbus-1/system.d//usr/lib64/sssd//usr/libexec/sssd//usr/share/dbus-1/system-services//usr/share/doc//usr/share/doc/sssd-dbus-1.14.0//usr/share/man/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuXML 1.0 document, ASCII textELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=749b96bfcda6f01d3af177367c73637905712219, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=76a0e57fefb9fffc58488cc4b0c0cb15e3bca565, strippedASCII textdirectorytroff or preprocessor input, ASCII text (gzip compressed data, from Unix, max compression)((.PRRR*RRRR&RRR RRRRRRRRR+R R!R$R RRRRRRRR"R-R)R R%R'R RR2R,R(RRR.RRRR R*RR&R$R%R"R!R#RRRR RRRRRRRRR+R R RRRRRRRR-R)R R'R RR2?7zXZ !PH6]"k%}{&-򝍧N4ߠ6ޗnq2SKQxc s&$v%}:Hi ID1΄"KpXymtI*ʚ*?νR]K:1MZO>HǏe?L!b0#.\3K=uxK=7LuK8}(`}6/5 #P?m L`CJo\ RC F^<\]-/9y :#I a.ZТM_f7VqH$$9O{FkES !r 1}S`@^{b %klp߾~9ƥ ցֻ99𸱍?Pr|MW< [ kID噾c YIbPi'ؼ~Ă IAf7v> ^q\V`:,AI3I[/5mNe>k/y^áDcNtCґ ̴1|idO.$[ӻG&bD&2byd!I Y]$1ML7*W3T6~^wq;B4rUy2pDk BìBƒ')'q'CO&BPD urҾPj K_׏댹y/[ƢEw;u!v 0G Xn1Zbݧ~,~4 L-l rq>BD-kjH8U=GԴ+BLC>x©[P0F8-+@~$ܼs)_eX՗Ҟ/@}C_ ァ:5J!lct &>&⏧M2*mc1WU=U BFpi^Fz+wP^*ǟЕ\hB1uDq&_ qJ,k: :FFrc.>auR]d bX$ !!]($YoZt@H@E(˱u-*7R, l1 USEO# QAX&I=FݤV@K{F,*XYqDEBIł2Cçض`,7 Vy T,Q[ܓV14 BV2ศ7/ʝ%+26buݠ!H>YX>Q{s⺖״JdvItLBQvvE+mz"&r'@% zyj2Gdnbi¶L=Ц B 8iAJȾi6p -ԑ 1~Jgg]Fۭq} ~xrK9=UewŬx MנvxN{j)H[3dk0$G~g<2fmKj,.މ lC&QO P?kṜl4g7E͵L?5c$fYxASTOwt,R&-V*lP7@)1>6)*>,P)ojsL_7!4#1P &hgD霅kt}XJ? p7Cv&`6',, pΥ#DϏי%7;SbU>Jnɘq/nY5q""LU^zАeTL.i1Tw7\fX j-õƴ݀ 1Eӂ Ҕ$\jtA__v h;'`Ջ PtҤu~w:e ǫd[ Õg??i/|Sh4:ϫbgs+7ZOYy0O'ww$WW.+nxc4cR-`]> ŴGL\I7NsbǗ@DK swu~"OpOŴ-;2S[N .o>sl;]6Zw4;W/4ʲ}m6O?\J'“A񣖻hX 䦜+T{Og\2[/x:SbKGk1y[gc:ȮၜobVs3\+LsWJmOiv D"K 8Ԧ^; rD`}qp'{iL% rIqO)jk|x7hH.hMا|]zct_Eur=o"=)Z4=/wg ވ"^?)/nYߥs1*˽0r7-c 6@pa0=IOmqߟf _1 &֮ߵ[Ӂ`vQ<XSc:~F ;-.Q$K" LV1chKΛ98"wUw:1=E ܪ>x5iF_]ܔzs<<쯄f^Q6PB0[+}J Ś|^A-kZגKBK!h' wJ~R׻3mW- jjqƀK:qd{۪}PƢNZe${#gPfJqF74ZTv}z%G:.8a SmzFfhV@XWgm4Hd#P:G d$ʪ )BD2Tg+f"AyG]XX2qPAPЎ+XC/)y m4s u6C-e^~$pd?\bG=A=dw wu#~ԳmT ITmף3jhR>*dH~ jH+nfhEw#19CT$9QGA$UIYMZAG̅.dU1eXdBbgS<>TfkO3kRm (EPJtS[ԃjPkbjsXU +qLfb%MXlr-VѱVxG41{^eJOU1?EGہv B?ΟҮHvxFxʖ%s1[KB4{;u OuދH 4tFJo|8Cp*MC|+B 6U_(%Ԡe@AyKKtudb%SDd9f;yqM3+8i,A.W' BCDFII"RW\r ,ꜯYtfL#=l]W>2;ܷvjia0=Ԩpގ! (0Dy_W軾x1gLoln"^7.-vR{Jp6/X6NLdХ YZO;{}VYp3W8{7WRnZ%OU]["#Rm4査|BnL:cu6{sPƇεuY`Zk?wp;U X$gZq"&)Ƚ ^}LRk{TI,\8wWzZ퍠N>5|}8C{Wsy,AuG3)jѐ7IW"Zz;aMZ[Z\ZtmK]l2˄s: ,vn@"bؚƺeJ!3nϽm΍IM'S.=i1w T̩yxjL޺)K3%=9_H51El-k|E٧hp$]O^{ 1q~y~(y]c0A;D1QiZ[q*֦ ^0nIe?4Y:;l\/,XcIVsZ-Иjn8bwϕ~OslUglt 2&HV'D~ )+^yk`_{ c0=$f ~8覩~cXq]WEi53$GȅbRG v=>\Ea.nEPrSd}QBצ7iW]Q+J9p]mL)My7j-?v m;ѫt^؋=g)r^.ɟg|(: @śm|$"uk\Vn듭bPeycu냩_6*-HӜ Ԅ4@ -xs $X1q6zⱘy>B}a20^ np6}x7C2sϼ g@Fm3<(kud p* w@Q b-GȬA"lKUɷfU-5xP[N#e k:!& pƂj2s(9ܣ =l-[$1Ldl3̥k{|x! _>m6I_&-!Pj4MԲy~^ݢɈ,iRBF@kdd"CǺCR^fQX-&V1h+FB^bvC$™M# ^[ٯLLBqk9e+XVm>7K."c Gv/"vCLTW >(n>ƝۃNf$E޵$T%Ì'+sxlkq (*̾w]X1SRFqj~~UY:YC,.X^>Bŕ tH*Q"HuS gt[cT}c&"$P*z=# uANLW㻒;>oC'uK73/݀UTl!8+ ><ߵᐃh#vF|qzY1ϭ|>Y9Mҟ}tG^@9db|vՍ[(fSGq kP7QC_H w" ≠ L +_[>貽͵r%1X_Tk[xoΡD r}f_,1 . RVrD hq~4{Uפ{(CkS([qbGƙu`Qڂ@P"X*7 i e USㆋnCE$8OԖkDkϫ~}OMxYH8s.cV{JO\F7w(K),9'_(W}=$m$UӚ˃2hXezs|rtt4 m!93S!\fAH|U^RIEk`8g_zr/Ń^gЙkgϿ=dq Qluc[(朡gho2q/C th!u0յt["l;xE;$s:+B_ _x8ic@:iPPӋBwV A3^*(Z䀮Ũ<.oLJ-pW,a #q,tlc5:s65\)<,K|r@NEٚu3 k]F˦褃6Mv6}'FY7{>+wӞ-S"V7"1-?s Eίǹ˟X=|K"1-i~Y2K fsDO]?e oڈmΙD㢢h2DmFE1\L-ǟF*ڲWDpF NWHOKsE#ntXN63r Fp㳮\o.a  SիOIDfc;Y6$1"= H}IGO8)}<. q$sCXf׌:[!pEAx9kwԸYay'HJ_gታW@ځR!rX7cƊnAl62 !nt"`j--!wL"Ĥ,ͼEƊZc}7%}|v,wq{}?rg(GO4rq['Y yAK(_FY9KZaIQ@/Citܫr2ٿy!_ډ}ٜS'5 @Y^GLPVӿF73-xvS [ M"X~k+v2c~yg*6 `17ݤZ(+W.?A# k%P.!Q5sMU{ɬEaA'QK +$N ;4,:(u5ځ<";| >6'Tj/CJPX+N)9V(_hH>TS,CQ-s:Hؿ 5*x ^LfO7yIe5KD@]:<&_@+46F pgEK):@BGz/3He6'li??V,X9+Ѣ*[Dn g?= smQ|( -jv jqOb-9=˅lja\B9!ws GJR/()jl{AN-&'*y|j6gRBt}j&^k. )fi1JZ rDWޗ>1ZOYFI*x \y,КWK0DЗl"q~Z2TV"}^U!)9-YT*uN-6|&@>I'a,|H)AV2㱜El0.j2%["ڷTYX2j2VG'ͤn!8Zm!p|nջJDt8\v|5؞oFZMm"դ mX| kV7z,_7 t9ajgwX0Nc?$uyz|U.AO%6/ߩr  nFww{C y! >dwS|t&ȇGyOGisAtȩ&w93GO n|*ja w",oɍA;j4I0g(} W{3^w:AM?C{~~Ll @'^*(PB6[H~bTWۈCm_]@]=MR`f K*'}@U!ҷ&Жp!'j(KlyGmiCF ]2)fƈmD} D#[: nI9gZ#ڭď'vO~`8$~`}d%Z ⤽?Gd+/*n넇QGIco#+kYp~.snx>.d몗ߘhVEӲ(W8)cX2}?2jj!9_nDz+VӍA[t/.PH'l!{XkocBo8v`WƤ >5vd7ʑ_򳽰 ~2LF:ˍ J]?@\Ev3/uA#nM0k`ȳ7wEQF2j(UlGOvy9St͍ijFb>D ci6̷6_,| X8RtmD+N:'?~>􍯭_?8rZ"c;A[j lxA]E2|cÁ T"#/f:#雰~if@gQ/95B I'*5j36<'5t tRq^L-&$8o;.<5kHAH1So&E(r.}nĝމ+}t \@VxULc2AQؕ!U.K"u%˺ qTx7z"L+*bFK9(@&'zu.n2Ƈ- "5?.HKYV~_lrkx<%Té3+:;dX%TB .jiuBXP=&9Yӗ=4CL%A_QE*lIĮX,;hb!_Zo87HN%In_<(gťZ| QُO!)&rH^yþ^²|4yabjpg&rb>4$o|Owڲ`D頞}7Oo6)--N3źWGDԮA38xOIa1ڡ˲+"gϫ T/%&(ETؖlzv t]·:>mm{6=wCK<t-u3<4} 6Ga=:Gkܬ@J,WM F=-*2쎐˜ѵs_N/fW*qo_૟q^nY1yt,ŴW4F6 bdPդvu'vS !!LI NeV%vUԗ %A*)ٮ݉ p.s]%(%j9D5{=׏Q9sQq>X*0mK5{HHjV?:Lc>sLNj1 )l˾VsD|{l▻j qGd(E~eV -JS|[ʣyfx ?FQmm%Ej7.,t,NcH 4㦯`&mfXN4t2Kj7?f6٬zXZ/;B# ǜORq~HwﰒX5N~!孳mx#vHa<@ccĆ~sk}%;1EpHJ%=qjm-&7kFd#nmrt;6xIQ)UeA-9ܚqr52F<-`o~٤->VӸk[M.2"G d. 2.EFG&_LYD?=n3ub> *ف*"Q2ӧ N nDi"ڴYՃߕ*T&fqP$erQVd%HLo#rUS~ p\)<,N H6T5vZ׷cF+Hc xT{l׫ߩkLj<R:Nրd=1Eizkbϙ]!?"<Иx2\_*u UE/뒉KwLE.Iq=:R+tD;(@Li0Uͼ;LRv%ro4w@|ܒ7V am{o:489@(i)WWf-EAZ_n/8-j战$H>oQydU23~3`O{0o?4i!3RMas W­1fʔG}yb8%#@d/7s0 aw (1'%[hRg;q<:dZ䋅dįQDz2; 6 p n.NV[:Mx>Fww4cVpH1:qC'E};FYw1pXhpeKq) yWsDzs1dFc?ImVn"y: m\4{.}e,?=o+,7i's%W@asyt2 qAWTn& Tlv9=ĢEMiJPɟ)vYQ;9$Qr+sZ쨄 eC1.|uD~>z՜ge ZB ُNՎ`ϫ',.OFwx5E?su8{d, Ds gtYe%>!l{nG`%guILK0xWψ XSK%SY\ioŒt"uLnp=!Pӛ!HI1au&OނgOiOuЙ4rHDωM4b8kJmGG8gFbH"F!wK韫1.fR=?&k*=m>\$.@+qd, , XsUZ ~j2Z&N q3Ggz5xU`\ FU ]BM7nxU]!˵X&We Ğ ưyO)œi(dlCRJB~EC ,C3=h^8юӨ|C֥p;AZ j$CJTݺ^ld*d6,lAO&xA,v@]*g6,HOp+zÚb؏ZUPk2sCO-N &r{i]%Fe[DRkb':lxk8cOs7cnxhatLwWPCq>K%x4v*լ64÷jħ \ڟؿ/7$JJ*]A Hq~LV/kRPBw :4S2?eӁŠۍVw-–NbIO@/Y*OPpp Q+_$ċ$Re@z=90 KV5ssID gr)I;_F 5^ləB4&>i}@ 7:H5uO3͉*szvѷ?F>Q 8>d]2܊ܑ$KKc6{JM-@9 I0 soK,%mr qV@KŖf ͬ?Cp#wvHjڿULU5yM^Q_WMˬW!JqHb=U}ܗ-5![,IӦ\ޘM/q)*=赱YwQ9EN̗[o7зub@ʷlBp ;x֑zSaa&OCh9 VIQ1$@)$ V (*ݖ`xV.WzJ`rk-ܬ*}yh@"~<4^ƒ Eߚh屴q9}ljT>`[IVMBʌ4M֯Ι&#ށعcDL(]g.[a7(Ġ YkUXA8I 0\WQٕkg[Ճ4E}R0~9K-;9)E/=pSJ^%_ji)>қ,l4c?IEBpj,{7Յщ/H,%sN[xO[;=ѝ bz=`3;>6ީ@}i{MO~ C@z1e1 vxâU7BA[)4vf I܃pP^t囻m0 v֛CMmbƠGe9W|'[$W"QOˏ <`;#U$΂)WŌ%Ht,`O'Ӱd-]-:ZNldKL.yEm`]h_.VrS0zNTר[&>͏F\%+Yj?BBVZ]|*oy=,X}yΖUV\zwymB^ Ȑ9X#Atk' ^>ME+Aʎ) _ǑjMx)kO&Bſ:>8_7VLS]_bY,̷߉Nмu@t;V=MSKt1_뮙󦙠ѩ"{t}ϐ)R]|&R뢼;RXŶT"Fd֔3y*7rg ]Xg7Ew/\["%Pݝ@bt (R3Zٓ ɦ4eܿe$&`Z*"\kKr]&~V㫧߯eVTpK?]*S/9AuӚ{cYeu>}#e5:_Ҕ3'5G{<vx\/*e[(Ze:pN/YFq*'9j&HIa x'L@zwUV#Snq1M=u8 ɒI" *hKл,2]xH{>'bT6jDExk怦H?Aftexxp:Xp3G>PX"? GǛcG*FwT?ϸsۆ4]7 Qq tLppڒ;K98h־gTf }9>r n 4:n-t8O6&`MսDԳNGIZiqk^ akDY@# &nt7 |<4:y$\U+IeN@\ !p ܰ*r7V(w#TC8&xa">p+qxṛ~%Ϊ ܎]^@SI aϯ*( 0&juA%Z{r'OS>]JfFƵǛYnZ%^yJ[sI ú@ll["RO4Y' ?W dYG[yWǼ/ylq4~z ,b,XoMnW 4B+,e$W7Ԓ)GTxN@!lM:'} HUgט~k%^mKV\o?65O@$a\ꯚwOw= KݻARWnU0- f%#wl/Ts*|Gx՝L֤S-8f0k[u k|fы~fŚEJeɞr(iUߡkX LFbE R$0K\"])\2xgSܽi6,mTJtxq=[WvFˀt6u^c8(=٢&m+e`ТrOYLOgϽ%u7JHWDĉMٙCXe uYͫNM $}!gЪ ]EpӰ3ލ(oxq֟%W5 ڃ7"(8w J:c.9[;8J~.!5.~V0Mk '+YvocqT+]~ >\@:wowbD>(q YmŸ8xm̓G+Om1z)sY&zb{^ L5=G Mu_;^AI6˘y}eٴշ8 8CVhU> +L *V*&.mH\k Rb"Hj c;d:GQbrΡڹ{M4Ւ@[8B{–-&^~$dǎy;DtMŠ/B3Fs^6l4zfP$oc+,+t}5!R)yԨگg.*FLhe3t}o ђy9Q#4"2_+gs@/?Ik-~nOy1e*4NG\@*U.DI^$kZb>qf67ȕ0)ܡz%@Z]̺T&Ntu/OAWT6/$8-QL@ޒӨ$GD',buVi4-պC^PY^嘓51&ہxx]h9]H19C\Iy ŵpԥWx$}O۞2|/HYw"EWKw۳ H h"\ߟmlk GJ*í3=p2,3f;l \J4D]PB0zu\QuڊDoGъLpYizQu~ I˗uAԷK'~K#z$ F*~:0}י9=bň-W8!>ݹFY:]V TN8N wn kXLk%JmigzI$Ҥ u=q]K;.7*VY"&H1~߂ X 䥮<ohH6m@rtѦH χ#r (ϙ -1 ) *z@p)ZEDp:cX8ױבOwPn[OsUmdؙ{*%q ;W筱QUΤ,u,;;kCl~k58,E)oD#jX\YS'D22{[z-Dc:b<"5 "kC>+^˭ˉUc~f0LZL"N))θgq>=JZoj3Z<|*xsp;!`" v%KT 5t E0c|U{凼'T3GnBӣy^RAidSVD$ }_*)WIB/z))'%dm ) #PP:|"Kj\,a 0KݟB/F{cT8B1>}>MG =:(:~4lp"TAefr&gY4i9`G8^lEۛ 'Y1C.'{3׬^t*T."꘿u) !繛;*N2V:N7WbJ+#cH)ӈթgޅT N~b[u53s9X/)B#q29O4FEYs0$ %,`S,X5yF -~b1C5Ȅ7F0GoH@p AO'=nA5 S%9{= i bFt?'(?:[@aD=~hy.'T8I糊ږT)ST QSDpE0pX$pG)00&VP?|o6ߞncgw0 K/ 63%tTX<#Čp]99Y2s"3e77ͥ\ՠ<beWDpoX+' QZ a$z0h$`RbQ֛KŒwaes]KF9+]iLv]euYV{Q\FXS Կ.wQ WN s9&X [GDú?plA)X[k ~?g(&K?Š0üQkJ/^t O>*'R)S,z"ۼ_?s0'~xPH`m u2G7DFdT>f R+#Y+7f rA7T~+~K6R{7ڴ;ٗ62<|F&kF܉Hڼqx^1Mّ> \L |S)gDᗑ?׍ΨCyF'&"^~=. !!IuN522 Px;XW("в:H} 4/yMp (L(2 'cx&)ܲ;fv$5Do2jLj7d*b  IYBHlzI 2G@{3i;Grh܃CҪcVb> 0٩Vn<ƊRώw8F1SwCU48[.P Qcx(.D:@~>ow@StfFWtdni]]'8i C]Hq{2|`lתL0E%lރ7އŴvW\~+r P?0 Ƒ+>t IWDxddٻX 2AyY4Uk%{"5Ee wp] ?h _NG37@!i!Z#8{W_9A,Mba8&xרMA؝_]`xU$I}rC]R(wÎ6zM#rJG874'+^EG;<*O @+{b$P":2Ȥ?#4Q+t]?^кZ>/YP!iAi`TRIu[b{K0}Vķ k VNnSP2H;hĥɞiD9 ^Y+'%i:= Ѷ#q)E+#RD~T_]Dmf_->A'V\K[,2Nbː ȏdǬ"\ánb{aÔE+u%[ޕ?n5wCN]Wa(@s]u$wc$d"mʹ,9 kX:eTDcFB-1Py/H]ZG?nQ`$X=Tn"kW7~t}{c.;s8Q)J f-pѸUӚ7]&`|}3>İ)}9,/%# ;Jo60Ӵں;&z ЙXUY?V zY]smDAfRRɀ}SI~V0x5$N*// iܗ>]O5C:BAg䷅rNqeYTW-GxP״x'Œ8\xǸ*^pM/5?p`*Ȕ4?FѾ%W8BuO5ce$H@ӛIy ,V$_@oRv;GHh(uC>ţhz+o۾# \'{º=9!QjނlJW&ZġBUǣUkF5q U$oEۿf\OX6ea9߬;-W Lݎ1Ɇޅ+XyZpQmEZ˼s&A.7nxrj"JxKA))>ÍrGc p,r7cF]i2()ia*$L_{Gs3n8\$/HRAek 'kqnNXZn+BtB)2nb EX^Glϐ-ޣmyF/2i+AU6z Eك/ tǖiz"{w7kA* Lg9#ukZ,0Eċ )eK&1#;l?Nh^)؝O*jSXh\]y,Ẻ0 YIv7׊>[! cU`(9>FtTۋca)"+=@LK&_t<z~QO%LkNEIEK|퉞3bbjW!&is1sfBwBynݓ4m8Y5BxoSǁ>qMIlA2XQnq2r{~Bܒ"J/ HOB$ehH*2`Z^н8i)'5?EL0$J H/y3KWH -[I{KC4wS0 IUP_L?b,]z$tll'ٟ䌩 0fة'["C6 נ_bKt D00;6B/;>cPUq`q&ҝdgpgMe3`G GIhfu%tv((A&udΒy[IN/7l H 7Ylcf`jr'x>+>៍zo%g҄s.YփHa`K 6^Z¢e2 #mX h/$ǯ [yy%'f3ܬņsgS]eQpbV]_L" '~oLzl>X=~mC$c##&L)2:0.F O [ U:BԪukm6l~_8_Jm?ړL*褤u9\P`vԱӢ?yvoc>[RrZIkbX[z8y h+ um2Ѕ2Ɗ(\-^+g ЇE)8Vȼ H[ 7%:<9T )J?,\TG}"msk0n3шخZ>k/H%\MOŽ Խ9sLSeE6&f闸9pNR!RޅF/> sf)I|>qxZ~c04u3ўC uyESͼ,ȹ΂1|:z~ zfK (Ó6)EC(\}sUnz)LϏlűy6/XBP<|rIhpa"t&"8\{lr^, *7O;3=eiB,qNT]׎wd8Za"`,[uƚrv*MxSm&֛_utxE2b@ېd_A3Q/k*!gZ̚ u ;uaaBTJwMK% dCɪwF=(!n4X+S 1 vCXY>#QUSPMl3'^[id"b$pP6"uU vzfv8-B *_tRk@]XsU;J_"{ǥ}ĠEq{4'C 1h5 aܣn'W*5Ei+UsKlv GNpu;BʥjOg`W rd/Se=mxSP(dt8ɂnbr1#=;P)"t'qd@WFS%&O:=AAz֨b%\B DoJ)3up>j.?: 躔i N&G#H!U{nOaA(Z69 K]VdWQ2o< 7/3[UTL˾# =D n--]'(0:m/Xp5Dc"+Tc ! ~+1b$#Yxl]<aTE4¸r!Li zztɏ_ euJvĮ9ۛ&tV@,I"1 ?KZjh֫y%([cެ2yl (*:0sb* ʢ"nv9+;-E.kAqc@2dk,hpNɚ8 sCAO@m t@=x~PP|D +0 uGfg#xg*SVOv(uFh>%zɠOZr\ipi+$*RSE&:Ff!6e-|aMe4tob&p,W8Yuh 'ԵU:bOfQi,X}o0{ľRp'(@=s0,L炨>ڦbElHgeyl~TWjSD4e#mΘq6,I[8fs ,)QFF0zEë@O, @}AS itDDžᗹoRٚ`kPUUGAiinE{/UM;Iwklu#?˺W6ۋRkj[3[&n57n"%hir.[ݥQ%!gN66Wxow>:dmjYR^9bĻFQr.$N5VgIrh~Mչ j:AF@Duv@M[G6DZEΚ8h1o=.HJ\ IR۳z)4)dh:Y8QK <1 o XP4aC8&*Oj>F N1M%Wk2( <Ƈ_C#iPܱ^Ŋi $IC*C4kr-ktJaI9>,)T89[ 0Er2X!j.:20E0m'+= . P+_A2PȴvrlU )8in#^?/cc`Ck)IkfAL͙X'#9<2c9B <$$FR#&yoa| St"-($qТ7W`T=dzƸgyz]P==s.*Aj lߓdJCU@d =frQNPLNj $g}ύ;)&\x6م_c мKo*^ֻe4&[ C1D}d-r VT7jī{q3m&0R 7u mÚeּ YNhzps(_NTۯ+c3+nfuQ%3L`@̠  H+'E= Np]bg',oکg0:ΐ%GAB1v2$sD 6PwՊpWfY\! ࿃cr'Ej~8W47𸄽}8 Idn)<ɗKڏhbxF$`hY E`oΧ q:(3ixfM!UFm@?%L<*JF>Xbl{VxEz&C @Sr6Jϕ"&qc޷}LJߠ9dz}ĉ[*Pɐra>8 L])ɱdpt xoW+?]!&U8"1#?PjYnnKi8?c`C?iˉHodN+\f Q5gEG~+*z5A`E'3$KDdC*@Џ}L=;6ꛒQ.KWxʈ 36ygyIdڂ4]"Ormf!iFc5l 0BIkk-c'3BE#mSW,#EAtSH-d]m|,;  7;'6$!E)q?\{G{k< <}J+8=`ZÕH͘#$PlʤFn{ʖa3 :8/t CXdcjIGF ,G`Cp%lCO(R^LI@xO<Vh{7DNqW齟{4y &WH:y-n'ollN2Skܣn7)Q( Be /^ʎg0OIIFbتcj9E0-+Cc:R |;Y0]x<1i1F/|%DQ-5Eб+W8,o>j(CۺnՈd l' [kL(z}vz*:g*P|4 ([gުu0Np NيPNpĵ(Af:xnO|gWu_{&& UeF9gt?(< (v<uhL ];כEzalŊPuv5H8[s~Q^L aBr\~0n~w %_({VVKMDyeL/ ^B%WHaq\}jsz*=S("]H0'|{l{S)j20-[쒨Uj &~g}2WwK>W 'B(q,HøDQˍcAHx4=!p w=afu,TT]E;gEߟwRY_%#NX&7p8+'mmJYZG\ROګoPg`}sJAS[Yiaa_4Oy42nk?@+@!ߣ ^b-RŜ$5>V47P$A t9?F)W06y!fWOYc2iME}7C#{GG0e?J1O9cx!o!n 礡Gv!U,O7']61.U:K18ͼC yΘNV0 3]~DQMB1?64 ^IxrdoLW`.y}q¢%P2Yc sf\PЇ|D,]Tx"HoH)XG?m\6/ =ֱȡI&p%݅_!5@'0†AedB?O؜C`U)ܔ.{ia50 T!~^!l]cgg R0(810.׼7M Eo{=Ջx6I^Ԧ(L?Ʋ!}'O3rpaQ.~KyF裁&bZG;+ =k %SWSv! Kq|AIJJX+ m"zf%"}|@&6_5)ͧd(Ef~GIvaDinITPUp}je9W&]i͉VMy^S̀-J%ۋ3uũ} ժMko: $ 9xӡD@ o 6;`B u5G\ W.R} [׎xh\J N:$@ ب ɉf5j{ww B_匁T|f1 )b6'/:)~)ZBh(pσ9I%l,߿.6uJ1$ݤtpͦ\Q$KLvzM"Ozޤ2T!5Л|0#Oĉ?R?4W1D r'OyB#`ACqnmӢPN2+|cȵ%8NM,%<5N}:7 D >w&;ƕGy#BMi!B[qei Ov "zDfT辭-\S!5u9U#܏'k3zFliGbEZ0cNOB7v"Lb{L ˚njҸd qLaYN8epHИ|(_ FZl]sWOC>UW1+^9iG7 6>Zݸ^0dS3 ذ:0@NbL pyάKSIH|&;"Ys v\u5|yxϷM\D6ցl%}{0!6p7Ѯo]NjZk5,A\;a-aǺ+YUۛ}AZx[Ok_g"W$!^ɱ,iDRWT%j  xtDL͌MGC1r H=u4e`$p! wYÛ5lL)`g/*AE ;eTiQ{tcdž<)_)t] yd3m=yv'K<m(dBAX/Ke\c0MEXsVyqT~vrK0s(t]Z1'^ա|e6no j~仩Qt|ܽTr̮r%ݍȐ;dE+g}EπيeNenAGoZbdgd =1Әyu'fOXA6/da˚bJ9p/>S82PψNBnNLy6. uz;>T3#:-z"-Gc&b:ڞxE$WQ4[6Q ?)hXX+#>s>t.}*7| 6 8!,5TO@ <<[JTR}fy@mQGnZ BCxd]vANnRS++, TۈfRn18]V]O";u}?,"4wYzl(}.+Hyu Fsb4*2ˮV3^m"K˷&{u2zdJ1 %/LVMs )b$ɼ+G1FQ U3fɅ.Zq'>7qc1=YP@y^n#Vr{C{824{uumw:E/:uzy!k/D-Yjn­oVK;&MLW@>mbf KK3!iJњ/?'KN7&PQ?P É@>^z]'ZZ9J[$T6N׮7OKռ7zgKd*!o Ykϛ'" -Hz.g3 0lDȥ·ܚEq`$4E|mQAGCEdGy럇T\&5QvYdPi963ئ>/Hi,}nnUE|d"Χ+ $ӓ5#3Ӂ,4bPNeѕmbmt;&aTIw0S`V? %5*dcuzXt4Z;Eh:.WU\o!p=gb$r/ڡ%N]њgu8T^%gX3~z!JOi#G9e $>*DZ% rR?1{΄S.TODn   >CQhFr>V~խ\ p,q>F܌c +3xüQjzD.AJЭTN%!g`p!ʦe3OaG%pm;UX3 Z"JP:ƨ/C adǭmrb6HQh[4/]*3*0IPM7MXSV"RMol`iщ6\r_hNZZO(IӘΐ]Nȝj]#.iM/*B2;8<{ye@L_'\sjdr_G6V_F&007$`N*k:KߨXF^Jsףh `,6Jt7Jb95mT|tx\pҙ"^uNTXS|Y&DWчw<2+쇒ܟz<rbrrś;dлzjj9d֌FWU!nm :<-bC i2?)'N0N[LNS-+ۣ,-(hhO4kN޷œQ_oߔ+Q+<ݒD[d׃3#lKOs}^nuĜ{zP$:=c>02F1iEkߣ7iMȻͮ6_Kȫ\ĝԯ^?F00>/mZJ֔hζ( K2#^9cLbfq-Nz׊i gvb Yc1On]])Zj\"Fx;Âxv Kw8o߲:!@%1G9(x}7d"6tR f`~)=ӁĘ'N[G_r'G3̵%%,I'34HT#@`Ԝe hIÞ`'MEd\ pDf~`~! 1UXżTXPV3("lʭ`}bmGT_Φj䒝>2VKދݓ@)Q߅寁Pwtkݦs 0nڔ`o)8&]bhY@rR0%' @ekWPl|8x~FavpqݯIC>GXhb$ص5P]]|RHj:F ;`:M~1PtnC}to D5,E;0y K)8i=1PK>:Y-$'U/H};Fvz%SS?aemm?YfK@ߗvIqhUFc-NmA nct!U$ؐ%[,hՑ{Q墅7coc+1tj ?=BZ|s7] {qi"t`[Şs/j{{xb"S-?b:)804X/™&X ?/˶FAGS G~;T=asf;u*n?Q#rF0SE,6K'8(,lM:_ B)C=2|X.9[3HtS>p"Kb;.]7/&JM8^$+&8ɛwoDz(@gV~Rc-Nn%[*qօیe.iUKf<-WL[X20q;W3=#˕J4=t'V:x9D|CXo[$ T$׺?͍ Q2smd}EfDZ'YSnL ԹiNԈ4|4 ydpzMbp(bBDG4 owy- Z蔹k4Ń%(c;4'c3.#ճ?O;ESk:QVBcJ>xMV$.$] gnud亜b?\Ryl!7Eŏ@X\ ?͑F T ᭇhd>iaFGP*?R/JNs`Q -֖LG0a7/Xmˆ#R*0 HsOZȤ-=F Fz9J}>q";9= 㤲}НKFp!5ZK-a,nN' ==ϓZ_ڠ& e_2= x12[|qriEoR͆+T_1Eႚ]풰438f1>ɺK9KlxUs㏱˧D+*7 t% CAu>z"FK73[nL{R-eg=* ʼn.HJ|Zz BwPru[@Mld@1WZ`ILb/>D8.RldP];svD:$)fʮ$C6_!y&3[z"E"/D'#>}WI)i,/G O.4؀*oMVO* e1y\\4:]zُ15ɶ†ʼn&a߁4X-`nq<{8ٛ%J{ MS9/+\iSj\qa`.'^]$^6WLJP Ӗ6$r,󌇌l -L@b/w?ȯV[YVcu sejQ,\:Jպ(oiER^ydd`Q #x&Q BJuJŁrB M 4plX2_N@5$L%c<}: L#>Y& &>LYLlXc )mq}[8m17_x(EũFvQiQsEhW8U#κ J %qe &@ԤXdRjIh\GHYqt[P{e\Һ]e䴬ݘ_O踤V?璔w6XkP<_yLߎ-vkj#@ͅi.'vx%gy9YMz)Њ^:02|OT۷nnCσ*sfYرސː2"'$<pO+`gO/8  ()?05[$RL =G|`4h&5O\d{/~b8jϘIj;&8lV1ȟ,s.2ҬF^R-ڵNPٓ!nMŹ]KZ34,uC+׺S8Z-Cկ}KtL{)bV-NROhB)`?TeKX{Eu@ uG΁/O!bآhy=hJG;bX$9Aiޙj8n&x**U;GR)pMYﱝ+psuQ gCwJ .nUja%v~3 _G7fנ Qwt@$~3?V69}}%x'E6)qw# GǠ#J]J]E 8{He&,0} N5%HFmPiIZNES%g"3Kg]W7slj)4iH*@Uk4S,TcrqFK* cFɰ9/g&-hMGDWh^ _2=BBvAabuPK {4tC њRD8qcgq:2'Odһ^hfDxxy Ytg:vyJqBK'$sVm!z΄[n#i9V ])I?:Zhtsx݆+~2@gS*mh8OpAdđ?*l-Җ4ZsPa׫ ;;ŷ?{SuԷ^3sM|PJm}XoY*WlA;/gxA3/r&uϏ͔]fƽjNW)87xa*j;'5_)7nbbtM4^d鳄_2T Y1[:.=ρRc s[Lw`B8:S]o]%vtpY KrIд 5{_T\\o奌Z K5LfbjaGEq/[*G("Y5*2;vP",j<} nndP*-7-6hoH7p 1ȡdhLf@Q}A@|QbwPp fU97 4:SCinϯJ u>kwT[pjPanh7>Q#x w9Ci[yA!_L:O<>kؠE/7MGHsL@͋+?Ǎ`;9x+5ư`N&Z/=0 5ߊ>θk)E!~􄰍) 7kWꮚxR,F6#.aC)ߧb?T #!-@]ؚAAvsPȯ!y:A,n`GjAߐN#$P96LF;N .!Ay"yrE{en 2%9 M>̼m{)t{T +^30- Oy;C~I C7xv(%z\߷&Uic,wCFt`:F3Pȁpr.^!ܔ!e.뫫}z BkDIjK +jy$xM}!}=&(ub!%:M-p.o~M@7=٣EJ} WK|p@ڍ$ÆLst_c0$6~afF=k]d"0پ=`0ӄ"jodW}Jk$XVГC{yG)9"I!HMsoCڦ>9vgZrd$ocVAr.f-ǀI/望0qA+e^~l0rA# 3% >o4,LĎQDM` Q>IZ ζ_lZ{晽9ͼt |[L x 4w`Nba۝Ie Wԕee.ӃWil,D=8hy"Ie>4ӏr,R_O =F9@b.G[!/ЁsLӳ+6*Lf&}, hR~XExvF!oc'&]I/Xju, Pq`ڂ'Z0$"xG~\KײGoL[uJ$;3-l\,Mpz?ff#5ʽԉYPw#)HYmVP'|t rx q]dDY?{kKeHBCd[B^XiJ3)Ug;SM6bW~@`Qsf@Z3w͡'Bq!3ydwW7$ X 0ƔdlH UύVzhwL~@믋\%[W@_֛huUȈ d(\U 6@e4$w%!X 7x|}JX_~5zРAf V~( ?"4EZ4d<%!ZrMYsHq4Kif態MȺJ#oxjHPSHUM%2)ӿiuFGjCPFJ&dƵ@ԆrFctUU:/`qu$]da:כBdWPeE|5&L2Z6m쭩7$ &YK@$m1S\>!d5k) y8lt&u 렒{4 r$-Bf[mx8*l3 ~MgsȉESyޖ`iP՚o0i5bnA^nhFc%]@֌HuBu gڒ7tl%?|"u"r|zyj+{(?+S=5+ibWdN)W^BѨ}ݽȟ_@&/'qt4 ڌOcpzب{:,mr#aCF!5&2H}&;M6s}GG.ƹɻ!*qAB gj-QE?0!gK8;18qgeTI"CA hR}C0;lMsyQO<Е5p ru`f/?k8P`wzʔiėΈ˘5 7gUUy#I>PPԝÂ<&W 6icc(:xM'AܣDs>߻>QtGVS,|~NͿQB{L 8; ((sD>g"U(E3N^ZHyM0C9 ~.~#"y@]._h=.G)Po4j*-3ZFf`pPKaxH.5M jy@3+t8)|.'Щy@o2rE)J(V,R|HҳZH$.2oٗ1dT[8ۈSkՉ4CF{ltX#18^Xs[U(;K1}E ϊSpQxi_\ƷĄY)A:pCBw]t }9# |!{Y"f[SQMRl~H6icN~&;ِ>tŴb"8s>. 3ۂSL G[t~Iuww.1ݤ\u6/$N+9fA g.HϺ 9ix;aF@܄p\^IyBF1B 赚;a3E +"`9ǩlƘ-+԰ Эސ"ttvMV2R\M2)y&2.y>A"N&9H} !]BĂ8/5nM~{>>ggY 9,3MshǢ+" tHVr?mLe:F'[`.^-Z|NN1;tf.i({l2 PUأu"U=JV_t48 ~OaRt_=Vww_ژxOBQ>xYRD7L"r )G u֗]t7'sDH:1ӆ w:YFN{"62CvөyuЫq lwj+n㸲6]nsBg#N{Sq%d~Q8bYR* ]y v}gG} xSI:aeLt. oYNPE0[#MDB >Ld:5Ilã*8v'\dfyH u DJoӓ{~Ί'u7Q!l:,fgrx܊64e#֭h]M7h e NlÃMf{rC vߑӈr 1}O >`RahP Pt@5sw=: ,9Z'D4:( Hn@ɔZmk)~JBEzI(.f+µi)fUVM &,Ue.'fQ/ T}j-)PxAVV8& J񇢾6[=,@Mbzi_b#Xy ^(KA@œR)L6ICr9+ldW<]d^ l6OZnJB_6%قz&3CtbQ:S1D8 ф!*҇u9BdB=Q"aK(˦ )[ne vH1`Y< +vAPG6DjRVWo_TC1Hl!K=$>L賻F>Ba6jP%@`7Nx¬ oJl ۪UgZx {,>c~)IKp-L%We)W-يu^ܲ(aY6keuQ"NM,. q*9 Xd5׵OvDITmO-׺4C% 6D 9 71#%[4p?;(yfD9gϵ.{^g*7L.T4%%PʹI'9R,)r=omdsJJ댿 c`0R5m[$mubf:RB( s֐3h| q(١XWlؖ^Wsг*(7l.WQ7hֲKezBE@b4x9e *VC&RzFWN0CAۅЛ|Ar.Ae$>7-'H93u%gN}.tQnwe^ns.7H꘢Ý-⭳9 lC{; Ipw.[qt5ڒu!Ѥ%.? #++׃_jk> 6G7c-ej-2O1w $B <Ӎ ^$,?LAh~B3F3< R+7yWzMܤRZfFD\)1}tX%i;{m^aed? OKZ,4YRݖ2SmBNP(IQ3˝!=GU⥣[e}p9~ 8V.8 >űT5Pn|NmU\t$ryn,wdY$WAvY] %!Z{H0e\xnʑ-. n)TǙ&/+3sYT7/µ ?Lhf#Sc w"PYV: yu u)p!-4jr-esK eJneiʺNFiFT蔏mC!j[a\HkjFo™žFAϼ*q%q=p!^qݏ{IڍhX7i(MzSz`8:U(#Kv1 D kT1e.~v lkǣl ׭߁Oϵ`ɸ)ї&VcjB&c= bf.V@v-cV}~2r@Q{w?VKg큖qn-H|r%+He!ms޺ZCbT U@->%,)bg"Y[gw/LpÔ)~%cZdCg۬j5{!rۃ;}?}/Nc[ź(_vHW%&%qSH 2bTmGO!q%*&ÀD~q=oXY;Zj6_zz bv4e FJ>@8]anï#NӐ?>iۀgK?e"m3vyagIO#PkINh_®0;# 2F,Z^ + %k\I@p-XxRVC7U?Ap'1n]P݃A 8³z±mV)?׈Fܭ,puW״Џ[j׎6_ NAK0O1f[vv3\=ۄc[ۂ烚&QMZHs7rEMPf%Ve9Nd*=yYTpAnCU(b~l |mΏp\a:M@D;7 }Km^=Lt;lĎ5DM[x cDk3 \J"qd97=޷zvgn 3 :ۍa2#0,r'ao1^.K=p:z]XIL@\-|mgn F Ncr0 QӕzrB\MYA525Ŕ=Fch<@&dbhv7[Rsվ\jr'keYN?HaGN){/.?Ǖ3N$;eoܱ2LIS\ICVbqp^xkx`#B:Lr 5Z0bE22QSʘYnJorR($5oǁWuSF#|l[8S)F7 '帴 hN #d7q %eew*6pzVB٫POs劶5a~$fr;SGfg Ѳ"F뛯\əiCw TdF=C~ ROeaA^u\M( ?X:!> ,aASR۰g!s3gǤ'( V:D~+i9SK{B:X)@?)l3&[bV$Ď44 gO L/STE:-W[n[9S*_ZO9*s ?sfvmj@ޯ|]/CNÓkO&L|'@4BLxků0JgaV}ypG;Q21FpvkK>$mӪW?,`K A VYD; @{_JO)y'zs Q3\cOryyw< f(חn@.J5Tߍ;k%AvgOZ`.+с_;᳕rA4`YJIAk;pDE d@.vR( o4|IO!>]DBD:Uf:_jf[ Oe9_?.'U"İؽޢGKF&RXT#b5fO۴=,;]3+Ydزx'Ҵe5[ga!nsC1YZxILyG@V̽Lp6ܚG:g>$}pH2cFm 'v|>p9 ` ra̯z*YaАTہ.ŸE۔5־џޗ6F_p&ιPlS,`셅|t+7zVw)F%8tXoI WP_NL&EWS@)&rX-':ڣn(MJ2Z'i~9tW/?8[KH+l>+i zؘ4F_9!Hؠs"GYAt 0F$?22c>L#s 6Q:GlD1@ow]ARܗ֎0b]rA x^ߺRv! `J-¢9--}o=%>PHHkž7גNM*"2W#C+0Z2dv9/*Ko7bX,ljԑg :z__is$Mp}N~U{umF4Cp/. Y}b֦iX'rEVh=N@w᧖z*Hg7{[Q`&Y]"U:՛F@3]',+SO:+qGGT'H.#O8u5a4['CA'eTl E%z)́9d1! ʯ:(o0swʢe1,6,Jb}GմDAܹJ^[P(pSnSN2'o0Cz){P(Z.<)O(.%jB*k$A\pz?tJX<ԾJgcPLX\Z`y7|^sď)JyoٖncR$r%h[M`׶h?C‚ ? G=,Kڸ@ywv{ljԶ?=&xBklL)7܊ a:xJ+c_EށI_`}4h솗|=$ Ŗ#sV)xҳ[fUu7HuRPyV0riIe![+n )_| 8x {lGFCȊQ<8yBJߒAe]T>Ϳe: -ZB^0LTSp; w7y5U;N]|ZpS5~[<歏R-P 8 ҊdI{*oF()2Xjkz*L/$bLa1iQ PTʤ~ <{?kR*˷f6޷.Ed(;gްЙu&iB8R`$(FRG̪7L0KEuVt fŔ,ߟH6nnLvrkwB۸hr;؂A\.by5Lix/2AF- x2;v9vnl'@QIGi Hp[~WA8,ZjΝ 5kdtt*AgӋubӇnndiM38UJE>'l8|]*X<4w#}?JvmL[L%ϩHB>WlVv٢Qd29Whb)~+#m.A%XUq m3c"_ kIEJEjlVmɖh25pZit<2"7Ҁ9m&9S 9P1ib. LfZѓP~SOr !@y#7,0d\wVsAM!;Fk}e?$D}'.-U +GTFf'Z/y **6}xf)IZY6=5մvm-~dhy2ǽGrCKNSB.,DY{ԤԹUr7 F[z "b2Ő2ƆyEձmwuq([7aطq!I-Cuhf|.]vD帣 NcU;Siś T\~_A&u@_a[ҷ̥՘]/Xc2zoj<ϊ|E-D UN@qMFPD,n YzL9cfL<Ni;R` haR6ikI B]]h&99ⴴ[{4~ Gku\iqB9G[Q{?KxZ梻Z(9W!,NYJrF׿ۍ1WZS?R|Ebh^249I"Sa lN4‡ Rʭf)z>0 4i}k[ IGZ9 ys62| 'oWE^4A^_02^w1ǺS$J,$[}.Wϭ)F%bQJ^ْ$3F X#텳yy,U#np&Y Re:0DՂڧ)]^CNc;<1AɎ<>(Xa6NUd4N;!SGvw[r#s{hafVBb I6U2^'Gɂw_||-QۊϜz9g\ Bzhgq7#rZ2V@q'W^H ;X 'ooiwVP[!;Hb$6mҩ)\Vlx[5G5ˀɲM) vc1L}tO a쬝=08UwAM*1ށ5 4s7?8*m9UR~Cy$- g<`UئN f;Ik_ L9$PhvcJjkGz[|#ۅk?ָ*bUVh{ϡ]Bb pW 'Z+a/w:z/sAV_4/P.w΁FNO[(Vp{Ei*+f7@. <ЪmQ3_Uemل'orvȱUB.X+'UH\\c.f_Ä$y;ևm#N Ibҵ'xQO QV~ }@NPw1 Zp ]AgZ r*z>@Bn>gd G0A^5"񿛬Y)?,6Ny)Y:J{J,scbquf bio%Xg PDTdFe_ow̑$E藪*'>!̓FK%H' CD<WJvECأ4}45DO~a)F sd6?q;U]? DK /z _r'Y{UGi\b)MR6L.1Lه/LPC><ވGbЦ"pJ"2 {E^vzo1ܳM☴PWcYLEsi`v@"0ā&߬.3{ 蘒dx_G  BpVf)e&2y&*BS+Oc(+kDѷXaB`7S{ yEw[ ?k_ٸ\2+c-ʁ`Wn80v? QDf0xǙ)fߢ-%A W rp[Wi jr^C *pN\*hs ȁ}ڭߞþ}A Q;P+yXxfܾUG0gf;W=BAk~ɢܴW9W.@F55#f$9WZi15o $&]BlSSԾ Z x*%cf0ON ,u Rt;I]{q"OijaU $MRrF!+'P3f5fiz)0߶S$وM0Cy~u{[AZYMG+#!}kCml~&PJ1_+֚p6¦΃\T3 ĪG :$VYvf,䌔xl((]f4;mn<]-6`&f5qj۬YS4\`6y3ruU|R~̘YENтhYF Q`Ý,N>B\/?5kGtTIh; tHRb6d~H+1AA}+Ik:Yy-]^XiUHZх12vbvDz`P4Ȩ%h-ΰ'Qν -^XC:J4N?PcbslEHej vF3YOVJ憃 pSS\,3jT FȀ#y#V&;8`9ko3}TxY6ɴqV]֚t#bb9ޓ.7|4 }GrL0g, @dPa9O/k&{ !IVK GahVqDv& mX"{ 9Sm7寺;ݯKc9nQHt7ތo 5Wi<|>ى{4oCR'T?4^g At%k˗wt#fjA^9CL;>%4E=9 >gQC*ZIo%߁yÉya?qs{N4"T}+1|- [nq'O"Enh[Pas>)Kle]ix"+_(= %p%/h,C*l6ӕO3 !"^eH`ިn2]jƤ\x;][}%]/YPH8o?{}TKzBQ >DzE{9Eāҧi/_5Knl""ڔ(-uD.Nc *1 0WѠ>tδ`g6@S!ZT(nG~OGNc泴N|Uߨ"J3YthMa\Q2e`$ W ĔM:љm9ke2?׃Vql'~yD =Zo H~P~aE*8V$Xt`:hƩSHD0 1Qwt՗(b\8۔G` ђ͸7pԤ'C*BV?hhRq5j=1KyL 870鐵ǵt"w_@iǃ A-ioJϿ_~U];rž@L6vze<}ݥpTN x{^ta C 㘰 ٞv/FX<̪Ba-.d/#K%"z&)_=~ĭʙ+8oȏb"pyBYHZDNpkfs̩q4?/bk>߽PиL/\AJr$\Ʉ@>F@~(RNDW0df.0@,40Wr MH[dnɋD@uP*ka' u<KzDepטMZ^2ݖuR=(00ջtS bMjߝtڧ2\#2}"xcט*;Ee<: Ԕ6>uE fU ӗMc("meST bgIeg ~_:}NיKL5a`!=g#+8ko?1kwkX{~=bс/Qv=]jcEzd$n =CQN-QD9+ksU;|($),slLngj-4Esg%x؉{',~'} %B͓ ?etcdxb{@s|UǛi@l.TE7P!fPq~c.)hݛ@)Vg.54|d /*1-\A G@y'aSM'M˘imXKE.W{v Vا?TB g!\Le7r⌃E{}Iyve cD"_qU" dBsopͦ,rѓeZ{rŇyfLdwW8u7=ޖU״h a9Dy{P -W EJUxsvY,&6&]OuU9׉~a2O $SsLѓ${GxOv`fF^+J,ZVze4P yޓ2RI;֨⪄afFAhr]yߒLQkh[mm̱Q4s=qCk\R43*SёiuFVeO*c|?]RLrDG`s^XzknԉÑj4Fٓ~!F*_ QCYܗɢ80q1Y \} "*06W 7q?ΈwkS5;O Dm)0=#*A#=ߔ<|e 3Qls" Ufh`99K3ZP0ϲi|Ϲ,׿ \*I} l&w:PRf)='TsY]lM Ak!II֠0D\X!@,/+= S~^rVG &=AwhxT)F4 e`x'ա1lcW4\ 2 ~^. Cu&N^1fjX]2 gLDԁ={ƀޒ`.ćOʥlĀQy!Xbm3iO_m#u?UMŀ-ukWE.d' }UIv$A Lm@eUL+Ytc]7yIJF5(G)R*@qBW$e0@pJIxjz ^TRhOP̓@+\oU2&R׽7jY;-I oYL0%B]8|M\תQ4I&{n n, RC"ܷyߜGl "qkL} 4R fKӝ&y;]O[N2aC S74N.DGrexE}3PiF[<q|V% pfW}iKWZ  3orxHc,-NA8ȹ3}xC)pT+& iR\߾zHJ= EhOffi.6pU"ϊVYIpNk[e\E2P ܮ73a+4!SԜY"&VyEP :I wF3!~.?-M1[aM\-uWzOp+3!5R l ҅VyG RgZXbNoptԯPg/JL=:&J7- ;WuMKeC}#%~!j|jje@0vԊټٯ&n4`_7||}Z1˫l:s)%q_PQʹYxܓ&gWJٹFm*Q`T _[z[ǃDMVj{QZ*XYAE4{z-#/~D*fyj'%uB@t M4MF'Zq|pၱujٝ {gS !xw܉'K  ]l riUNf"~'qpzpۗ3Wڪc)W8le>~d3WC!(^[XBuZ 7V\Ij 7[Aײ/*9vd _4;ӛ-V{ hsEk+<,%D!EeY( ēprlC= R} cI[EXh4bp6k 5dguܢ G8N@ YmsíTs1GqԞ#>8aL* d"exh\Nj #4rneWX "aP|:Q~>d}OHvċz.?0Us䯇J*)' 5cPH(5vex # # [:eM EcinD=k}ۺigeTtqey':?B6*}R0PΧ~δ rE㳕99PW iȶ2m赆jD̆HZ[bQE]}Pirk̘Z9!e[p;ބ ye?xkl0e2'u=󻥟V6"orҕn˫:@5!ם+_ՒRE\0Yv:w?$' +)Ug"ҥ,F$sR ,ۤ++|M7R̟.;G<-?X^zT>,@|% dkRr^UyԾi˙K-)5XD34dzuCn+S_k<-_{(V"Yz2ס/(6L4j`]|u 1KJȹGduWG7@L"<Á4[g^6j_CcCˣ?SA]Ccv!U ,ro2>:ҁ^#gusnA4pnEUqSs\#@ÌAP06Y/m,苾]lQ~ 8Ћ_qd1\(c_ e”m:pbn4`;?cSCNÅ |{MYwRq0] .N)` ' XgrL ˾4DTGXmJ3"HHWS0#a'M0^4<-k1Ԗy/GPd\65U,&LE% a[:l%B9 97XuR'e)0Vd;mY- l.vްﱯ2@4 dV?Lhpʓ UKsMύ[]0g]B- ۹>OQ,cmQ銎TZ+hjnœʳ{*fŭv/+jFjkFP.^r$S*mHJ$K&FSF|a_AAYw.1 w/e`Y+ CYƢì㟑Z6a)gbsb^ '$\]9/׿ 2!ͽJΊPrDъ=\" K FOQ4ETj> IQXwʼn%?vDm̜/f/Cܵ^w)2؝2{-{=R+q\tBEj4Zgo&K>,;O|F QWGy(XBX}\R*!ʋ &Ae܍JM^@Qbd'I ح Sִz1]+2|J=*a/IjƈXAKר7?yYE(jcWbp@q:~"79HlV#aT~Kb?6n^LhKTlg_P7h͋M;H=~ć!eQ> L>D'cP]-7\` *Zv w0]A.yEPb|2DmC[J`$ACܔFEZu1a~M6.o,I+?E[.A\x 2%y");N}V^r誗mM.A4˴Q iaq83B$S/3f#V&9\D|rMFQl &ǦAT;֭0mr3s2\ $H摓h7=rC@ٗU:E"ةLiPAG+D^f ?i՜+ZcY޽bw-b{ѴxP-h㲷QW@kPpR&z@vwU uehk:HZ i֙d 7Φ L,,EF9x }*SW{`?) EYZ365oʓyNhhH.<|ڨ`5b#-V$Fvf 4&F]=)P4P}A>|Ir]IL:M4BAyoM nVaYg`s-ۢL`ïBd]%bPVb0] t-w[֌θDr(C:4.?Xd|0g .S`Hdgy$WPB3ƌ̠|ZI:ؙP`%-<(^WqD­kQBD!-@UOޖwf*OPs50L=9DǢU*AhvB)4TE>O~-ٛYs uYn`@ecL>{`.Vev,"K=b2Vu2xuk'ϴ(OfA ?s}kɳjA)_hp9 iZv+S8@.:|- ׊*攜o%"șRmOZ\4ASA\[s.=l?|YB6;_́c [e#BO$H|>0 <l| QO:k{W{b4 LrAPlWHu>HZ+^;*90N($ǝ7ZȿQ460UXkK!E27:Dt4mjN_'u24N:ym'OT|7 c&X?8_:7[I繵/bVib߷œ6jHwm;6~].tk||2;(n{ic8Bo0/^+:<'L,11 C*AL~$%*?Tթ"İY&ɰ 3&+""KqRn}cߵ>_xpgk//A& ,ȴV}Qgkȇ"QHp&S[`9,unR4M&HI'^ЉES>֒U3xS4^w{XLiyqPrquq۶͓ih4DDE)줰a4I>hdQ:! Di`N7Z2rU8 iolܮ٪n 5"PGaѩKD͇Lϥv[|^ 5] l? f$X)E{yx™ez? G_%'Es3ٌ-I3#˰PEUQXj3AS8jTkh_OW=:h΃хç1XuXD"Y#Pe~ۃ5e[?XN Ы YZ