sssd-krb5-common-1.15.2-50.el7_4.11$>ؔ#N#y\av>=x?hd & a .B_el  ( <  5Np$HLQ(`8h9:i=GHIX Y\<]P^bdefltuvwxy*dCsssd-krb5-common1.15.250.el7_4.11SSSD helpers needed for Kerberos and GSSAPI authenticationProvides helper processes that the LDAP and Kerberos back ends can use for Kerberos user or host authentication.Zx86-01.bsys.centos.orgKCentOSGPLv3+CentOS BuildSystem Applications/Systemhttps://pagure.io/SSSD/sssd/linuxx86_64getent group sssd >/dev/null || groupadd -r sssd getent passwd sssd >/dev/null || useradd -r -g sssd -d / -s /sbin/nologin -c "User for sssd" sssdH1KA큤AZZZXqZ3900ab73753389dd1dcf2d66c43f5fff48a90fa1bf61aed4334000b164ae0e2f5abb69ce0023c7541f4e92d3520cacb03201af5bca7efd3dcd9916448d111b868ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903rootrootrootrootsssdsssdsssdrootrootsssdsssd-1.15.2-50.el7_4.11.src.rpmsssd-krb5-commonsssd-krb5-common(x86-64)@@@@@@@@@@@@@@@@@@@@@   @ /bin/shcyrus-sasl-gssapi(x86-64)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcom_err.so.2()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libk5crypto.so.3()(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libpcre.so.1()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libsss_debug.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rtld(GNU_HASH)sssd-commonrpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-11.15.2-50.el7_4.115.2-1sssd1.10.0-8.beta24.11.3Z@ZR ZOhYZ@YY˒YéYzYYYYJ_YJ_YC@YBvYBvY9<@Y9<@Y5GY5GY5GY5GY0Y0Y(Y(Y%uY%uY$$@Y$$@Y"Y;@YR@YR@Y Y @Y @YtYtYtYtYtYXXh@XXX@X@X@XsX@X@X@XۡXۡXXӸX,XCX@XX*X lX lX lW$WW;W;W;W֘W֘W@W^@WiWiWiW/@W/@W/@W/@WWWWQWQWQW@W@W@WhW@W@Wt@WE@WE@W@W@W@W@WW~W-@W-@W-@WW@WWu WgWDB@WDB@WDB@WBW;W;W@VbV͛@VTQ@VCV @V @V @V V@VBVBVBVBVBUUUU@UXU@U@U@UUUUUUUUL@UL@UU@U@U@UnU@U(U@U@UUmUmU@UJ@UU7@U7@U7@U @U@U@TE@TE@TE@Tи@Tr@Tr@Tr@Tr@T}T}T}T}T}T7T7TTC@TTZ@TZ@TT@Tp@Tp@T@T{T*@T*@TTT~@T~@TuTuTto@Tto@Tto@Tto@Tto@Tto@TmTmTmTmTl@Tl@Tl@Tl@TcKTa@T\@TZ@TZ@TR(@TG@TG@TG@TG@TG@TD@T6xTTT SS@S|@Sr @Sr @Sr @Sr @S;S;S2@S2@S,)S!S L@SSS@S@S@S@S@S @S @S @S @S @S @S @S @SSSRb@Rb@Rb@R@R@R@R@RURURUR߲RRRx@Rx@Rx@RΏ@RΏ@RΏ@R=R=RkRRRR@R@R@R@R@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@Rv@RpREs@REs@R7Q@Q@Q@Q@Q@QQLQکQQQo@Q)@Q@QQ@Q@QbQyQV@Q'@QQQnQZ@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 1.15.2-50-11Fabiano Fidêncio - 1.15.2-50-10Fabiano Fidêncio - 1.15.2-50.9Fabiano Fidêncio - 1.15.2-50.8Fabiano Fidêncio - 1.15.2-50.7Fabiano Fidêncio - 1.15.2-50.6Fabiano Fidêncio - 1.15.2-50.5Jakub Hrozek - 1.15.2-50.4Fabiano Fidêncio - 1.15.2-50.3Jakub Hrozek - 1.15.2-50.2Jakub Hrozek - 1.15.2-50.1Jakub Hrozek - 1.15.2-50Jakub Hrozek - 1.15.2-49Jakub Hrozek - 1.15.2-48Jakub Hrozek - 1.15.2-47Jakub Hrozek - 1.15.2-46Jakub Hrozek - 1.15.2-45Jakub Hrozek - 1.15.2-44Jakub Hrozek - 1.15.2-43Jakub Hrozek - 1.15.2-42Jakub Hrozek - 1.15.2-41Jakub Hrozek - 1.15.2-40Jakub Hrozek - 1.15.2-39Jakub Hrozek - 1.15.2-38Jakub Hrozek - 1.15.2-37Jakub Hrozek - 1.15.2-36Jakub Hrozek - 1.15.2-35Jakub Hrozek - 1.15.2-34Jakub Hrozek - 1.15.2-33Jakub Hrozek - 1.15.2-32Jakub Hrozek - 1.15.2-31Sumit Bose - 1.15.2-30Jakub Hrozek - 1.15.2-29Jakub Hrozek - 1.15.2-28Jakub Hrozek - 1.15.2-25Jakub Hrozek - 1.15.2-24Lukas Slebodnik - 1.15.2-23Jakub Hrozek - 1.15.2-22Jakub Hrozek - 1.15.2-21Jakub Hrozek - 1.15.2-20Jakub Hrozek - 1.15.2-19Jakub Hrozek - 1.15.2-18Jakub Hrozek - 1.15.2-17Jakub Hrozek - 1.15.2-16Jakub Hrozek - 1.15.2-15Jakub Hrozek - 1.15.2-14Jakub Hrozek - 1.15.2-13Jakub Hrozek - 1.15.2-12Jakub Hrozek - 1.15.2-11Jakub Hrozek - 1.15.2-10Jakub Hrozek - 1.15.2-9Jakub Hrozek - 1.15.2-8Jakub Hrozek - 1.15.2-7Jakub Hrozek - 1.15.2-6Jakub Hrozek - 1.15.2-5Jakub Hrozek - 1.15.2-4Jakub Hrozek - 1.15.2-3Jakub Hrozek - 1.15.2-2Jakub Hrozek - 1.15.2-1Fabiano Fidêncio - 1.15.1-2Jakub Hrozek - 1.15.1-1Jakub Hrozek - 1.15.0-2Jakub Hrozek - 1.15.0-1Jakub Hrozek - 1.14.0-46Jakub Hrozek - 1.14.0-45Jakub Hrozek - 1.14.0-44Jakub Hrozek - 1.14.0-43Jakub Hrozek - 1.14.0-42Jakub Hrozek - 1.14.0-41Jakub Hrozek - 1.14.0-40Jakub Hrozek - 1.14.0-39Jakub Hrozek - 1.14.0-38Jakub Hrozek - 1.14.0-37Jakub Hrozek - 1.14.0-36Jakub Hrozek - 1.14.0-35Jakub Hrozek - 1.14.0-34Jakub Hrozek - 1.14.0-33Jakub Hrozek - 1.14.0-32Jakub Hrozek - 1.14.0-31Jakub Hrozek - 1.14.0-30Jakub Hrozek - 1.14.0-29Jakub Hrozek - 1.14.0-28Jakub Hrozek - 1.14.0-27Jakub Hrozek - 1.14.0-26Jakub Hrozek - 1.14.0-25Jakub Hrozek - 1.14.0-24Jakub Hrozek - 1.14.0-23Jakub Hrozek - 1.14.0-22Jakub Hrozek - 1.14.0-21Jakub Hrozek - 1.14.0-20Jakub Hrozek - 1.14.0-19Jakub Hrozek - 1.14.0-18Jakub Hrozek - 1.14.0-17Jakub Hrozek - 1.14.0-16Jakub Hrozek - 1.14.0-15Jakub Hrozek - 1.14.0-14Jakub Hrozek - 1.14.0-13Jakub Hrozek - 1.14.0-12Jakub Hrozek - 1.14.0-11Jakub Hrozek - 1.14.0-10Jakub Hrozek - 1.14.0-9Jakub Hrozek - 1.14.0-8Jakub Hrozek - 1.14.0-7Jakub Hrozek - 1.14.0-6Jakub Hrozek - 1.14.0-5Jakub Hrozek - 1.14.0-4Jakub Hrozek - 1.14.0-3Jakub Hrozek - 1.14.0-2Jakub Hrozek - 1.14.0-1Jakub Hrozek - 1.14.0beta1-2Jakub Hrozek - 1.14.0alpha-1Jakub Hrozek - 1.13.0-50Jakub Hrozek - 1.13.0-49Jakub Hrozek - 1.13.0-48Jakub Hrozek - 1.13.0-47Jakub Hrozek - 1.13.0-46Jakub Hrozek - 1.13.0-45Jakub Hrozek - 1.13.0-44Jakub Hrozek - 1.13.0-43Jakub Hrozek - 1.13.0-42Jakub Hrozek - 1.13.0-41Jakub Hrozek - 1.13.0-40Jakub Hrozek - 1.13.0-39Jakub Hrozek - 1.13.0-38Jakub Hrozek - 1.13.0-37Jakub Hrozek - 1.13.0-36Jakub Hrozek - 1.13.0-35Jakub Hrozek - 1.13.0-34Jakub Hrozek - 1.13.0-33Jakub Hrozek - 1.13.0-32Jakub Hrozek - 1.13.0-31Jakub Hrozek - 1.13.0-30Jakub Hrozek - 1.13.0-29Jakub Hrozek - 1.13.0-28Jakub Hrozek - 1.13.0-27Jakub Hrozek - 1.13.0-26Martin Kosek - 1.13.0-25Jakub Hrozek - 1.13.0-24Jakub Hrozek - 1.13.0-23Jakub Hrozek - 1.13.0-22Jakub Hrozek - 1.13.0-21Jakub Hrozek - 1.13.0-20Jakub Hrozek - 1.13.0-19Jakub Hrozek - 1.13.0-18Jakub Hrozek - 1.13.0-17Jakub Hrozek - 1.13.0-16Jakub Hrozek - 1.13.0-15Jakub Hrozek - 1.13.0-14Lukas Slebodnik - 1.13.0-13Jakub Hrozek - 1.13.0-12Jakub Hrozek - 1.13.0-11Jakub Hrozek - 1.13.0-10Jakub Hrozek - 1.13.0-9Jakub Hrozek - 1.13.0-8Jakub Hrozek - 1.13.0-7Jakub Hrozek - 1.13.0-6Jakub Hrozek - 1.13.0-5Jakub Hrozek - 1.13.0-4Jakub Hrozek - 1.13.0-3Jakub Hrozek - 1.13.0-2Jakub Hrozek - 1.13.0-1Jakub Hrozek - 1.13.0.3alphaJakub Hrozek - 1.13.0.2alphaJakub Hrozek - 1.13.0.1alphaJakub Hrozek - 1.12.2-61Jakub Hrozek - 1.12.2-60Jakub Hrozek - 1.12.2-59Jakub Hrozek - 1.12.2-58.6Jakub Hrozek - 1.12.2-58.5Jakub Hrozek - 1.12.2-58.4Jakub Hrozek - 1.12.2-58.3Jakub Hrozek - 1.12.2-58.2Jakub Hrozek - 1.12.2-58.1Jakub Hrozek - 1.12.2-57Jakub Hrozek - 1.12.2-56Jakub Hrozek - 1.12.2-55Jakub Hrozek - 1.12.2-54Jakub Hrozek - 1.12.2-53Jakub Hrozek - 1.12.2-52Jakub Hrozek - 1.12.2-51Jakub Hrozek - 1.12.2-50Jakub Hrozek - 1.12.2-49Jakub Hrozek - 1.12.2-48Jakub Hrozek - 1.12.2-47Jakub Hrozek - 1.12.2-46Jakub Hrozek - 1.12.2-45Jakub Hrozek - 1.12.2-44Jakub Hrozek - 1.12.2-43Jakub Hrozek - 1.12.2-42Jakub Hrozek - 1.12.2-41Jakub Hrozek - 1.12.2-40Sumit Bose - 1.12.2-39Sumit Bose - 1.12.2-38Sumit Bose - 1.12.2-37Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-35Jakub Hrozek - 1.12.2-34Jakub Hrozek - 1.12.2-33Jakub Hrozek - 1.12.2-32Jakub Hrozek - 1.12.2-31Jakub Hrozek - 1.12.2-30Jakub Hrozek - 1.12.2-29Jakub Hrozek - 1.12.2-28Jakub Hrozek - 1.12.2-27Jakub Hrozek - 1.12.2-26Jakub Hrozek - 1.12.2-25Jakub Hrozek - 1.12.2-24Jakub Hrozek - 1.12.2-23Jakub Hrozek - 1.12.2-22Jakub Hrozek - 1.12.2-21Jakub Hrozek - 1.12.2-20Jakub Hrozek - 1.12.2-19Jakub Hrozek - 1.12.2-18Jakub Hrozek - 1.12.2-17Jakub Hrozek - 1.12.2-16Jakub Hrozek - 1.12.2-15Jakub Hrozek - 1.12.2-14Jakub Hrozek - 1.12.2-13Jakub Hrozek - 1.12.2-12Jakub Hrozek - 1.12.2-11Jakub Hrozek - 1.12.2-10Jakub Hrozek - 1.12.2-9Jakub Hrozek - 1.12.2-8Jakub Hrozek - 1.12.2-7Jakub Hrozek - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-3Jakub Hrozek - 1.12.0-2Jakub Hrozek - 1.12.0-1Jakub Hrozek - 1.11.2-70Jakub Hrozek - 1.11.2-69Jakub Hrozek - 1.11.2-68Jakub Hrozek - 1.11.2-67Jakub Hrozek - 1.11.2-66Jakub Hrozek - 1.11.2-65Jakub Hrozek - 1.11.2-64Sumit Bose - 1.11.2-63Sumit Bose - 1.11.2-62Jakub Hrozek - 1.11.2-61Jakub Hrozek - 1.11.2-60Jakub Hrozek - 1.11.2-59Jakub Hrozek - 1.11.2-58Jakub Hrozek - 1.11.2-57Jakub Hrozek - 1.11.2-56Jakub Hrozek - 1.11.2-55Jakub Hrozek - 1.11.2-54Jakub Hrozek - 1.11.2-53Jakub Hrozek - 1.11.2-52Jakub Hrozek - 1.11.2-51Jakub Hrozek - 1.11.2-50Jakub Hrozek - 1.11.2-49Jakub Hrozek - 1.11.2-48Jakub Hrozek - 1.11.2-47Jakub Hrozek - 1.11.2-46Jakub Hrozek - 1.11.2-45Jakub Hrozek - 1.11.2-44Jakub Hrozek - 1.11.2-43Jakub Hrozek - 1.11.2-42Jakub Hrozek - 1.11.2-41Jakub Hrozek - 1.11.2-40Jakub Hrozek - 1.11.2-39Jakub Hrozek - 1.11.2-38Jakub Hrozek - 1.11.2-37Jakub Hrozek - 1.11.2-36Jakub Hrozek - 1.11.2-35Jakub Hrozek - 1.11.2-34Daniel Mach - 1.11.2-33Jakub Hrozek - 1.11.2-32Jakub Hrozek - 1.11.2-31Jakub Hrozek - 1.11.2-30Jakub Hrozek - 1.11.2-29Jakub Hrozek - 1.11.2-28Jakub Hrozek - 1.11.2-27Jakub Hrozek - 1.11.2-26Jakub Hrozek - 1.11.2-25Jakub Hrozek - 1.11.2-24Jakub Hrozek - 1.11.2-23Jakub Hrozek - 1.11.2-22Jakub Hrozek - 1.11.2-21Jakub Hrozek - 1.11.2-20Daniel Mach - 1.11.2-19Jakub Hrozek - 1.11.2-18Jakub Hrozek - 1.11.2-17Jakub Hrozek - 1.11.2-16Jakub Hrozek - 1.11.2-15Jakub Hrozek - 1.11.2-14Jakub Hrozek - 1.11.2-13Jakub Hrozek - 1.11.2-12Jakub Hrozek - 1.11.2-11Jakub Hrozek - 1.11.2-10Jakub Hrozek - 1.11.2-9Jakub Hrozek - 1.11.2-8Jakub Hrozek - 1.11.2-7Jakub Hrozek - 1.11.2-6Jakub Hrozek - 1.11.2-5Jakub Hrozek - 1.11.2-4Jakub Hrozek - 1.11.2-3Jakub Hrozek - 1.11.2-2Jakub Hrozek - 1.11.2-1Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-5Jakub Hrozek - 1.10.1-4Jakub Hrozek - 1.10.1-3Jakub Hrozek - 1.10.1-2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-18Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1516700 - SELINUX: Use getseuserbyname to get IPA seuser [rhel-7.4.z]- Resolves: rhbz#1530975 - sssd_be stuck in an infinite loop after completing full refresh of sudo rules [rhel-7.4.z]- Resolves: rhbz#1525110 - NSS by-id requests are not checked against max_id/min_id ranges before triggering the backend [rhel-7.4.z]- Resolves: rhbz#1508972 - Accessing IdM kerberos ticket fails while id mapping is applied [rhel-7.4.z] - Resolves: rhbz#1509177 - Race condition between refreshing the cr_domain list and a request that is using the list can cause a segfault is sssd_nss [rhel-7.4.z]- Resolves: rhbz#1506142 - SSSD can crash due to ABI changes in libldb >= 1.2.0 (1.1.30) [rhel-7.4.z] - Resolves: rhbz#1506682 - sssd_client: add mutex protected call to the PAC responder [rhel-7.4.z] - Resolves: rhbz#1499658 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database [rhel-7.4.z]- Add a patch that was missed in 1.15.2-50.4 - Related: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1493916 - Issues with certificate mapping rules [rhel-7.4.z]- Resolves: rhbz#1489290 - samba shares with sssd authentication broken on 7.4 [rhel-7.4.z]- Resolves: rhbz#1482927 - sssd_be is utilizing more CPU during sudoi rules refresh [rhel-7.4.z]- Resolves: rhbz#1478252 - Querying the AD domain for external domain's ID can mark the AD domain offline [rhel-7.4.z]- Resolves: rhbz#1478250 - Idle nss file descriptors should be closed [rhel-7.4.z]- Resolves: rhbz#1457926 - Wrong search base used when SSSD is directly connected to AD child domain- Resolves: rhbz#1450107 - SSSD doesn't handle conflicts between users from trusted domains with the same name when shortname user resolution is enabled- Resolves: rhbz#1459846 - krb5: properly handle 'password expired' information retured by the KDC during PKINIT/Smartcard authentication- Resolves: rhbz#1430415 - ldap_purge_cache_timeout in RHEL7.3 invalidate most of the entries once the cleanup task kicks in- Resolves: rhbz#1455254 - Make domain available as user attribute- Resolves: rhbz#1449731 - IPA client cannot change AD Trusted User password- Resolves: rhbz#1457927 - getent failed to fetch netgroup information after changing default_domain_suffix to ADdomin in /etc/sssd/sssd.conf- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15- Resolves: rhbz#1449728 - LDAP to IPA migration doesn't work in master- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1449729 - org.freedesktop.sssd.infopipe.GetUserGroups does not resolve groups into names with AD- Resolves: rhbz#1450094 - Properly support IPA's promptusername config option- Resolves: rhbz#1457644 - Segfault in access_provider = krb5 is set in sssd.conf due to an off-by-one error when constructing the child send buffer - Resolves: rhbz#1456531 - Option name typos are not detected with validator function of sssctl config-check command in domain sections- Resolves: rhbz#1428906 - sssd intermittently failing to resolve groups for an AD user in IPA-AD trust environment.- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail - Fix Coverity issues in patches for rhbz#1445445- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1446302 - crash in sssd-kcm due to a race-condition between two concurrent requests- Resolves: rhbz#1389796 - Smartcard authentication with UPN as logon name might fail- Resolves: rhbz#1306707 - Need better debug message when krb5_child returns an unhandled error, leading to a System Error PAM code- Resolves: rhbz#1446535 - Group resolution does not work in subdomain without ad_server option- Resolves: rhbz#1449726 - sss_nss_getlistbycert() does not return results from multiple domains - Resolves: rhbz#1447098 - sssd unable to search dbus for ipa user by certificate - Additional patch for rhbz#1440132- Reapply patch by Lukas Slebodnik to fix upgrade issues with libwbclient - Resolves: rhbz#1439457 - SSSD does not start after upgrade from 7.3 to 7.4 - Resolves: rhbz#1449107 - error: %pre(sssd-common-1.15.2-26.el7.x86_64) scriptlet failed, exit status 3- Resolves: rhbz#1440132 - fiter_users and filter_groups stop working properly in v 1.15 - Also apply an additional patch for rhbz#1441545- Resolves: rhbz#1445445 - Smart card login fails if same cert mapped to IdM user and AD user- Resolves: rhbz#1434992 - Wrong pam return code for user from subdomain with ad_access_filter- Resolves: rhbz#1430494 - expect sss_ssh_authorizedkeys and sss_ssh_knownhostsproxy manuals to be packaged into sssd-common package- Resolves: rhbz#1427749 - SSSD in server mode iterates over all domains for group-by-GID requests, causing unnecessary searches- Resolves: rhbz#1446139 - Infopipe method ListByCertificate does not return the users with overrides- Resolves: rhbz#1441545 - With multiple subdomain sections id command output for user is not displayed for both domains- Resolves: rhbz#1428866 - Using ad_enabled_domains configuration option in sssd.conf causes nameservice lookups to fail.- Remove an unused variable from the sssd-secrets responder - Related: rhbz#1398701 - [sssd-secrets] https proxy talks plain http - Improve two DEBUG messages in the client trust code to aid troubleshooting - Fix standalone application domains - Related: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Allow completely server-side unqualified name resolution if the domain order is set, do not require any client-side changes - Related: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users- Resolves: rhbz#1402532 - D-Bus interface of sssd is giving inappropriate group information for trusted AD users- Resolves: rhbz#1431858 - Wrong principal found with ad provider and long host name- Resolves: rhbz#1415167 - pam_acct_mgmt with pam_sss.so fails in unprivileged container unless selinux_provider = none is used- Resolves: rhbz#1438388 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_pam killed by 6- Resolves: rhbz#1432112 - sssctl config-check does not give any error when default configuration file is not present- Resolves: rhbz#1438374 - [abrt] [faf] sssd: vfprintf(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1427195 - sssd_nss consumes more memory until restarted or machine swaps- Resolves: rhbz#1414023 - Create troubleshooting tool to determine if a failure is in SSSD or not when using layered products like RH-SSO/CFME etc- Resolves: rhbz#1398701 - [sssd-secrets] https proxy talks plain http- Fix off-by-one error in the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1425891 - Support delivering non-POSIX users and groups through the IFP and PAM interfaces- Resolves: rhbz#1434991 - Issue processing ssh keys from certificates in ssh respoder- Resolves: rhbz#1330196 - [RFE] Short name input format with SSSD for users from all domains when domain autodiscovery is used or when IPA client resolves trusted AD domain users - Also backport some buildtime fixes for the KCM responder - Related: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1396012 - [RFE] KCM ccache daemon in SSSD- Resolves: rhbz#1340711 - [RFE] Use one smartcard and certificate for authentication to distinct logon accounts- Update to upstream 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html - Resolves: rhbz#1418728 - IPA - sudo does not handle associated conflict entries - Resolves: rhbz#1386748 - sssd doesn't update PTR records if A/PTR zones are configured as non-secure and secure - Resolves: rhbz#1214491 - [RFE] Make it possible to configure AD subdomain in the SSSD server mode- Drop "NOUPSTREAM: Bundle http-parser" patch Related: rhbz#1393819 - New package: http-parser- Update to upstream 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html - Resolves: rhbz#1327085 - Don't prompt for password if there is already one on the stack - Resolves: rhbz#1378722 - [RFE] Make GETSIDBYNAME and GETORIGBYNAME request aware of UPNs and aliases - Resolves: rhbz#1405075 - [RFE] Add PKINIT support to SSSD Kerberos provider - Resolves: rhbz#1416526 - Need correction in sssd-krb5 man page - Resolves: rhbz#1418752 - pam_sss crashes in do_pam_conversation if no conversation function is provided by the client app - Resolves: rhbz#1419356 - Fails to accept any sudo rules if there are two user entries in an ldap role with the same sudo user - Resolves: rhbz#1421622 - SSSD - Users/Groups are cached as mixed-case resulting in users unable to sign in- Fix several packaging issues, notably the p11_child is no longer setuid and the libwbclient used a wrong version number in the symlink- Update to upstream 1.15.0 - Resolves: rhbz#1393824 - Rebase SSSD to version 1.15 - Resolves: rhbz#1407960 - wbcLookupSid() fails in pdomain is NULL - Resolves: rhbz#1406437 - sssctl netgroup-show Cannot allocate memory - Resolves: rhbz#1400422 - Use-after free in resolver in case the fd is writeable and readable at the same time - Resolves: rhbz#1393085 - bz - ldap group names don't resolve after upgrading sssd to 1.14.0 if ldap_nesting_level is set to 0 - Resolves: rhbz#1392444 - sssd_be keeps crashing - Resolves: rhbz#1392441 - sssd fails to start after upgrading to RHEL 7.3 - Resolves: rhbz#1382602 - autofs map resolution doesn't work offline - Resolves: rhbz#1380436 - sudo: ignore case on case insensitive domains - Resolves: rhbz#1378251 - Typo In SSSD-AD Man Page - Resolves: rhbz#1373427 - Clock skew makes SSSD return System Error - Resolves: rhbz#1306707 - Need better handling of "Server not found in Kerberos database" - Resolves: rhbz#1297462 - Don't include 'enable_only=sssd' in the localauth plugin config- Resolves: rhbz#1382598 - IPA: Uninitialized variable during subdomain check- Resolves: rhbz#1378911 - No supplementary groups are resolved for users in nested OUs when domain stanza differs from AD domain- Resolves: rhbz#1372075 - AD provider: SSSD does not retrieve a domain-local group with the AD provider when following AGGUDLP group structure across domains- Resolves: rhbz#1376831 - sssd-common is missing dependency on sssd-sudo- Resolves: rhbz#1371631 - login using gdm calls for gdm-smartcard when smartcard authentication is not enabled- Resolves: rhbz#1373420 - sss_override fails to export- Resolves: rhbz#1375299 - sss_groupshow fails with error "No such group in local domain. Printing groups only allowed in local domain"- Resolves: rhbz#1375182 - SSSD goes offline when the LDAP server returns sizelimit exceeded- Resolves: rhbz#1372753 - Access denied for user when access_provider = krb5 is set in sssd.conf- Resolves: rhbz#1373444 - unable to create group in sssd cache - Resolves: rhbz#1373577 - unable to add local user in sssd to a group in sssd- Resolves: rhbz#1369118 - Don't enable the default shadowtils domain in RHEL- Fix permissions for the private pipe directory - Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1371977 - resolving IPA nested user groups is broken in 1.14- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1371152 - SSSD qualifies principal twice in IPA-AD trust if the principal attribute doesn't exist on the AD side- Apply forgotten patch - Resolves: rhbz#1368496 - sssd is not able to authenticate with alias - Resolves: rhbz#1366470 - sssd: throw away the timestamp cache if re-initializing the persistent cache - Fix deleting non-existent secret - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1362716 - selinux avc denial for vsftp login as ipa user- Resolves: rhbz#1368496 - sssd is not able to authenticate with alias- Resolves: rhbz#1364033 - sssd exits if clock is adjusted backwards after boot- Resolves: rhbz#1362023 - SSSD fails to start when ldap_user_extra_attrs contains mail- Resolves: rhbz#1368324 - libsss_autofs.so is packaged in two packages sssd-common and libsss_autofs- Fix RPM scriptlet plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Add socket-activation plumbing for the sssd-secrets responder - Related: rhbz#1311056 - Add a Secrets as a Service component- Own the secrets directory - Related: rhbz#1311056 - Add a Secrets as a Service component- Resolves: rhbz#1268874 - Add an option to disable checking for trusted domains in the subdomains provider- Resolves: rhbz#1271280 - sssd stores and returns incorrect information about empty netgroup (ldap-server: 389-ds)- Resolves: rhbz#1290500 - [feat] command to manually list fo_add_server_to_list information- Add several small fixes related to the config API - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Resolves: rhbz#1349900 - gpo search errors out and gpo_cache file is never created- Fix regressions in the simple access provider - Resolves: rhbz#1360806 - sssd does not start if sub-domain user is used with simple access provider - Apply a number of specfile patches to better match the upstream spefile - Related: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3- Cherry-pick patches from upstream that fix several regressions - Avoid checking local users in all cases - Resolves: rhbz#1353951 - sssd_pam leaks file descriptors- Resolves: rhbz#1364118 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_nss killed by 11 - Resolves: rhbz#1361563 - Wrong pam error code returned for password change in offline mode- Resolves: rhbz#1309745 - Support multiple principals for IPA users- Resolves: rhbz#1304992 - Handle overriden name of members in the memberUid attribute- handle unresolvable sites more gracefully - Resolves: rhbz#1346011 - sssd is looking at a server in the GC of a subdomain, not the root domain. - fix compilation warnings in unit tests- fix capaths output - Resolves: rhbz#1344940 - GSSAPI error causes failures for child domain user logins across IPA - AD trust - also fix Coverity issues in the secrets responder and suppress noisy debug messages when setting the timestamp cache- Resolves: rhbz#1356577 - sssctl: Time stamps without time zone information- Resolves: rhbz#1354414 - New or modified ID-View User overrides are not visible unless rm -f /var/lib/sss/db/*cache*- Resolves: rhbz#1211631 - [RFE] Support of UPN for IdM trusted domains- Resolves: rhbz#1350520 - [abrt] sssd-common: ipa_dyndns_update_send(): sssd_be killed by SIGSEGV- Resolves: rhbz#1349882 - sssd does not work under non-root user - Also cherry-pick a few patches from upstream to fix config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Sync a few minor patches from upstream - Fix sssctl manpage - Fix nss-tests unit test on big-endian machines - Fix several issues in the config schema - Related: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- Bundle http-parser - Resolves: rhbz#1311056 - Add a Secrets as a Service component- Sync a few minor patches from upstream - Fix a failover issue - Resolves: rhbz#1334749 - sssd fails to mark a connection as bad on searches that time out- Explicitly BuildRequire newer ding-libs - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check)- New upstream release 1.14.0 - Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#835492 - [RFE] SSSD admin tool request - force reload - Resolves: rhbz#1072458 - [RFE] SSSD configuration file test tool (sssd_check) - Resolves: rhbz#1278691 - Please fix rfc2307 autofs schema defaults - Resolves: rhbz#1287209 - default_domain_suffix Appended to User Name - Resolves: rhbz#1300663 - Improve sudo protocol to support configurations with default_domain_suffix - Resolves: rhbz#1312275 - Support authentication indicators from IPA- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - Resolves: rhbz#790113 - [RFE] "include" directive in sssd.conf - Resolves: rhbz#874985 - [RFE] AD provider support for automount lookups - Resolves: rhbz#879333 - [RFE] SSSD admin tool request - status overview - Resolves: rhbz#1140022 - [RFE]Allow sssd to add a new option that would specify which server to update DNS with - Resolves: rhbz#1290380 - RFE: Improve SSSD performance in large environments - Resolves: rhbz#883886 - sssd: incorrect checks on length values during packet decoding - Resolves: rhbz#988207 - sssd does not detail which line in configuration is invalid - Resolves: rhbz#1007969 - sssd_cache does not remove have an option to remove the sssd database - Resolves: rhbz#1103249 - PAC responder needs much time to process large group lists - Resolves: rhbz#1118257 - Users in ipa groups, added to netgroups are not resovable - Resolves: rhbz#1269018 - Too much logging from sssd_be - Resolves: rhbz#1293695 - sssd mixup nested group from AD trusted domains - Resolves: rhbz#1308935 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user - Resolves: rhbz#1315766 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo - Resolves: rhbz#1316164 - SSSD fails to process GPO from Active Directory - Resolves: rhbz#1322458 - sssd_be[11010]: segfault at 0 ip 00007ff889ff61bb sp 00007ffc7d66a3b0 error 4 in libsss_ipa.so[7ff889fcf000+5d000]- Resolves: rhbz#1290381 - Rebase SSSD to 1.14.x in RHEL-7.3 - The rebase includes fixes for the following bugzillas: - Resolves: rhbz#789477 - [RFE] SUDO: Support the IPA schema - Resolves: rhbz#1059972 - RFE: SSSD: Automatically assign new slices for any AD domain - Resolves: rhbz#1233200 - man sssd.conf should clarify details about subdomain_inherit option. - Resolves: rhbz#1238144 - Need better libhbac debuging added to sssd - Resolves: rhbz#1265366 - sss_override segfaults when accidentally adding --help flag to some commands - Resolves: rhbz#1269512 - sss_override: memory violation - Resolves: rhbz#1278566 - crash in sssd when non-Englsh locale is used and pam_strerror prints non-ASCII characters - Resolves: rhbz#1283686 - groups get deleted from the cache - Resolves: rhbz#1290378 - Smart Cards: Certificate in the ID View - Resolves: rhbz#1292238 - extreme memory usage in libnfsidmap sss.so plug-in when resolving groups with many members - Resolves: rhbz#1292456 - sssd_be AD segfaults on missing A record - Resolves: rhbz#1294670 - Local users with local sudo rules causes LDAP queries - Resolves: rhbz#1296618 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1299553 - Cannot retrieve users after upgrade from 1.12 to 1.13 - Resolves: rhbz#1302821 - Cannot start sssd after switching to non-root - Resolves: rhbz#1310877 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs - Resolves: rhbz#1313014 - sssd is not closing sockets properly - Resolves: rhbz#1318996 - SSSD does not fail over to next GC - Resolves: rhbz#1327270 - local overrides: issues with sub-domain users and mixed case names - Resolves: rhbz#1342547 - sssd-libwbclient: wbcSidsToUnixIds should not fail on lookup errors- Build the PAC plugin with krb5-1.14 - Related: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1336688 - sssd tries to resolve global catalog servers from AD forest sub-domains in AD-IPA trust setup- Resolves: rhbz#1290853 - [sssd] Trusted (AD) user's info stays in sssd cache for much more than expected.- Resolves: rhbz#1336706 - sssd_nss memory usage keeps growing when trying to retrieve non-existing netgroups- Resolves: rhbz#1296902 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1334159 - IPA provider crashes if a netgroup from a trusted domain is requested- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin - More patches from upstream related to the memory leak- Resolves: rhbz#1308913 - sssd be memory leak in sssd's memberof plugin- Resolves: rhbz#1300740 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid- Resolves: rhbz#1284814 - sssd: [sysdb_add_user] (0x0400): Error: 17- Resolves: rhbz#1270827 - local overrides: don't contact server with overridden name/id- Resolves: rhbz#1267837 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- Resolves: rhbz#1267176 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1267836 - PAM responder crashed if user was not set- Resolves: rhbz#1266107 - AD: Conditional jump or move depends on uninitialised value- Resolves: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Fix a Coverity warning in dyndns code - Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1261155 - nsupdate exits on first GSSAPI error instead of processing other commands- Resolves: rhbz#1263735 - Could not resolve AD user from root domain- Remove -d from sss_override manpage - Related: rhbz#1259512 - sss_override : The local override user is not found- Patches required for better handling of failover with one-way trusts - Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1263587 - sss_override --name doesn't work with RFC2307 and ghost users- Resolves: rhbz#1259512 - sss_override : The local override user is not found- Resolves: rhbz#1260027 - sssd_be memory leak with sssd-ad in GPO code- Resolves: rhbz#1256398 - sssd cannot resolve user names containing backslash with ldap provider- Resolves: rhbz#1254189 - sss_override contains an extra parameter --debug but is not listed in the man page or in the arguments help- Resolves: rhbz#1254518 - Fix crash in nss responder- Support import/export for local overrides - Support FQDNs for local overrides - Resolves: rhbz#1254184 - sss_override does not work correctly when 'use_fully_qualified_names = True'- Resolves: rhbz#1244950 - Add index for 'objectSIDString' and maybe to other cache attributes- Resolves: rhbz#1250415 - sssd: p11_child hardening- Related: rhbz#1250135 - Detect re-established trusts in the IPA subdomain code- Resolves: rhbz#1202724 - [RFE] Add a way to lookup users based on CAC identity certificates- Resolves: rhbz#1232950 - [IPA/IdM] sudoOrder not honored as expected- Fix wildcard_limit=0 - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Fix race condition in invalidating the memory cache - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Resolves: rhbz#1249015 - KDC proxy not working with SSSD krb5_use_kdcinfo enabled- Bump release number - Related: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- Fix missing dependency of sssd-tools - Resolves: rhbz#1246489 - sss_obfuscate fails with "ImportError: No module named pysss"- More memory cache related fixes - Related: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Remove binary blob from SC patches as patch(1) can't handle those - Related: rhbz#854396 - [RFE] Support for smart cards- Resolves: rhbz#1244949 - getgrgid for user's UID on a trust client prevents getpw*- Fix memory cache integration tests - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#854396 - [RFE] Support for smart cards- Remove OTP from PAM stack correctly - Related: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Handle sssd-owned keytabs when sssd runs as root - Related: rhbz#1205144 - RFE: Support one-way trusts for IPA- Resolves: rhbz#1183747 - [FEAT] UID and GID mapping on individual clients- Resolves: rhbz#1206565 - [RFE] Add dualstack and multihomed support - Resolves: rhbz#1187146 - If v4 address exists, will not create nonexistant v6 in ipa domain- Resolves: rhbz#1242942 - well-known SID check is broken for NetBIOS prefixes- Resolves: rhbz#1234722 - sssd ad provider fails to start in rhel7.2- Add support for InfoPipe wildcard requests - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface- Also package the initgr memcache - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Rebase to 1.13.0 upstream - Related: rhbz#1205554 - Rebase SSSD to 1.13.x - Resolves: rhbz#910187 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1206575 - [RFE] The fast memory cache should cache initgroups- Don't default to SSSD user - Related: rhbz#1205554 - Rebase SSSD to 1.13.x- Related: rhbz#1205554 - Rebase SSSD to 1.13.x - GPO default should be permissve- Resolves: rhbz#1205554 - Rebase SSSD to 1.13.x - Relax the libldb requirement - Resolves: rhbz#1221992 - sssd_be segfault at 0 ip sp error 6 in libtevent.so.0.9.21 - Resolves: rhbz#1221839 - SSSD group enumeration inconsistent due to binary SIDs - Resolves: rhbz#1219285 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust - Resolves: rhbz#1217559 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1217350 - ignore_group_members doesn't work for subdomains - Resolves: rhbz#1217127 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1216285 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set - Resolves: rhbz#1214719 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1214718 - Overridde with --login fails trusted adusers group membership resolution - Resolves: rhbz#1214716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1214337 - Overrides with --login work in second attempt - Resolves: rhbz#1212489 - Disable the cleanup task by default - Resolves: rhbz#1211830 - external users do not resolve with "default_domain_suffix" set in IPA server sssd.conf - Resolves: rhbz#1210854 - Only set the selinux context if the context differs from the local one - Resolves: rhbz#1209483 - When using id_provider=proxy with auth_provider=ldap, it does not work as expected - Resolves: rhbz#1209374 - Man sssd-ad(5) lists Group Policy Management Editor naming for some policies but not for all - Resolves: rhbz#1208507 - sysdb sudo search doesn't escape special characters - Resolves: rhbz#1206571 - [RFE] Expose D-BUS interface - Resolves: rhbz#1206566 - SSSD does not update Dynamic DNS records if the IPA domain differs from machine hostname's domain - Resolves: rhbz#1206189 - [bug] sssd always appends default_domain_suffix when checking for host keys - Resolves: rhbz#1204203 - sssd crashes intermittently - Resolves: rhbz#1203945 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default - Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only - Resolves: rhbz#1202245 - SSSD's HBAC processing is not permissive enough with broken replication entries - Resolves: rhbz#1201271 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything - Resolves: rhbz#1200873 - [RFE] Allow smart multi step prompting when user logs in with password and token code from IPA - Resolves: rhbz#1199541 - Read and use the TTL value when resolving a SRV query - Resolves: rhbz#1199533 - [RFE] Implement background refresh for users, groups or other cache objects - Resolves: rhbz#1199445 - Does sssd-ad use the most suitable attribute for group name? - Resolves: rhbz#1198477 - ccname_file_dummy is not unlinked on error - Resolves: rhbz#1187103 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1185536 - In ipa-ad trust, with 'default_domain_suffix' set to AD domain, IPA user are not able to log unless use_fully_qualified_names is set - Resolves: rhbz#1175760 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires - Resolves: rhbz#1163806 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1205160 - Complain loudly if backend doesn't start due to missing or invalid keytab- Resolves: rhbz#1226119 - Properly handle AD's binary objectGUID- Filter out domain-local groups during AD initgroups operation - Related: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Resolves: rhbz#1201840 - SSSD downloads too much information when fetching information about groups- Initialize variable in the views code in one success and one failure path - Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Resolves: rhbz#1202170 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605- Handle case where there is no default and no rules - Resolves: rhbz#1192314 - With empty ipaselinuxusermapdefault security context on client is staff_u- Set a pointer in ldap_child to NULL to avoid warnings - Related: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1199143 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198759 - ccname_file_dummy is not unlinked on error- Run the restart in sssd-common posttrans - Explicitly require libwbclient - Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Resolves: rhbz#1187113 - sssd deamon was not running after RHEL 7.1 upgrade- Fix endianess bug in fill_id() - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1187192 - IPA initgroups don't work correctly in non-default view- Resolves: rhbz#1184982 - Need to set different umask in selinux_child- Bump the release number - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Add a patch dependency - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Process ghost members only once - Fix processing of universal groups with members from different domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1185188 - Uncached SIDs cannot be resolved- Handle GID override in MPG domains - Handle views with mixed-case domains - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Open socket to the PAC responder in krb5_child before dropping root - Related: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1184140 - Users saved throug extop don't have the originalMemberOf attribute- Resolves: rhbz#1182183 - pam_sss(sshd:auth): authentication failure with user from AD- Resolves: rhbz#889206 - On clock skew sssd returns system error- Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1177140 - gpo_child fails if "log level" is enabled in smb.conf - Related: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1175408 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1175705 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Resolves: rhbz#1171215 - Crash in function get_object_from_cache - Resolves: rhbz#1171383 - getent fails for posix group with AD users after login - Resolves: rhbz#1171382 - getent of AD universal group fails after group users login - Resolves: rhbz#1170300 - Access is not rejected for disabled domain - Resolves: rhbz#1162486 - Error processing external groups with getgrnam/getgrgid in the server mode - Resolves: rhbz#1168904 - gid is overridden by uid in default trust view- Resolves: rhbz#1169459 - sssd-ad: The man page description to enable GPO HBAC Policies are unclear - Related: rhbz#1113783 - sssd should run under unprivileged user- Rebuild to add several forgotten Patch entries - Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Remove Coverity warnings in krb5_child code - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1173482 - MAN: Document that only user names are checked for pam_trusted_users - Resolves: rhbz#1167324 - pam_sss domains option: User auth should fail when domains=- Don't error out on chpass with OTPs - Related: rhbz#1109756 - Rebase SSSD to 1.12- Resolves: rhbz#1124320 - [FJ7.0 Bug]: getgrent returns error because sss is written in nsswitch.conf as default.- Resolves: rhbz#1169739 - selinuxusermap rule does not apply to trusted AD users - Enable running unit tests without cmocka - Related: rhbz#1113783 - sssd should run under unprivileged user- krb5_child and ldap_child do not call Kerberos calls as root - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1168735 - The Kerberos provider is not properly views-aware- Fix typo in libwbclient-devel alternatives invocation - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1166727 - pam_sss domains option: Untrusted users from the same domain are allowed to auth.- Handle migrating clients between views - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Use alternatives for libwbclient - Related: rhbz#1109331 - [RFE] Allow SSSD to be used with smbd shares- Resolves: rhbz#1165794 - sssd does not work with custom value of option re_expression- Add an option that describes where to put generated krb5 files to - Related: rhbz#1135043 - [RFE] Implement localauth plugin for MIT krb5 1.12- Handle IPA group names returned from the extop plugin - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Resolves: rhbz#1165792 - automount segfaults in sss_nss_check_header- Resolves: rhbz#1163742 - "debug_timestamps = false" and "debug_microseconds = true" do not work after enabling journald with sssd.- Resolves: rhbz#1153593 - Manpage description of case_sensitive=preserving is incomplete- Support views for IPA users - Related: rhbz#891984 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Update man page to clarify TGs should be disabled with a custom search base - Related: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Use upstreamed patches for the rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1153603 - Proxy Provider: Fails to lookup case sensitive users and groups with case_sensitive=preserving- Resolves: rhbz#1161741 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1162480 - dereferencing failure against openldap server- Move adding the user from pretrans to pre, copy adding the user to sssd-krb5-common and sssd-ipa as well in order to work around yum ordering issue - Related: rhbz#1113783 - sssd should run under unprivileged user- Resolves: rhbz#1113783 - sssd should run under unprivileged user- Fix two regressions in the new selinux_child process - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1132365 - Remove password from the PAM stack if OTP is used- Include the ldap_child and selinux_child patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Support overriding SSH public keys with views - Support extended attributes via the extop plugin - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137010 - disable midpoint refresh for netgroups if ptask refresh is enabled- Resolves: rhbz#1153518 - service lookups returned in lowercase with case_sensitive=preserving - Resolves: rhbz#1158809 - Enumeration shows only a single group multiple times- Include the responder and packaging patches for rootless sssd - Related: rhbz#1113783 - sssd should run under unprivileged user- Amend the sssd-ldap man page with info about lockout setup - Related: rhbz#1109756 - Rebase SSSD to 1.12 - Resolves: rhbz#1137014 - Shell fallback mechanism in SSSD - Resolves: rhbz#790854 - 4 functions with reference leaks within sssd (src/python/pyhbac.c)- Fix regressions caused by views patches when SSSD is connected to a pre-4.0 IPA server - Related: rhbz#1109756 - Rebase SSSD to 1.12- Add the low-level server changes for running as unprivileged user - Package the libsss_semange library needed for SELinux label changes - Related: rhbz#1113783 - sssd should run under unprivileged user - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Use libsemanage for SELinux label changes - Resolves: rhbz#1113784 - sssd should audit selinux user map changes- Rebase SSSD to 1.12.2 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Sync with upstream - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebuild against ding-libs with fixed SONAME - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.1 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Require ldb 2.1.17 - Related: rhbz#1133914 - Rebase libldb to version 1.1.17 or newer- Fix fully qualified IFP lookups - Related: rhbz#1109756 - Rebase SSSD to 1.12- Rebase SSSD to 1.12.0 - Related: rhbz#1109756 - Rebase SSSD to 1.12- Squash in upstream review comments about the PAC patch - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Backport a patch to allow krb5-utils-test to run as root - Related: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Resolves: rhbz#1097286 - Expanding home directory fails when the request comes from the PAC responder- Fix a DEBUG message, backport two related fixes - Related: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1090653 - segfault in sssd_be when second domain tree users are queried while joined to child domain- Resolves: rhbz#1082191 - RHEL7 IPA selinuxusermap hbac rule not always matching- Resolves: rhbz#1077328 - other subdomains are unavailable when joined to a subdomain in the ad forest- Resolves: rhbz#1078877 - Valgrind: Invalid read of int while processing netgroup- Resolves: rhbz#1075092 - Password change w/ OTP generates error on success- Resolves: rhbz#1078840 - Error during password change- Resolves: rhbz#1075663 - SSSD should create the SELinux mapping file with format expected by pam_selinux- Related: rhbz#1075621 - Add another Kerberos error code to trigger IPA password migration- Related: rhbz#1073635 - IPA SELinux code looks for the host in the wrong sysdb subdir when a trusted user logs in- Related: rhbz#1066096 - not retrieving homedirs of AD users with posix attributes- Related: rhbz#1072995 - AD group inconsistency when using AD provider in sssd-1.11-40- Resolves: rhbz#1073631 - sssd fails to handle expired passwords when OTP is used- Resolves: rhbz#1072067 - SSSD Does not cache SELinux map from FreeIPA correctly- Resolves: rhbz#1071903 - ipa-server-mode: Use lower-case user name component in home dir path- Resolves: rhbz#1068725 - Evaluate usage of sudo LDAP provider together with the AD provider- Fix idmap documentation - Bump idmap version info - Related: rhbz#1067361 - Check IPA idranges before saving them to the cache- Pull some follow up man page fixes from upstream - Related: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes - Related: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1060389 - Document that `sssd` cache needs to be cleared manually, if ID mapping configuration changes- Resolves: rhbz#1064908 - MAN: Remove misleading memberof example from ldap_access_filter example- Resolves: rhbz#1068723 - Setting int option to 0 yields the default value- Resolves: rhbz#1067361 - Check IPA idranges before saving them to the cache- Resolves: rhbz#1067476 - SSSD pam module accepts usernames with leading spaces- Resolves: rhbz#1033069 - Configuring two different provider types might start two parallel enumeration tasks- Resolves: rhbz#1068640 - 'IPA: Don't call tevent_req_post outside _send' should be added to RHEL7- Resolves: rhbz#1063977 - SSSD needs to enable FAST by default- Resolves: rhbz#1064582 - sss_cache does not reset the SYSDB_INITGR_EXPIRE attribute when expiring users- Resolves: rhbz#1033081 - Implement heuristics to detect if POSIX attributes have been replicated to the Global Catalog or not- Resolves: rhbz#872177 - [RFE] subdomain homedir template should be configurable/use flatname by default- Resolves: rhbz#1059753 - Warn with a user-friendly error message when permissions on sssd.conf are incorrect- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1059253 - Man page states default_shell option supersedes other shell options but in fact override_shell does. - Use the right domain for AD site resolution - Related: rhbz#743503 - [RFE] sssd should support DNS sites- Resolves: rhbz#1028039 - AD Enumeration reads data from LDAP while regular lookups connect to GC- Resolves: rhbz#877438 - sudoNotBefore/sudoNotAfter not supported by sssd sudoers plugin- Mass rebuild 2014-01-24- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain- Resolves: rhbz#1054899 - explicitly suggest krb5_auth_timeout in a loud DEBUG message in case Kerberos authentication times out- Resolves: rhbz#1037653 - Enabling ldap_id_mapping doesn't exclude uidNumber in filter- Resolves: rhbz#1051360 - [FJ7.0 Bug]: [REG] sssd_be crashes when ldap_search_base cannot be parsed. - Fix a typo in the man page - Related: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1054639 - sssd_be aborts a request if it doesn't match any configured idmap domain - Fix return value when searching for AD domain flat names - Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1034920 - RHEL7 sssd not setting IPA AD trusted user homedir- Resolves: rhbz#1048102 - Access denied for users from gc domain when using format DOMAIN\user- Resolves: rhbz#1053106 - sssd ad trusted sub domain do not inherit fallbacks and overrides settings- Resolves: rhbz#1051016 - FAST does not work in SSSD 1.11.2 in Fedora 20- Resolves: rhbz#1033133 - "System Error" when invalid ad_access_filter is used- Resolves: rhbz#1032983 - sssd_be crashes when ad_access_filter uses FOREST keyword. - Fix two memory leaks in the PAC responder (Related: rhbz#991065)- Resolves: rhbz#1048184 - Group lookup does not return member with multiple names after user lookup- Resolves: rhbz#1049533 - Group membership lookup issue- Mass rebuild 2013-12-27- Resolves: rhbz#894068 - sss_cache doesn't support subdomains- Re-initialize subdomains after provider startup - Related: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- The AD provider is able to resolve group memberships for groups with Global and Universal scope - Related: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog- Resolves: rhbz#1033096 - tokenGroups do not work reliable with Global Catalog - Resolves: rhbz#1030483 - Individual group search returned multiple results in GC lookups- Resolves: rhbz#1040969 - sssd_nss grows memory footprint when netgroups are requested- Resolves: rhbz#1023409 - Valgrind sssd "Syscall param socketcall.sendto(msg) points to uninitialised byte(s)"- Resolves: rhbz#1037936 - sssd_be crashes occasionally- Resolves: rhbz#1038637 - If SSSD starts offline, subdomains list is never read- Resolves: rhbz#1029631 - sssd_be crashes on manually adding a cleartext password to ldap_default_authtok- Resolves: rhbz#1036758 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Resolves: rhbz#1034050 - Errors in domain log when saving user to sysdb- Resolves: rhbz#1036157 - sssd can't retrieve auto.master when using the "default_domain_suffix" option in- Resolves: rhbz#1028057 - Improve detection of the right domain when processing group with members from several domains- Resolves: rhbz#1033084 - sssd_be segfaults if empty grop is resolved using ad_matching_rule- Resolves: rhbz#1031562 - Incorrect mention of access_filter in sssd-ad manpage- Resolves: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- Skip netgroups that don't provide well-formed triplets - Related: rhbz#991549 - sssd fails to retrieve netgroups with multiple CN attributes- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2 - Resolves: rhbz#991065- Resolves: rhbz#1019882 - RHEL7 ipa ad trusted user lookups failed with sssd_be crash - Resolves: rhbz#1002597 - ad: unable to resolve membership when user is from different domain than group- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1 - Resolves: rhbz#991065 - Rebase SSSD to 1.11.0- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0 - Resolves: rhbz#991065- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2 - Related: rhbz#991065- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- Resolves: #983587 - sss_debuglevel did not increase verbosity in sssd_pac.log- Resolves: #983580 - Netgroups should ignore the 'use_fully_qualified_names' setting- Apply several important fixes from upstream 1.10 branch - Related: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- Remove libcmocka dependency- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Enable hardened build for RHEL7- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)/bin/sh1.15.2-50.el7_4.111.15.2-50.el7_4.11krb5_childldap_childsssd-krb5-common-1.15.2COPYINGkrb5.include.d/usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-krb5-common-1.15.2//var/lib/sss/pubconf/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnuELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=6995d4e92ac35fc404b0dd5ba3292d7c4dddbf1c, strippedELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked (uses shared libs), for GNU/Linux 2.6.32, BuildID[sha1]=0fb3d7266b57c1c5d07c7f3a820880df7e5f9559, strippeddirectoryASCII textRRR RRRRRRRRRRR R R RRRR RRRR RRRRRRRRRRRR R R RR RR?07zXZ !#,q]"k%>eN8\7e|F 03~0~`&2YON|\)H~Y_ ;F]w)JJCY *;bk'N%Qd 6VBsV<ͣ>z,f?ĸ<֭*ȭ]uϮl0zWo{ E5.QefCn)2a-{zy7Ujeu:PԚTN!$(]4M U (*L҆y-Twh[m!؄9Gb;Z9SRddSMe&گ1[ [ᴲiWA6-F ~~Ui3h, KRpL]%3M/S`=?Mkִ.=:[Pct1&pMcDXv+ԅE{L=yDOI 3^!uB̅M.Ś# |,u(Nem6ץsJgŗ#R{?3BpIu7'm-j $<1Է PF@u8w$+&t?_K : lc|PvdCGiVʸGGt3Rv䟬qP/?ҫɟ 4}⁝خ#*|kf(. MmGSuIUo8o'߶XEPx|TO&6$zBK**-`Z=Ɗ9őXNԹb#{BKOK'ʋ AP M!7L]ૢ˦{0Xލ}.2hTIy`ZO6G ]~& :F(X!6`H-1cZdir&|=,ݖ\!Ze00%] 1H+āj2И8.43G Y:/ZZW4=*$2?xx& wqNW*g$Q=1 Բ'6rޚRqq /}آgA ˑOwhYX-YhKvy}-eL+t'PN;m-m( *Zê_]6hD0a4 &]f %w1fKi0ARazYC\7=.)'ٹFsJdEPV4{GAZp*@!ayBp&nui[h1+Ƨq.(ʠHsTjfҒ}wyê:hL O(gĤwAÜոö߸xV?2+B%x7򣾛c5ӋvoIl8jjw6m;[P2 J_Oo3l231a]z=Ux=WHI4imKȐ⛳"/κUn5{ β/<[. N=8Ե-ltYƊ2jS$ VqC4nZ>k/4fsJ=qyYne5Āssan\9=¤{,lhd6\*Ӈfڿ05KDQd{=M*)+ .)`_m6RٮE`!yE;V6үթ@S Oڴ ح"h +n/н|,Bq沱|Q[qJ$P}w &A5 4(꒥f[ә#[>k݅tYa5G7'a8ꮵLaռ2H",dDi-":a ?*%#+jUV2:\Jyfغbďp* ]frΦGݙ8@$bx˚[|[RMsݤR aR1X W\*\44hQ-Li=.]H9d(UODmD"2%*9ן,ֈ[=V[1)aRL0;nvISsԯ#tR)CžSE%Ov ~49la'je&Ъc8Lx{|;gm _4M=R%575!E-j@Y!5:}sLk8tARwm4:6-keoo *)xt'͖pK5fK74%vko"L4[&GAβ Pg[|dZj@[_(jԟMNj99bv ! we͉JmLyF!qtX*{.-FED #Ң(6ȧ׼t/ *nOn=r&/!v*:8j0{L1f?7Rd`| DxV<(~_nζkhyp̿mM oPU4o 9m}1z Zr$:ZNbk81cE/H +5 77=#oXp-2E250Qܧ 0ʦL*eu񕤫^JGM+k.f(gJ4{c y@ <YtޖMU&|ANk{mc 9rr}Ȧideb <U㞄WugXÛ9K8`Ѱ'{wpua&ewP%A^rm=Ob[7 -7uJOSmJn8 :C/T4RM?o+ ܜ8o{WhC g_}$T}/vE)7x"{!pV4[Ԍ ݚXJп :Q[Kg ШO Y7鐋tע>L/hnH/}.#Q|A_} RX=gDn8X2Euqk%1c]+0U/`a|WTl*RM?Z[eJ`ڑ՝|8*W5xn?a4*W5^k3o^7!Y~\R]EoK4ߤ,쥫Dv1 f"qSǝqB>qd,u[b]-R171A4Ť5ޔKYˀMml@Q]Hb!;A"5Aj‘И9rO~A0x攨uZ(cl'Pu_|Sl48qeʻNLƩc[jE* )ߧ >p=AL>?ꠍAt ́LC2u94kX&$~sc3-hI(\6o%EvohqY PG@D%^ dK$ivOP] }mK|?K6:u~&b]j2D][ּ@k]VNܦ>wت^RH3?$[*Q_=^m5Y}5U?֠tt31V#G)RJɲŝ3AI[)DqNmInJ^M@A3Ij<9XFǽfĩ]R (RlT[勵k|g?:OzmsH ֋Uj^PuVGZE 66hN D&WP V^-Sd0>۠υv_t(X4@ 1G…μ\'}I$"M|#ru|^[]Zu6QBxQDJoI2Q>cfYx^%4 BW cf (dZĝp 9(kWCIauB$9w@{ D=m+Xi? ɥ@!z8BIBtWz>dg@/,5?{a<I.&-C Vz]tDOzȣHgvQU.H@ѠF@ p ˇ<QX6_$f <>H\u\Ei0T6Xk?^k>ۋbPG&!w5&_-_Z(nB]$^sUX~[j-853g7u%Ȅ?*]# #$ynoĤB<2OJr.-Y{bޥ1ʵ)"Vs ͔~ujt`ZKBJz7ar@b/dglګ ڣM7?&B ]b!P)/^uf!{C}42 䟐;c0qu`n˛"࣋a^e ~Z4ݟL-% |eʭ'0t[qEyL '/o t]-oPI1@2KNaI1 Zl~KVW՝6Hab~ mgD ~Gw- Kؾضj#. ccdz9,$] ނN.%EP:O=h०nj-s\ s &~=eggV\kA&ʠVȃ~’eYL[nYpA|g WVIKyqA%owK&iȗzK|B]CX,k8gӬ6Z;*C՚oۅ77|- bR/)>Ł[qg<}9qv*Dbmȅ45stv] GNMF\gv? Vf>IuE4hۭGoWRCuoY rKtlP`FDD*&wbҶRRp7r3{F&-Wt:ɸe*!B.%̼e!nz8KJ2{Z5F/klB*@AStB p~^ ]7 *}ǐAs^m:#b}bjLY$j8,pp'x]Z.O$9bY԰Tv1T+5N (XY$@_XTqIeBp^C4B#ӯ:pn!a'Ico%`= KFbe'';f] .07S)=OesD-j0^8Y:N#NuBEd==߰?$&lp'tinQFe!t[k],kQI>Wl>?R8%L5U6CYAΗ/4P/y|&! ȵ; XFE5!zNNiAM$pHs7sMe VON6!k J2oL~'S>ZB2 /p/SpC=M0ZRMHq.D F`;C e9@g<,1 dsؕk~`M9 4E~fP䟙.26QFllFHTOm qYOz*xjF/lr!&C3M۞vs%$gCkWx M!{̖[eצ ؿM4 ˈQ@vX~N;sl9]%0yeMp W4t+JDRj6uQ/)^i᜜[c|_uLԘQg7Т\F?4wq+VO*33T;p;?{s P_Uk2RFKҘOSJ>'1?JՔ-mhٙmtzxa-LR>%mԼƾ"͚(n2tVlFv{Iѝ<&Ǫ|ͱc_G?ZU^sskYlV2(A7~p|wUjs45§xb5F#'jf AY2\ 71b?⛪ymmxXH,OiU#s{osPW77ť1nJi~XahO 7w \?G31B,":[pZ{@̯G@H\ԪO 'jNI3ZB>GLගp̔U=P!tŬ,#c_x˭?]ϜN'=dU=oy;a6j6ofa32l=8K0, xz@3B 阥}sCS NQ)g1. $Ovϱ(Q.Ɨ:5^v(Zbz,CH>!GՒ+*Ux-bS}sm2ӿUuД1[({"zXc@ƑubՔe\/ 1CKS0(}Jw +Ҝ*3Tk*!EY)svk.cXwK5o2N64(9Ne6MlCÚΰAD6&U䀋}4HXpHn1SuT:RyNZ\{p@Yp,0ݫr#,5eS5747zKV,ˡd4|j~ j#klª+ W YqIb9WCpꃪ#L2RSl7׏nlsX=F1ֹg?Voz[a9дfPG9ٴN(!~ѯdyA2喀qj#⽆1S])^b^5X=&aIj qԨ_1_Ev/P{-gHVĽ$,_vМv| Y# B2LUA)TG@m~RIpsj&]ϭq`sYe*H]"TʺOD/j0?*(SQɇ@ݸ0w\ƝA{(: 7Z6 ģ'@^{k[lZ)CkA`m=[]*.'u9mgYz~6VL- &l*־$Wc`!'kcfɩE98QV{.E@K3;ZI3t|HDa񲓂}٣bGl 0@P'-EBhmXQ+qH@n7[-z6y qJϫEʈ4lk~"l\ EY-M3O6QS,}V3d[àm.vjRC$fbNGSra7˞ʶ E^]ۭN<skf|XN|DF?{27@ sꆑzD!L@pa&Kݟ@ ag^5/'zhk(9?ۃ_YZQ.*0Ғk著K!ﴟUhs' ̠ڄ1YufMNMPuS >ز$C^<"-ǟ!Fg4GPكi2X< _c0M-=z]K~5bjH;.`ck}D_}vP= 3=X&ɮ%h(Nk=5*<$, b)8F37S.[9<ۅpj#_}9X Ċ , :'|?wS,y3bgSmtx<.%qjx}/h`,Lo'ibDSeIih}\x'5 ǒʯT_#R>|n;t(SB[+)'Y AѹIoӽKFT//Fu (B?%e"\ u@_u\dCOHl7(1dkHo~PWĘj8u?kh(` ]N`3) ÃV’*.fOApvy4d&Y 3Z+ZY^Y Ѯ·N$]!lX2{jZzQeX1H0s͌;JSxZ^jSeGQyKpc xge@%n>WL()_pM#wAIh@J11IsG(WxMD&^1pPRܽ1)CHNBejq&{EQ!ecz_W |z8۩_*'TNW"`W7|XfM"/ PH^ (d7 2,uSӐacNCP35Y{+-x.|,c0w !P*cfU' ey2[|@@;S-6YbIT9$G:nOWCL}*vƟkl%Sg`u~$?R7zĕ;I(SB"nm9}mnbZ=NoW'C˂@@ӂP~ɼyHVbϩe]Tm`My5Ҋ6?KZYBaFm`~Px.vK.BN jbNCs9V^]EY|݊X1Yv㗽FR35NNzQQq'\&oIV`8@XoXSSжNZq\*h52|ۘ_<Tۂ!1ҩ}M U~f5'fe4B _߉$ơJK kZqfƮP}>Hw\AG7MQǶ N[]zط40$I{||Ds_b=4P5S_@>MDWPr4)?$_G !W0iqb GmF'JӀžW:PxoCu) 6 ,44۲ўs$6&@/%[?|`HvbPw%wr!\rsDBb7zRgPTj.GV^,( A7n<4aiƆ$l"n3U DS[5]Z/P`t I ᕕQ,WQ/!VZYfN>lE{tk.%0pBfh*h`4M[ݚ>J;g#V*y^F<[G2kZIɴu?ڰyVk6M?-A6T<m{DwYMMd$ [sSR{Odfv_Rxdb\]jߙUY(3l*w6fw{ 4}|V2n  \hr(}#qj5L2!CU\GiԮ+g?Dќa0<w)5nPO'K[.;¾-htZ rl2!=#LҠ^i qPBB HRv1v/٘'L%\+xoCc[^M,N35ǑVP>,qhV|V䣊D#1-V37,ac}iIYts.^-$I]K7&ںR*y#~,8RQ 3Lr! w, lKb4ގ wM|T( 7ȚХ v= "fXΫϿ&!4L۵f=mw4y8:Ֆm#&MH=d?U3>?[hv -j̖${RPpW&`$Oa7&RWOؒ㻨A@Xv嵍*{aX.{=*7ny hzn? NŽ9 7^#Ss7)mVIwG6dd :Nɳ*[i["$W2$Vu17Yώ/E+.C6m=:Q=o7bqu.3{{yZfol֮4t> F/ .<͉{GcQ(3ͮw'M?S ,?t= @A29Ҵ A5pI?$e!h2sjk _L~ 3"Jb٠Xօq&Wlr O:Ճp 6Qij:JM f)nŨ;[ 2@ejC/m"rYzq{׉ ^6-wE3^t&E(p)6cLt2!԰O[ͣ z-8-+t)K^2@oF!-񺖖g♓ gd"̤dhnӯ#*QXL4om/UV .7ȗ.I6]]G U+:ŀӆK=NvN1,FAA~;,Kk#| ľ5SRFKEi~510͟R&@e0yvOlq۲PM(4w VL-r&Ú Q)ܠBݔCꑤ kW0$pYzDa+=Cj^h+Mv [H$t&G#;y2$dzy15aǙ1B[r]}$ly5辈c6m$(<'aQ.(0OˠXR s&SOt5a)mgs)eYz\`HCQF;a[ `.&FX>..qazD BD#rEv`^dQ+Xo"R:sp!߾$ׅQnvh^ÿ 0j뤼- TR*5d+`ưLKSe^pbV}zBc*SJb /Vu,oC 7[ӮD |ЫS%+kW: A:4˶'a+U*EszM6JGp9Dg3 [~3Wߠd!\iEx˽x0\˘?oJEXuo`5q@4Ep (uVGRunψum1k!ZF(4}$^%F<Av,SgfL熩.k N ?ТܕEfifvL&,e$tc"6'Hq_|I% T*շ%{1{zߍ,\q]Q z (O]4*K2 ߪ$8띗9P+@Vۓ3K]%a"$tNR,NGr9I M, VobB(xY.?%4Q]&v/R-v##!ܽjjS6'?fJfi#.gC,@{vö1o:+ ~dB<o@d`@8}ܠ OST. 'SAlb8ك4*H9zv^{Nڅ}h/qd1k !@6`?KbIw^wȯ- 2t9_IsE 1nV2X9[X =P)A^ZzGYc'Jz ,%5X 6?RLw*=Ԗ۽tk "~Ym5, 'Xңg4ژ.G4BogC{3.5NPJI䇉BГ،h W!#Rؓ x|]1ޑ.Lí)뛚b&w-·/@k b)`->Ha|J6IO}.Os(G! R|%twk"<޷K`qVS q|NisXnG13>$isɅ;Bd^sތ*n9,LT@QL%jQdP|8PVjcxeI.jE rrtbqwayŒ4)c#OҤ(YQy4,Qfa5!Lquж^ $M;"½ڳWS tj]4TU@΍ޑ1J,ҜX헫s#%;!11< d/Z>z3&zqqjF%:7۸>iv"trW̪ÕB"P_bKIBHOajռT8 siXDe:^b/feEdۥi֒"u{j[Yr 2/1*t㎞āFfmt|Pl 7NGM BaC+SK\̟o ݻ (VxD9x$% Hיb_ۭryk!ٔ@ [FVQxõ4cLR?՘©<+Iĭ$z%sUOGѫ_} u2Q/ޥBN4}k B8؋ȡt!Nbl&^+M[h{|7PNc$rVr=]~c)^"0 VTO>RDQKjGfQjh-'xv9P;M`ב3X"Y{ MU_.C\/06:\&O KFDs1MG>\xY&o:]ce.9- kKDjH?#G30/Kkxi/BFՇL,A(%E'Q.Hx$C8ȑͪC+$\* aNAާLdL -V( h: -ꧮ)Zzk[>;$l5(q9gBNTa>D : rvy+*!n*] T*' :< N~Ě|Lꠙg 2S늑R HWѾQf0ן꟮齳keN]ejlFzYҙj3p{]NBi [YÐTe n:7΃V ! _V9-/sFCMkEfP>C|IfҌQ y7|s8'"!a} Ȧ{EOKꁀPR8,3Ks/dX}nwQ[ITw@F'Ϲs ƴf<; v]2ŜE3s3QLb\*O{6YJafB@ 9K!g?$* R) V Ț,>Bd~ɚf$5rܝeK?qqq> UjhhssC)vF'}ߕ tT eALMBXH:tֶ͛:0wl^P0:*B:-ҏ0].эQ CR%8QqKRFz {,>]GcV.BZ; P{RTd(Y8d(0 MÊ Ye t2d$tiM.J# TQf@ӂ:Z2NеH tyBZ1계"*co&&BAuIQxdrI$Uֻ!k;r;,`7S f3 BGzJ." bc ܠ^N~eu]J$.]DO 7E`jqnIb oډ (R 'kDPG7/*n]vHֲHpfmH()+sDž)*?Y2\ f|ZsTSF dTʤݮl' L35?a#/[T`4avq`.b_:?OSᠠ9^,)9< HͲc~Vv{ّ;jW4LЎjҪ@āz @ia6m&IO>E@ut|2Ij .mA? s} ߎ9 nح rO&yZvHG+tݴ墲sz3.^xx8##ND`z@tULYV>\}#ĞrtJ}&<^'9Г~t { B8S1%'6:)j&eeCH %Doho9J;BX0g W G.Qkz]?G-%Cdh^|I ?μ,k O?CvɕKEaP_յdKz-y3N#O e͛<38O&׊Ф(HB,i~ԯNd֎!&Rw`Ov5~b=| 7n'װ!`IIJ29~-lI6e w0Nv ;3,gԔxDU&NbH4̑#zȈ?p0R"%];BzцRNY,p]ȿkmb9G^9~((<ɃVMRof>1UzQdF$<#\N':/N㟩ki6fVD*`[h#N$]MOjl$Y+kBzVYP${*x'5 TB)nPzePXFM ^9yjeQ&K<#"Etк)~DԆ_cܵZOVr$5 `\Mp6SJ{$w'4mERVA:3zrWnXݽ= hX tlT,1:a%# MgG4dOf)KbxWM!˿鸬(6Sv'cQӌLZ( φlLjz }MItbNQߥ˰. )'a$Uy0F,{BFi22|)hWZ j%D5 PsƁ(l}U!ж$_8%7/HCaA !pOɽXH.`3l%Zܖ;ΚMU~8㧇/:{giz"T,s?aM. TLq30׳ x?wƟ99J @uBK?}a ÙףڟNB@K&E\Ne0nk%/X/h+'>a047LYvGAI0g/("KVt?"ZW\VD11bx(vu)dW 8=>o8˧o(f+uz޽y7\_e& qZ9}Ih͒%y$O鲾~ܗa(gOyZIg<}!#*7|cXW]gdr7ބxNQ1R⒚1`R=ogZ|.D%H]~t9"4X<&Ҫ9֠ = =tw y/6=*uNܪݑ:*ަ#0ԧ̣[p TUHtra-6&,G_}ek7ǿhXgI,QOͱ5\@xn rt.C3_ }u( y@+ \Oyz۟G& M:EKs31Br9F._h>!#.5q`i--k 't=R O*PYQ>b~HxyZ˴/Yi?t1>1ʪ7ɱ |C\/LO6rNj`L Ǹr]^8o@A༽3q %uQsB/Ķ4"7Вn߽XW=UZ#գ#N7:*Cf̏ߌbDoGs6'+sՏ螴ckgܴF̓=Vtg7NF9l)C_!\cZ!#d\SeFAReqBVsAVKBPZ aS0R^ꠠr!(ZJ]4 .ns|UE~Ar^̴%L$:y_-x@V'RqD^R`"~4%e4jcq^OļC+W$+` Qq 8<잊 I:pϱ[3 [}HՕ!VhaPRpQw_6$P/5H6; Uo6FW@ȆyUUAI"9>I9 `-ެYC* A%.DZϺ$PΖ6U'\*G<\`J!tC3-?!-^+þW~%PLj?*3o/D:cHAÁl:i3?PF"޼κnR}^jS6N8`fXVTV]{^n|k( b(4 Ǟj. KG8pZ wr`aO[O 0"tm6dxYr>H?ĉ4IsoGI$ް,95MX(7R88Ss&-x ]5! 8tBu L/\[].pl߾שX@ӝp`=z.\~ӄ\P&&bre/CYua#{> ]]wr;7*']V,px29rvZ@?{;q\h.<$z3 ++"Xc$I"6ygW^!D&ry;=xjf/p\/GPڱ5WB/=R$v#x#.XV6t*+QTċ$@?oP^+][6ϻVϾ$y_K0WI9ry-FQD n`F#ɗ#(ʌr٩t:":qly;@"$9rlz 5Wn*E2i)wVE#R δ-RgIٗ03HJdAPb19]|?*yLGh2g{?I5ta뎩e:&q6w[I}l 4QIJ(@B|u;Af-2I .oK5VN1hfVsb7my]X,?8֒&URO냝TZ>P%6$1x-Y (yFVK2k;.85p`\S(}\/ _z[uk=Eo2 fRh}"ΘʣU\0f|45@5@A+vA ؏179+nˆ[g%U?d :V;4;odD:^ 4{ VGйD5YG&D/+lsto Qk3o):C$>Ldꄑe/7 $ T1,萚FG$:xX o1N ?6 \GCBn9?RLϪEJJMbaM⣠\ꠐ<U5T TD8V"9AQ. S5t'ѕ F3_SXNɪ5B;vJ3W'N/(D$u}vN5*9Iӥ'hR~l(bu6ˀ\na]Ve]oH[lZV$")PY!5<|Oy *jJZ/7Bb7\ȨQǴxsFTIAzy>>,"cCC=Y:NwQL~]Gs^* OH m[16͍(v꿎2N(RLXRȡջ6*VĖ(xgZVlzhd=7o )*Eo'"n[̐r̵L.+@7ipQn 9xntV;,X;2;])"HCK ͔y{& #]XD}L174˹8de@*Vv[K%FǶ?k\?P'!7NX@=VL'iꤢ0 ۳=(72[wՌGOEwFj+5)ٲ]`0r5$,&2t~:h:qgcZY)g &RmWɮU)oo* +\2S{#ư=<Le@{ZMR6Ddcn! qC>5Z^Z1x'semu|9v]ohOE e]@Sf܏?hﲔ LTP?Rn$#H}V]+f z( %k4l߄,(P_}T Y]T*YKNu0ӣVtv.VEP[#~stxx/ lxB!J{J.7`8/.slPpHD4jhR+xC2T9AS95~핐2{˻ɷ{h0';$MN*~=NZ/KؓTd>7O[޼{LOدh H: N 2xxKbrpm>D~u)0C&m% ۃ]?0@ߨWĹ%XOOT1<82]ygL#kyƺNx% ]D~#Va JKP(v@.k*!f//\h-H;򜉞vtfV.Y¤=\8pduPupJRe9N>[`I9C9dZzD˕l5<~LRm=J6>idP5n]Jmr؉grDTW$j$*'",4GFK3Ǒi7%cV7vz+A3LOaWX|l&03YF:~G `^KTbiUσW &q/ICɓpy#J#Aβ1g,׭l6[ⶍΘ M\ߴDj4 ;߄i/?Y-uBo֝RMc7J î޿!g9@K3ЮY4`SuQ4_{J'Q YW"%pcç< [)m>HZJ8E,Tx]DkI/d5:-C am ' s3qGot0ޢEdTa\[@ŸI,{lg_d[ߵf.PAQ,[>y*Ǭ%C `t߄nI"G)r&lau0x$1FIYK7\"3AgScTRꋨ}'@véi^QD+6P4uΠs}zVW.wlud*I`L8Nh54fYe<978ψsPt`K13Er "q3'wLJySM^N"Lg[Ⱥ!g(pGJpW=HQ_Ãgd>rW2 L@tV8S9?:n%>̣EfS)Eĭ_fYGt`IFyJ=[>-FkSe҇qH";X&c'?z`~\ TQ_{ ޠQӿ}pV6w^Z:֟8\ȉT` &5nrʟ pe5UAu$ӌ, _{95W'+76H?է^"0$摭'.0TD~"xb?oKڠ#\M [P "X& {1YbȨcYe%r*UKz 7(ФѳSOaߏ\`?E;7MIe^LoS饱` v o1å3Eکi|4 |d829OjL|+qR*_d9;oTY b^HnUglg#:֠ #c=:ح$[=~_ރIO?~T]{I1 )l6(Uu3V)m3 Ih*p{qc,` ¸iu|?uŃ!(E7D !u 7|tb8_Z @z,*6iM+LIo;7xgFΦG8vyOaԧI#i5~*1-7dz˵6Huy׸mbs E E_tJ~WG6 q\g'JWLurɤ+yqkRnyTf=Yu>e'^ 9|,!/ijc B`QK:sG80-)=xQ~7? j)^mژPѯaڢ! HX #%VS%IC@c9tDu`Y1q>VٖDGOgΤi(E!ʋ3RuFRkM-f -HN)}ue^ؓ@02[>ϱ[Ь_ ;B!GXTSM~6KshxYDB _4F.{%` 3VI젬S>0g 7]2a_`xx{ެwOggk Ӏ1&twޜ[䁚6~&j}sƔsN@ R?HpGMޚ X={7v#GJY0! |*d$l9D_WuN-e ݨIv)te|›2E+ppi\*,BNhV1'͇\#Kjfk3fN 8sa+b+%W鄂1"7ALƣt4[M#iiY}箽J(h k]A$.k{[H}ќӀ$jQ^NC`J%6M-'I m9biluOW6af{XAcvE|Ve@Q!ʏHgyҺPm_^qi[MC~ȫȈ椉R/;kv[<@E'KсAs0+H6yhdȎMUroorWsGuo׸E8jLl-a˴LLKW٪OaT0 ٟb IcCamdz;b$ۀAq:|I}-˂U :@kh$qn%Dleb->,YwCVyn+9A2]gGy{iu ӎsPrk/[lo17NpɆ)K Uek..iT HYފOX}J*ky1>fcf0cC )1p3g'Fڕ%m7L1Jx{f1*kQ͝F9a KU3ڪ `Hބ k v85߈j 8n ]KLJmeK~ wq +SֶpsZ-1eZo@KHM_P%Y#i'v'BSƏ Fd8b1_j>zMoXA PVr;$`^l0 YXkjM.Ft xַu1x8@KYNV5J@(p룗`@?,?AМU=Cۍ1 {J'^qeg%& C$?GI)qv:kA'ZؿbnN U5BGWu%XlBsҪ ֭X>=4a6%-s v/fr;UK7<ѝ6*u5"a0Ej]VTOOuZ߳"zla<{04A<@ z 7ҽ/仍K*F[77օB L^ߨbCqݱ0n#R+_5ug+6b1L](1JSR6 ^/A;OCqBKW!1FsU7V!^I*-p}[®HKi!]܌KxTQPT(Yq);%;~)n4-$raӵBm;V9arG30.Y ZLQJnY2.OC$F|7mK9GJ=j/*¬: Giᬅ5X< ; tgޓ*Bՙ_5ܽN&_B gLp+Wǎ:xix$SAտ?|_rFlFs씅)b^0=hIᖌm.2 jZ j흤N h{&ڛ@!\; D1GW4YͯS4kB#ћqm"3J%-v4]gJrժB_;c7M"5n5Au3֮ iDۭGY(lj@79[xL*^F)iz)>0Yxk 伆F(89(f/[_28_ JdsʈOFܗ0`b Π;SG DѠ@;oN; #׉ϐKK1zOy#t&&Z޸дrAeZpt3BJ}.kArcLx82-:gG~r`֭M$`%6]9XB DN.cZC D+J)Pzz!_!I&0Bx'XWa3(诀oȖ߁bLN{xJ? Xk852H~H@>'FJ.&hLyvyW`ĺGFRo{FU݅/W`g e;Ӻjqz?_0P~zV`%"xÞ]SS.Ҿ#?Zy`GG~%T)\̹OeHbh.^aNhS3e$]/&t+vB.Ca≯Z=ԣI1S!ϪCy^]3!(a*CH{oJyѩ'G{7%k 95XGoxe·6w?.€:RWi%2.B>IŇRU=Yc2M&f>({+ @^ǷO8!/_npP){Y|Vm$GyYO66eygjFF%-bj^W܃{{THx^k$cLm?SĐ냗f L˵X/nq_9MdRv 5;\nb+=,S-I*hY^BwSxtahv啸mرʺUxGGB a_DSO3FKiM5a\G4"!c酡f_{c:4RJ a+u-e ÄQޱTW|I]jT\^:h!ăA90'W&lz&3~凈fmg@O(D\٘])L=CQxr?lӐj' ϯ=!d(a6 W$>S1_' J36w=E`4F.r[_˴^*qigEg›{Z Z?ÝqC,ՔPyntR5Y}UTq3)t=X#0sT.Tp_w+z"91`:j+(A=M[`-J]XUEtt{X'_6u@UfIlz }@'JNh r1D_"@~{ofQdqPM4ES+V?Xq?)>g80]XvJk3a@sv'Z=T.5^D;4Z\sZA}J$SXw*m<B&ڮ1֎tF6&i)o"s3?t[ 7*gM)n4R?Ziajh_=;EUnf 1XQEdΞh;sAժY>p%?;n~s*bXэ~ ~{ړ2lPe!gk?߇Ј=(w_j1=+ҊVZO(BȽ-2Ac*~0vD;joF59H؛lqn1~B9)Q[\Yy '} n;ԨڹY~V)?3)#8=}8tr/HOs8[jkn.D+9>or;)ƶғvbmmg2ӻ>'!v" e ]Ę x~zKf/e Dxk(=_fZfl ]̥RmąO!U@Rrݱh:iן>M~f:a;ڗw? ꩠ]#VrRLmqH5BQB[+ve{`  J]TRX,P/RRg u ~݀s.ݡ bZj&fG ͯ{꿌fGMV?(vIJ^bd6 Y ׫ 3gt9^0$}MD8ks=m)x&X g((gbC2c_GXn۱Q:aЌ}Nx.y/Dy׻ͦ+T6_S-=tz'YA}eS.0Ǥ.7:*M֥[-@Bk&Ųxτ[ .z#c-^cf@sѪe\F;H,KfsAXA4c8j"ς0APJzl4^DGQԾ*Z< JDl@0RSβ( 9pjG:kTЊ6eN]W@[QJ8pci>G񁻺3ꉊC{& ÌhPa=5'6N~J1&dxBhc,fb[AŇxru\ gs`sŚkAC4mMӸ%h& $ZJuX>XOW&7P1Z=1hgmAZ."$HaCs҉ <<[k|.+RmrʑRW7w%8}qtʻw ߠIcFL:~ᙩ&7'#N7a.YW>u?6nyךyq" $b/l4|9:FwȃN/n/8ZXN UX'ky@l6j)UX?~f%,/L؛v@"mwեolbߟum9XϟǺ\5b•Hk ˲vwio<"Y%vc^r#+ͳ jFv_KD*.)&"S6"hCG1lL95uqEڙDk3yGNS"W`5S6 & mC G%lUc)v*A ;0HU< 0=n2R) Kbo#jD0JD-irzRI&vو߰Y:cVM몚MwCUu:HsT,Vc /TSyEsO`tpjb2iT -̥Ui˥h 2􁩊-ٰ,DP{%g/5B |ffתT"LKGw~KQ8O)9 G/d& 6O+X` 0Wz)@+/X҂u,z g7!9gv^5>SJpQaVRCI)C'YxpRήwõ[V9IS ֗agol9BsH߬R?N5 5LXDNSr⒑XdسÊ9J!Ө@mitiaѴ>xiH\RI!#ɸqg7=lc8HR1g=վQ^ =]5G8=V Ywc><~`QLg'iM1\rw_0@VGq|Vg#<䝶,l7ysީG0G)-W- Xȑ@anř:ܠ7[>2$HSLf,ewimF @ #2!An@q[ 2q7jˊs=pgHP8@͊Kͭ2?]X||d.=~GUjJ'8V[KNp>(cж!~Bʖ'!Iab7lfr\Q՟zvJKb4'bȦJ*bxG2-7gSP6F5(dC|+B$A b*K~U+Ϩc]m ZgWGUr9}c 8\/>2~=Qs^ S\5=ߠ4waDw|^|Iw%^|$vhTre21g_4US{S#6\ֵ:#ܺw-jʖ"j g`mSE }PĊ:CY~0fAJ#pjѹOeX:+ UnAv-uf( TkMTqs7Z z:{)zk%$ޜK4#99T6x"MKM .;+68z7y2& Lo?j܅ZkU380>qݕ-[X]X S,SqeD]8cfAn~G s+C$Un,;˜Bdn{$ۧ5GexU)TJqoC ɢCARu^:PU6=i Zt) q<2yaB&Tv6_)㫡T>6r8vnU{8&ޚ*]ٛ\<\6eQkq:kPoj91HkT}S# ,;Nt;a,;zvT>V}u}7ت ^RL:hxV#&yǠhΦ? gEFoOεw~) D7k*ǃM 3Wt/$[$dypsGGx;0{u(BG@ $4;ߛKp2; 2OG7TAIc\񒶬]Qp;DJ !@MIw{.(àxFoZ]6ݢkt~ #VYbȧ&H|"\$W(N (0햣H|Vt?lz4uo:7Ⱦ4%{/3:벜On=:Mw:;}مXАdJ3 6?m[gf&4PC?'dsj;zVѪ{"umxwt"tY)Hn^.ud*! ScG+Sdr)0QYUK@WI }0Ա̘@OJB,sE eL\h˪"^K ZiDrWZ)V:[ɭ0)w8KpujAX:Z z'mnaJd*׏&HF2Д8p2NbA\S;ʼnE?`]:Ɩ"pD&=77*#q3N'8 ~$ hkD әr0,cTn<;vɯ""atRývd飡ヷ%s85uJ&Kctw9W]$ /75 0y䏄o=X]7OqQڸؓ^ *dK2kc֕UuiڷyT.Df39DڸmzZ#xtQev/%D+f20pm RQ'coW7?tz~MCy]g7 /Z)a2Ί8%I@nEsoclAF&@1D|zBCBcGL0GVn5+y=Gj<^YgԂ'̣(X=QLzS-ʡ<,gZix {"x=5'x %|rW/.!JKkT9َt3&mMQ0 Kc&rbɨR_]s1Y4" 7i)=D7] ݻAC2)a!_T5 ՠ/[6X| ?_gJG1ۛMv>`Q1'gaC)~S3NRrφ'qe1NJ^T:7nlǭIC'Y1"`*4),pS|VsfˀmB(]CcPN%DȭKh<)l.t UUQq&|?@z,b >UΖqdUtJjE/f~o40_kJ0Nپph= B:/M3#԰|ڨ*5.ţ$jt'ԣIi`bi;/so gG=y=ae5syIN"1-,m [52qGՍҬK3dl[*aI-~O%hDluxCp( U%*ybq!9PPah:D VLe7DVڿ:F*$PV}f{9#8+a Q4-)I,.̠(2h30Ԋ*9[kެpqUYᔅ˚K8YNq[k0!%c7'zsyli8ѕSq*R\Qb3YiܬDbD֥ROdSm?}Ab#526&U#AC ?ms7\$0"Ɠ|f.vWxe:{[2LstmJB-8Ζrn3<”vIwi&)kTv-ZԒRD_w&s@FϝJ T۵(c| g^i?Q&Lce@A 9 w9`},Y[oykPB[.E"3Vxշn/`ڔrvFdnygnz#<GDf"+_GV˗]/@ !/qT!P^y~IbAVDAW Thh쬎bM6yIy`a*De Fͱv<]5q|}\sdHҔˢlٰ*#S# 2m-үfUGx;K7~~.fO4r YMY 6uvFҽoє )jGG"TP06*K<.آ"y)ξaľ.: D6N*\ȣ(آ-1vALQ%"%M]K (]^`nS.|.r2)D wAV9*rBrh.#IAHA 潮jݱ)'3S .?a{oֱA?8Rϒ<31m|G+,RaO{WI _q׼DNhyKkW5-D"zjHGM]n8F 0K̉[S{t}vGgi_('M&χTז[St9T?{s}DPb̀)SFS]2pKH.,h뻸ryCN'ƷTnF IKJR`*ӎ*]tUV]2eXK{xS듵oBG ŝ{,.a6}X'$"q6r>nJ2HdJ[˚ q vh;*AfJSٱf)ѱJwKfؽ'|s-f0 Nx;hcy8 ~xRJ^qY-~2&!eРŒ3ZZ~QXU7ّfWf&tz*RA(NgN&70c(J5K[^7EIm($Et*XOh*̅3Q6M!,*#q5;<%=\8x j\ċ\8\< MoCD (}.g!fC9oY1})CMRyVP)SQˀjFJuxO%8?q)Xq@/w+N_?M D  GU -->i"t& e/NuPd {[2|7߽vZrȯ$xGTXҴ {ŕURgqU YL+t8hIhSPdǔtx7S9# hsR &h p2kk}}G9Bb%i]4 HTc5\iO)__NF(t:UbdLsBC7 r-VzBp' YY}&1rTB %ssK*2Zkd<{֠LV3Z{lP,;i_R%N MmiM2aPML> oiLD{q#X86vQJ?ُE\VMC]:@@/RT\0;}hZzkjt¥IbQl99~ LB$W(,Pk啰uvd@DԂiW4ظZ JL|v! ˓mdE PvqMIt eJǢ!;ց^ʛpP W5D8=5dFcaʕXPY3t+BVTPX(c(gp=ͺ'Zw;6dLJ';Bz}L Պ;9mls4C:qZnhN%jKw 緃ō~yNtpP}8AhXVhPkɂa{#3 _'`0o~<ߓ;kڂIt98 + }CnFkX44I% k'*7vmL9BK h[Q_,pܦ>܌wH Jd-0[-(,f4ʊ,:7u.c#AljǏȆ7$_FJzkK|xW'=Z/1[Uʖ xll{;yruڬ /0)!s/Fu>qԠ]N1 GJV(L)"h--Qt@llof0/?hVqn<-$ N kO\b,ӦGE[ M =v.}x$ 쥣HFq氲0[ii[caBU@t FwtpĠV6~u I6j#-a>oŬA t NM6B8I^2 v% ud=@g1Y>3U;ٹ?Ϭm#o}ӎvk)U 70[ Rk\5#Ʉg9HNłTmxbog:*Zb{"k3][`)]LNRKC\˯ҰZ.OPԎyo2ȳ`o7ų_,=Qk%=Cr wn~_ MIqȩdq,Â宩"@bR.E"zHt @kF{Or<$ݴcDaGfAzbQLA%Jdtp%mgYEIS&4;R(uktGZN|Sk _l.cЁ&!OAʻp#ٿA)c*vэ 'Lݎ/BDpB˱cF `8M3AEhظ^RY j\BxP1n>g Q&_Ex{?ױBW죱ʾCpd(Xb\P~jTb69nrj77r"FX.÷#B vD$Q+Dِ `O-ܯc+#o`};ZuTgnX \aT2?"1ܜ!'So۸z:tv?Dhp7(;YT@kXZ|PGRE]xeU@E&)WGqҫOⶏ1۝5TKtLc[)0]̚DZiڌi{s1srf#¸3YN_~:bSqs|}w)^L !ܐi D|x@p<[ռ˱P1&Wcpkx3BH^c/+y`Q9wߙ,&dx8^r1?*?‘a9$$(4cYp}u֬meޤşVZs1~@P$i~C,Iv=e|qŇ>X,8.Zr:RYϭy44Jѯ'LU.}'yX#֎Z oP:쁃%!,)]UFw9-<.Gګv'x7]Ikt1?C^چTǍc9~@#-LYB<ӹ2-6/ۏFwy]u&<;viaټe5V#U Z,a$SdB^vfdJ/n-I;69f M!_{oVs2,y'en <|)fik-x~៙Уʜa#Bd,3AE%&[hAAHRFEl|VYSQ\bc^MeG^u)D5.5I٩0ɺcd$3Rxmj.- w$ŝ`N4{/jU˩r6lI-$JO&e}0 gKm#x,ޔkfdI+V8OI00DrX"@Țy􀫸eA6Ј1=ʼnٳI{(4Ε+a 'w}FH0C(w+W=Qt[0c)B7et5\O>%+aBy]N/R?V^\lpMy)0o0ns2P#:zʨ7Ap^4xA$["VD0.7:eDvZ)ց}T:Tm-B61AG_Tp(7a\mJ},YW[Ay'O"lBMNL!>ڱ_;kyYZS?:PJnTs<|RV)?jSޘch>2(6EDZM,pt_F8X ة{`X-0 5|w dS_NVKPK%SӒpHۗ ?e,bb챨eCbo+FI2>qbBTOPGv'|9RchNtƫ]:z;  U7h ^˜ Ҧ`NSk1{'RijCľYP"z`aChE͑9{Panڋ=Xz&}g1j`?%t3˭w~iN^]\xQ !2:ڥAF>qJ?DZ09%X_[{fI/!3^G띂^Fś_Ԉ|VdgIs0[reZk PGhcP"Ay크 ' x\Y4IpRpE53MN 3TI}C4ެ-nZhƵBQo |7*<q`T?Z71kqpE8xǾP0S.&1OL|hk<=Q=rƑaV&W&dܣQE+Tdq_Co(z 9bq4AZoi657bOU1PMiHh[Vcc-:C⤭%% VQ+`,2Z[|j߶8W q :cYB$ors9J*!GE%,]"dE&`X9V`:Lv2E0MNpX`m1DS"g} :,v,rC}nr64"P[Dk ,I21ǖ7s'N_gϺ4{MpT;(+`g|g苽u77W]TB`xfC@%պЇ7TIFegNiF};*~X 8>ѓ= y|O.GصqrJagn08V k;XԦ/ 29b9Q^jTL.)U[HM7yWHd=uԾ?~IHO~_†!^5F5,i-UIvm~GFU Fh}"0M#]:Jsyky{>I+;w߿shtKyn#GCÂ=3qk`#-f}q\q]όIj3F\9|-H1FH=Xlc؈9 qtx%o3F[CrL^8#(㓲>YGtaYk &39y tϴ˼^bsҗxBO0ƪ+[f9@}bX}H?>1lH2q!b}[;Kvvt}:A,CA1c+q1TI#wş/o$<̑~MMRxoCjR]aJ";7)C7źvp ""qʩʢ@g>՜sT{ʔVVhX ~ZiƄnuTz(/,Q?N'PM֕AroprM :L]I '{͕Rh#;@'t#@L@kjT=GZGC:B!?0nq")uaOuV&l24M_!$5p;_.P|3jRea ^]-YW͍~^g3@֩y vP~1~M=QF ?2|LJ\gK(Y4EJMf#e,RCtEZ{5UЫ}O1U3&ab ʍ쐝eWM`$)05NqL@7,o2Y}(E +7nĊU 8Ka&L{p2\ y:'<נLh񉊐q9| *ɞylYrX>ZȜ~ \jac@z!=դ BUmWo9hΚe )T*K,}q/DEekJ.Y+,z4~u0= 20\=;5(I,ܞ-xnqs4Pg h]g4m`6!.Vxs[}z R\I01jL5~fPih;~bSff%fɞ?YYG4WiE`YȖ+jVc51>t\^⧎n+&!DzqӮi=7#Y׳ÅCcQ&c `cY2eJ 0BRRzY%; [G"(hʊV'[nd~V.] &+ ^V$tӻlh- ȡlwpyi ]Y/m=Ӎ񆟞x`zmOƆhn27XRB@[=7oY[֘sM*l[淫,x"B>PC{+TM8EcR̴4+{{񍩘0q]o) @:Iv,NTR<,C8E-˝+| 3QT X0 tLJ\vrl3-(7f?2T hhNZ>u>Ԇ pFOyWlD>4 (&/ऀ 8s뇒[s8H?NHkw kmd-^B/f&6'VѲb0"Q0ݠR\[!X hg1S )HxxMT0y٨>j&HN`Y\7egbܿH߉U*F0?KetW;V>Q>6珩}ۏӱEPڟ|ʽij ^}|hw՝0t1wsc޶W&gJP]oXjMT fRBoⓘ@Ai` V,w*>FM.S=*І A`+|My'Pe]Iw3@TL~A+_Xyj2 )ξ29BN0ωF6Kǰ=jfCɝ-ӵ rܲ=A"m6_+vxz]4>^*eK}0NL,F'k~6e{VL]b'3p?|ԩݭDeM5 ;>:q]8*jM p}U7Kǣñ+Ԧ Q7yׯ%|s QӨ%c+-Z²iNiDi*n g:+ )!zs`w&(8.}kE 5+[lktI=Ҥ|xy*L AM;o0)b3W0DS7ϱ@`:Q&@?3/o/At3z P6//FL ]U! ӎKUMvOJqF4@@jD_xdup& k+xG ~BD ]t|ܭpu5NM mwʢ޵ ^TDKB@Bɾ UprQs;2W9#X8}vՏn;8G哈_ȹ@4tK"LrY]Z<VfDO$PTLTbn !ef`Lwj(E;?hǷI?(?. ]T GG ^rk16&%76K/2׵Ștȗ5)J0P&;Ldrx))9kK{p7[ 4i\!Imi.Z'R+!⣀,ґ՘^ej6s " R[ J2DvGPqeKJilҁکK. ~TUKk@^LK6?jǟZn@M;q9ů0_ LI|Ɔe]dm?`.a5B;D)+rTޡOjIϰ3EIDK9̚1Rlצ\2/ՈZչTbad1xrb bWKuM;4*"D%Ē.D 9NmPo*ԂE11 %$Q5?AM+wˏ_Ǚ,c4(y2g0\Sʀ 9"\T.mI`=8 d[ I32 겎?i28mлvL fgN)7D> \aa_˾vU|fgU:jf4sYȉf23#ZȄ  7i.VWb%Lh2b6ߑ1I%N$\?TA'Q߼$5 x1 pppi%{qg{ִ\)_n].ٶ~Se ~hN(# Zofwr Q\"R@2i7WW |6-ΘuqK7~Z\Tm )6JѵQ% |BX:#c{>Mdp %=~ʶСCq$q)]nH4i!\EsD䍸ncDbH4鶐Fy;τTm oUYR߲_s dt)ʏ\p_&* l[ꅞޞm c݇-o^ߓe7Eܪ~91Cr®>s*k IIP%=dh7?fDf焪K. {2œ:rn9uBꥅ ʚLԉ+t`Be`v~:9ԿRl^ǣ;3@ D]9}XDBX#&c` .m5mT"ڡɊ/Mi:kY;w"؞^#l9Qj4﷿6QYrVj99=.pqOC'Br?!Zܵ 6?-aZtvk"e uX^.hU[i1aO "~كT~"v-z7}!);PSy).~Q`\qrE0cJhhN+R7/al+BZuI1w,}s/PNQsN$jLL<`R% ş>75}svF3Yj%[ʝ6?>Cmp]" c&p'_f+Gi_l(CEC\Jk˻\#4^& X7Ebo0VgKs䠸naA[1r7Vw"8_8Gٹ;[Bjl]zКj*Bvogb *]ޘN*`|HP bJg8jI&xCVߚE^Xp9;A}lx f.Hp2VJ:(x5d fCR׾TDQDݝދpfp~%,:E-:vK觿QٱzE V=-_X9|r&^_)| []6|;qPYh-䙀!m| {؀f]znQHI<"O!~&Oс`#B_C5^uS-sot/ڠkJ k(FbiJE[;Mjrj a˥/vIP 8zrlLcu3< u?h-xvP`\kydGBb&p'ym༂pr,fX9/OT g {/ ڙ;S-c P׃є[ U|*; X=1T7(c˶ӣɬX0rߡ"I/@si &fY@I2.MDWV]!r7z.lkvAhӠ.t:5#2q#sqlNZ3۪Pң$0s yV>~[) z84{LsM؞LboQPZ.c0`laWI4u}d W)㵃+y*C(mp^2+қ[~tYE8L/z?Befl%ۯh 9F$۟i:~ .羢j>xCv]F[ ,< %+o]c"=Jw4j>!;<'YNJgD;ȴ.8uq,DF9<띇ܜ-\=Ί484{FXDYSh\ZԐB>8-?E^DJun>,xv# )R^3+@0L")3GPÿx7JzK޽W%[`b15 !ĥ!л)mI}J :0?i$Gý.p2շ ҕ7 o7,w{ď:;>NH4//#; WIɺ~a oޑOM 5]& hy,3Q|YgmcJH}:Gae_,+{bu S嬓E(-"ȼMa|Q7}׏ J~gk'$Mz}x KDiNfg(iFng%7:W_ƄV1Ό1>NB.W~WbO3'tjuS%M7|?~CvοD2Fw$״6x-_b=$ĶO.O!+*=6KtAM+wIQpCSh8AKMf%H;iYlE5|?fSަޅ:0g@11#j;ET"|}Wih&:,HX|1^:URG;$cO@j$+X{TOn$0ϋ^M_%0 ~Kd:7r@T꯸_1ӪeOkeΓtXӢ.& 2ҋן0*H9qS$.*@F=ˆJACHJkgʦ=7}##,T_;Ll$k>^hn8 `talejUS {b0_:̅>qu Jn2+n u % 8m*}u*kPє&zHņJ4 |:B_4E.!7+VYCJ#h*YByO28lA?eFu1,@,F
Kz̓m f걝8;s6'%%z(&=Ś%s+ގgU ʝ+h`h,S~R̨w RoO(@ŠuQ)jum3Hd !YcnF؁:4jqtc1 /N%ꜯȄxQ윱Ր$}Tز?CE&(fO_!,]c ԟp& 2Ѱ-9 T  dW.>T{O z7vsὀTܳUDab2t b5l!dh\VMƐ_ܻhz`$E<; I3x{ S6$gR0W~*mhա83"R}}t'c%_-T,+d곋.Ep{6 \Nq(ZpBO˳w''3-Ipx[ w i`M$F[=C=b+ |U(-KY8uR̅bh3:U yjTlۙ lpQKuZ[Y?ggN9}{mv85U@0 f;uj#Q"rfU0ݼrZi(R-s3I~6׉ȨǠ{Z$3rWw~{ۅ%EhjJt.9ל0w~w0 HiJTb%SyQSzDPH;k2 ƝRC"uN}^'hܡt<I~NQ,)g!c+ǥIZBSq*hCE+ *H<D^ɭ>K"20p\!}ƗYdQP.>X+7AKJbx`(Z|glSdZL=U+5(t'nO퍖}HsCyM:wjBY ].|Jz; 2@)Unջ/VSpA-k'N`=2$ jIT-ZzTuB^P]Ys1x>pg-|K^"KW,PNL_Hz0{ 6G8X#մg(sAU=Ԭ%%"ShWs- z%hɍ%%C'GtYoγt#u@:[8_AoTr62%@pm/?[Ti*DYDY6rX$ qѠg|XNÜpWo=vV/TbgCWB \mXϣOL`~Q#\>^#UoKJI[3?,2} @RRYb) =q`V$uWM⽇l)DSK59'5-4"RC[)P6*٤}>. Mp2K,tJV 1A;%N: \*'=FŢy52%1)ZuXl} U. 89'@ E= +]+|*̶c',` hr) @D#HO3EB_bz2qj*9mlg E*E#I&Q<Oh؉ BFPXg"[:.t{W#0q q~FIL|;9+b}م6/Ov8<,LOOaQzxfPޜeuFq~{, XݏM4nH3YzIQ,6`wvm[)B8y]`x^}CUw {:l]GE $[F?4 Av)V ` eCfǙOԚưɶ0C%1IxnMlŞ 㶞v-B6!AߑJDw(9ajm3p sQ-!ZuMpݱ*[LY%exuA\:r=&pYiisx m;͔Ԭl4+1/K"q㱃ҵ>흯^.dJrw}Tb]".i8pff BEǍN4(Qj[E.ӝ[-zum.81pUe>EDkP_6n'n '?L3TgR_i|y$3:zw*p!V98põT^tO06y)L[?vF5Ө;o-kDY[StPCu ч?LP~G" _RZ(㽩5JTq%а)YijQ%`vg|N6FȰ#e`Biza4a7Z0O%!, :q)mk4H҆J8Bč W4!'& .*1ӆf wR)2Hn_2TG$ vCQN!x]Vuю<Yl:!( kzBXU7ɜvJuGS(~kL u屽_$I* G{k_:::e3 :IL̆ȭM/5GƧ*)_*s{$~i[@ΤKON@͉ȠyUw?.7>N 7M1Z4>. }`ai&E` Ry9}Xm''OCda(Lu yc5B!,'-xUT@iS_ ٬p3l̳DÑ>v`hwuóoda"ÿ)ܔbL;|EҦa@8/~%XuUs=tޑ]\;_`Mݖ4stT:NHȽ8-w d߸&4yI~-^̪!e+*6f/X=/ x7Ҟk,) {Mf}}+ lIkTPhϤyDC"oBi)Ī@,qVSq?G HgjQ_V,9:|%ʊbT()1Ic;JUJ[ݖCMI~~Bi @`}WްbAK,[c8txXvm,Ga h:ҌSqV?}REq,:rQR/U *ya.hR;=6[6\u(Y;ɷ7JuW["H`\7{)<`mj*\ `xi1 ~ 0΢̓m(= c0Yܧ?9fݥ5FQ{v,ѯr|ʮHux֙ƍ*8`:?q G?3D+5fn\EVyo;wZ۔WxhOu(cg}Q; +<>k#4P'}hCXE!8+_WNEĎX p&y[2{&3mtWݢXUk{l\I[<& Cf^Քf s;_#Xxw&2!c~8[.&$xVi?HbM څqdy2 ȧR pDd;''32wmWz5*#Nf+GnLzIjelc' Eua3Ң̓C{0\#lr-{Wuו8X} E4rXf8w;Fi*hX1Zjem ͷZ}1(R/.X\&zi(U/Np?mYE"]g:b9=7 >i  J8jؙ^]ɞ ?-Sok/< R:@XC!i^_lu3?69*LݺܪN Mv`A bHSU6D2tXL&%}-&71GӼU=?X1c_$Gdue0O}6:8of^dx~đY-|x} r- MIz~q(vzYcjd% K!&ä5r1[3C Ҳk2e?zY z#_)#y"cxr'r1xNeUjJ>IY|pYJ gv;Sw8 ryee/(nXEH t 7 {u؁*rjEa#Sex24LV?rf 8')f2XRSB#E5tFi9n wwg S~adOm3G>$FSL.% JF05ҁG Ct^VbS8G]8nHZYwKmJ4o'`pҩu>Kr7fXTSZUpLw7&k ,˃,/ΐᕹ#eorppͥ"k ^^Ov@Anu^5 jGbСfZ&Ti_ȅ"8;B1}5#wْ `iVFŗ: ˀ}ERVr_}@:XIbopIaM|XJƨcrFr馋/E]GǞWtB֝?A)O%?^"GBʾe^zF; n~I+|z0Ā?ۂ”iMUf_21 HTӣׁrޢ$U)2ܼjwORtb(#Yk:,xz^cdܨA[ '3J5V;#mp SvHPIw&^Y>?PJ#9JP,\0:v[+XU@Sl83К& 8׷-:aqjG QlqD,=g f9r:yrcBў4^ fZ 2NZ a 1_0lu0U8gՈpah5!7; ﹄0__uآ`y?N zLXmO$e=,Doh'/g#V8asBL8| wHP槈YEJ)P(& })9I`̅BjJV B F LbBT]nA\vzt~^]Y@\OR3ZRd;䞗Ghf?g+tQg $!Z^ʴS2 aTk_ٶaG2^oY Yd5L>յ#* b]6Ɇ _mf28-k :D{)8pu& ta®1?p?7rnhuf2)OL8 i0zceͼT3yF'Ҵpeu\؟{FZ`B1BYNo@JF R+Y˄OE}u1_k'NS{=m0BgK^>[mpTTF?Zqљ]蜊G<ǦUX2l ա#qJBmE;)ghjV1 ط'c:ҕRК^x,hɂHߩM-솬9()}5 IV%(7zKKPԈY>{kݻ~#m"!@yҳWtBB{hAff%¬*^RjGSۯ; m@%\z6J;3_& *f O, !DW=z#g[PyU`AЋÑ`@3E>ǧ7&TNRvnXs|/aXԃqeElRy; +GnDY iP@r^RHh:mV;;{v }_.0Uv[ObЄ9]⎤RVlL8R"P\vK/ J(x ǛHGD$$͝\g[774TVBMC2lQonNhNNw 7ޒD#>:'Z#ΒGj[xB"&r %^N2PG pNeZ|]BP:Gaf/X"`Ja|$ YȚ Vm #Ms$N.o"tﻣ]PcH,s: Bs/P1㢯 A3+:;$HԳn3 ([K MVg~Ic@ |=$1k3(N_ [=u lS%o񓐗n]]r95ԷC T2W&%g׺̫ T9AkVqe=/:D>R7R($Աi郒;MSXGqIɑ'g{n3|Y;6Z*<K.@O7RL? ~WBzSARR|2>.ɜJ eRvAGWo Q+3-V!Tsh):a~!@qYSS=(Ty?XQ<ՙP} m_9Q3|8Y$?8^Y q'M\2cEACnfW-<֓3,O.o&pg=ـ` }GkR)%fgz Uj+ ~%=5>5Rw7/4j5f}_tPq|.QVG#kGխMMHQG#Mw {R%JYtP8pd(=J U ;~FVMEdŮ5a b5.{APAeT_W .(T;Iyݙ3Cv  n\^4B,4ئN!$l#rVكNQ:VsmtrOr0&ݮ$sz-tp_דp; Wfꮠ`"MAf@ɔ0o($'&ObX(MlRf/C%ph}90ְ ~~erG~䦊&'=$CP.MЕ0߫cfLsOkazC3c\<5r#1,`K7'xSϰ9\aSpO*K:8pw>i~CcqbqVJ'1œ Fӄ;BϦJJuΘNT/U n }ɋ)+33\>|/赾!adz,-\ڞ eU,(DeS4oz 4o(\]gU݆7*ֽKO+/h'4/L^f*="fxj.Y/5H 4ok]8yX@6%[.! 7 8W[җ*9a#;QD.Gn7?ÏC(B* bv_bqAkfhPyTpzdX])իdP 2sW"F(cUG /R$ RwXVɭ&; J|nɻ=T n<&u*!yt C8#;Y}}jQ2PUBGt ibJ(JB)'MD4s.;O z=w4@XY͝ԣyDYDj7q]/s|Ik)yإL~G#ykzEo!k;Ԏ#'UKGdx[R0QPjhl3,h;EfyqQܹGj$Bvη)^7b8Cf2rNT`;y4CNS3z-~TJD~f5[~pyz^eOz諜諼 _jJoW#R YZ