sssd-common-pac-2.5.0-1.el8 >  A `çgU]qY KA!ISjkQp#՝@F4DReqB .mI- NVoxD<w`Nf!  O_Vr`ڍ]Mv…n\MBNi?1F0hRk*ӈ9UlU&@ Q<{umV?b'_MG΅@tZh/pBJ̢⫦$dq*QW,px>.= La 6-@yփ"Q@r[jc/jK=ܨsPoz.Q4uCMzwȘYAGi#eE fӔ8>OIrؕaLM/(U🯫by;]{Je%%@~$#k g5v]? +Sz\\Y0e3b1a3e261d5f31adcbf1c84de82f1e18296d85f14d92ab93dda1e827d51b5052b87b161625d606e60a3aa13c2d41b1091b17c3`çgU][l˟RUev/?opdajc8~w PP&MMXk쾤"0r)Q#+g2W9E0mr>9f4VN0U*E]7,bAûf "IA-qSC=B~ڹy336Zr´186o鍗IعvKٱ bqk҅[\.+gڂmb l,\Y[q)sWsl3z^Fk(/Pv.\ݛ\ۗb:9hl$boD)qs4ڳD[r, Z(;+NuZ-ea#aG#|\r.k]SȠ¥ :.OmP'ڑԇ>n_ڟXTе\ԅ[|s(mVAm*&E[~c]W/#! toǕ=e fp<]?]d  P +HNXp |   & Tl44 ?4( 8 9:^GXHXIXXXYX\Y]Y^YmbYd[e[ f[#l[%t[@u[Xv[pw\Xx\py\.]@]D]J]Csssd-common-pac2.5.01.el8Common files needed for supporting PAC processingProvides common files needed by SSSD providers such as IPA and Active Directory for handling Kerberos PACs.`åoaarch64-04.mbox.centos.orgCentOSCentOSGPLv3+CentOS Buildsys Applications/Systemhttps://github.com/SSSD/sssdlinuxaarch64%"PKAAA큤`åY`åY`åY`å1`åY`1e0bfb7289d9d4f9f36f90317a2e9d00f6106b0169429a5b96d1e1a52f2d66fde8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/sssd_pacrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.5.0-1.el8.src.rpmsssd-common-pacsssd-common-pac(aarch-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @ld-linux-aarch64.so.1()(64bit)ld-linux-aarch64.so.1(GLIBC_2.17)(64bit)libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.28)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.17)(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.1()(64bit)libndr.so.1(NDR_0.0.1)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.5.0-1.el83.0.4-14.6.0-14.0-15.2-12.5.0-1.el84.14.3` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)2.5.0-1.el82.5.0-1.el8.build-idafa361fc960b105a0a2bc51d49def1b9eb4cef02sssd_pacsssd-common-pacCOPYING/usr/lib//usr/lib/.build-id//usr/lib/.build-id/af//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-common-pac/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -fasynchronous-unwind-tables -fstack-clash-protectioncpioxz2aarch64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, interpreter /lib/ld-linux-aarch64.so.1, for GNU/Linux 3.7.0, BuildID[sha1]=afa361fc960b105a0a2bc51d49def1b9eb4cef02, strippedASCII text.RR'RRRR"R R+R-RR)RRR RRRRR!R%RRRRR*RR RRRRRRRRR&R#R$R R,R(RR RRR1utf-8139ff509e0cef38adf33fd86dd8d4ba3dd5d0b8540c3ad3ae7bdbd8cfe687346?@7zXZ !#, L] b2u jӫ`(y,xoIkiqg9C(/o|BCji;vhB19d,%W}>’\-6`3FE-xEn< 2c]FB #gPOǪϿwLo€֥PS8i]TY&J<: ,쌰q2, M#./N\JHLqˊYdJp%k&lO]ljI^&B 30) g]dB>[^#΁s$;v3镱L(J{잍-]>9g0boDjԇ:5 k7ͯ'\~pq$k+2[GrIVv`/z n2z7#v`͛r@.f.IyUbډ}СPSӏSJKg!2a fF\DWUȊhW5셛m%{y[\m!_I6$.γP}wnk{LJ>ikT*9XBZQ08fDէcW)b<ܥB{5/QpZzp+d[e~B:I ޞS[Aҁ~2JjP2iߎo$o+ *e[5Ηh(Mqöœ}׹Hīó Q +gCH12.&NHvq"H,-/vuqM@Wkzx G=4+=inVV;S] ͋ ;^X/=]z!p nTBqJ5[⸦\CA.jFxTc3 -J?M8EX'61(MpÒc ġg9OM| n/֣ W=\\|H{zJSur_-F*«9>\Cuyw&Gn=smzpjU1-čݜ1\ >Gg2`+K8|#dGumc,xpt&#}m E;GL epdxk骞y 9x:A5`] j"ǝ`1 W2\Ҧvөòz3r$1z[eĤhch_O%~2G7k\2Y|їZ]٬GR>=ŤRD̘EFTWk= φWjPmtZÊ8=2:5V9Qaw2QKu/*?}Gp"P'&>L0dGWúoUK|_"ͱ .k. Y/*#N>{9L5Yڧx!t0$8^iKפE n) =e̍?{5Sm7G%^ʭ́0(=EEGG bژZaPKXeT^CـoD[8<cݘxY6HP2/Y_=[n_gC4cVU$zd4zb3L#mW3]N@XӪLb7 "YJjs/L 05 $A)PBJsQ2Nc6^ ћPtvq)+DΌB'~Ҳ,S9.owSCoߗl[L(!Q$.^*0=a=Z(_1x.μKc[1>|v;I0?9}gFh;ʜ"H^pQO+E(o7/Ҁ:_>ԧJ暺(\ֆoְBnFfЂzCZ>HqкtމI>(qB~AǫXhIm!BS̱ܰt|Tm$Z kJqnXalb LAuf dŕ2?tOWOj#a&fhոnoio2AEX]Toh=Mꯑb+'d}$7 C?lǯMml7)0үeVzĕ AЩ(4/1$]^Y YZ8uڪ:2A[b b4tNa~뷹,;x.e{z#L4OA |RCR@z*rL,F}-j=luŭűNhQK@4]=n]r;($u=a,=GZF7ڵmQfO[uGɀo^2{ 2647 (Ew4 1#W-Igwb?Tx f?(NO^_R1\unyTCP15QYQ yT=,ĂwQe\Z@]M]wɣ}/kWiAEkd!VOc9ZwUlUc*Q J] M%H~tLo S'T~>΍&L/r۽[%kP>`1xmC:7r~J`kO`(w(`SA*~t1Q,p~mn?p|)P"K</@il21M\U^7L}W A9+{?|`pvI1TF>+(@F(bCb2"Ӿe_Iw7jwF 脐K+ M;[*o@>[fa r ' y[skY!p.T8qt pxgzmx]2ý)#N)On9{393n 2'T~jID sM")E5NJI L4itܦ t=ѹye #p:WQ+nݝ:gIY9`3OԆiZ(0 s8c>v-b8R2n9`']٤X4QX:uc%EI>;Ok˓Z'[NNlTs+ oi3G!a[ԇ a*ztUрW79ޠtɡL 'u`$M7χf+cFv[߷z3cbvX8͌ 㛟 )xk0M%8EAQtGL?6;9gVz57NW\j앿@K?d4Yt\w/vB(poy3f[[8->Fu#'/r4 h)ӭ4 wn-|O!ɸ@_2*\m:gJ_ PV cbcTcؕ,%gUޭ#v2H.fɪXɯ҂ wٷW4, $JU츼cbW1eC3V7)eLaKBωIÐ~fE2Rz.N?x]rNHjsa:*c82n0TDċ4p7͜&)Q,ٲhF2&_8Pt4fp9Gz)o!D-x-5|DCI%}~6NxN"j'TpU4'XDV!; A}ﰵ hboɗ'!YNXmfGP}z]F$> qZmfyV,?` 1!VD 9W!5?"ȵUYi a*{.,|k%hhrܙty'5"l0W5: p{MGH"uIP-n|zlJjn]zQGƀx^ 7d~пv&ۇIH%J-\ij@V5NI_څtjoDHw)Q{0m},n`W˕o"yӜ8&TIKgJW5U\~ZMy@]:lqK`mY>5M~+ |`S خ=ǫF(Dulb>sYLɾ அp$;x+.㐞?b84!Z4ilۜ=Ut2Jf~`*#^&BR ]*sߡ m16kqA!NjhZZۀ{x,]l FjC%T(f t;N'I5%n_+;I mE7 Hyd!5~kame7h݆;m+c jybOGx0ŜVv^3½ #~i~}{秠 E#20s^VTu{Q)얮2@3|XN-40Xg&~i:vTQLĄ:^bx}˗HQkhbkxݗC!ű6sE_?^xHALrҐ7Qn95;P #5++pRmW FRH܏`.NrWާ?ʄJi$|<_&|IU?#d(b@;q n._ͿҹnG)tD"񠅿Pc/~փC{ݦ)/ N m$A69%Et5P;uap-_N7CT_om0Lj% UR5wUbQ,'8Gw $xZn!BA'A[юgԱ4DC|D,E U9|{ǁZ%Hz4:㚈HՠRFS? V`K}9}H+iJ0pdE`uX_/Xk5 W>-Kg wTKfa4&[$Nc|מj@ @V/>4ӈoBU/#ׇZ=m)xhu``sߡK2#u73/Bp5Z3_ ӿ g&xyXԈ+Ʉ 2I쳬:rfB1ՠ0TI# һkL~0!$ ~[5Um6Jh#BΧ\1]׆E7em]KVcGAÍFQ/DH)i+kڶȋU_o'Pv?oC -܁!Ǽ9n75$-{_h@iLB1*Y K9Yu S˴A(RV܇LQҾMV$Hh9dul\ͷEmVPF#"`*3iA -ߟKg\GΝ >"(tn ɞj P-`!JK_Im;A dҒ1v0a"y k[OF0J:cXa>1 !bZ# m/!c;Sبify™ˌ1G(;>VwLSFYvCC2DôJ> ;5+ΒÕP>d_2qv q#[ƾx:OMzT[T߫zWzq_@{hxaI{/["L32җ҅ͫJpS7 \%e6 g"+4?ᓔmS'(UP)|BxcN˱: e|'RXA ϞFJ+C%E`x+^e&G;%[$(4]^뚆` , `V]><^#jwW˞VLBE!tP"nXx*&i!KUOa|Pk.ȵ!QPmT|{eB?P96f!X3+Po >'^m"ɜP"ckCx%h[ [${^k5hMNYv#chc߉/]HN_Zo-a2;j/Cʔѕ^6$@|&G- ΀r- (T&IA+Kz1'9>͸PL:,2rcɉNLWBv4p,Anbe)oa-&vkMfzmdaV8vF6[Khdݔ4w3UqfƢwnߔLw;dLdoQnj(dh"lt\)Gy9~)5)5UǝYkPm)N87 ]wn?Ɏ1&1K DZHȹ/_x`C;LfbLQG;ZP3{~I{?zd8QNdIO-=JbX{BZbvpϠ͛ ["fBQ}Zyk"WҶoDTF#d‹rB L>n&VIJuH1؀a~NV A V`,<&E3| G|V)9V&ן1(e4)cq{7t㗇xh4p4s\-5f0kAUߔ(yg>;th~A"A IS#dd;q*si:PcʍBjBo~+25=F bP.Kly9 'p=ZbtK40%ꌊ>W09)b/ QB.i!"Y0RPAص \AThr^-W!0 }ի-<#8$|4ϪXSڅpH;CV]ܲ1X 4%LݻgJ&`ћ&- hgv[B GO8Aw͝~iIօX$W t 삊#J__D:XHBPeMl'ܠ͗4䏳=:[iJ*ѭ ˷Æ3cKG#i.FtpX-3RSgpQJiwӫ v,a^۩C- `8Ұ#GZꙈI+cT:h.<M=Ñۥ;,%5뢴!Jꖮ#T=0Ogd!gݴ^Q%],^Uvetu rNo ASȪGOIGwp8~'`aWR2WG/o;(O*B?s2X2CS[=VK? {87CHr`ZHdyS"JJ7k^Vj0:U+ \ 1FSa%aK##ODdTn-"͌j(A7D06 m]1T0?=˼1V.$BHPh8A ,!HO*Iik,N 淽^"E'u@쎆d I }M/甶"Q 5DbKj[GPvCRHXOf;Vw˧g /=R4~LނDY)"uB59(McD2/5F dy+Nj C|0_T@Cxօ~Ue mLRQYQ \`ȄD`lL:B"^cF[4u5t \rNV=œ& R-BbEQmVFɄk<V'1K(\X``5ZȤS%G;vD| >:GiƺEfPmqE/(qƓfߐ]t O;US6%1 @ۙ y\ƍ*5v#WUn܂PkDDxRyqrD <67J, ۋ{R3:ڝ+GAïqQ{,^6m|.u'05HX|d$'QWp5n̈zv oA\A1iihO|\m-x_Ppf䁨g$@: tq&™xj.^NSf5GYc$j/Ðw=,_gL)y9X $$.Cec0*=P{Cjѧ5 nC@V,8žz:H\u"j:4/7KHYŵهVC\mϧ T^Z5]4V~Vwˎ#OU ,Ƣ#@U=ڍ#\.5]h~w鰛sPO\m46d9Iv22 *U$&Rh_uQOͨv Ծ3L \ ?>ŀhw=? Ȃn."guL}vл-k崀yFIsGQ*kBF& F,}ԹRE{?i*ٴCQ{ruWT@hwVPǐ`dnS&IyZ{vaL$)ה#Zs{/xc`5 }Ee=^᳿D_!9Zծ/,JLbv tHyWU1N \]EkP@Mw 1Xv9:"Peu4&X^xljC"X XnpRտ3S^~ ŚC'4~"afd79 JݦiW$J e\]J.7BuS >s_&Z4$̨TN*1^f_қ@L@ЬA"R'T]r4O @ ڽJޗڷXw]8pw7j,V&գ)=ζ4O!;r/_v!j<.b"Vq(5d.jl0H}r |^%*^+&5R"(E~fո#8U4 UGs7oܚO"WVoMu{%pؐ)p";eyJM1`hU9X=HRj>ߪbzanݜ^57$j8`/2qD1_vuꆓG>6f['{P QV:Sݣ]*l+NiQjz24B%4p`\#EKBc|=.:l :>܀M 3r?@x[cD(@s({[sH9Ov:/E?[@!)Kians#VU-^gYFY|:( ".TH]@Ø U؍E ؾjf Y-t3ՠ_x暈ݻ0뮻Ce^:= dPZܭQyAՖTJԞpL̷Od<" ;c=\ɀghĴF HEӋWYG{ IV!d-uH1}SicB)%<:a J(=uD{-up"7an>q?%=b5y| UJ?^ۨ 8A_@)U[nVBH]r/L6oaS5(Jx CB9G l?CY[9zɁ(5,0.AޫEGnAqjS*X8 = ֐TmN04.PjcCcAOx) , m?BZ >42F0H t\aL>fdfP.ztq  Kn\p5EF)&+lb$pգVڣt ߒ+w&.D9LwQc}BjlzG4Ղwx: 8H< n,Nɛ#,܄pǿi b4pėE!>xl Uf ̷!;$[t'V9z:>T4zl"VX{\iFMRDJ<େp%&1]HӠoHԒ<; u+zMMmאS!-lߣB~Ez olsGHw4ܶ]ָ)Tf3̧( +a E+W4BAL 觢Bql7FjolbR8kg W'fߠ /.,78-~` crWi.كtKhM 枩\ezb(NS;NR}*TpB ג&s? ^R41fu13=ӊlPDӓWl9zb̮jk+Z e)(PeM;GI sI82'Uت[ w|؇GAcXeG6sp$R Y%ݣJ]P^ VԳM>cPo|A!7>ײ)ä҆I-4QCUNb x~J0+" MJ3|#lDTaS3h/#HG@w&tm(NeR0 ~2kEcl0:q?!iʂ,;I!/<2u81; +ؑܳ,<_r[+"8@Aa)ϸܘҺdGohK2}R&Xۢdfu; \D53ŃG*>}IwjY =@ ^ANgxrbrxh/~ߨ윾$>b) Aپ'huM*u^U6ƥ\†f :kJk+Ag).tx5=ʠ_Y*{1p +?}.PQ RV'uXdF'h{ 9 Pb(ȩ:+]1FXEz[\34PI7aKcR+YAݛNCz,!%O+RL)PjIW9c5\3R(&UA~w.^^/]F̕fO[ڊNxNU4tmh+KևY͋ew~\gwРIOM(QKߖ, |<v2j#\k7oѣ$\H A62ۣ֦E]@\)(O!,ç,㾔Tb7zͺr%_€/`,  5s]-2x_ոz2F̈ŁiHjVz Z:=Z*6oq4}B{ Ӑ{*x6-rKu V=d,^`1jvv'G~\c)]ܾLyJC~E:*.ՌjIZ8eBL/ ` )G~Ӫ툾mASk l (Rxeo/40 rr̀DL(J[/W A6 N5AjuaTMlɴxH9V0&2pOנnP쳜~в5txIxp3nOE&.q[DׄkK:ߛ@ jM}|[+x롤m=,h(&JϕE~!fP„Nfӽ,ݕq|\3R~䜙X%z@*UUy^D:y; 8JD&Xev4Qݛ1I|uӝEΆj)V2z׺\3 ƥ\*D>=|1*ڕ,?.EǨf#trdo:BYF,m혌пH)\RP^5WZ+Qvc./s\wG29}]Ht \]` #02thhbWrDo ߞ:dK6lLo{p#ȃ 9b.3&A5m؛=w?꿺Zs VY\U򋖑K-%7g;~rFV&=d?le #驼zAz5(Gd"]UIt jϕACrJd J{w4q/8UWX$Տ3-2٧vBq(ijR!Z6 ,,0y6zd,rJ=Im@ZM>n3m4CtR++=ذ^1P2RH_7qq0_&mdxJ_6'Kn5)OȲJ\4?/siIj "–,aU!;ld)3$FL,f`~mlP , w擼{#B ..|C N5ʺhP_-Q)=coG#Ϟ[nsv\ĞmAڹҲ*9$X+;G4 ֩7R<wO=i hjjm2m8uB[u"1Z}W̱~|!S(}:/iqwAK`I hwDCy3F NB澈f'k>| x<_%&|h=DZPKɅؒ2TT;1K{Vo~Lq}k:Bf$FD*=úW`kkߎFyenEƠ^ҟ1w51 rn;>؍hQj~y:iCBsI0|1$Fa+)Ӑ;ҎL| 7̒}.  c,xňH 턳"ϑ]ߔKE0ծE+Bw@IV *&觀|7!(IKI]'PI+&>sS혈t"t3W3D*~ 51(_Q`TGž-O=Xxɉ/Oư%3i&0]!6U2*#J8kxkk_@9PjoqP&BK aD3!X._BQY._1i3+ D Dշ CoDk~SiēJW9H``= t([@o.i4bogfJ:GRLenG~NJͷ ƳZIVIhq˕BŌ M"kbƂ;NMvR GJ5Jvm3G4ݷGX(uL:¾=o+"<ע趾:YTҜبb3b:v f?<#Fjy*~!tkS/7*:Bv^+ܗQM36; ^\?YvTb2ו)sȧw  'rԬ" cNSw쯆 |Z6`4ahIߊN9=1:}t^;4rMue=PBA$QHH $q$v~@a$vRqjx@>05f \˧gBKߋn͑yE,}d!eRZT4 Q~~l0O[ƗG$Z۞!]^W n57 vɏ+ Vm !,sb9.Z^&6  M.(xU^`\: I;m,1Tw)Hg_o@(r;jJ=۟,i_b"Q~8?=fa[Hʿ~ݚogDvPxI0+:25e΃gxc=uםQvOYkk<)9AWVvcMoTJPrGVS)?\[H]6N"]g\9&ߖ7q;:ʵMKTmDhkհBC].S=e"w$bs?l†7vZۖM(zFqŎW:7޿>M-/$$m߷jwAw|^15$f{T\Dh7i |"rVmNPeHװLZ~Y{%'#&U7 xr/hB ­c5E^׭QbԮ߃bn"x.a~GɞtFBE[=;GQliUֻG+@"!VC)\z +/o=wnQQCUXC BH.P XP.ZqwƐ:v\sPŬB%C  0R}jkpYn4,Ow㭢ϤX$ RգpLBXWG9t}yd_oc" N0 qN 4:WP4C;k﫱:Ne$2 {8f-^`:;f|Iɭ$-Xm|ٝ7$ǀBp̬`T++˩▚ͦҧO FoXSjwLY7\HЅ8dP~g=I-Tjy׃{sŤh)=ˀItTo%BvhpxT%v1״ +Dk@}?''.KgRp@@_9` S#T*Ϳ\$tJFIE<!O`xު?|"tǻL"3J=pUOTxF\J}y`.4hTWHevro9qz>dOx?SwV Gn1sˇL7.ƀ]R_Q8$P&I)9cW$2}A:+s CUR{?{*^X:TFkJz{ 1_eZrsp(Eu*й<)o@qp؜n۫?c:ZD+j(zHl'@e;- e\RUq*b6KPB.+!ffD.g,* ;]^qJy| rch\pKWÞ PΝL1‘dw]I,)Lm}9ǯ̍ FC8930g Tw̄r_u4@/5/id$?חz6}|nB+ |G6z _Ttg7* ]OXqAuMi)or4""G.wު3h>]|5}6\ޅJIoApJ=tz؄U+7kRp-/~:I6\'"qrj&=VW>f𮍌tl[]4EVwsL1@l*! @]@\yz< ly|,OwFCm! "C*@<[T]ǟ9Ȣ+g1:T5apm9;Ѐ Fx#ucI|%D!1K) :.CHQB{K+OuH}L+{܈:{[F9WTIHqQeԱr[Jt c~,s5rĘ*L@9~TѦ[ [ŸkG*L0wo*% (F $ǎk<(ۿJy[YvI1Lm TӢi6)ixqFY9!ôsQ^#SDxP|Ϻ-I 82 aGxYw@6.:jX]خZ|}BUB @=P.ޕ٠sRNf% .@EnuQ Bb\l=!RU4,dJ{Fʅ$JӃ潈|H[AB(Cw@ V.|^)&n_|؄h<\*⒅Xˊ=ָ[ wߝYQ >h`Нܣ8@AN-ȓZ@4ﲔv-^l~@,%=#8үP~߈{j|yV~LFg? /뗚B1kF|/t9 lJ5'Me_6Qx;7x gS.ªEAdK[vmNxyu]kL`<݆Id%^w {91/fØ}( y,D4~̲L8P-ۀ4jiVqF{E̟>> '3?! /"QwY~p+nzum=2DvJ0:b E|GR0-e#zܬ7rws<[V`f]S@Ly^ni gaqo.ӁJQ$J4i41@e ǪTFʺ[aȞ(C!4m04}Yyl+0 8ӳ@t @…ox]qݴ1@ؗn:)Y!'~B= `,CRSzZ_%c"Ф\#kY gwdZ?JcR?Q\}ZrW NG sKeHdD1yr{Ͽ } ԅ+ך?'QkS@gaG}z3}C%>rB~m=5RYhOۜ߀!׉7[K8F_6b/?YB%!=Xp !h>ksdW,.A}L&p%iam֬&qJk C1H8]4t}C%ԫuiR!U:,(I.Ak0Ghd_Q1؄0JH6 JYѼg@q&.".9X :JԐx 讵K0HV5z0kܯΰWKcJa<; ++slib|$΂8[܍3ϝk"R,Wcn$YMX Xޜ ;PIhGN̎(p=BVƲ%A pT\W(WW3~T{] }(&jiJm5txDX#'wE5>!ލhQ )t=(ҟ{L=<Iߚ5wZe;71^O{%tܟT!6H'dEr?wvq52D8BG}݉,#"LhZƫiYRŃZ :V2WSdۧRku=EϽ~ @du)j$-D6'D`8 xT1 kMyֵT6)_=4`M]J"| n\ g,%."6R)c ˷z#| GheK[dSӻJ_UI2DѬ`=jQNrw.al%=opE}K)l7_:gWwód 63 KLOn9RzYT/RKB M@!Ū.m*$D0Z.#䂶$"uQVnYi"$ [$se$fLRk, J^S֤#S{X\ [T*uU!/Xh.ģ& ;A6M$AUxpєw{ ԀcS.d$1k;4VU抨o*r wҹ0pՀ sP>yԍ $ShziirQ')8cZ .T@ o_00^˺ܔ-9Yٯw+n 0r2*`¼rWoØGqU*EE=Dz'd TȰ%}nV$[[/|ףGy=-,a}͙-A*g$;$z.ǻ7+tN ۉE12oojy!*e }t(LoZLZO+E~8.3"=.6(*ˠ-Q;R:h}&>엝G&ag8}$}ʺ``Ϸ5|OuW*M^Y= lsmϻrI'Sϴ_dj7ԱfT~f&{.J Jl%>XlԻ|6ʼQAQ =EժGrVʌ[}2vI"t8WQY=G$LadԪ̃M'rj՛n 0N.̗}͎9 }"<>&<|wŐWxQbi[^uxGːiDqOFedǞpټe )9ZJTkzإkرM%GQ *f8.]PT,Gsw@EON^&Ll) &9Ľ[K9sVцƋR6!U´`IjvEK+d6dĘXJ ~7G26f/IcX ڌkba!Yla]KscZamwYGJ/o59ŲAiAKNc ҅Qڛr[ՅZJ'7w]n;s2$w)Nk7@O0lyEoTV{Q\XE^ 5c>;$E/Ngns=OeVWt[6~.9`\9HpA%!!_6y9LXI2-6ak;g`3`Vf|/Ƃ(gTrM n5"`,w:+vP7LE##A->%jy{]?KE0OU]bܐh1ߔG-XF26ْB NOԊ#co,P"1=DE/Z|<ܢ@kЦC4ţs҄hagq Hڄ51$4]z@G%#wiİ:e zL_MX,W:DO&8_ey/oSu?#F`P b/Kg&zS.FRXTd\$:jլa'k]7ۏ55*v$ pL RqAsv:nzG s!L{Kmp>1>f${8,k\&#=N5Fn KFK ںNyvt_UhwoP.Uaρ%f0>Jx"z3ZQ{%Ϛ9ɥ լboΤjLh;9 ˂L K׋QsDYI30+`^lyOXX)4skAS_v67?u\1Z(z,9z1UNrVo{Q:ǖ1dVA^E,$ , #zPn4I'?~̻Sm9e#wfqKغ Hp^cO=c2(jhJ5 tmabFud5~VW+uY}Â):BVHffc}"TW? fxͤ)*ކ$1FMhh5%Dul&KbOlT9uRh[MKCeF_VJ˟@ȒgFkfӇ0Ğswl 0HT8m[uŐc!=ӔgQȪ9if "cp?qB9hМXQZʄuЪB0Ld vK'!T-GJ1jsCnQ-_29E6t|7p?ݳü \0B\ƋqPF5D ~bfF0OnӖڟm)<<=M$ j5I`Ko$5( g[M@Kʎ/e_"GAv"IfF)%IVMoTFIb 9q+)C1wz S}P샥޷٢F {%QxL?\teko{X\^<4EBヘ&xK^ >sx!Xg@B%֧ Id,@6BcD|'0-Fo> 糴܇w,W՜RiiN"]1?Cɼn_֖Pc<Ƨi>jn P4ꤵcK>r1$[:-RM(%vYVZş:[.;|qV̸aHX`HB~%a ( WEMV$"8pE$V_<-HnT:PxAir}v-h(^_t {Ћ›E34=H"ӘIbaĦ`,>5x#)MgV4_j=0VTCgT3俽ǫDyO 2 #}F4-EuiA.TH$\t1} Iᮻ[ $ψ=iqQEGQnLRZ[>i=)ydڝHku>u]䅎m-S8WA݃#$2EO& Dt]ޙ ES/h P[0TbV⸴T=I}.540VRۻDS`\З+\(/L?7`p_ӫyNY:BA0a@݅E ~'ɚhy҉t?%}^q XW@['jdYaLUW8uG=L x n.'OƢ\c{$쓷O,hدJ {cZG;%nJ-l$vPnst$t\JgzWZa<>Q/4,=E>|ojl:W0COYKۘ 29{l8v-mB.}›N2kS2$Q^΍~>mBs[WitúGjz04֜`~wvIſHM 7HCY -ʹڜ"(C$scn.@"Ɛ٩M,9d7( ^\KT?ws]oM--5CL=][tsSԵJ '_Jsב>9Z(>Fj?Ջ(r3~27R}&=NԙBwMmYs]IT &]fwuH|Ĩ4I{]W;}!*\輼HeJGt iWf%~Gm01ƌD]B#_zg'S- 3K5,|jn* 1aqV$Xw?sBq5FFEn psQVvIÞ55!V !no.[3z0^$mrXv!J7X;1S G`DŽa ) [19Q-9:~mCKy ?7F7NM tE|A~jP(IYyٳeݠg/87-0Z-~buq]IU[،-ˮbqvXLԯHQ!*ۏpCt„Q[hWpWl_ f?4z'[}ƘM Q8SR'F);YrsN,2 Ե1U'~>C5uW7DEi܆`6卐|U0Iy `2q4^ | &!~w%gfJ6a+ ~:˘FZRx86.i(TJh6MEm^c㔙oΡc|$N БB}?DB44WN:0L;򮇻cԁE^hAfFU(:lMXPSha>)Hr%tr"ËEf1۲JE_1@G 8RHmR2#=Y~CmcKv.)0&[>X{872DZ>A2AK(S03<<WOӔ} =^H]]d1gD zԒ\dnPe ]z0%ckx AWTEPjyVӇ(vOJX̨4^)1da\o'Ε rGg@j1%=1׎ 7-:xsei&K.x 9dUͤ00s/aCv"U&1eR:WiTECd c;u+}UpC8*S''e3S]o9Q 3Ec4+OVK[ v`w,{74> 4 8&b4Ti_ q;Ya8 [B$i[ڝ֠1 Ju7þ✢^fpfuM5:p(Nֻs6Q&!q@+b dzNbi C<]AWdltSt> !Vun~/8y'cPa qrl?ETWX~zyRcF˵z|.^gs=M*;6(Juf쉡 Vβ(.g`?5C$h-MwN _A7dUPð"TNǕ<D =ؓ77xgWYФ58 K;g*؄+KJ6Q?h;eC:Ξ'q"4L ku͹7C\TXGb#ɴM,:ˡ0s[ekA㪒[ԡإ~ΆKޙ{:l@SŁBAc?>'#`gVTcz4\.jnLsF(.nb|c9F nx=m췝BM7B"7`h{à%eo/.w@!3v'_Gĝ+p:vB>jhK4Gҵ$pM 84GmI ׀䍱$lX9O<6CcJD/qȼh8L(0< 478X?g8`Iߕ"~`9'{(-5& HUHX ]=] 4e$JM,YydP'-TVw? F5Q#E#! -z:~a$HL눵`(*0lJ5Q:[LM0I#]s`'YU5kvW_ +О9y=|CpwPP..~#ص! ٠k!n+{&I!iv+L:ly-ا+!~H K.8Mm֞i ylgxHA+0ҡ s2 Z5(b,}oooMSuU%|!]d#HrLѩ Z.EG1 CPfox:kD;QڃԪ 4DLɲn.l2*T_dBI+>B_ugzdq KzXyt]ϵyJ|ݷ'm@j0L.) }۫g~ePjT13|}J1d%EDE/G?U?gpmNO{~DU ONUq4UU>iԍ„&~f_yp'xvv[. O{/DN K_hy``gV*B~): uASA剪d~S== Mg,{''>UXJͥ׻KTiY(ęJz00>\} LOkv_*u8D ԉ8REv68Kw|'WQu#OMib`Ŏ7ʚP 4v (7⽬X݅.gaNc!zՊ@R/6>XkGR%b>MUJ RgEhF%l[+B|VXqtŞczou-.PɬiH{^SF=L"‘Ft"R^hXИ< Q=NH Wc3bN^AVbŽv̡6e2忣 2^U%#㙄-BHjOU5r'd#_[|:0ޅOc+Q9Yt:d %(+`+ޮ5[_J܆(GS A Dp삣=-͢*BsG2UnƤyV*w%vl FzgsM֢faŽ'@ .*ŜD9jy+[P 2;zqHtT$t)c|~A"9_ :#4J6|hR͛GW:E8dQjXC" v!eGc(Pt Hy\wKo 32tml$eH I{ݪ_/#x&o450)t$yc+7eJKDG]!k5g$p,NPʆHFO'E/E&;Q=ĦTzPħnL:. o' l۪ &4ꦊ`@&Y;yRʮ<^e^f,ၠ5 W-ei;܀<GHx6;ZuPI;NݒrXэeT 0qwJX˕z Bӗ y BoFh]H|Ȍ8%7IF~6g;ޯ@HSƼ#@sIiLG7w c%˫xGM=ek:,Fp{̴D!*Dzr>Y WQ$\@DçU` ՗6HC̴ױ{Zƽ=2ǣo7ܡjl Fn@N5i0B}? 6g7BrY{_%Vwr!r$̢Pt4 aޓ]fuu>Nd(CŒ@:밀hYtfo[`Կ_RsGĘz_mO'ʑ`\_I2m$,[jQ :@YxS}}GL!3Ղ[9 rPrJx(}RQap3T_! $nO{I78 Bf0F\wjNԗ%jXעذS]VK(}4H Dwi E!ٔ|0-bs&5~F%-SZyR;g0D\g_m)XJMxapK3iяgǦbu~N@dH`fWGN)B4eF7HޢiKth0|+pA-IȆI"J~l|hQQ} PHs`Go ڣ]!H#0PDgoxad4d\psI ;3* ſ"6~R#o44RF¾N!a"yU&NXܾBgsSG\1Ztl9 B`m6ەWco*Q$x`o"Cofl F ߎϝ ](xF-/>2&>/Q'9FOT$n>RXS@5>f?n 9>N VE>䷠s\)z}(a0N- {1+2d."u2S@nbjEH(GZ .'1b\f×a?}e:"ҍFq L^'W/AA7НxUr'0 ]m18UjpLCRn Fs IZq'`GbiϱجͶZ6okAfPHSdg=e;5% 3kߺ/@„C=fjhiTUyP 8|o!aa^vcI?r4ƙcB/%gUHSq~45E͊ϧce`[j Wc10 sl};t] h&mZ\{a8ڦeKC݄>*~O@^Sm,%<:Ik:hO2Ad6[6D T֨a.-r=PM?ev @|W4G2 <3>($x⯣WMFvU+z8|J^V;V+U>iW(Vwr$C;.xTbXzp5hFYmBIxʸ\G.zL`7j䞚 ޓl-4vm@^wtLT8VۮL2\Y)is's"Cu*#Bk}jÍ$xم˛E 4ox]S)4y4p4\lQ:'}ѻTgЁ%Z)NԾYqL|nX_O+ɲ+yuk7g;'# ˂Ȯ͎urTE>8ڃkm"ԅ^z]%ZʅܷI~U:=Z` &]A21|4>v\MVt |Ao6vjdC` |oJq*)o?= OR+# +ZYu5B88 xU,9Lx\s0}A"aqaB,| !H~VOTh_"׽rnK3T ARs9m|͜2p}%;9nTPWbvCA6L{ߕ%* %p;8~'EUFn2s ٿ蘑 D/xZt ~b>wk+Ɣ,!qQ$p\Ͷb ݫ+$50C.1'@pQ*t#`|hB2 63ɒGif?suɷ@+a~Jkt c+vP0#.\$_hu/XDQV[[2YK]^DI=a#&A \,^{D,/+T Qccv)93b Y35{x,(ֱ(b 8,;/I WCZ_Q12B JX֗|$+VV!Bz5Qͷ&.GI/CJP4KOgojAYFz05h.U&g&V4N:-r-XcaS׊3 ^@exԯ R;Pӡaef,S [m(Q6ebGUXG131 _rOC3J}[ˀtg!k$d oiOߟ4>PU+p1?={kE}P@bY:h~t+!(`T|xvp=ułjI䓱WCuoXoz='~v$:H 5s(0\.yIߥЗ^TĊRSGp0Gq8K6[}[ +p8^*u<_䚛5(bT\c oTRC"w[ *fC li?)617iޢFۤҌdK pglUTULls񫯘p9)iTj'_)c2Qe$Z1z#U:.rchItC nڋVDSP]T*IEΚ )6N0>bxMW RATذT\ndU'i =O e#. yf y쇃^2L-Z$d;4Hb<{[yD: !T v6{-Ħ_mTEL%YUg4ǸO693mPi)kO%V0λ2>= qLNl dm =!#z[|޺#)։oxfM_Ax(,_aSbmФ>;!TRU{)/b8)<߅Pl:+x՘*t5R,N[Γm oʔNRQ1oքomH>w$G1p+ =u+rV>4,Ĺ َb8`6ƫl.:"^e7o!~`5vj@.B8HR)]Ud̡ &NÃ_ ٝPGtB#oFG!a0BD#0Y[nd@5[h{A2bhUin+Ke{R8{"1 s&*/~ُh"yDtSS׊9Ti/N-GsIX O>tyAJfYLxʀPzS V*]r\)??p=r&7D\D&{gv颮"B1&Ң,vy-q'qϒw* \8-$8,y|#` ՜gaG"E^q pZfOEq/ *,;0SlƔI=3Eoz(7a Yr|/V:+q $VǾY4'r*sՋN~;Kmy/G;1 ^C^ }mɍ_uzZǛH .kR\~V48;O\I0>%Wx]P3&"ۼw$QfW ޳.i=,ܜ@PpYXB]L<]Z {]YGT9E<i5+.+..F';w3YdNA~3e=GAL*KP1.W]3> 0\IMm:hB=o׮w/N!S޶>De^0GAYVew A'7]}̰E$ Iw DSjT^ؒ1N6P]˓h'BXdM~wea ``0q;` zZ\ / 94T#ș,,-Uy(GA EzWм;mUf|a 2h(ҲJhZh1 9.αﮦ7 #6jb݁T}{,AexCM/i)'bj0Oq6b:|*{jl:<4VE,DmܞAGPV\& KH:Mav' hH';rB޹ekbNa+g|bnzG !|ĝ=Ј7#% Y1t58YxH?95X-) *7gUxihhpIG(r9 ckq9 _ʹ"}u1Zm6D,/-i&>m(CmG&٣诓|#$Rrm0PH=`/ ;9G}DKQ=a$᥾u#@ gQA=xJ b[(ҍ`R[ 4d*>-ND+@\Xb$L],ݹʘ v"=tڟ ĊʍkzwaZ(6i2Dy8Y(>`\_BO-4 xCl\Mct4 Sadۙ~;N nV% @0ȏ[ۆJ]d@cg)IoÑ!hLR,8?#Hay' r 8 ]DێSbc<&Q8{jzsb q PSh? ȍ&?u3yC&Q%rAʸ'FsYÇNRCSA2`5(^o&zM& a9!TUk59Zڍ@YlQJ$6`A"䡀7{:~5AT?DxO9;+o[(FG ﮯg؟Ba7BѻG"T Ӫw@J$)+SZڿ_ẅ́Cn.Z$"ZvxG+Tag W]>%Gv7[2ݜbsۥ,BPySvsW(~2Zhz|=zr ?›rsjͨ}f.IBWu?F:,2 .><%Bq\ܚX"'w~lg Dk3J:hdz.34:S8yrh6p0YNK`RVĝ&ׇjȄR>OT,jg B2C'i@z0{=u[ag;5}+ mH7]u7sDSLT }IYaw[|``j&:G ePA]S'UVS Movn`|ORV~M\=OVw g`{Ygf\- Vp$u=)&66Ögqӟظٲn9QDs=$ i2`,B196[ ޶ gH0u1>61_eH%ٖq%Z8A WI2hNW 7>mݖS1L7^ON.XJAp&"R١a=0.L~}J0Sb/S&U5;V 4kX~K SrN/o41ˠ Lj}`ȅsy8 "rEի7g7\PƋVnRV>&]/ul Hv8Sc;kp iDP 줃 l&Y8^zм ,BS^)쏆*]`bo>b`š8uDQˆx~ťh_`IMpzGdQ9,^qT9s-3t?Ywd =hBz9FjwljH/Cqj 챜emƦ`N0WtEg |)P^VWHm$Sl}#HC3Y'K_QbӜ^+2P hE3Pzk9⿀~, F7kE4ryRa"_$՛ IkPi4(e+`:.Uzbð~S(L4<{:|[೗d (V^rȸpiEiRǰ6HKϲY/:Pda:Pa '.oGL&_SŸqkŃ7"2M%G}5X3 #HQ'Lz2Pm15zIʲEs e`u8uD[ H(E̢w|?N{L<[&f@-P,sA'N4}{ _ЋmӋ>)[י4M۩4ixÁǵ[;/c(,DRZcGWaEXk6@CflNA p'"]FiF%P (gO$JUg[%$;AkS|!o@i಼?/ D}] VOW / X"T̵|j*:ueTn |zUrٚ .<ɋA|wtpp&waUu)IMq_]TՒ`>Q0E po! <ن6^(7 _=Cf E*?ڴqYp<eN !׎=0@L3wшگiEԧTڡ`puVx<7u]stj?Y@ӱkX^xwwɜ(6aJ 6+J~Y aup+F .U;Nsϧ y ٠=iy8jmqA{mW϶Le%Cᡆ-|N7B3jXD)Z1M?i;UqGQV?Pz!qh{ 9X)"] h l6 eIuRsd(cfRxy6'+0^U@q.Q {!ڧ!boU f~> 5޷s8 "7.T# M v1+\K![?[7e=Yb~*~ o-(&ew1Q؋e6lv﯎ءήxՋLLܞ՝i6P?.]qTX~sDg3b#ipe`{2c -V@(WsfY"Gy )rҵdz3Vdʡ9ŏ O{@jDOf_2E }GWk;f .r~,Lg|HOG\whh3ž8U#W8e*_gW muJvvDҳ#b8ZbM,̼um8l %HӪW)$UcU^HJ7Y(R]p_wBG!ǠEꬣcoTC~~Nȋ?&$9 o޲f"'.N%Bl&61pӕɰ?2Γ ߑJi rK8ĢS]4+Cgdȍr,!1>>We4|.uYq:|0R}NsnQgv0$@?[6Q[u+!~~Fn<_+ ໂ-.lZtUGv ]&8hnYxP6hNi~=79c2.aE߰k)PzoJcۺ͜ɺd麸ɚG^`n`z5twXwu6yɬiȓPYR"k<UG}e)ӷ9 HkdxBAtfc ԋFsLߋŬ'ʒmcMmϒ.YwNiTҶ#?)QEVGb6/U4M@ ʛā M}Rnߌ"M\|nx1z[gK&8Cͱk~Ey$Y[n`2p_ g!Qdzjk,(ksx8|ↆT(xR璘"nui-VRٌer"M_u?p$> ɪPz~'sO`KgFL }9Li8iU#0ii#(e:J˨̨2Hwb#.yzYt36Zd `DW5O5'J!.8?}XqG]7Ą)Sz6^>i?~L"j2”iK1aK vѣ"^UeT^=$D2kYafejR8AbI5."{?0JPWTMϦz۞K&-E y`YQTOo D ;~SH/D4B+bdߖGps0{]C-Y OxTb\ʂ$F*aP}?ZWOuDmxY~^7{|X9顊V\>XQۀ1j(O'A۬٦] /ӭ^W6+QjòZؤt+Xr&8J꘻ͧ Fc=);JVNl;N/k$si /Xe}^4ee<)]/ZJ&rDOAfCDu"yrˆF#tw< 5}U {|Po+Î+mqD|loAn1Vr`.9nO^kyIJoĿL<=k$d }Oud!Ɯ\m%\Jr# nt jiaD(eQGVr ?6ZVB%xu}PhgJخRabEBn%.[!5gXۜ}>t? (Cn'g]8n./}ks< 'E*.~_"Z`0v3%3Nqd!ɉ^ژ1˖B,ݣoWa\Baq2FXՑDƬ}uQUF썉^wqdnхۦDy*&Ύ[@4^E7;F'F^uqsN@-Rbz0a V=hG (8:VVAGNFma_O譠]kZ?/ +'\c#84Nt;*n/K(*Wm9$64m#z{kA gً22CCT¥lwY!O|ݯedT̯w!]?Yke'/b%ݐDc93=)'T"wxA?CC-N#M)ok>wn+zEL*wv7uT:MqpCg?Hú^bGV(:D1- 9.Mv5zXIpkHgAj}BPQscfT!M~<| Q:qb0ih0 īnhnU.Ld|υVZKCXX9 {h07}"Yɸw :\oHegk:|6iLNsֿٖ`sovk/ZĜ#^]6DM$lӕYŇ5 SF5RUEn?ք-gfPGp|':h2bX'uzp㚻#h#Ķ@ps/>߲k> A&~`&ߏDٯVô^nWp\ X8J+-0'{{"H#C^7 \m%fOA:鞷or&B ]sp!g 4e59($ͤl*fb6N i2*NVX7p17XLc PMX`& ^:|3\"0  )>ja-,c7r-_&kIJ#pꛑV_!%Ƕ;S>O'RXZ(ؑLTj7ksed֚*Ujbz 9 _,^#B ^7i}no߮D:k}:qw6"m Lݶ>+7ܵ ^OzjY#miǾQmMe~k۹ӴJ5"p"s9xrځc?7ꣽ]ȾYWa|Rlb}/] OSjF!6:]9Aw*<2p"*Qjips R)`JE/:ů"EI<^t%`N2t<~qZJrBɕۆeewWS0)VEa7T$v@ޡ Tm @xV GmYX<4TpkUI<5o;4k*[zbV\8Ţ 8B)~W^0hhN7 yXMs/1JD&`{9Jzrxh0;=t @6DÓ.ހY Nq|ݕP#MĒQuAH^wK- 'jP`! ְkk(hf?NϻjvH'OH?x*PTv}꓾,uF(|yQ}70 %'>Sc?`V-%X*؂ wyk`7녋=ޒoK:%ZzY–NS$vgr)J+##X/ ʨI*w%[Lպ23~ZB,(:7DfhV hgQAe[&[|Z5`FWhΌӊf-= p[0~Y͔[_̰)Sp;7" BАfn'Uv(Re)tft4XVkӈwLșN3Q{K72"Soh^O ^x:"wLTH_kR $" {ڠwSdGI8ꊯ8d A[șKoU ^wW G됝+}גh_t(O;?#᫮:\9:g[찖}g֫ ږm#-BQ%A jذFbU~Ab-I"4pH;?x _VE /٫fޏ CKW(bƘv18 7OyIp_!鮉Qd vr ?0zI{a~b䠮w<%o*b`&7.9 W 2Q(XHq?M-{]PSS#iet?;Ϸ|sSIU0]cg0; @ 5[#] >y e+G;9z-k"uB2B)m.Զ 0rU$j~y+dG}@J-iN(NȴԨLAJ^{@=hFi[QfL7dlGn#m,С>}YQ!n)LzH(7^郶F`.9V4 cxwoOy"et[s~#wB-ʥSxxoڬehXܓmj< ɠ98CU 7 4VNTnPkQkpJڽFĿ_eFچ℁eŔ y,YOjhaXm6J◎)BI dVwS&}ލ+hEf0#EPDCP!UEgUƑ>. @DJ68P$f NOkzy1xMrcʲWI I1!sI$ ߲\\Zl鏆 6}o:>UjQπ-4NG! olou6KX7<&pw/w}ǖuV8(u#}SB@#݇Iiquv Vޠ~9*mC2UO?w'0BTj*'WS, & z5 D[urj+PLC(?Q7OUcƾS NaH{Fy}kAZ@ p${N)v}EdvU19_˜Y5exy2l0zd:SyygtOȒ]ZBe_.޳}k+y͌Ob3 vdߺ{vrkI^AΤ4Btpf# ga"Dcf96t [HbwP/2#6]+%m37o7r0_t c;WҳscBTYCfP)4ِI?91-42Z1}߂U}3wfVeJ͕L6,7?_T>["~!_ǨWx7򱤡ǛsN8]XG&_sj4vJ';`o &,بm/'7x4͎jL_СSIFO6/@<ΛBe>1UP(E4q/⧧6Tబ?.8|tvpW3(D!P 'I|8%nq~0)2:WFނ6Dٹ{KP yӓ)aMq h+ҿyD HYNbu0u6a 9 IV %O'@`adNRE0$x+s.bz|%] WHP FACK)ͥld^򝔤8c%-]āk5lp=Ș o/CcvC6KV1 @!a[Kɱ-] UJ"Ή.7JJۣ2hVܥ9`fYйXB:ErmExr K/ұA KDCfe!5 4ƕϖ7Wo(eϺY m=cMbZD-O:Q!fbG$x^u>U@hq ~r&56 Ѧvm@+$>x$z1hoh=sNrsYBzʉ$y:w[ !kUZv_l#Of{*ogz! BV^* #fJ׍춟 "¥6qr> 2HbqCl e{(|[zg^,*$D.Wٍw"1͐ROw1)P-Nӓäp܌y%ዛSqjQP k{B5+qGJ$XZ6[rdZ+ֈ9uem+^d&D6E7Xɵ=Jeq댂5XJ z2bQV\Ə>>׈e>:j!),dR\j\ӪS"ۀbMf{+˽EH%8M'q.|EЈ_<&;zX79 0KYTji kד/JSI]hc8t[G1yyn֛ eUNӖ(ؗ/(3FPiAz80xt ^f¦D\hWvoa|"`˓ ր}@05I^R0>`Fa!qϴ!L}L66#խYY \nTj2&ؒ*AOLG%VᔽBUo*j )njҘ^K++,{5 -etc+U Mi?VsmD⧩Fj0(zS q^BՇş̬ z7ψ$D[`QRtc9?B}7)5N͔o ˽QztErSRtGqVmbw ]BA\۹gMБ>B`WI>f1ʽrŸl&-P.o#_ETxʥ*4xؔ]ɥJi/s8 65Cmvn4e;%{L٘F*Q`3GLђXYz~~7]eԈSk'4"%j>;{f?>$ [fndLqfs<7jd- IZǟ$L@m&Uԫ'KU:sQˀ<~ߧv2'Tɻ uxCXů=_-W.#,dDlɓ]x~ΥZ׽E2y`Ri_t1hDٴF.J/Tȓĵ43 *v.P5m0< {etn{Q"[a~Z<rrKXJ u{NrNعs :'c!N\"o%;9`{gB7g{qy憠6~up_~6Qg*15E_S&,Fp>Y>|G${w@mџ|DuKV}%T yH$,{1 ~ub㹲^~YL_`޼E}\ %=]B9t-yVֲ?c043@T t _wR50`Z]uSRiTĸ ]KWUdl3}\^3GugRS=rҚ[fjiK T=7=5N)3 IysCeGqu_z֫Bq ?s-p](+SBJ;Qk"pK ?uk9pլݱ,ڭKyVW[%'2iB^c^L tޖfz^8vUw1G_RZjlj#B6e]q@ELnJY@J&{CqG5`DCV?E5{/nysӻ=:]:\\W%H3oIt܎^,/]bQ@,.BX_E@]zQ=K,o諬Uf'<}vfևMxPT{x*ʨ@|n֩(L'I]QQAA??`ޗINb+JF.uFK ܩ+ȐwNu(z&|41^֧#RwSK85aټʹ;̲E*p|A]6 Xɳ.m0EE]"(_i3{?+6yQ5Q"!Ig7[#O.]!3q1?/s0`qn\Ijrseg"?T Y ѺL[29SM+}ƒ)x\f;UBxƖJsjV e[2 `[K@~6⺜ ;{Y$%!fu]|i  =1Yr]9)#Y k#5!laF,"{C-:,`EW+uhq/BT.3IWs,hdEkh^ .±-2`9i)5*"0Ck{w,*ud'ע}+bN=Lz_bjSnc:J\ZF_d:u뿖" ?^uL]OXO?# 7)󘽣Grp)50SZ۬}1V5c }ȕ#*%x:4%;B˰GHcRόɿ[!myQ:" IFL<ݯngPX匢@'ǐԺ>7Q ~D+V I$tBVJ0ieV&0 ~C>T_X ٹνbs1CuΦ*y:N('EX$DAg"sO; %6rx7^bJ"K} *:<)m)^ku%\l/f= (U0Y `PVd4 F'l0pmEhf@ L#[VC,y ГZܜ}As'&AG:pPω;_{Z Ku)>i  7"e*\+w U LC,9Y\gsUh`Ю$?bKZx( cBF*x||A*SvJQ(|u嗯PMY ?qZ)i}0DLAb} c߁k^'mN'@4!0!A>,m4DYYA.֍\WM.6zi4ivՖjVD[37n'NVE@@b풑v㜗G e_iz^=$Ԑ}J+r{BO nK)Pj-cnK}e#"1B{pp[`HX=ѳ"m|0CF\\N/x~ŎGee"Ȑs},=)}iPw{ ͸9X󙍻W,=}E#z O&cCfJ56%Ě H%de@ B5-^K Z}`yezTrS:6 &'L4?>6IKkS\FwP9=B]M@E%)'w B&ÆTP#xB 1/,sw/x-TIJK G-JҥXpa)d$bnɥ3!QO]n|Ij~;d:Ds.pQ0ג#JV/T8uPXoN9;tqC>̫&Rax&x) U?C̼h_5ww1H3.!N!'&ծ)myRQRߧ뛱:%:ͧ w^9'AιeXfs=NF'^-AcྎH^&+"mN^wY2F=9@yq9 ƅog)MTœIEz\?lv]gjaԃA09}N.Oڋnυ:$t/=@q:}/W|ILJwWS|t[W0Z{ۃp tQ<:v h+$1*F9$]ܳE`NMjv*jo2*}!#|h"`HR(.!.'<cZCv!U׫k*63խ4B$;-H6ѩOdK2nm~g} dy&p)B>D4znץ3ۧ ۅTxx5-qٯA`d">2m{AMT̎%C-NiP-69wD&A;Q7 4 `y?+A‰[SjeD@Y$Ҩ,"ϩ *d Z ]{ [Wd5rm0~30W( piN\UoU-a-I1+kOpp6ޮ:To2 {nH֟IH)`>VI$nsϊFvSBg{-‡~NxIAe?PT6@؂$ڊ~$he&ݛnF <v*W:bYgDpE@nPHt%6KqSs늽Ef jMkfr@.CN$H91/?^/T )7bK8L7g?OsqnC%^x,s}IJZ `_IfT`/ָBzW{РÂKDUBw;`w,ZEW7bM`V{ҘH.[VN>aU86inr^L F @%EH8l _0Clg+շ1| *Q)ƜY1i 0Lw_(͎6*RINP׫R'A7ItnUV#9 A#\_[>AS#wvur7~j5&3ԛeVz{QhkRqGQt8m@5b*QX.F SW"xҘatsNW$sD:3g2=ce:`T%'J$z:wޟ|z7L3]:XCZ.AJKՍܸhoǩLpR|ȃکVST0 2`Fr_^k<[Ҍdy^R@/>hFhGjO]b rF LL`P8NtlqvKe*3b50 'zo$I7rpnQ}BZt̯1\wgI>Sh\1,t2/;ۂ3CVQkTΝœr*).#O9W UISsG{bHh=e/K# oLVU3&.h.;3bX.oS_ߞbYy+JPG5!9f_x+=;@6b2HmwA⥓2Q꾚\)O:im tr|1襶MG]; m^_n.wY EA42X؍szrbOEr7O#5L"V L†;>1GH^tY6ؐQU}E[̃h=c (?C:d QZ"2 ,7UX I(]$bT#4 UAi N"T>n[XXq?hS׵a´ɿ@C{Ry`BnՅ31͋A 1LŴbgQ!* 9e07cdo,t &'eG(op/ng`+"2z&{ez^i{[0swyAGث܆c]kdq@D= >I1 ]-Qv~:a`"$V[/ f(`j=i¡N$kZFrOzE֐YM2 8>Vߢ5HDп ewQPhFI7]Y]oyM1S'b'<ʰ[Gm Rϝ.Ny=?r_%TlNʕ]ig fc.|yP6 ʼnq&,لr m=&;z~MKL;T1Xd@&QU_Fh)OpBѡv3Px;}9?G9נf:X].x9AZm"7 Veth ֎~h]D\Պ58dO`"s*2@5F&Z"}pgW]OGV>4(חOzLlx?-pԵ!4 1MũځDGJ`7IKN2z[0Hx3 i D'ЅAoB=>?כWn$RNj v 5"z5ҹbMI(JO؛]4et@N}T͈JmH!J4ShƝ_*.ѽ(ë(u% guZs ]@zOAL!ЈR_Daځ٪Mq"@j=*yUHm5t!IӿNIh&%"NK!Ə?_^}Z+V|iG|Д0+#x(ac?Rļ"Duk̄[V7XcɶЄ+#}8z{<"$=+d PSu2CC25XB eϐB9y ԋ!h'L4H22(cK$V/;?>'On[q2f|eVQ~+Lq[8E q\Uq;|˴>/`M RU#koz钪1EY+5Tܭ>rd6X{4#W,Oޔm]34i]GjVž8HpC kNS=)WPK/|ݫ~4qgIzVEbnVrQwEeh|{ɬW哩I%EF-wݐeR v#Ń>GLmVѴVzԫ ՝A@ewfZxhn@E4Øe&R 94\C~ڬmin&~MAiF{i݀8xg6-x4{(I'Q㷘I6\^zԃD 파[OGAvRvFZm,( zht'MFF% }Ϻ: ^` 뻽ĴS~uPܒ߿5ow[#}8'iIDP,'V[C`1C  f d]c%6u~3v.w~`tɲ&y(hf?U( g$;hg7NDS((3"h,׀B}mT/J!l0q+2~*}@] ըPW^;X9 Ȣɻ 'LTFe1ݒ|Qz-?!|#Y7m3tWKdQR> yR)ܐE2)Qq  `ƇLr"el !SLbI"TFpr~rTlaΚ 8"M:~hz[!u h 643Зs1dzשeZ%\reRjGCbtu(!g8,絨׎[3z :\:b3dUjN%Z{]|>{5Y0QߜRR'X_^9ԽJtc;cOA}BɡZ Z=*tZB5+3k Ǫno`tm6+77hOgE93\TeHigVVH=v]Sƈ`[ Vf_R%Lp/v7?*W*z܉ohTGiaQC'ϢnKp>[ک{ԑ9KijqmACN AHh϶-q">-:u"mOH/oҀbQ{c[-_TK~: ^xT8>DGeIs~Hhm}NT09L5uIQzH3fK#rc.zF:(ؒϼ+c7x2w)()p=Q6>p[/`EE}+R k# v~Cxy0ګol@& gO{ȝ e)-ٟ-Q 5BNlYi}h cgD,Kn̻<`b ̼|Dq,܉ zXotդϘyVg׫ clы]ӖbBp/onbv~ |\xN1BR[GC?%C/bUjm>K_ F(rxyb|1Dhi c}u 0]n&n-_ {C Q!7cQЕd,1R؁ M#2l)r@'1߱7hA9Y' CY jpdKtۄ-]V#peYb#U/,N9r8#^,.ppc?Zor2?$+J&{Ԫ Y% \0ͣLڝjN&72Cu¿&j!/j1gm(#qW&RwSs4篽y}*ф#u܇,U_ږ؛Kk|Fb5pAP3Zރx+VJ[hm9> &FG3j6mrs+Ylcn\4L+$IKُqﺁBcJ'R`xd9t^L#_?f =ώp̖x '$AӬ Yd#35c2 O{"׌J@(}P}2o[fwl5 &wEj ۙC.9wr2 Mi)71KiKn(88D8</tZ M∤޹6ʢ@2ND+= sy7 ֣qygq# VU>jd{+R`֚?®XZS#?[U]8 [։gDᒚPڛJwr>cF5icm6Z kD7z|?x\o}&RV5!︜HX B7gm.# zn:bd1Eĥ1M.ks&2MxMꞄ\0d@e }r]?F :u #ΤyE%#seKPH~e)*;~ `F@ig=?9puߚ'F' pZOpM2ZR6pΜBu 9l]!$I{ꟊokdS eP* U0rx$$J0|˫䚚nhob%@p+sNkd7+Rt RmnTS7.g1~'Gӊł?&e: HaH; ,#Z[JڈwV36(:i\ڛ>II2fM-mDwTSݹ=_|,V2XrAV:MM+:²VS*i=)8ʔeIv> &ƶ[ k'RT򖇒)Nq!0um>:;jAN vr/ѽj;[770Lb&z@Q_f ))"&1h3җÉ~i21H)0b_HÄ-w5h'~hVeqہZSir0A2mT33K~܉Hǻ?6?o@a}j:%8=Dj*(n#htW$6Fռ%c^iS5h$/]E)Y.k2 )9bvJZW0-L_HT\*"}>Puͩ 5 (n{a1~;iVߘy$w~dF{^9{G}Ko#x &k/?\˵@迩TY# ]5J [UȨ}r gmT/\&DZ c+#od}tm&C_#$^691QvŪ8bƯ5|SiPG'k+9OYW`]0W#@ wz*JcP`aèY)cBcL4Xݦ [eV0%?`q=xY?yg-oÉU3a^/饅R^+nEӣ ^Z:`428(o<4Or(/gӚb GɐI/[8\!z N Сb ?I%yœ`fGa0^5䎕}ŎB3N@Kz S.p@>?*Jfpm1CߚfCP]k(ɷW&h~Bf2.Q4pE*ZtFoV(/x4MnY݉rrAdLin*X C$tFX@,&`Zs(ubJmj}+8ߏhM%f1|>e5kVfp/8t&9nl;wSZ)]R _Zkg%j.醴$m-Y)]c;zqB֤Uda,HC,OQ`\pT) JK'mak-ZJmG-%8v__9e+pEVL s?n>]vӿA>|TdF[蝰&2=2f|;K7o̘},<52"M~V񲺐4)Ǹ~(Xx}e}wMkޱi~ c;(He2/k%uEPNHqja|j Dfa8so&FߴҾ6I^1M:)Pvck/!)fe*~=)ȼpS!qTAcױuJ:5EFotۛu,)˯кR, i@L&gAav#v]'-4C@ BHꓨ+xkՑӫ6 @|*3^ƅ (V`0GaV\%7,do10ȚH%c%'!4A|?I!AB&NB,Q E4inKACTO#> -%T[+j:ӊFW8m kR{uADUY » OO]m^4bꩩN[e+IӠS~CəPk H+K>ǨlRqq\0tulmt\W c?%Pga!~r.^^ ܁jFxPCs+AUDHs՗zt%;Oa)Ii~4|jDV}X-5I^wuR{ ?d=`ZLr|v' `cNoj mlH?@b:Z%/巹pe(*D}x6d+8LX %Y":1?]3ښ1cպeu;OݒM/fwޘWxvP=Zk6s@Bz/3!6YR1 gLzJ*&PVYwlZzۺr狦q3ЬR)m G/7>aLȗ4cBzEwFYTsx$ (pz3'H'Ugb l]vm,jjdOQOF#J+f@C"QU % pL i*i)4K/էc amJJ*geJ~n£f/z5UcT8ϧq--ظ̎;UVPm:u-0+MQ#>i9]K8&Cwvf[lოS9!*M(J"}uEΧ"A Һ2o L+qHqBV|ߠG" Uzpbb.ҰIs5ӛΔo%n@v"daYh*\E1f$"~N!Jц ~3&4`yiIFOokѡQ<'3eP ?'/*dop.eQЗ% RoV=ѹy-=9v/l WQBc/12ǥ+[[5ybNs gX&leqn7N5{?_Gi^YQ՟Jk3,ĺ  W{/GzY~l+ggnlB5 pc}