sssd-krb5-common-1.15.2-50.el7_4.11$>ؔK_m/Z>=x?hd & a .B_el  ( <  5Np$HLQ(`8h9:i=GHIX Y\<]P^bdefltuvwxy*dCsssd-krb5-common1.15.250.el7_4.11SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.Zx86-01.bsys.centos.orgKCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdH1KA큤AZZZXqZ3900ab73753389dd1dcf2d66c43f5fff48a90fa1bf61aed4334000b164ae0e2f5abb69ce0023c7541f4e92d3520cacb03201af5bca7efd3dcd9916448d111b868ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903rootrootrootrootsssdsssdsssdrootrootsssdsssd-1.15.2-50.el7_4.11.src.rpmsssd-krb5-commonsssd-krb5-common(x86-64)@@@@@@@@@@@@@@@@@@@@@   @ /bin/shcyrus-sasl-gssapi(x86-64)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcom_err.so.2()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpcre.so.1()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libsss_debug.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.15.2-50.el7_4.115.2-1sssd1.10.0-8.beta24.11.3Z@ZR ZOhYZ@YY˒YéYzYYYYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50-11Fabiano Fidêncio - 1.15.2-50-10Fabiano Fidêncio - 1.15.2-50.9Fabiano Fidêncio - 1.15.2-50.8Fabiano Fidêncio - 1.15.2-50.7Fabiano Fidêncio - 1.15.2-50.6Fabiano Fidêncio - 1.15.2-50.5Jakub Hrozek - 1.15.2-50.4Fabiano Fidêncio - 1.15.2-50.3Jakub Hrozek - 1.15.2-50.2Jakub Hrozek - 1.15.2-50.1Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1516700 - SELINUX: Use getseuserbyname to get IPA seuser [rhel-7.4.z]- Resolves: rhbz#1530975 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules [rhel-7.4.z]- Resolves: rhbz#1525110 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend [rhel-7.4.z]- Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z] - Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]- Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z] - Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z] - Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z]- Add a patch that was missed in 1.15.2-50.4 - Related: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1493916 - Issues with certificate mapping rules [rhel-7.4.z]- Resolves: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1482927 - sssd_be is utilizing more CPU during sudoi rules refresh [rhel-7.4.z]- Resolves: rhbz#1478252 - Querying the AD domain for external domain's ID can mark the AD domain offline [rhel-7.4.z]- Resolves: rhbz#1478250 - Idle nss file descriptors should be closed [rhel-7.4.z]- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh1.15.2-50.el7_4.111.15.2-50.el7_4.11krb5_childldap_childsssd-krb5-common-1.15.2COPYINGkrb5.include.d/usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common-1.15.2//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=6995d4e92ac35fc404b0dd5ba3292d7c4dddbf1c, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0fb3d7266b57c1c5d07c7f3a820880df7e5f9559, strippeddirectoryASCII textRRR RRRRRRRRRRR R R RRRR RRRR RRRRRRRRRRRR R R RR RR?07zXZ !#,r]"k%>eN8\7e|F 03~0-羔b|&FiӯwgZ-K~?9D{c˫W_W)`2Tz6Nfq vؗȸGP䎍M: ު ~X`Ej@g2YArRoڃ1|uvFp[NgǠ~iF5BEfc{5fo=7R+_qvܔ&rv18teg\vqY%B?UP;\wwK7{ڈ+籆γYLgxIWOY4684_{6|`7Çv6:SŸpƒ ]{T(4VI|6Tg9PeR.UBÂ4=Wy;T߉u>vb)+V):u\Ίr(Uq"%(?Ų:Ћ}fq D6N ΠO*NP=8Hqpq"ߣ*ʓꌻ CZݽMy%hd28tRR\/3)ݒ-PU K޿K(x*_9sm=R°:AR :ea83GY6jSnQm }!}|^F[}`qW!ˀY \*^93qBBnQ,e.NnI""?,&s`Jbvu#޸s jΨMeT3|ydbGOW\WjJ귃/9 sG9!Jm!TsV&c{ I+KosaB,RZ-V OӜA@Ac<.XO| LNn7%k>uI,\ ýRм;e5[~G e ;h8E|Q,xE*;_"/QnX]D3/ n-!:RGpG1V "V% }o$Pz ^?=&ZUj WxoQq5-d"Ŗ1ۯ31Xz trT)`mEԗv~ѽ~Τy<W=~SFL0w Ē,t @u̿WgB,OOYe2Yٶ26&z.CHJB^ ֨w][E21OmNjHC='.""jR-A{nJm;(P}HxU1r h*-uR q'BFVI`+z,*V սOz;w T[$R3[k -tG8Ux-blxKik>RPTB뺙; ;b~zd ~:ZJmmLi2jTnƜOn~4';V;gѺ?v d8o-KrU'HM? )|W2vuB`k*N-kP8T !> lODZbC^f ŋYEgyWү ꣦' [Š6F7hd"6r;&]3cZewۮ7D(|yu缜t]F`U #H7.6jp2l!FGSȅCH OeUݤY Ϊ.k% v;1W75 ڃ҉ 8T2}mdD `֩,ljȸBQ]1: M^֚~֝Us Q9ѓļ]GpyFT[Ld9䯻EKyӯKOgøjZIpvv]TF9-ʕWsg SFn^@Kvѣ֦Om-Ez ^Ô:17xJc?BJ6a p{MT|g c//ERe HTp<$\+G,N yWx2(BuKִj∟s6.n"p8i96MK?K ݻ h~F[}nQ^V̄VU;ؖ5q=wfͣtuxP-}"׾l'BS>ܮ+^ ^[ Ld`L7{TEJ3N#{i+dl؃> |#Ա`ƈ:(MzEOeB!TsCxwGaϴdKa3ZjjQ[PWv+8l=1d&&si5{)euG ^FFf 'B7KSg)ӁErc69Ras]"$RH1 i[cicTnJG&^am+52:0 _Yًƀ ̘o o箘c60*e?4` l )5`Jef ԣ֤)qҽ0ojg6wOt×$vΏW_>R|B&{tk1.QYVc*1ijrGvS2D)|˿VSda/bdŁa5.[we8u›ϝd8楃T[bBMr|\vBfY 8Z0uClH\A0|8"_IiI5}q1gxT@(]zՌ1Sp,WRiF6k8Xo .K zw/3|}C48,lܳAsa2|+8}6q1僲g__ѫXԬ6;fRAOF\|],&=h2p-աpK٤݋H zntetmk!=ݵPܣX1XR|bu9;642.FkMaFS܋t?n"[{MɮJD4rycK6X2O6~M]dtl;HNv'^aj,E#W2{N\o=w? ֎F ee !t@9HgX6C!]Q$!$+=Z5Y3bӲTÚml-'34d{* 0 HոkBj!WAtlX@VSV#E]hAhke`m\).qrZ>GHK)J=.wn ?㬽|}l"pbZg"bB\$(ǿ|狰qJڟ$H z.Gqq|;-fw71'B ^s=e"tj |rdޑVh- i&͑ j(UpS+>zbŽ_ *qٿA]TDQW;՜sʓU:Z ^8 5Nt{ CQ>jk+J-YAHJeņٺenv|!1]a/3^ab>3 _~ɠx9aLk^7"kͻt)cc㨄Gyc)",8b2^=q?8Km>tNLBe~!rm27G.s l:6qtHnpU=Yp*oܟ (r̈́jcշ8ɂGqonD{HN{ \=FxC 4\H]>:!\EP5=|_s̞|Bw(NvFeҚۋ}640>{q)AJ"3]$s(>n-XP(].n $+!nGH!at\03UkdحӜmw3My)`d琗n9:5%/i]3F̹Qnag2 a_+&bIuK5UoT;?:ݺx~,&Q8'g9vjG F03+q¬ 2C7Wl$8Mt M*n`e[k;+mJiz9[ޭ+51Yp?DfWtɟbh\<3JϏ R.7F!Tj v\qZ,n\}._q@#2V@(r.@Lm1_;5fEơ* 5`-w9:!!^uŷ^8~X!x0b,DX77oTR(#f*i}gC5ூ!!]'L6~2Pj+w9[v,)Cɕ*OpfZ[s&IA1rT˖k#J+aJ>Rs'W#8F).S >Z(U߶Pxa*26iɶg &XpT|sYA A~+ze ᾮ}$RFo!Uiu,Q 1{Ԏ@'>O'*L5aG+ao*) !9:cU` 4W7ߤӴ;m: gncs3K5Ѩ/,; ,L]{`Od36Ê7}kNry biO/ieS m&Co>Zh`tFHYPHrKzZ`6J[OpXao8?vޣ],B}abH@ O r bt޳NTMEAj'`p$gHSl'sCGw.~TyhliSBj`c@mv:7#;ϖCѮ;E&!S@Pv?}Ig3Qtal㭴RK5ldw͹::av+xy.8o, 옾!V`l@(kRauEVTe(& Mh^5;f׊#Β}F3HLXe<|zb~Nbv6hI'FXpWR6hZZ䵦>;HWRs">xG|^'b@1 7m ʵx$wAIkHoݩ/āv^R6AL־]ƫ`\ّg|WmO >t]2#ܺHWo3~cgC O*$/CeM1hR`fG&VP/!T2TswT.5oo%%b.3 3$0U:r =z_4#;tD{n`>ΕI[0]q(*c'Tb"}[&J#hL΁=yle5ƸKa:ъREN7T+-,G+׆ z^ tX.f8?lT~oz-0ԊLnca6J|KhIJSV.r."|: 1-x9}\fMZ8e"5>O썤?8vVG';GiHVT3TXՅK4\Hf_J}P:!Zb `HRm[ay'Sa-|яͽb[\-`9`rXS7X]328|S K/8 X\~l @%L#5/Vߨ#"kB%Offw!1-<}FxE0K lH OkOa_c_ r@bY^-.qD#KGտr@$4N_AZ507/s+g ATצ[#Zڽ9mr,k+ZX+. n7F0)wuZ3粦}p+\ ft5O15yJeoEA[3 Ѧ /8!cID"J1:14>V%]kUlgS{\|\XQ`ِK"BYR"D"v.`׏SGԋƽVr>ޒEk N[MB qtHʷpԣl`y?)v<:aXYZw~- 8^wQ+4`ՋKBg5wYn$~ F)]YPd1;Nx-{#TIPR49Fh~wZT-s Ni[X XCJ(D 0XTn#AǤ!3@#y%Q jt1)6K+[Nfk"/Uro9`F(8>ɀoFGz=݋+&3 @ȱ"T4e<_ iBgУr"/1MXNq0qTTiJXƀ +E (cSp'Lˋ3׻ygeL7.E%ЄlWV4^K[I mrm,BoC?rqhgͤl9Go-H]  ǭZTYap4t} dڟb%ڍΘ;Yjܒ f)bCT26gYٿ^{YC7N2>h~`xytĸId P~zgA[d4)n%G ~;Ur.Ԩseڡ}Y+QŕAJҕ/nYw*C9->Qz|SRGMfiVYԥ4,o}'CN?>e{Si/K Y2\?̫FNUqy*F`^X݆NpSƠn,J CS=`w geٳO:"b .wM6ajfn ˲qh*mF1kOqMMŕmV.Û z~kcmk ^&`6ˑ_(z?5Er2%|1["7K<|ɁMbɟ9gѿa#/K'3΂ZWv9Jq(7ZBWO]O,ڡJ_"\RTN.++?#⋄1;K2J$,9+y8kKZm D0gv#iκsbf$/<ѹr>k ЕLghV.SΧ䦳kx0Ĝ4|b*TXqZŗN瓳A"X~+`t{wXXMWl}b2sQڿzuW3iQd,j@`A U2ny JakEaU1=3ew_Lhj\ {D^p`%zMկ$LѨ2&r!ݥs -%}razl^BފZ.w 0Sl`qDt(ϓ{;R~w$O&~EM%U_At.5hzM2*t#uGV M_at].?񚚴I=_L9޵h=vnӦ0a!an XuƤxFuDS6M #O૦ؓ`)9I}P!~OQ .r8v_h9/t+vݴ "OG*k~CSQt7v&܎Fxtʗ 2e|)@@^ƒ]ZU y}OgύV.Fim(?nUR0M~ϸ ]nN"3.zR3ѡd{ F^h<*,J z~h%PmOUّB~osep[o(MB{l}A1[>dteٵ:\+p$sJό=]c 4jS=})-{;c~Q[);Rr>?>1NΠZ}=ka/ge ;GEB=혧!Tg bl\=_zh/a]1mn{+4,m#0|7[rJކK$2LrlP^A"_mE(3܀h_޸3֦|drNdCfWgÏBEyܞIOsaP TjQ&׽h1FL+ >"7?_|Q:A&aԬz/{ֳaZ260%uĞbUB²`xeKAfP,ad HALumEWطKz&;te%, Fc<"49QZEN]aTb(](iMfK5f1#%H}+0}\B;O1psg1Ӭ1LLv- ?`qGn(Tg0cR-`a~A1<3IΜ `J0oVc* DWݕv~PVlI5DLzT"rBFR\d|M@ [a2rPH- N}ُ@1A 67 dn0|H*#"P6ҧ*c])M)1Zx1߸(paN3UVQ,n/@p0_(U}UT8R@5KrE@$S+Դv:0##34Gشj^jJ6[݅qwr/#|TL|yb*y+wW˄"e;]Y?Z7mS.MmI7|3R3f}g U>M RB-n4vE۹<_=u[C.r},/tCrb@Ɍd3)l`~U7F'IcYSK޹,5ctQSajŐy=1;R@ycqwRbXc_'8+f|؆!ҴjSS8C&`#.~:DƂwЧꧬ9}ǿBvʡm;Hb"ENdci];$`Z0'(U);tE*:-S|$uce$rR!s@jEUkxrr v#鼘8Ɓ[?s:!n˳ A57<<H{fQ1E[3 Ԏ-.f4>:G5U|BOwQh.7+4c"mro9E(T aDCXޔs .US5vKJq>đFgC'Ʊ%X*c6gY{X_ÛM9t##1E.qd tTu\vg=ڄ]rl_rp uX ܐRL1w 3`&MnS5Fh=?gKg 5WGIyßIJ/:~몴pQskw3uH,B_lJm9CGlzh 郋p9A(tr_71Va)@i_ ^4B @{9G\˅+Nu{WdfHĨ<,i.-[$;~7!?ʃʵ13ƖiH˻xw?<47HG0W31\TkЧ%z0/SVȸc@tB-߲}i,Aq]+_>20+l t_.vv&tRtYAx*Oܼ`}_1؂7fZgVnKD1j[K? DLgcyvϷPR_"|FN;LO!4݂ QBf<*,|2R\pY -oX1i?p iGo",XM,b{ cw;\'6yu1x(2| BřO0J\"ڂJ~P\X'\'hvq-CT"ZÈl0Jhz;&83c*933Ēyzٞ-&uD9 `5I-P#gdw\ŧ].C%%cen yR]]@n`q8J{nό)Dhaj gFqD䩾{w^&5uTh|UHc5Xtw,'m$YIo)ڗGb_7/ITh[G'͉n/L3-c) dy,|uǨo4;FItL_9J&M…6~S~7wv^o:abضf6|%B+hw W m!ь̒1E.Bq*xl_ s7=1yO XNrګ>KAaJoxKcHRP<̝G rڈ>3 ZKv NW,aD;&/O]/CIupk%ms1WDxBoǑJllI k AtG/cw'Hz.mDpSe vޘ<6gL$ɀ ud +;6|)pf#%1" xm`]_~zѓIU$FX6Ǟvdh}_nj:[*1'3?33c*`ifNr F%h\` ^k[뙴ߍY-j-v#MYqSVEV2^$%-qb~+e`* 䩡?nK>wQh|k ,`A DvD%4nUu^\EzԣPQ,Ju4%)sz(z^<=E?حcȨd$y%mjzbf`E@1ν?xh& x>z e"'&(KkfP:V?yM'fwiDQxH+d\닃m1{REn{F,*"E 38EA̢'KxO& CAm`rn:BuChQ<ɮM dއEeNijS|bCYlkJbe~G"`끲z:Wd$}Ұڧ||db))WQ2Ǿ1G Fa岜_H.j1H2=ػ:N ħ6mϯTՐ09y9@؇`a\_1 *a凐0Q"RP9QJxteyMd{zjFnu*WWh4#0j&L2+ "< e6Y߸/-{D!@1Jؓ̏@@峗bgg>78/0Ŋrt!@-iQ(==,DcG' 4p <ۜztyG$bس:`"Klnjg-h<2GDaV)aƴ&\`4Áy]"U6l[0I%d-&BJD r=f%5;FxCVMpU,ŪxopM Mp, ^vru͹"SSE󃠲L|%K'1:>""|e./$g=e[N_:Ơ}\p8GS4ԉ1u@nUNr.ڳS` Qʐ7L?WH>iH3=ՍmtuL+uNb_)d$Seuj#0qD^6-taˉqpo~ߴa&AZfk_i뀵[G|(W[!u'Ɲ8#=X&C{2,ܧӮ[Hu~NZBA31jY,CU?ۂi]wgѢ\(S|{Ӿ[6 +q'dY1*INU>vؘ)孊\:)#oU?u亩{ 1Qw]t#E~Nqdz|{P*p#]Xi@.`nH 1WHﵲ_5/κkT `v`-a馆ʮrgP~^`ϑl rW.@3gFo&BSit9gÙWUo.{W3wQ',Rv85\A+Kk_ BkF]My(R5d:!ԡpGzk W0-a&pM@L;i<} 7SU4r$l-P>} S$?GǺ YU{{ڡc?0dG(wLO4+Q~ x$}v0akݣ(6\]+R^+8)Sl:}&*t&? vpoT f}jLaA ܿt"MfKd/d0X;Z YԬKOgjsDcv lTtoO1F%{-3IehA$tFTu0:]FEDߐDZ9dw.F XmFz &Οj));?yhk QLɖyNd`5bu\ThTr5^@d`L7}xd 72GGw}<Sh]I(۵Q1'$nqUq'799ӦZ\ӿJ~/%σzBgP.RT]"VݒK M˳ßn"yBP*#~;9SO?AO2dEΔ̑!<%OVSoHpxA^eSޙHp^b@zIՌ@ۅb+X쪆}'OSfuV5Dn{P&÷#I+ 7*BŸJV Ǚ݁+RU5N uw$*՛>h~qT5uZU%gSR1q|Rl֬xQ$הۆH7NCq)&>47/GAj K]E1̓vZ/YG$> ` BflƸA1L|+DEíN͛RTKqNO/JL,Y47FY?bhV[T*\\3׎D.oDB@ļ ƉrM'',%k#l]`*3V_? (/!V 7}+e*{ U GJC*JSuE74ɛ6lduJӅl ao@wX8aj|i`B+<9pJ_{[ULSlbڹ}QՋy sqԉ-yix` '|-1@pBfVςv#Q@۩s!?$&._Cso&/|Udt}r@I;&]{9X wğ_PoQHL¸ܲsw_yO(c7E`Z @}H VXJ^qp-ڠ 3&&[Os42:|m[+R NyNlNbw!~-MZ:3|~#?BCr_^ӻq{F]&r`t ?X1Aa 7X 7Dca>LmJ9U3|Y"ݪ`\B2v&7[vqc*Q=;Ǐx55ڗrg!qMg_:Wb_0 ^BQbΥ@J#E Ո Vbu?nR^ t GIpf̷.)QGxՒ JOL46`) #[ff^&ȊM K8y1hM Z0=|pCwR|˪# 6}`Yׅ3K;wa08lun^XDA@ YZع|w' q(>fdʆx6 RBJ~>ӜɐQڕx 2Q>WbW*ƸT!` U+ xR٪ce7"Āe.Dwcjtp%b ?\1Ш9pV[ 5 yFqaRĭī IWu^vUd_AknDMꂪjb3-|YAL^\ҵW:%EyDOJs$2hN> ȾM4j~ᕈQs.I3>+i2t3P p]Tq72~L<"ߕ"(7#]|Y&PBod5!`#^v  %+fęxǗ7ZQiEj&FKO7Op^K9kWpo6\͈UY+Ou%_kN뒯D̑mӧT,jO)U\&,HZ2A"p^:PtFT*K/a1.e!S8<Ƕ 3hpX-*,L 緛RsZ>]k ݕ5S:-xmVЇA.QG޼bd] <r|oe.Xg+ѐoNoc?4B.*cX>.Qn^vXTxg~4ndK+G/aBY0.EVualƠ: d@hdI&~eeڮe%nWdϧg 9[/~"y_vL¸'QKML.Vo \T*yp"vVx`i^8Aj҄ ]}7":7É#l%-0_i g'C,NA(}ۢowW*xE6;B(ŧLyה"FxX[50ꓹ9)ST~y;.̎kU.@n͔-sCGЗ,ܙS:o(tzpJjȚ^=?hǭ8yw~B8t,ޛWZԈa ?|MV9 ֠9_=!4Pf{7cDtsz2~[$1zf'MT%IuZPYyiIPEz y;,mG Jv\#" j8;w%*}&M/}*[VA`ն\Mpv\-+½r˄pHZ5Bو/J^w(agf#E{jlGYGOV/  mV$ce:e,P6- n۳@4_oQLrg>d00]T)Mr&u mt0.|5o~",+!*G#vwX"g 5MD75ޝm DHbM񖐯ԑ^%Ly ICv)ތ?ē`yYgt(g_Q]*=^[{ 'D¨XTE1;ğ|8VVLț[uu%|O3?K zG.hw')_܆0gU'V 9xQCre9}R7 -ٽ"ibs2|,"Q x{: Ga)[=Sۻ( = B<-rܠ+_<~d|ma¾P=uwhEA9x+ HbQy7i|Qok漙NP t'+2б%^;B?vHt4|3½<ลlr/!;Se="9Y j腚p pM$lwn6p$cw᣹a&k0W]~wr:l_mPI]@.هD8˂T+D%5%3,0\Rb`b0eG {|j Y73LWY-: k:]M>C_5f+y!G4ƭvp\HѾ; ]:AY|ZÑj0&\r x9_1ͣ6KU.N=Ux{ϓBi Qw:W/ea`(zi)\C{#u:jkںf5v"k%O䤨>v@ڲfҞaH5o}I zl1vN.N jlY(Gh(cL0/,D'c>4-X$j ق3?Lcz«-BuoΆ;Yj+}]sIR~)8=_ˬ;"?,I{㻆'kt1&h%䎷6okh]`tinaRL¶>r޻;9;ID8$}nt ć XkcTco.U/Wk_d<[F讀"[镜OQOxV K *@֞%/d>a\U_bc ܂|<>M |㷊."Н%=; [sOUWpF&֖TU&[v/Qz=,M7`L!c]]@A*/.glPKq&ΦaDؤep 6]( ٣"u.ڵʢ`gt6Б@ɝ_5^h]L{XD'A Ob#1GpbOz+:A /k ,mXOe[%GJM(C(j;VU5hP#,͛vL`hy`<|c[Z`LvM85uL\|ٍdj 6[#u;ǜIȽڔ"'`abug%nG&>]):qR;`oP&%B68CαgA4?0vؘLWF߀7 }a*e]SΤ>g0gXW*}q46u;*S[>s3#|#<~ *Bb9T"ibȬSLWfJTwo?kƛsI#ڂY33HTHeːx"/V~tv4:vɱ&Ch3!-h=?MIwmͲ3ωZ+ `uaJOؗ+LgL[TVUʩy_a+%]%{D# ]u5/#9ե4<7Kj^ z5c+&.k0„vǿ#nҕҺ<]q.wI*WzV݌ge#i{d鷔}!~/8p!k`j9~0 n|[m+L"g9~|WэMceD{~;Qn f5'ђv@v;T@:L98^Xy.aԌ#var̦*صSQE[dpj*M7aCuS.j@?Qv~@Tr]ZExbD=T~*[Tl nn3Yz#FPtʧ6n*πa7sF|zkKb>tu^tΚQ:x`l=LڜQkh\* L- j2҅YVXME~ _%1霨Ο@ .م-$Uˀfw jqsrƕ^vuPޛPU ΰa(Frb;o^9Bn'I[Ϻu)aĘݱdc$Ag(|z-_mEiI,Lׄ!4i8<Q[=11e.#>;N5Spݵ9\gQ%SKg p$FSåWRH=P-[4/tώ T XFwsK,jtfBE""VI&hl|!lK?f{#f 6Е2 e>'c.+⃞ܹʶ& V&MԶ\LYtֹQ~഻u@q/jeE^뇼IZ%iʮyXXlY*PB%\!*?n g?J'x-HɃWϏ{+o:!h\哜=W³Uw[ 8~3?G.Br3ƀ&U:*(jL6v eS|EIOw!)7SjIwQWi!".)#<:Ĩɟ)akRբtKR|l49hIhN \|c.E0z nP|8klI|֗[u5c  ތ  E? c+I@3Ob-s|kTFgWp W 3L>R܁G>B/6q*9OFVd֬?!ds^#qcedFkI6 8$_4J÷&7-v \Zbr*,ᒜHS8>= Ep-2B&Rr|$-=N؞ǪGc;,up~AdxEyFޖф 3/K7# tWt-x(%~x*Fq1y<ԹPusbM9=%Wm autOoZ({U^k6zt[ׯg쿁X{'x5\)08jGjG;ӵ-/Ոi WNW0ϹͧƄ#磍IT#>X4Z婪SF+ZMPU@vTKB·#yYݗi3u(HwI K;k3J0t%:TuCb^K)OxO;D%)1\r8k 0BrYɤV&Qn [\'Od% [/V'sI45H ?~yz#W[p$7G :*BXAZz*ޗ,E2 tmj P-uٺ"TtP/2x;nU XLsk4KU,4g6G[[VTBjI.|5Nkׯ8XE'| 6ADn7ռ0>w8;cDVy'܆qFP۩vr0-)`*AXɒK71''?O&46Ǿ'C4z\1mc죨'_{lŬ/sy~Af(!ע||TkcnГfpVn2+s?Н'yòD=ȧ4s!dzq)]c2ͰЁD05ϕw}|/|oo@ߢJqM:!rDT:E,AchlV-\T#A12F# Gsa>].6 P%'@^.NӺ0JP4-I00k`GAwvw:ՀE/|Dѥh:mb%hr 9#<ր+yJHlf?n FUb?8Sࡅ/RJT1d%b#X @/Ԅ8,G Q.S-~kl*=0HSUUdK-Yj E3©S Da] .֌^k7G/%f2N<v>;|c:AMK!JE3o-Zp?eu J^6oďF~$r5/v[vq&9Qy1 ]Spfk*h"Rg)#țF6ҩNY~5ł[@zPx6 1C"h1`˙Zc>N?Ue5szYnNn,FD73vvUv8:OPE?+M{SawU730ٌv[ :٤I"\HlQ;eI7G@zτ3Vpz+pT= R,x(|kVSiAFxv#S> $`E!gtHp";ѾRv1w v"㽿ӹkɑ+YfG״ i,)>ک~MUc[+XKb1ִn,`Ө8J7Us> U")^s|q"G|cY{($pVǥĝe9-An;,[j쿱Upp ğ-iU\pm;;{X!f>) \L"Ԋ`lMG@^EfB:hO(#aSWLEQuP!ǗKZ*ޕ8JD.C{4A:Y +[#,l2d7ZdSvw_m_Tv 7ے;~u0ڗϒh0Rs04Tb$?՗a-f5N KtRSke_={x#ϡI%4kt(RJH|~a9i)wT9"C-:ȗCVmD2GĜjF<'[t`x@P.,/%VUyκ ]>sr3k0YYpHقяH}̧͘lWZ͒fo98ܵiSN˙ v7$1|7۽ho,; }Lom8lDNSți.p'~ju(Zk4[0A28ڬk<i' EE:qWGE,P}jrDuz/ (=sN#G+6y!&!kLE8*+Fv|xw5eb[H,t^;4 *y4c{ד]u^2o6+koY'r~[<^Xyuk3p*czX6[G!c2]`j =]>/j*˦yB퀎F'T`+ [",Qj9wea's̨sa$WXᆪA C"G.|BF"KS|Šw뽠rډ&5 7 )!!7YSڰ81͖aȞT: # b}2B]ǾPKc&);GEF2[) :?q{ԾAQ翞UJz\a j - +HSH7yG,?r \w]_!1tP'4H*;<;]w=p#ۆЉPWO7Op34؀iVUjG+&QJ;.Pt>4_>Hɽ_p(`oUhE"MI0AP”Oa(EP ߧ"0*}|JK `NuR%$ye(6BbesBH5;?5B:φl7nHgj(LulK%|c;x}a8?9I 9EU)_:.X[yN@oH(2\5#2&Q ;N#nv{2k^^qgYYNN!Ts)fSW19]avXf?Qv)gnKUx=u2j4/q!`jٻYR[#VhthQ;ctn $ Ϡkw 4hyE$`OFV#I&Q+L +  ݮ>T'ˏ{@qxE;'i'%7Q$f}~-ѡ Tci[ UjA:&6B-7C\{= q]bZD+<V 'GM%=B `~Su@eW]Wܛb#y]ȁ弰Ky&V$?pp*L AD6;ZmaNk1C), z 8q2O a Q'# ^6}w nbnyfed CoO(ؼ ΌT,I§cu pl(d;C2|Ћ$͡qr'xgǢDc 어A՘yn@ 3K^w8dk:\S(=_3+U;osb_CeG{j\P`LΒ-`5b{pEoWl!:# }ɕ ]n( 8]v&*xb,Eɻ{#blueLR潻A3o"ChD:rM$iYBˎKH!@h#{++?Uk ;jN>Kat瓭6jn1,;GN^u&o7k%4)\?~s>nBϭfnpg:@2W[I(:3~3nȋŲ?2(?uyXQ۫އ;B|_x &FdBxj>#~_TӊS9&36P~uYA5#~7Gl&/kCFSN<9]*[;pç wyXL/{:Ϥn[zU;΃滆xo1y`|;0@s6eGZ bU%wp x#K^ǷtPoKU3.[/z 3&-QW]:ECd{7QKڅ3DN:w_1tQڬ{f.a^wc6!y&/MS 4kKЙ$1]轫'aG}韅QVV݆F[38 @L0 Ȓ @ >kVAl=tP=ؔ}ڈy.Q__}C\̹I-m<ZKaқqWKG&8ayyNYngE?"̑n rT{σax[gŋMB #c'h"y-|7I$|{}vhd/oSEM5n^816g4hpP-m5j%a/[TG讈Img4BŝVvR;emiSu]|&;A3vp\&cꪧ?O 괭nvrnkkNᅍf?}oYm$19cqH~אft;dn",6N;ΉnźTxp&bkYrF*,4OU*r6dZv.eZa)B*QȤKwV dLq}#, pbaD].Yѡ9 iݤF#'pTPϟt p Kd}Tx,yJ6N)֍:*|qRu,^5 [7iqwR7uZ\Czm)*He5)Qd;MwWQɲӫaO Mۿ!xe#"~4{y訷iG;kV [)C<"RS-tCHg#楬tog;Wp%Q԰u9kWrѪC'R['nV B! 9(U>T3K->G1lDْ֍X*$-ݢ23gz/\ '$>F3ߜƘXHp$gwP{s!v)ddLS=r|@>Uz]{axCO&u*hUܛaJ+bx-v,> Oi:O_?([%Xۢ>ႅ[6@:Hc) 9EHd-W"UGYn%$k|rFiɞ_ׁ8Ueߑa\8dp}de&`-ҩ5NYӊb++ŕ6+*9Cey">瀞[jЄ`prRP$VB*yA*4H\Eb͉liw&ՁϪ3GeIWttEf}pG&&ۆ(;G4>| ϐIrb7] ГNA>`Kŗ@҄>;؆NH{mo VNF{3\&!伱Uy lx5[*J-m<8VCc䔣4i917h87;9?x&nۊ1 瘥%h²(Vg|ZR 8&H JU&#wf}w&q ) r/G(fKڋL̚VS+_q_QyesEEDe T?޽- imhzAƎ FSj Ј=2Rqf,x#*3 Ee yS^2Il{mX"?J,$8һM憰7/-Rљ ,~G+^Ƞ\mVk_sRfHz!ˉlU:Mpeg.[m31]%O)-n}[0gl=ib)_1[uA"~Qs,lW֘fG$NxޒpW IB-RRl_Nl䭈YvP6 A ay(^7ziQ!ZmUۇe oI\>_KՂV(x#cݹPIVH> 6`fa-a:\wM 4&CZ}HU!qmO3- ȵK]ww}%91h+Uk[ Ni6 <@QIv+ m:0^(R_(,dFHEURd,TnK_*͘UjZ(7( r@jq,d3zjg sZJ^>xPx|Tx.%+1H8JEV>9"CwYp/2k oo7V0w~|~KV.k@9>{ Meo.F/F4^Qpmfv-R椗c9XD.{:ȮQo57har0Wx-d:LA$f>LW&{ft2vOK75˝KL7U{3Wᕕ0VRؾØGedPߑC@;+B[ L&?7߶,ӊx Q G z'c̣54T+Xc̼*wτT žѡԞkq2\~7~^ j;RK`3x 7d| ;rb?qbAiCPBZ ~mEMBw cJXo7mE.Czp *R|aFCoF,Qs̭CH#*YwrUѻ̵.Lύ]$] *d+QPu!8"]5ccKBP:@݁9]4]ɍw0_696i e v8_iK 1- 4XZŜ×;7jVc^-F攼x/)}̖\lPRo/,O’O룤Cf&svZG:Un/mxskQmgHd²9?heIjB!(i?J(3 _B;KdK%dק>^Uř{H|'J&RA\8;:Jj H¸a81%WVK9wWJ S>% J"& jZ^O|35"EPpV(o9R;~4m"EJ\6`zi\Jjy[*\d}ڑS+ϙ!M\N\ޮqq"~R|uJL1= ^`[ f0>U`)嚆I]M83UŮt)/vLjgW\b} !TMN]4Cs]J˸,UCnj?{fHEυ/!rHƶ'qPTO%9&zD0uĮ؃sgt%t灛jvOC[RH1sT܍R2DowT;~jp=[^(g,9@6֋^u2=y#wT>䍑^ ڸb▼ڪ‡rq׾5嘪?VEz 0VgnWr^>Z8b`$d:|d6:hd: ,jy:j˯)y4i%3B0ٔ`z.W%wYߌmbS;kbuon$hv /;6\ܰ 帲TI7t>i"jaS5=gf i=AhpT7>['6,e/)ᘌ5,~I)vWv GW0үuH꛳ R^&o_ =&Ƚ.y1:HVCQe09y6"-O.4:1i{Ϣ*-: E%ܡ~~[Z SXx1^$Upenku>pQ}lu'sϼ"xnPcˏd +-^ 7UU&Rn7pB?O<~Gde^hC_E FM{g'qJYt~g.$C_4%m틼2o$?~=vOCkX"Ob9!ˬ4"fl1 UdQ jo|IS}| QTKsvO8կ?9!nǸo-|'Im ]2nF%`au6?Vg@,|~7^l /8.Ecڻ1`$eCڿշZl]lTJ$b5bN:\M#;~h9"6:_ߵ@%3O Cu_O͑<O xHnغB9)yRUe)&;'>l0Qw3Ud 0צt~ ,vFsczDk3#EM8CնuLIQQLjpyeIV(_qVw/^)#oUԥ2J;;DE/D܌]#Gl*\= F4)k6->8фu-::gEZ)E=wJ Z>87а&ښ6A! [XB3Lц "xbt;[imQOOmwqɼ8ls Km7o⭱D9Rͫ#Ҷ `c+x:=^꤫?1ǑU iejJrBRGEHb& C1;Sr꤭)*,J 7A|8\V`}k,b\RGn >}3ܷ4N߆6&N3}4}VJh<|o N)‹R.8r۫J+zll1`E`8 : Tq=3۟c26^;Kʥzz!#t%T#;Pf /kKjiyLRDlM".DtSR^W7B";3;DqVs#faXF3af}sBcm7 ɭMr?5q8+:\ Ly9bC" @q|~~b4L> +\NrV-|ݡT^IN[0eֺU3&$?I@fSf)!64fɖ=6>KZ&\!X8};)^UkFn)ƺP.tHm$|}>2=ÙPD;\SIۡ@+;T9@Ƃs0 DC BǾ2ցs]QR[nNbn#mUg~q)jc\'zX%$Xsy% \d<0;Їvwr`bHPBY'BnM! UBnouj _&NE5uf}{BǽZVTw*|BI-!+%<W4Dt ?ޓvH0"^DEp6U{- FxoͶ{"3!NmA)-xzQnTon[|@ć#ZLytR6AΣ yQqnH 0E^ct1c]Iz(ܾWB^" h&3^mIGR[ÛCF_|^Yɕ_`F1TgUp[$QhUdK7K$R#CtܝYpb4aqvDc8ʠz9q 0U$ݷESZΰ(_~ئ2cfl^tTo4hB j3\_-2wT8C_] kc$e EQdg(]!T:,FMz7Lw.94߿éfQ#Ǫ-Whx0漁C-yyc!LÈЂV&rA>4#&aӾTW5> T=DIoC~UQ?Fv|b?$ qoi-*<Ƅ*g^tU5w{(ɞLLqӄDykSpZNKv>Ez1όY unOp[ĮSa02Râ弈>f47PEWA?|G%:|U.ޘ{iѻ:ٓL )IMy%* ܬ~Kim}` R*tVFfeibB9YX uIg;z~p!2\ӗko9ezK2VQ~dڵ#o,eqLp=8?cU/:Cb4_À>F:w\.TgđŮg](-4jXd޺k#/ˠ,ݭ[s^H_.rld:0T5r,&^#ej|/R% 9AbZ&ǭ)hB;zz {ߓ^QV9-WwQC&~t+ڷfCͥw;ڏfxZ@ 2pw(wq=ш58DRۋV vm*(jF:!<GX+u>b LE6p+ɭ?Ogق+XM6VЫ;NфsPnF~S/%Jg8q(V4U[g]]^][G*6=| m0:AN==ݔJE.Cyձ% U<@DP,Hd5&`XLx*4-vO@hbԌ$2bfMsFXƐT4N)]''ЄH-!cD+ʇeNdŔB>fViȦ [Fplt,Sh >Kl݋+lx x(NyJM6?+cDm؉ҥeyoTe@R943@3DZ]tB Y2oN+( [Q]^ls߼"|g % Μ9sQpǾ/2N%(aOMʶn %kB1RMa8~ԿRLp9z_s@/m NuU|Bcgz)khTr@$d_t M&P/KEpL 8<KmV.C|04@_b19D 2-x:>um7kp3Cz_wS0Fڵ'8EącW׀ CA#I!$܅wv$D{9:;Q`5p-ZO5iY?{nfźe?tEVi.]oe7N)l%i H 5m{bsFh<5h=.n̸HYDMoJ.Y–|$dԯRc8"gO{Kd;"J, 3U}VhugnJ@9^}$GRʼ&Yw8J:;ӖӺar5n.0h=1lb~K٭tڊnݣ~B8CUb\#P#Cb>[TG[%.6A :R= /ɔ.0@4- !W+nB{Bk'H}Ӫ־nNqWf ;@üK?uA2m r)[3y[{wTy{ plkb F W-K0"D+j;>n;] 3݆W4c5 JƯ\#6z`ͅl%z|#*vNܩ m]ܒ<=cJU! `+YDSSnB[ht[:VY3mJ==̚Wo\YSKf[  B?hj_W1hÔC<K5V]rְ|ѩXyZb#!W $X"E᳊7HB)δC]>gpTD& c?Cݗ(XYډrq蚱0̤8aӦ552|~?9Z 1DUPr=gnlMNp" :|]ƌ*[|cyp^=a*.3t ¢Y4:G?hY)3-?05.pE+Bk-Һθ}HߜIޯQRsD*Pb u!˷- U#R9 Wӗ!\2%*'Z2L"GeTNR W2J̿'T ['GK<&ay𓲛H9-I.EMkDSeFW˶MWs TUxkm5_ rJ+zug82n {>ᑺej oW~/*iMy uizЭnk )j ͽ_o/{ԣ\ޏܣ7Ob^|Xͩm'p,ϪOMt-P$,VM,ISO˙r[VO?86NCm-s=Tc~rHWm 8w r2=Oeb\ ǰԼEɜoJ{Kg_V3V4 7;wsj(s~&_z{I(FZa!,/,gl;-tfҷ }Md]< qҮBy=\ٴ.w$Zuk추IE}- |g7+nSynImϫ*بG !0Bp>-Zv8;peM*aVo8_cŴmV,寉Jay2mfEVH#l =J놹K'xNOm+ϛ [M,}fe;0ūi%i5V$⽟ҳlRk&AM pR2x$怲q}@٬"rR}'`M3ӡ+a"61E4qia̷q1w9tg|Pv2iضX3D\16Ɉ[w 2Og܇iFZ+P3|N窭;ITEmG@zJ+ : Y:`7'@cA}*?L8(ȭ.bEwN04pX)b|kL T^a# B.-=o}HܡV}}"+dX(\O* 1j ͝ꆵ3Xp7OwU}qu}G~eECŀzh~Mɾ yҊG!.Nֿ)C5r+uL<Ο x߾RǪjoI%Oۢ B( Yؑv.0J #H x98 %JK˰$C]RhNvxb1dQm[1`ǨP$Bt 7Ey:qGٛ vmH߲o6@DﭗjQЈSWsrMvXƶ/0zXbQ 3RC˶ 7e ʇpQN۝ij3‘ƝaEK,hd‡3^3{N;PZi yӓb&>AaU0ƔFdׯZY/.0z1AR [7aQ@ݻ=Tq j(}zHe ]̀.e3!G [J&;2N{UE*k\_7NT,7ûƫMNJ\?WN} S-@yYlXI򣃭SU=.Gҙ .w:^UKO./.q})'4>[}pDV~e/u?sRN!pw;%|z(R銼N?CU̲= FKEY'%x**9sx*fVhgi*ru'c,{5 V#J@ʍy"@֒}dZMș\|ck}VĢ!gpd>PM>ԟTZ7#hȌV)J]wQZMFtP<3D\1rܧSfmoJ%Cr=zB4f&Y+hBg:R;gL;"N>u_חJ%X(A{ڄ-+)|Z@j_:жw5ăq/"ɁhR|jʜ [S_-Aq3A(u'+Qqaʩh'J.ruE<ܶrȔMW2Ïא32͝aGlMRt86f3:d„&n+>. c'Q:NI;F7Q9'RxG%LSuX@1G (e~sN?<]xS+JQS@FU14h }DBb'lm?CJfObXϰ,L,:EU#A` 2[>t3-:p@x Q؈w1j&SO MVUM3~H fAqr O`.U:/',[nݪ6 E/b!H4u0M. "J+r>p*9;}N&ڗI~-haoJQsO- BBQ{Yxig,0Ҍ0aI`o_o<|?)Z4*,8qcQhqڟf$9KД LJH+Is}@4`H 4(}||us}kﬤ 4޿9K[s&9>KFZQX G_X(J :uG-oR'91V}Sˈxtڐyg#$+d\ʸyۇ7ˎ#BnzT hnZHOSDt5u==)pZh7GbA |v;KqW&9j!+2UˋK]CP&u;7ا"S<')! F.Rx\M EvߓFxw P~ SnhtRyDl]T++"U Y.܊^c~\\R ;Zj=zxA@1`ִax#aoegFUsY2fMb8C.soZJ*t/ g#b*xejHu!V]W\i̓QoƭMe ҈]/"H+1*=`ݘn7 (iOlI]}S:"0,OYqd|pFo{?zw;6:te#<>QbtO@NSIsϴl5 v +GdS#. ګt΃V%ow$"lуi4"𺥱T˞OGyn3 AD•K'(N3@ <;@7`7FToKf Ax"3/*GQem(u+R!=}( ÚgeAƩ2A;j HM_뒳+gu.ujR[B`\tf*D2HIDSc|)Z-e}"R.:(XT*a JXwOj=#>ArvgI\6S0[VPui L?fĘNl#|t:N<BY@A>\̵V` 6x<>ūk8ɼ,.+7D+Ӣ?<&"F׷(zpjKW˩QyMܹ\ڻ`N<'B==^@edPs6ڶ硜Y`zŨj|B%STm<7>+~~m'K Mbc /\얐 t1$Z,x|R'* и@:t`qr+ %`fx,Mv/q4}륄\ `ɟwI@iEo'<Ӑ=LAqx-qңTG1;y \o;?dn1 ]켗ad߃KEuF dʮTsQ%*Bj8 U,R5*5=1c y$xN[l9M eЕ9h,8!:@OIXrdl uhXh?ي:H"IPxJT2 dB}xR?GI;lбJ=AS1U*H㢪 }(3g>rvs7^ޮ2@Ϫ;vI`%?&).`X.CFxb 6C.f*8@3TS6dǚV!l{wˬNM=d21[ Z0a$Z8+e3AO 28XU2hg3L4`*`fF h!-mSEp@cdkjF|j6άذŋʔi: SFگ: xۊKOq4& FZS?FNp: ۫Z}ֳrRg9[tVC$7D 3|{耵5M_]ȾzvI8!odaMk i"@ٓQ$ڻ}#[ rq`-n3%dxeϣ2:\Bk 8X5H- yb e:d_&dہ\%/<.6PFssH4f&DSf٧B{\iBd}r6a0H5sK_K35JߠRqo0V$Kʴa4B6o@McɢQ,g ,ZT+9 +@p d֜8L%%Aln֒The#:TI j$r0Hc#%hLkvG4ɆV#vQuXGNB^M|Kq\ь"i,RI$FC9\hP[=UgTlE:&$랠Riajg6 ?a!̄FNJF+@!1\#bJݕoʛH#^0q%40ledOvP>AAE#v̔yOITİ%j,u ~+쉚=輖dۓAܘ4wtA|~[r4? iT2ua3â4 w!%K'#ngXOh2cu3#UfY{dj <ޝqRT{GPRF `%bh bBiJ-M7_P̚N(GSrS0-7}j;i-ۡJ+b4W "RE!6GMs5p#P_K68&4v'( 0 p&.#LwnDFl 0^~5[,ŕ+@Akm`}U>b`z&$VgCp$6Y}_zDH(/{vH ^܉[X՟f|ozҴ"e}) Bϛ/c"Baz7J@K!١NTI.'p "l>n .ђ OɂN8& 9t`FFs;5k#+nmˍ7<_*UIY7rPTNH4[d>_ 54*oWrVU/5ʃw D6HsdpͶʘG0G+I)y7)fhʌ0h(:kouB J%@4YaB^ZHC-`pw0C!~B|.ҁ[GͅBFVVdayl `}/bQY+o=':O(Uγ9zˣ$U~H 5=5OO9:Mt vPʾ{WU=pp!4{7q.-2+RP \]%ʟA*8xdF͆]'*ݝV͵) o`9|re0f0I5I(^ "JXdc:Ѣ3yJzÖ.BKr4ŻU0=UͩİJ3.ći; wɆ>gNH-^" Z%n bu̜ /)V`:O%Hcg PSJcwԄf%]J𽀙rb6bJ'ٺ%CB /QGq2fz!]vq6Y* e''ۘCbfm2[{ϛP3evĤ3'n<^}y%X]݉"i׌ٟaeB!1s@SL35dk:kUJ *̨ &NfN{]I+>Um37q#xSh^&KKl*ࣄ?ZlT )N%$%$(ȥg2]W].(╙a[Dq^: bxD=Bw7~ Q\#yfW\U7 5m=gоt>)CIwߴ ;N4tPGZabQ~vB=w=|? ( }JJAGX6GY-`5hOGW^ P K%h=8Okt(K56vX뻚n9i޽=nܪc@X^Jp TSڧ񹒲VKvтM!uaχufzKZ܌J,u[dJ"5iyB9<Ҡ_pBoH=E^5ؘFg9D䌺eH]"!l/rEAz ?qb}0#3%]kxb9B to"9'><7'/z-*|ժvM}~* C4Aʈ޷seNa2^A Ӱin3Ϻ=#;fSTAYYɩ,ώq{&S]Imm?`)5m}_&QO܂} o- HcߥJ|'Sj1;)?*wJ}g&ŁvL :a&/f" FX<E6F}Զk ~4RBIy^(ԔJꛅTa+9+ G ~/ei13tcLaش,~`iwY{I\5{"x=.wlI P&r:~%jzԻGe.|IK7P;˰][%€aW̌Ovũ݄+(Vduȳb%J׿1b\r% X=Q3BVڙSXGlP[!|øऩ!agA6̡~>'`b

-pɖwԌԝnrsrBycho0Ὗc: 3r.|lp? 3K0+ѥd>!UYuBrʳ}^S'Z覨3aĪ(ZӞO%oy-$oB<~v/?Fpn#㦼 (b  _8K7U{U\'8tP]) aÄ+w]#Inn8="m eHFqA1}̤P0᯳̡0o{NnS4\'o}c%2@ ?~Q?lFZ}Uv_m4)9 '*?FkXNO%B;ﱙ{؛ %܏fsǎi;KT||B/֓ JU($>M@b{֫PqhJU>K6h&%2:%<}Ϟɩ,`+Jb[Ҡg } 6҅5JmtY܂9[ 'lT8m"ְpp j; rNNykcW uIc@AעF/WG܈'aOߑNPV" 2[M "2n@_H'}tM(7yZG,& Œ4_GK:.Och} lh*lѿę| Oo9YYS 'v[3+וq W|| jYB~/޹CiAB]a@a-F)I 6iN7]X !e*ǔ3ki 3!WhX W%I]"vZWF҄>˚ 剏z[2 f"1j*@h_ vI=qՐyz< B4ʹѧCkl8!2`3g'3EA862}j&SoՑ#p;C>5Ǘ $r"ILʖ7f~rN\[>sZ"Ov$֒ Y ɬK*OBLp>]9O2XblGRKc:/s/@*S)xt8Dvb;6IC;t_OKc q V9 9諉]7TuUЩh:gpOSPSn9J>hz1J+kf87\H<3ɒVzhydjܶkx-UO!r~:LzXr1 J h@_P[9 <5 VxhQsFo9_B}碽C苍Pc.+ݮ#plZu{V&i45 UPU0ӞCj6Wnնs?P vat)U p TţeOO3pӢ<{Ÿ }2.ġ<u2U͂cL:#{Fe'_`]j?WeTx4J*?e rлW]o[G/ĢsOCmMNʾ-&iqE1>Q3?Pd8&2MֳI=n9?V{lU2nqZl2NWлݫߤLL 9*oQgO)-#k6/' E`[ h TPOY*Ovٗ^(:˟}nK(8+UhՒ4-$KU(j<q-ZUer4k/]_"˵hAIV$Z7/gSMzÚ9a;rG;RWsdAd[,uU!p5MB`S*[yN @NCrxx-%9g|e*lٌgu/HH-䊥ɝ[_Nh)FpX3TZ: :p;1ʥDrCN)au>zyVXQ[2IsfmbeoU1qB|v\( nL':?$)d3Y=ޣXdyzGa ;R|DЬ/33)Qw QX+zr?JRz 9)* Px՗A18:\.J~l,/I͢yY1XY5u&:1Y\(wO|m-yk+}q{ AyҨR+.R3FdH?AyZ: g'Vu4hiGfd]u U4k^^N; 03؃u&n&C~Y%=5d'G|0a6s#"3cnވ~`. Ѕ9j+_殠ɜu}Y L9mnQ2ˍc!_;Ԅ,o=eި-UANrF\MUS2cιu\3VYdJ+a􇐢'gGU1xJG7iAǽƣ4MWH ԕXXlWCࡳ:KtP9fCK 1ڱrBTXlGgFb?`|4xYyoݓpq 4jnݟcSۖJ*Tb7ׯ~|[*CdbHlj^46o6)4z!۬ t2Y P>-֘˹?W+M?=z .]50WU'.utVnc ` ))0<=C"iBK76Bk}ٶ/T`@@`x~ U쀷&JWk`o1"'RuDa!z'GG؋"_\qve }QH=o7A+a.}#FC* :W(za}tlR^k`6Gm<t/S;sE|G{6x]  ]E(]K- %snIvanYH-N375JNޅkYw4Ox}ۭ,Ư\Z;l4n V Â4 t.E"+j7}J/+hw@%M|3&5? 1Vgsv|:C/xnSl${뼸WQUdвQa,^ ݲ@ cXsW5?a,d>{#sO2:մ\e6\Qn)4&vQTP>IZQcqϚNN]4jFKml2'E$f=t?ht=18Z{\K,vpe]"38jM ݭW_#XDzI-NPZ*8Z'$")ih L#ˤy֡UnXn#*k2xX›w7ީz?xO5c8֝p-,E.(=(>Xٹfohi`6IBǶH/d`0T0\*5 >7JG_tCŝ02Q#rDFШQ; ր҇A w\tv|ɁGXl#V?l4pm6WFa|~S0ݮ eyQrzkhB 郌?z#rw\?,o*975{#ֵJzehGAQonVG~lm6Ex ( c#(0?4N$65)sf ??qg܍玝¥WP/ g?l`+EA mF%#$Nw#Ry^Y,H8x{eK!`سWB!m2mhP=m-~?,Ua]eX-{ȏ'6pr xYDo0}C-#WuIi2[]CGg[{z! c@k9_kU=0͟ L SJ&:!`s9 qTK$S$>J󃦒@4!$21B02xj$'%\EB?&P 11+ŗ l؜Zm('Qr2JPļkQNq'X[aO?'PS1,sZvLa PFUD^~1еPJ;غU]V "bgT snKW"HCg1?wS v`tJ.㐎HQ3vDwa'(eΪuQؘ"+}y,/KBFM9]vP(ig"a M n< +4LEJ=:ңKsCTphobkfN`H-`*;)y=>[LAM~R%˳)MVd(+lnoAV+=M[`pYe?rm9E)T=E@=<:Ġm[bJeLuiCVM Xy#r-R9wȂPD/^Rބ"-bemg<3ѥ!4S\vSMkwe^օ Ƶ {7ay RC[\\23zQύ~EO|,sҸt'N x(682/ D@UDg[lg-3qRmEegGS2 ATIQ9Gh+=dR~AO+kO&RK%-1jz L"KMIZj7 9 &vigbȈ^u<텮b&cRM;][Ʊ30MSp-rv~vț%Ux2&: #pxw`Qk븊sؤ줞+v{4d6wA_Y;+n%jL\ӚaSwūhT冬WEǂ㟑q]{k?/ek-bGT>hQf˙|܈l,$o U?∔Oa꿳i%E%M0ԉ˜ff;%൓$3g]jA#87l߹CzpNjʹvOV]̏p !0bgAd޼KuhYޑWi k3 RH%Bq =P61ƒU@Tk?1yQٺ\gn ``q0(#N9HAXhB1# C)E>7k;>0P lJpSL;DZ!LE9}JVϛ@a%^*(۸ T;iNc֨]U H L0׫R#5GkZ['0""x;S/H)i^i-T^:dLH,p~DQ?w(-v Tl2_r̎uKvvp8 wE pfBm]+:I:.ʕ~ZZD ssv`'v݃QVz"0h 0M'I1c+x ξ7.GPb217G,:=Q? f@[_ z2*Ege_ő/I4\u'b&* y{dU#[3Q )us`&gH@5"N)H쭂`ݬ?HG{E %E k;@xJ +?+|FG //uFNO((_V`>imlXx)n>!jfөHlї!B[Yi^0 I4(Xt0`dў5+ q6kFMӌ9H2b@*Qd,oitJfw#gVmL3O;wSӍDH+!Ԏ5Нclَұw5U_|u~93^#LBmd w}eVM#Qm>6¦,g-_DNL7(@VVLZmxgK`ɝMWc%<-a&<[@N=ԎCH?ᠸ?[;5^"f?±|,,AyGk'|"ba{/BT jKTUT3g]2՟g<;`]X{";^3Ƹ/Uʵ*JA79{,|Ҷt ]IU{ wy&2kQK6oI¶l-GV`9ZwKn6:}̺1|A=HȜ *u!Vr._,*ףR2KMÃr`s^]ۗh 3y| k<]giVfc& `Y[#fIyH)Q!$҂4nwj zbٴʴ)"(޷j7;6]l(_O}jNY6OPʬpn 1t0ܳv_e%sHL6+*{VLEMC@ȴ#'_'l&i%k6s8߮&-?e+ϊV%V>=841N}0RFn2,tacC,-Q*uwj~D lNve}:Nxv5TT>sLG)Q3΋˶P1? YxKPy)|ݗ߈qS+hО.>0Hr^a^lzZ:{9ra'=u8z uWSԥ VܴKyj!z]Q5z!B,P7/ah@jYI32l1C+填zLD" "ef-IQ dw)r;GRͿ-^=04; f(2tԈCtP֮{.\aGtGi6%Z^_󫞗BIKKg7@DT`z1m)n8th hE H)^f`ݺ`Z[CM7WKT(5snxP2d<1:[xc:ObZ^{p*km ?,į+,Z\=5 1= 7dӖ&Xph[e=Y il_&S<<+Nf9y&@xΓmC$ j榃o?0BK!<9 )gW vru%z(fE?Hm;wN:txd +|:pzTYvoj<$NBRFa AjiB,,AG$x0rfGd@X]:|]MګGuP>Cf >"G,XUjrU*5hѲB$ ? ަO;@ PVI7vk.̂WwhA-Am Eomd͏\\N*dyr G3t򌤘W:eҘ'[1UAɯ K;Qt9m.@I' *jLAeLه!̕Qc/Ol>N~yDh=}||ӱuL(#t:?5Fy`KRpLz"e4}|gȢױ{7 ˏX")i璧nX|]Wm+w+Wk:ra5Pe&[F쳥Ͱ5ilKI;N 90 LL^ f|k܀J hAxϙ/_0(9}*2Vȟj靏sguiڈ Qϻʚq.Cb[r]Q&X(sEMO(atRMnZPQ,lAJi@\Pv9IUD ޓY!:TfzÐs Sn`pKtx >FSko+Uv5}14O' te1!}oOt%6cqqoWYWAmC˸ʹ aU澺WOȏ&j .ƃG_y7c9>߁pܝLK>fshf< l21y`*VG.j"o(<%{ 6= (jʼMܯ`Is}"{ذHsVһn9XIt/K!<6 O'o:LZy3Z&lez8ad(mo~,np:M`/U܁yj~bL,n^(`^@_W'g 3)Q6 [!//ql|PZksv WOEG;HlU i{r{!{梴&\jHb}ׄPI‡dBNkT% = ZGS֫eI(*SҘLp{߿n2dOG!5 \RI$5ˏ%'3įM#`mAz9V,ɉZ#jnVOb+m^4VQQԩ%ą(GsDy1jU`_O rJ/Fzk2Q"VO^Fv},D YZ