sssd-common-pac-2.9.4-1.el8 >  H    ̉eQ8 U]bl?\ޤl>Җ^a)]dst-9cHvA`~!iccJUcHof߼.WLXtMk^~$ /^ᇩ'w{dXՉ5 920895ae694b501f6a2f49ad20d19461eb33a43b66fa430400cb5345aa9368d5558bf3f9f322cb7c265d65e68b95fe8a5e3570650302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb500673065023100afbb136b489ce1874db9d16a8b4535b86d6440b81316eb449b2b2851cc9eeb8ff8b2c299edb53a919565f7cedd4f3f0102304e32575066eabac5ef3f07022d33cc3509845f910eb6b0b69fffa4ed074165ea7ba6416432e5dc91e03659b3947b2a400302047c435bb500673065023013d4ffcf6156af9e870c94fa7a9a8cbaa94b4439cf22e1a712d14bda12b776088e2665f848b8451872b3e18663cc78b1023100a98ad673841571f1ed96df55ea1e50e078c4f01180a004d8d788d857862eb413726413735866c198a3aa8a6e5de217150302047c435bb50066306402301e1c632c69bc2b3acc8290a4bef5602abfda9a0def7a10712cd98a27ad0a26588b90d5e8ec4139694b816e72688d768402301256a96fbc006757e447f3c1c02daf7da865c47168f75ff2c4a8b66e406772266323bfafcd97cefb75c3ab8b6dfa7981TeQ8 U] xQsz.rQѨr _38Rh]O*/np1q,Jf]\!",*|.@RVao%=b}vmYLPK"}w4v3xw,N;IIw9ƐiN[m|xK4d fùT*]PSƋۙM{&%Je; UXx$x@PZ1א3;@쫱~{9xt.R1E_,9":NyflV  m\fi<9?wXuEuBQB̓*؈CȺ3*Ty–LmbL:- .+z:-L7 GLb?(@0mhEz"MjXpn`p)(v7jD4z~k˶$d˾g$D:¥k 1J7!O}]:Wf>`<p?`d  P   =CLd p |   H`~66 n6( 8 9:cGPHhIXY\]^bdeflt u$v<w x8yP0\Csssd-common-pac2.9.41.el8Common files needed for supporting PAC processingProvides common files needed by SSSD providers such as IPA and Active Directory for handling Kerberos PACs.ex86-04.stream.rdu2.redhat.comCentOSCentOSGPLv3+builder@centos.orgApplications/Systemhttps://github.com/SSSD/sssdlinuxx86_64%KAAA큤eeeeaee+8206520d094c527c74702f79bf4fddfe3304c004aa6c87e6a2d579bdb2988f798ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b903../../../../usr/libexec/sssd/sssd_pacrootrootrootrootrootrootrootrootrootrootrootrootsssd-2.9.4-1.el8.src.rpmsssd-common-pacsssd-common-pac(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    @libbasicobjects.so.0()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.28)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libcollection.so.4()(64bit)libcrypto.so.1.1()(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdl.so.2()(64bit)libdl.so.2(GLIBC_2.2.5)(64bit)libini_config.so.5()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-standard.so.0()(64bit)libndr.so.3()(64bit)libndr.so.3(NDR_0.0.1)(64bit)libpcre2-8.so.0()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libselinux.so.1()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmaplibsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_iface.so()(64bit)libsss_sbus.so()(64bit)libsss_util.so()(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.15.0)(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libunistring.so.2()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)rtld(GNU_HASH)sssd-common2.9.4-1.el83.0.4-14.6.0-14.0-15.2-12.9.4-1.el84.14.3e{@eReRd@dd@du@doMdbc&@cR@c|c_cc@bbγba@baZ@a6aɪa@aKa@`.`@`[` @`&m`@`x@__@_@_#___[@_?@_-B@_@_@^@^@^^(@^oj@^ku^Y^S^J@^C^0"@^0"@^0"@^@^@^@]f@]f@] @] @]+]]Y]Y]|@]o@]k]k]Y=]Y=]Y=]Y=]Y=]M`@]M`@]M`@]D%]D%]D%]9]9]]]@]@\\`@\]o@\\\\\\\@\>@\>@\>@\\\\l@[Ѱ@[^[[ā@[ā@[ā@[;@[;@[;@[;@[;@[[@[@[@[@[@[t[#@[#@[@[@[qr[;e@["XZZ&Zw@Z Z$Zz@ZyZiZiZWQZWQZ%8Z@Z@YZ@Y@YYzYKYyYw2YRHYRHY@X-XX~@XO@X}@X@XX6@XWXOXXWW@WWW@WWv[@Wi,@W5W@W@V3VVVvV%@VqR@VO @V<@V/g@V$@V @V @UpU|@U4@UUUU@UzUzUzUL@UL@U.RU@TTT@T~T8TܕT@T@TTTq@T@T@Tp@TA@TuTto@TG@TD@TT @S0SS@S.SP@S @Sg@SrS!@SkqSkqSG@SFSCS!SSRRpRpR^R[RSRNREs@RD!R@R@RNQB@Q@QQQکQQQo@Q)@Q@QQ@Q@QbQbQV@Q'@QQQQnQZ@QU@Q0@QQQ@Q@QQ @QQh@PP@P@P@Pz@Pz@PqnPl(PaPaPS@PH@PDPM>M2@MMzMx@Mj - 2.9.4-1Alexey Tikhonov - 2.9.3-2Alexey Tikhonov - 2.9.3-1Alexey Tikhonov - 2.9.2-1Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-5Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.2-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.6.2-3Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-2Alexey Tikhonov - 2.6.1-1Alexey Tikhonov - 2.5.2-2Alexey Tikhonov - 2.5.2-1Alexey Tikhonov - 2.5.1-2Alexey Tikhonov - 2.5.1-1Alexey Tikhonov - 2.5.0-1Alexey Tikhonov - 2.4.0-8Alexey Tikhonov - 2.4.0-7Alexey Tikhonov - 2.4.0-6Alexey Tikhonov - 2.4.0-5Alexey Tikhonov - 2.4.0-4Alexey Tikhonov - 2.4.0-3Alexey Tikhonov - 2.4.0-2Alexey Tikhonov - 2.4.0-1Alexey Tikhonov - 2.3.0-9Alexey Tikhonov - 2.3.0-8Alexey Tikhonov - 2.3.0-7Alexey Tikhonov - 2.3.0-6Alexey Tikhonov - 2.3.0-5Alexey Tikhonov - 2.3.0-4Alexey Tikhonov - 2.3.0-3Alexey Tikhonov - 2.3.0-2Alexey Tikhonov - 2.3.0-1Alexey Tikhonov - 2.2.3-19Alexey Tikhonov - 2.2.3-19Michal Židek - 2.2.3-18Alexey Tikhonov - 2.2.3-17Alexey Tikhonov - 2.2.3-16Michal Židek - 2.2.3-15Michal Židek - 2.2.3-14Michal Židek - 2.2.3-13Michal Židek - 2.2.3-12Michal Židek - 2.2.3-11Michal Židek - 2.2.3-10Michal Židek - 2.2.3-9Michal Židek - 2.2.3-8Michal Židek - 2.2.3-7Michal Židek - 2.2.3-6Michal Židek - 2.2.3-5Michal Židek - 2.2.3-4Michal Židek - 2.2.3-3Michal Židek - 2.2.3-2Michal Židek - 2.2.3-1Michal Židek - 2.2.2-1Michal Židek - 2.2.0-19Michal Židek - 2.2.0-18Michal Židek - 2.2.0-17Michal Židek - 2.2.0-16Michal Židek - 2.2.0-15Michal Židek - 2.2.0-14Michal Židek - 2.2.0-13Michal Židek - 2.2.0-12Michal Židek - 2.2.0-11Michal Židek - 2.2.0-10Michal Židek - 2.2.0-9Michal Židek - 2.2.0-8Michal Židek - 2.2.0-7Michal Židek - 2.2.0-6Jakub Hrozek - 2.2.0-5Jakub Hrozek - 2.2.0-4Jakub Hrozek - 2.2.0-3Jakub Hrozek - 2.2.0-2Michal Židek - 2.2.0-1Michal Židek - 2.1.0-1Michal Židek - 2.0.0-45Jakub Hrozek - 2.0.0-43Michal Židek - 2.0.0-42Michal Židek - 2.0.0-41Michal Židek - 2.0.0-40Michal Židek - 2.0.0-39Michal Židek - 2.0.0-38Michal Židek - 2.0.0-36Michal Židek - 2.0.0-35Michal Židek - 2.0.0-34Michal Židek - 2.0.0-33Michal Židek - 2.0.0-32Michal Židek - 2.0.0-31Michal Židek - 2.0.0-30Michal Židek - 2.0.0-29Michal Židek - 2.0.0-28Michal Židek - 2.0.0-27Michal Židek - 2.0.0-26Michal Židek - 2.0.0-25Michal Židek - 2.0.0-24Jakub Hrozek - 2.0.0-23Jakub Hrozek - 2.0.0-22Jakub Hrozek - 2.0.0-21Jakub Hrozek - 2.0.0-20Jakub Hrozek - 2.0.0-19Jakub Hrozek - 2.0.0-18Jakub Hrozek - 2.0.0-17Jakub Hrozek - 2.0.0-16Jakub Hrozek - 2.0.0-15Jakub Hrozek - 2.0.0-14Jakub Hrozek - 2.0.0-13Jakub Hrozek - 2.0.0-12Jakub Hrozek - 2.0.0-11Jakub Hrozek - 2.0.0-10Jakub Hrozek - 2.0.0-9Jakub Hrozek - 2.0.0-8Jakub Hrozek - 2.0.0-7Jakub Hrozek - 2.0.0-6Jakub Hrozek - 2.0.0-5Jakub Hrozek - 2.0.0-4Jakub Hrozek - 2.0.0-3Jakub Hrozek - 2.0.0-2Fabiano Fidêncio - 2.0.0-1Tomas Orsava - 1.16.2-2Fabiano Fidêncio - 1.16.2-1Fabiano Fidêncio - 1.16.1-3Fabiano Fidêncio - 1.16.1-2Fabiano Fidêncio - 1.16.1-1Lukas Slebodnik - 1.16.0-13Fabiano Fidêncio - 1.16.0-12Lukas Slebodnik - 1.16.0-11Lukas Slebodnik - 1.16.0-10Igor Gnatenko - 1.16.0-9Lukas Slebodnik - 1.16.0-8Lukas Slebodnik - 1.16.0-7Björn Esser - 1.16.0-6Lukas Slebodnik - 1.16.0-5Lukas Slebodnik - 1.16.0-4Jakub Hrozek - 1.16.0-3Lukas Slebodnik - 1.16.0-2Lukas Slebodnik - 1.16.0-1Lukas Slebodnik - 1.15.3-5Lukas Slebodnik - 1.15.3-4Lukas Slebodnik - 1.15.3-3Fedora Release Engineering - 1.15.3-2Lukas Slebodnik - 1.15.3-1Lukas Slebodnik - 1.15.3-0.beta.5Lukas Slebodnik - 1.15.3-0.beta.4Lukas Slebodnik - 1.15.3-0.beta.3Lukas Slebodnik - 1.15.3-0.beta.2Lukas Slebodnik - 1.15.3-0.beta.1Lukas Slebodnik - 1.15.2-1Lukas Slebodnik - 1.15.1-1Jakub Hrozek - 1.15.0-4Lukas Slebodnik - 1.15.0-3Fedora Release Engineering - 1.15.0-2Lukas Slebodnik - 1.15.0-1Miro Hrončok - 1.14.2-3Lukas Slebodnik - 1.14.2-2Lukas Slebodnik - 1.14.2-1Lukas Slebodnik - 1.14.1-4Lukas Slebodnik - 1.14.1-3Lukas Slebodnik - 1.14.1-2Lukas Slebodnik - 1.14.1-1Stephen Gallagher - 1.14.0-5Fedora Release Engineering - 1.14.0-4Lukas Slebodnik - 1.14.0-3Lukas Slebodnik - 1.14.0-2.betaLukas Slebodnik - 1.14.0-1.alphaLukas Slebodnik - 1.13.4-3Lukas Slebodnik - 1.13.4-2Lukas Slebodnik - 1.13.4-1Lukas Slebodnik - 1.13.3-6Lukas Slebodnik - 1.13.3-5Fedora Release Engineering - 1.13.3-4Lukas Slebodnik - 1.13.3-3Lukas Slebodnik - 1.13.3-2Lukas Slebodnik - 1.13.3-1Lukas Slebodnik - 1.13.2-1Robert Kuska - 1.13.1-5Lukas Slebodnik - 1.13.1-4Lukas Slebodnik - 1.13.1-3Lukas Slebodnik - 1.13.1-2Lukas Slebodnik - 1.13.1-1Lukas Slebodnik - 1.13.0-6Lukas Slebodnik - 1.13.0-5Lukas Slebodnik - 1.13.0-4Lukas Slebodnik - 1.13.0-3Lukas Slebodnik - 1.13.0-2.alphaLukas Slebodnik - 1.13.0-1.alphaFedora Release Engineering - 1.12.5-4Lukas Slebodnik - 1.12.5-3Lukas Slebodnik - 1.12.5-2Lukas Slebodnik - 1.12.5-1Lukas Slebodnik - 1.12.4-8Lukas Slebodnik - 1.12.4-7Lukas Slebodnik - 1.12.4-6Lukas Slebodnik - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Lukas Slebodnik - 1.12.4-2Lukas Slebodnik - 1.12.4-1Lukas Slebodnik - 1.12.3-7Lukas Slebodnik - 1.12.3-6Jakub Hrozek - 1.12.3-5Lukas Slebodnik - 1.12.3-4Lukas Slebodnik - 1.12.3-3Lukas Slebodnik - 1.12.3-2Lukas Slebodnik - 1.12.3-1Lukas Slebodnik - 1.12.2-8Sumit Bose - 1.12.2-7Lukas Slebodnik - 1.12.2-6Jakub Hrozek - 1.12.2-5Jakub Hrozek - 1.12.2-4Jakub Hrozek - 1.12.2-3Jakub Hrozek - 1.12.2-2Jakub Hrozek - 1.12.2-1Jakub Hrozek - 1.12.1-2Jakub Hrozek - 1.12.1-1Jakub Hrozek - 1.12.0-7Fedora Release Engineering - 1.12.0-6Stephen Gallagher 1.12.0-5Jakub Hrozek - 1.12.0-1Fedora Release Engineering - 1.12.0-4.beta2Jakub Hrozek - 1.12.0-1.beta2Jakub Hrozek - 1.12.0-2.beta1Jakub Hrozek - 1.12.0-1.beta1Jakub Hrozek - 1.11.5.1-4Stephen Gallagher - 1.11.5.1-3Stephen Gallagher - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Stephen Gallagher 1.11.5-2Jakub Hrozek - 1.11.5-1Sumit Bose - 1.11.4-3Jakub Hrozek - 1.11.4-2Jakub Hrozek - 1.11.4-1Jakub Hrozek - 1.11.3-2Jakub Hrozek - 1.11.3-1Jakub Hrozek - 1.11.2-1Sumit Bose - 1.11.1-5Sumit Bose - 1.11.1-4Jakub Hrozek - 1.11.1-3Jakub Hrozek - 1.11.1-2Jakub Hrozek - 1.11.1-1Jakub Hrozek - 1.11.0-3Jakub Hrozek - 1.11.0-2Jakub Hrozek - 1.11.0-1Jakub Hrozek - 1.11.0-0.4.beta2Fedora Release Engineering - 1.11.0-0.3.beta2Jakub Hrozek - 1.11.0.2beta2Jakub Hrozek - 1.11.0.1beta2Jakub Hrozek - 1.10.1-1Jakub Hrozek - 1.10.0-17Stephen Gallagher - 1.10.0-16Stephen Gallagher - 1.10.0-15Stephen Gallagher - 1.10.0-14Jakub Hrozek - 1.10.0-13Dan Horák - 1.10.0-12.beta2Jakub Hrozek - 1.10.0-11.beta2Jakub Hrozek - 1.10.0-10.beta2Jakub Hrozek - 1.10.0-9.beta2Jakub Hrozek - 1.10.0-8.beta1Jakub Hrozek - 1.10.0-8.beta2Jakub Hrozek - 1.10.0-7.beta1Jakub Hrozek - 1.10.0-6.beta1Jakub Hrozek - 1.10.0-5.beta1Jakub Hrozek - 1.10.0-4.beta1Jakub Hrozek - 1.10.0-3.beta1Jakub Hrozek - 1.10.0-2.alpha1Jakub Hrozek - 1.10.0-1.alpha1Jakub Hrozek - 1.9.5-10Stephen Gallagher - 1.9.4-9Jakub Hrozek - 1.9.4-8Jakub Hrozek - 1.9.4-7Jakub Hrozek - 1.9.4-6Jakub Hrozek - 1.9.4-5Jakub Hrozek - 1.9.4-4Jakub Hrozek - 1.9.4-3Jakub Hrozek - 1.9.4-2Jakub Hrozek - 1.9.4-1Jakub Hrozek - 1.9.3-1Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-24Jakub Hrozek - 1.9.0-23Jakub Hrozek - 1.9.0-22.rc1Jakub Hrozek - 1.9.0-21.beta7Jakub Hrozek - 1.9.0-20.beta6Jakub Hrozek - 1.9.0-19.beta6Jakub Hrozek - 1.9.0-18.beta6Jakub Hrozek - 1.9.0-17.beta6Jakub Hrozek - 1.9.0-16.beta6Jakub Hrozek - 1.9.0-14.beta6Jakub Hrozek - 1.9.0-13.beta6Fedora Release Engineering - 1.9.0-13.beta5Jakub Hrozek - 1.9.0-12.beta5Stephen Gallagher - 1.9.0-11.beta4Jakub Hrozek - 1.9.0-10.beta4Jakub Hrozek - 1.9.0-9.beta4Stephen Gallagher - 1.9.0-8.beta3Stephen Gallagher - 1.9.0-7.beta2Stephen Gallagher - 1.9.0-6.beta2Stephen Gallagher - 1.9.0-5.beta2Stephen Gallagher - 1.9.0-4.beta1Stephen Gallagher - 1.9.0-3.beta1Stephen Gallagher - 1.9.0-2.beta1Stephen Gallagher - 1.9.0-1.beta1Stephen Gallagher - 1.8.3-11Stephen Gallagher - 1.8.2-10Stephen Gallagher - 1.8.1-9Stephen Gallagher - 1.8.1-8Stephen Gallagher - 1.8.1-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5.beta3Stephen Gallagher - 1.8.0-4.beta3Petr Pisar - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-1.beta2Stephen Gallagher - 1.8.0-1.beta1Stephen Gallagher - 1.7.0-5Stephen Gallagher - 1.7.0-4Stephen Gallagher - 1.7.0-3Fedora Release Engineering - 1.7.0-2Stephen Gallagher - 1.7.0-1Stephen Gallagher - 1.6.4-1Stephen Gallagher - 1.6.3-5Stephen Gallagher - 1.6.3-4Jakub Hrozek - 1.6.3-3Stephen Gallagher - 1.6.3-2Stephen Gallagher - 1.6.3-1Fedora Release Engineering - 1.6.2-5Stephen Gallagher - 1.6.2-4Stephen Gallagher - 1.6.2-3Stephen Gallagher - 1.6.2-2Stephen Gallagher - 1.6.2-1Stephen Gallagher - 1.6.1-1Stephen Gallagher - 1.6.0-2Stephen Gallagher - 1.6.0-1Stephen Gallagher - 1.5.11-2Stephen Gallagher - 1.5.10-1Stephen Gallagher - 1.5.9-1Stephen Gallagher - 1.5.8-1Stephen Gallagher - 1.5.7-3Stephen Gallagher - 1.5.7-2Stephen Gallagher - 1.5.7-1Stephen Gallagher - 1.5.6.1-1Stephen Gallagher - 1.5.6-1Stephen Gallagher - 1.5.5-5Stephen Gallagher - 1.5.5-4Stephen Gallagher - 1.5.5-3Stephen Gallagher - 1.5.5-2Stephen Gallagher - 1.5.5-1Stephen Gallagher - 1.5.4-1Stephen Gallagher - 1.5.3-2Stephen Gallagher - 1.5.3-1Stephen Gallagher - 1.5.2-1Simo Sorce - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Fedora Release Engineering - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.4.1-3Stephen Gallagher - 1.4.1-2Stephen Gallagher - 1.4.1-1Stephen Gallagher - 1.4.0-2Stephen Gallagher - 1.4.0-1Stephen Gallagher - 1.3.0-35Stephen Gallagher - 1.3.0-34Stephen Gallagher - 1.3.0-33Stephen Gallagher - 1.3.0-32Stephen Gallagher - 1.3.0-31Stephen Gallagher - 1.3.0-30David Malcolm - 1.2.91-21Stephen Gallagher - 1.2.91-20Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-1680 - auto_private_groups does not create cache in IPA server SSSD cache - Resolves: RHEL-10092 - logfile rotation for sssd_kcm not working properly, sssd_kcm never receives a 'kill -HUP' - Resolves: RHEL-17495 - New sssd.conf seems not to be backwards compatible (wrt SmartCard auth of local users using 'files provider') - Resolves: RHEL-18431 - Excessive logging to sssd_nss and sssd_be in multi-domain AD forest - Resolves: RHEL-5033 - Incorrect IdM product name in man sssd.conf - Resolves: RHEL-15368 - SSSD GPO lacks group resolution on hosts [rhel-8] - Resolves: RHEL-10721 - very bad performance when requesting service tickets - Resolves: RHEL-19011 - Invalid handling groups from child domain - Resolves: RHEL-19949 - latest sssd breaks logging in via XDMCP for LDAP/Kerberos users [rhel-8]- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: RHEL-14070 - sssd-2.9.2-1.el8 breaks smart card authentication - Resolves: RHEL-3665 - Unexplainable error "Unable to find primary gid [2]: No such file or directory" when SSSD performs lookup for an AD user- Resolves: RHEL-2630 - Rebase SSSD for RHEL 8.10 - Resolves: rhbz#2226021 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237253 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2149241 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2196521 - [RHEL8] sssd : AD user login problem when modify ldap_user_name= name and restricted by GPO Policy - Resolves: rhbz#2195919 - sssd-be tends to run out of system resources, hitting the maximum number of open files - Resolves: rhbz#2192708 - [RHEL8] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2139467 - [RHEL8] sssd attempts LDAP password modify extended op after BIND failure - Resolves: rhbz#2054825 - sssd_be segfault at 0 ip 00007f16b5fcab7e sp 00007fffc1cc0988 error 4 in libc-2.28.so[7f16b5e72000+1bc000] - Resolves: rhbz#2189583 - [sssd] RHEL 8.9 Tier 0 Localization - Resolves: rhbz#2170720 - [RHEL8] When adding attributes in sssd.conf that we have already, the cross-forest query just stop working - Resolves: rhbz#2096183 - BE_REQ_USER_AND_GROUP LDAP search filter can inadvertently catch multiple overrides - Resolves: rhbz#2151450 - [RHEL8] SSSD missing group membership when evaluating GPO policy with 'auto_private_groups = true'- Related: rhbz#2190417 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9- Resolves: rhbz#2167836 - Rebase SSSD for RHEL 8.9 - Resolves: rhbz#2101489 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed) - Resolves: rhbz#2143925 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2151403 - AD user is not found on IPA client after upgrading to RHEL8.7 - Resolves: rhbz#2164805 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2170484 - Unable to lookup AD user from child domain (or "make filtering of the domains more configurable") - Resolves: rhbz#2180981 - sss allows extraneous @ characters prefixed to username #- Resolves: rhbz#2149091 - Update to sssd-2.7.3-4.el8_7.1.x86_64 resulted in "Request to sssd failed. Device or resource busy"- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2136701 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139760 - [sssd] RHEL 8.8 Tier 0 Localization - Resolves: rhbz#2139865 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142795 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144491 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around - Resolves: rhbz#2150357 - Smart Card auth does not work with p11_uri (with-smartcard-required)- Resolves: rhbz#2127511 - Rebase SSSD for RHEL 8.8 - Resolves: rhbz#2144581 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2144579 - sssd timezone issues sudonotafter - Resolves: rhbz#2144519 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#2127822 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2111393 - authenticating against external IdP services okta (native app) with OAuth client secret failed- Related: rhbz#2132051 - Rebase Samba to the the latest 4.17.x release Rebuild against Samba rebase.- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8- Resolves: rhbz#2116395 - NFS krb5 mount failed as "access denied" after test accessing a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-1.el8 - Resolves: rhbz#2119726 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120669 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2116488 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2116486 - [regression] sssctl analyze fails to parse PAM related sssd logs - Resolves: rhbz#2116487 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2063016 - [sssd] RHEL 8.7 Tier 0 Localization- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2098620 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#2098619 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2088817 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2098616 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#2056035 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2098615 - Regression "Missing internal domain data." when setting ad_domain to incorrect - Resolves: rhbz#2098617 - Harden kerberos ticket validation - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol- Resolves: rhbz#2069379 - Rebase SSSD for RHEL 8.7 - Resolves: rhbz#2026799 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2033347 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2056483 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#2062689 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2065692 - [RHEL8] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2072050 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2072931 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2087088 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#2087744 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2087745 - 2FA prompting setting ineffective - Resolves: rhbz#2087746 - sssd fails GPO-based access if AD have setup with Japanese language- Resolves: rhbz#2039892 - 2.6.2 regression: Daemon crashes when resolving AD user names - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#2035245 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files (additional patch)- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#2013260 - [RHEL8] Add ability to parse child log files - Resolves: rhbz#2030386 - sssd-kcm has requirement on krb5 symbol "krb5_unmarshal_credentials" only available in latest RHEL8.5 krb5 libraries - Resolves: rhbz#1859315 - sssd does not use kerberos port that is set. - Resolves: rhbz#1961182 - Passwordless (GSSAPI) SSH not working due to missing "includedir /var/lib/sss/pubconf/krb5.include.d" directive in /etc/krb5.conf - Resolves: rhbz#2008829 - sssd_be segfault due to empty forest root name - Resolves: rhbz#2012263 - pam responder does not call initgroups to refresh the user entry - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012327 - Groups are missing while performing id lookup as SSSD switching to offline mode due to the wrong domain name in the ldap-pings(netlogon). - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013259 - [RHEL8] Add tevent chain ID logic into responders - Resolves: rhbz#2017301 - [sssd] RHEL 8.6 Tier 0 Localization- Rebuild due to rhbz#2013596 - Rebase Samba to the the latest 4.15.x release- Resolves: rhbz#2011216 - Rebase SSSD for RHEL 8.6 - Resolves: rhbz#1968340 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected - Resolves: rhbz#1952569 - SSSD should use "hidden" temporary file in its krb locator - Resolves: rhbz#1917970 - proxy provider: secondary group is showing in sssd cache after group is removed - Resolves: rhbz#1636002 - socket-activated services start as the sssd user and then are unable to read the confdb - Resolves: rhbz#2021196 - Make backtrace less "chatty" (avoid duplicate backtraces) - Resolves: rhbz#2018432 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2015070 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2013297 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2013294 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#2013218 - autofs lookups for unknown mounts are delayed for 50s - Resolves: rhbz#2013028 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs - Resolves: rhbz#2013024 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#2013006 - [RFE] support subid ranges managed by FreeIPA - Resolves: rhbz#2012308 - Add client certificate validation D-Bus API - Resolves: rhbz#2012122 - tps tests fail with cross dependency on sssd debuginfo package: removal of 'sssd-libwbclient-debuginfo' is missing- Resolves: rhbz#1975169 - EMBARGOED CVE-2021-3621 sssd: shell command injection in sssctl [rhel-8] - Resolves: rhbz#1962042 - [sssd] RHEL 8.5 Tier 0 Localization- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1693379 - sssd_be and sss_cache too heavy on CPU - Resolves: rhbz#1909373 - Missing search index for `originalADgidNumber` - Resolves: rhbz#1954630 - [RFE] Improve debug messages by adding a unique tag for each request the backend is handling - Resolves: rhbz#1936891 - SSSD Error Msg Improvement: Bad address - Resolves: rhbz#1364596 - sssd still showing ipa user after removed from last group - Resolves: rhbz#1979404 - Changes made to /etc/pam.d/sssd-shadowutils are overwritten back to default on sssd-common package upgrade- Resolves: rhbz#1974257 - 'debug_microseconds' config option is broken - Resolves: rhbz#1936902 - SSSD Error Msg Improvement: Invalid argument - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm (additional patches and rebuild)- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1917444 - SSSD Error Msg Improvement: Server resolution failed: [2]: No such file or directory - Resolves: rhbz#1917511 - SSSD Error Msg Improvement: Failed to resolve server 'server.example.com': Error reading file - Resolves: rhbz#1917535 - sssd.conf man page: parameter dns_resolver_server_timeout and dns_resolver_op_timeout - Resolves: rhbz#1940509 - [RFE] Health and Support Analyzer: Link frontend to backend requests - Resolves: rhbz#1649464 - auto_private_groups not working as expected with posix ipa/ad trust - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1961215 - Invalid sssd-kcm return code if requested operation is not found - Resolves: rhbz#1837090 - SSSD fails nss_getby_name for IPA user with SID if the user has user private group - Resolves: rhbz#1879869 - sudo commands incorrectly exports the KRB5CCNAME environment variable - Resolves: rhbz#1962550 - sss_pac_make_request fails on systems joined to Active Directory. - Resolves: rhbz#1737489 - [RFE] SSSD should honor default Kerberos settings (keytab name) in /etc/krb5.conf- Resolves: rhbz#1947671 - Rebase SSSD for RHEL 8.5 - Resolves: rhbz#1930535 - [abrt] [faf] sssd: monitor_service_shutdown(): /usr/sbin/sssd killed by 11 - Resolves: rhbz#1942387 - Wrong default debug level of sssd tools - Resolves: rhbz#1945888 - Inconsistant debug level for connection logging - Resolves: rhbz#1948657 - pam_sss_gss.so doesn't work with large kerberos tickets - Resolves: rhbz#1949149 - [RFE] Poor man's backtrace - Resolves: rhbz#1920500 - Authentication handshake (ldap_install_tls()) fails due to underlying openssl operation failing with EINTR - Resolves: rhbz#1923964 - [RFE] SSSD Error Msg Improvement: write_krb5info_file failed, authentication might fail. - Resolves: rhbz#1928648 - SSSD logs improvements: clarify which config option applies to each timeout in the logs - Resolves: rhbz#1632159 - sssd-kcm starts successfully for non existent socket_path - Resolves: rhbz#1627112 - RFE: Kerberos ticket renewal for sssd-kcm - Resolves: rhbz#1925505 - [RFE] improve the sssd refresh timers for SUDO queries - Resolves: rhbz#1925514 - [RFE] Randomize the SUDO timeouts upon reconnection - Resolves: rhbz#1925561 - sssd-ldap(5) does not report how to disable the SUDO smart queries - Resolves: rhbz#1925621 - document impact of indices and of scope on performance of LDAP queries - Resolves: rhbz#1855320 - [RFE] RHEL8 sssd: inheritance of the case_sensitive parameter for subdomains. - Resolves: rhbz#1925608 - [RFE] make 'random_offset' addon to 'offline_timeout' option configurable - Resolves: rhbz#1447945 - man page / docs update required: if two certificate matching rules with the same priority match only one is used - Resolves: rhbz#1703436 - sssd not thread-safe in innetgr() - Resolves: rhbz#1713143 - SSSD does not translate the 2FA text labels("first factor" / "second factor") on GDM login and screensaver unlock screen - Resolves: rhbz#1888977 - sss_override: Usage limitations clarification in man page - Resolves: rhbz#1890177 - Clarify "single_prompt" option in "PROMPTING CONFIGURATION SECTION" section of sssd.conf man page - Resolves: rhbz#1902280 - fix sss_cache to also reset cached timestamp - Resolves: rhbz#1935683 - SSSD not detecting subdomain from AD forest (RHEL 8.3) - Resolves: rhbz#1937919 - IPA missing secondary IPA Posix groups in latest sssd 1.16.5-10.el7_9.7 - Resolves: rhbz#1944665 - No gpo found and ad_gpo_implicit_deny set to True still permits user login - Resolves: rhbz#1919942 - sss_override does not take precedence over override_homedir directive- Resolves: rhbz#1926622 - Add support to verify authentication indicators in pam_sss_gss - Resolves: rhbz#1926454 - First smart refresh query contains modifyTimestamp even if the modifyTimestamp is 0. - Resolves: rhbz#1893159 - Default debug level should report all errors / failures (additional patch)- Resolves: rhbz#1920001 - Do not add '%' to group names already prefixed with '%' in IPA sudo rules - Resolves: rhbz#1918433 - sssd unable to lookup certmap rules - Resolves: rhbz#1917382 - [abrt] [faf] sssd: dp_client_handshake_timeout(): /usr/libexec/sssd/sssd_be killed by 11- Resolves: rhbz#1113639 - autofs: return a connection failure until maps have been fetched - Resolves: rhbz#1915395 - Memory leak in the simple access provider - Resolves: rhbz#1915319 - SSSD: SBUS: failures during servers startup - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication (additional patches)- Resolves: rhbz#1631410 - Can't login with smartcard with multiple certs having same ID value - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff (additional patches) - Resolves: rhbz#1893159 - Default debug level should report all errors / failures - Resolves: rhbz#1893698 - [RFE] sudo kerberos authentication- Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1876658 - filter_groups option partially filters the group from 'id' output of the user because gidNumber still appears in 'id' output [RHEL 8] - Resolves: rhbz#1895001 - User lookups over the InfoPipe responder fail intermittently- Resolves: rhbz#1900733 - sssd_be segfaults at be_refresh_get_values_ex() due to NULL ptrs in results of sysdb_search_with_ts_attr() - Resolves: rhbz#1876514 - High CPU utilization by the sssd_kcm process - Resolves: rhbz#1894540 - sssd component logging is now too generic in syslog/journal - Resolves: rhbz#1828483 - filtered ID is appearing due to strange negative cache behavior- This is to bump version to allow rebuild against rebased libldb.- Resolves: rhbz#1881992 - Rebase SSSD for RHEL 8.4 - Resolves: rhbz#1722842 - sssd-kcm does not store TGT with ssh login using GSSAPI - Resolves: rhbz#1734040 - sssd crash in ad_get_account_domain_search() - Resolves: rhbz#1784459 - [RFE] tlog does not allow to exclude some users from session recording - Resolves: rhbz#1791300 - sporadic sssd_be crash on s390x - Resolves: rhbz#1817122 - 'getent group ldapgroupname' doesn't show any LDAP users or some LDAP users when 'rfc2307bis' schema is used with SSSD. - Resolves: rhbz#1819012 - [RFE] Improve AD site discovery process - Resolves: rhbz#1846778 - [RfE] `/usr/libexec/sssd/p11_child` cmdline argument '--nssdb' might be confusing when SSSD was built against OpenSSL - Resolves: rhbz#1873715 - automount sssd issue when 2 automount maps have the same key (one un uppercase, one in lowercase) - Resolves: rhbz#1879860 - correction in sssd.conf:pam_response_filter man page - Resolves: rhbz#1881336 - [RFE] sssd-ldap man page modification for parameter "ldap_referrals" - Resolves: rhbz#1883488 - [RfE] Implement a new sssd.conf option to disable the filter for AD domain local groups from trusted domains - Resolves: rhbz#1884196 - [RFE] Add "enabled" option to domain section in config file - Resolves: rhbz#1884205 - KCM: Increase client idle timeout to 5 minutes - Resolves: rhbz#1884207 - [RFE] ldap: add new option ldap_library_debug_level - Resolves: rhbz#1884213 - [RFE] add offline_timeout_max config option to control offline interval backoff - Resolves: rhbz#1884281 - Secondary LDAP group go missing from 'id' command - Resolves: rhbz#1884301 - [RFE] dyndns: suport asymmetric auth for nsupdate- Resolves: rhbz#1855323 - When ad_gpo_implicit_deny is True, it is permitting users to login when no gpo is applied- Resolves: rhbz#1868387 - system not enforcing GPO rule restriction. ad_gpo_implicit_deny = True is not working - Resolves: rhbz#1854951 - sss-certmap man page change to add clarification for userPrincipalName attribute from AD schema - Resolves: rhbz#1856861 - False errors/warnings are logged in sssd.log file after enabling 2FA prompting settings in sssd.conf - Resolves: rhbz#1869683 - p11_child: default value of ocsp_dgst == sha256 doesn't conform RFC5019 and has to be changed to sha1- Resolves: rhbz#1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command. - Resolves: rhbz#1780404 - smartcards: special characters must be escaped when building search filter- Resolves: rhbz#1820574 - [sssd] RHEL 8.3 Tier 0 Localization- Resolves: rhbz#1821719 - sssd (sssd_be) is consuming 100% CPU, partially due to failing mem-cache - Fixed "requires/provides" rpmdiff warning- Resolves: rhbz#1815584 - id_provider = proxy proxy_lib_name = files returns * in password field, breaking PAM authentication - Resolves: rhbz#1794607 - SSSD must be able to resolve membership involving root with files provider - Resolves: rhbz#1803134 - Improve "unlock" time when user session already active- Resolves: rhbz#1829470 - `sssd.api.conf` and `sssd.api.d` should belong to `python-sssdconfig` package - Resolves: rhbz#1544457 - sssd fails to release file descriptor on child logs after receiving HUP - Resolves: rhbz#1824323 - SSSD user filtering is failing on RHEL 8 after "files" provider rebuilds cache - Resolves: rhbz#1827432 - When the passwd or group files are replaced, sssd stops monitoring the file for inotify events, and no updates are triggered - Resolves: rhbz#1835710 - Change the message "Please enter smart card" to "Please insert smart card" on GDM login with smart-card - Resolves: rhbz#1838037 - Oddjob-mkhomedir fails when using NSS compat - Resolves: rhbz#1845904 - gdm smart card authentication does not work shortly after disconnecting from network. - Resolves: rhbz#1845975 - sssd doesn't follow the link order of AD Group Policy Management - Resolves: rhbz#1845980 - sssd is failing to discover other subdomains in the forest if LDAP entries do not contain AD forest root information - Resolves: rhbz#1845987 - Document how to prevent invalid selinux context for default home directories in SSSD-AD direct integration. - Resolves: rhbz#1845994 - GDM failure loop when no user mapped for smart card - Resolves: rhbz#1846003 - GDM password prompt when cert mapped to multiple users and promptusername is False - Resolves: rhbz#1850961 - /usr/share/systemtap/tapset/sssd_functions.stp missing a comma- Resolves: rhbz#Bug 1723273 - RFE: Add option to specify alternate sssd config file location with "sssctl config-check" command.- Resolves: rhbz#1839037 - Rebase SSSD for RHEL 8.3 - Resolves: rhbz#1843872 - sssd 2.3.0 breaks AD auth due to GPO parsing failure - Resolves: rhbz#1834156 - sssd or sssd-ad not updating their dependencies on "yum update" which breaks working- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate (additional patch)- Resolves: rhbz#1810634 - id command taking 1+ minute for returning user information- Resolves: rhbz#1580506 - [RFE]: sssd to be able to read smartcard certificate EKU and perform an action based on value when generating SSH key from a certificate- Resolves: rhbz#1718193 - p11_child should have an option to skip C_WaitForSlotEvent if the PKCS#11 module does not implement it properly- Resolves: rhbz#1792331 - sssd_be crashes when krb5_realm and krb5_server is omitted and auth_provider is krb5- Resolves: rhbz#1754996 - [sssd] Tier 0 Localization- Resolves: rhbz#1767514 - sssd requires timed sudoers ldap entries to be specified up to the seconds- Resolves: rhbz#1713368 - Add sssd-dbus package as a dependency of sssd-tools* Resolves: rhbz#1794016 - sssd_be frequent crash* Resolves: rhbz#1762415 - Force LDAPS over 636 with AD Access Provider* Resolves: rhbz#1583592 - [RFE] Add configurable randomness to SSSD ldap connection timeout* Resolves: rhbz#1783190 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/sssd_autofs killed by 6* Resolves: rhbz#1785214 - server/be: SIGTERM handling is incorrect* Resolves: rhbz#1785193 - Watchdog implementation or usage is incorrect* Resolves: rhbz#1704199 - pcscd rejecting sssd ldap_child as unauthorized* Resolves: rhbz#1744500 - [Doc]Provide explanation on escape character for match rules sss-certmap* Resolves: rhbz#1781728 - sssctl config-check command does not give proper error messages with line numbers* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release Increasing version number to pick latest libldb* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release PART2: Fix gating issue.* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release* Resolves: rhbz#1753694 - Rebase sssd to the latest upstream release- Resolves: rhbz#1712875 - Old kerberos credentials active instead of valid new ones (kcm)- Resolves: rhbz#1744134 - New defect found in sssd-2.2.0-16.el8 - Also sync. kcm multihost tests with master- Resolves: rhbz#1676385 - pam_sss with smartcard auth does not create gnome keyring - Also apply a patch to fix gating tests issue- Resolves: rhbz#1736861 - dyndns_update = True is no longer enough to get the IP address of the machine updated in IPA upon sssd.service startup- Resolves: rhbz#1736265 - Smart Card auth of local user: endless loop if wrong PIN was provided- Resolves: rhbz#1736796 - sssd config option "default_domain_suffix" should not cause files domain entries to be qualified, this can break sudo access- Resolves: rhbz#1669407 - MAN: Document that PAM stack contains the systemd-user service in the account phase in RHEL-8- Resolves: rhbz#1448094 - sssd-kcm cannot handle big tickets- Resolves: rhbz#1733372 - permission denied on logs when running sssd as non-root user- Resolves: rhbz#1736483 - Sudo prompt for smart card authentication is missing the trailing colon- Resolves: rhbz#1382750 - Conflicting default timeout values- Resolves: rhbz#1699480 - Include libsss_nss_idmap-devel in the Builder repository - This just required a raise in release number and changelog for the record.- Resolves: rhbz#1711318 - p11_child::sign_data() function implementation is not FIPS140 compliant- Resolves: rhbz#1726945 - negative cache does not use values from 'filter_users' config option for known domains- Resolves: rhbz#1729055 - sssd does not pass correct rules to sudo- Resolves: rhbz#1283798 - sssd failover does not work on connecting to non-responsive ldaps:// server- Resolves: rhbz#1725168 - sssd-proxy crashes resolving groups with no members- Resolves: rhbz#1673443 - sssd man pages: The default value of "ldap_user_home_directory" is not mentioned with AD server configuration- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Resolves: rhbz#1687281 Rebase sssd in RHEL-8.1 to the latest upstream release- Replace ARRAY_SIZE with N_ELEMENTS to reflect samba changes. This is done here in order to unblock gating changes before rebase. - Related: rhbz#1682305- Resolves: rhbz#1672780 - gdm login not prompting for username when smart card maps to multiple users- Resolves: rhbz#1645291 - Perform some basic ccache initialization as part of gen_new to avoid a subsequent switch call failure-Resolves: rhbz#1659498 - Re-setting the trusted AD domain fails due to wrong subdomain service name being used-Resolves: rhbz#1660083 - extraAttributes is org.freedesktop.DBus.Error. UnknownProperty: Unknown property- Resolves: rhbz#1661183 - SSSD 2.0 has drastically lower sbus timeout than 1.x, this can result in time outs- Resolves: rhbz#1578014 - sssd does not work under non-root user - Note: Actually the patches were in the 2.0.0-37, this one just adds this changelog because it was missing.- Resolves: rhbz#1652563 - incorrect example in the man page of idmap_sss suggests using * for backend sss- Resolves: rhbz#1466503 - Snippets are not used when sssd.conf does not exist- Resolves: rhbz#1622008 - Error message when IPA server uninstall calls kdestroy caused by KCM returning a wrong error code during the delete operation- Resolves: rhbz#1646113 - Missing concise documentation about valid options for sssd-files-provider- Resolves: rhbz#1625670 - sssd needs to require a newer version of libtalloc and libtevent to avoid an issue in GPO processing- Resolves: 1658813 - PKINIT with KCM does not work- Resolves: 1657898 - SSSD must be cleared/restarted periodically in order to retrieve AD users through IPA Trust- Resolves: rhbz#1655459 - [abrt] [faf] sssd: raise(): /usr/libexec/sssd/proxy_child killed by 6- Resolves: rhbz#1652719 - [SECURITY] sssd returns '/' for emtpy home directories- Resolves: rhbz#1657979 - SSSD's LDAP authentication provider does not work if ID provider is authenticated with GSSAPI- Resolves: rhbz#1657980 - sssd_nss memory leak- Resolves: rhbz#1645566 - SSSD 2.x does not sanitize domain name properly for D-bus, resulting in a crash- Resolves: rhbz#1646168 - sssctl access-report always prints an error message - Resolves: rhbz#1643053 - Restarting the sssd-kcm service should reload the configuration without having to restart the whole sssd - Resolves: rhbz#1640576 - sssctl reports incorrect information about local user's cache entry expiration time - Resolves: rhbz#1645238 - Unable to su to root when logged in as a local user - Resolves: rhbz#1639411 - sssd support for for smartcards using ECC keys- Resolves: rhbz#1642508 - sssd ifp crash when trying to access ipa webui with smart card- Resolves: rhbz#1642372 - SSSD Python getgrouplist API was removed but required for IPA- Related: rhbz#1638150 - session not recording for local user when groups defined - Also add silence a Coverity warning, which is related to rhbz#1637131- Related: rhbz#1637513 - sssd crashes when refreshing expired sudo rules- Add OSCP checks for p11_child - Related: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Related: rhbz#1638006 - Files: The files provider always enumerates which causes duplicate when running getent passwd- Related: rhbz#1637131 - pam_unix unable to match fully qualified username provided by sssd during smartcard auth using gdm- Related: rhbz#1620123 - [RFE] Add option to specify a Smartcard with a PKCS#11 URI- Related: rhbz#1611011 - Support for "require smartcard for login option"- Related: rhbz#1635595 - Cant login with smartcard with multiple certs- Backport more sbus2 fixes - Related: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1636397 - SSSD not fetching all sudo rules from AD- Resolves: rhbz#1628122 - Printing incorrect information about domain with sssctl utility- Resolves: rhbz#1626001 - SSSD should log to syslog if a domain is not started due to a misconfiguration- Resolves: rhbz#1624785 - Remove references of sss_user/group/add/del commands in man pages since local provider is deprecated- Resolves: rhbz#1628126 - [abrt] [faf] sssd: unknown function(): /usr/libexec/sssd/sssd_be killed by 11 crash func _dbus_list_unlink- Resolves: rhbz#1628503 - sssd only sets the SELinux login context if it differs from the default- Resolves: rhbz#1625842 id_provider= local causes SSSD to abort startup- Resolves: rhbz#1615590 - Do not rely on "python" for el8- Resolves: rhbz#1615417 - [RFE] Add Smart Card authentication for local users- Resolves: rhbz#1623878 - crash related to sbus_router_destructor()- Resolves: rhbz#1622026 - sssd 2.0 regression: Kerberos authentication fails with the KCM ccache- Resolves: rhbz#1615460 - Rebase SSSD to the latest released version- Switch hardcoded python3 shebangs into the %{__python3} macro- Update to 1.16.2 release - Cleanup unused global definitions - Remove python2 references from the spec file - Resolves: rhbz#1585313 - Kerberos with sssd-kcm is not working on s390x- Resolves: upstream#3684 - A group is not updated if its member is removed with the cleanup task, but the group does not change - Resolves: upstream#3558 - sudo: report error when two rules share cn - Tone down shutdown messages for socket activated responders - IPA: Qualify the externalUser sudo attribute - Resolves: upstream#3550 - refresh_expired_interval does not work with netgrous in 1.15 - Resolves: upstream#3402 - Support alternative sources for the files provider - Resolves: upstream#3646 - SSSD's GPO code ignores ad_site option - Resolves: upstream#3679 - Make nss netgroup requests more robust - Resolves: upstream#3634 - sssctl COMMAND --help fails if sssd is not configured - Resolves: upstream#3469 - extend sss-certmap man page regarding priority processing - Improve docs/debug message about GC detection - Resolves: upstream#3715 - ipa 389-ds-base crash in krb5-libs - k5_copy_etypes list out of bound? - Resolves: upstream#2653 - Group renaming issue when "id_provider = ldap" is set. - Document which principal does the AD provider use - Resolves: upstream#3680 - GPO: SSSD fails to process GPOs If a rule is defined, but contains no SIDs - Resolves: upstream#3520 - Files provider supports only BE_FILTER_ENUM - Resolves: rhbz#1540703 - FreeIPA/SSSD implicit_file sssd_nss error: The Data Provider returned an error [org.freedesktop.sssd.Error.DataProvider.Fatal]- Resolves: upstream#3573 - sssd won't show netgroups with blank domain - Resolves: upstream#3660 - confdb_expand_app_domains() always fails - Resolves: upstream#3658 - Application domain is not interpreted correctly - Resolves: upstream#3687 - KCM: Don't pass a non null terminated string to json_loads() - Resolves: upstream#3386 - KCM: Payload buffer is too small - Resolves: upstream#3666 - Fix usage of str.decode() in our tests - A few KCM misc fixes- New upstream release 1.16.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_1.html- Resolves: upstream#3621 - backport bug found by static analyzers- Resolves: rhbz#1538643 - SSSD crashes when retrieving a Desktop Profile with no specific host/hostgroup set - Resolves: upstream#3621 - FleetCommander integration must not require capability DAC_OVERRIDE- Resolves: upstream#3618 - selinux_child segfaults in a docker container- Resolves: rhbz#1431153 - sssd: libsss_proxy.so needs to be linked with -ldl- Fix systemd executions/requirements- Fix building on rawhide. Remove -Wl,-z,defs from LDFLAGS- Fix building of sssd-nfs-idmap with libnfsidmap.so.1- Rebuilt for libnfsidmap.so.1- Resolves: upstream#3523 - ABRT crash - /usr/libexec/sssd/sssd_nss in setnetgrent_result_timeout - Resolves: upstream#3588 - sssd_nss consumes more memory until restarted or machine swaps - Resolves: failure in glibc tests https://sourceware.org/bugzilla/show_bug.cgi?id=22530 - Resolves: upstream#3451 - When sssd is configured with id_provider proxy and auth_provider ldap, login fails if the LDAP server is not allowing anonymous binds - Resolves: upstream#3285 - SSSD needs restart after incorrect clock is corrected with AD - Resolves: upstream#3586 - Give a more detailed debug and system-log message if krb5_init_context() failed - Resolves: rhbz#1431153 - SSSD ships a drop-in configuration snippet in /etc/systemd/system - Backport few upstream features from 1.16.1- Resolves: rhbz#1494002 - sssd_nss crashed in cache_req_search_domains_next- Backport extended NSS API from upstream master branch- Resolves: upstream#3529 - sssd-kcm Fix restart during/after upgrade- New upstream release 1.16.0 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_16_0.html- Resolves: rhbz#1499354 - CVE-2017-12173 sssd: unsanitized input when searching in local cache database access on the sock_file system_bus_socket- Resolves: rhbz#1488327 - SELinux is preventing selinux_child from write access on the sock_file system_bus_socket - Resolves: rhbz#1490402 - SSSD does not create /var/lib/sss/deskprofile and fails to download desktop profile data - Resolves: upstream#3485 - getsidbyid does not work with 1.15.3 - Resolves: upstream#3488 - SUDO doesn't work for IPA users on IPA clients after applying ID Views for them in IPA server - Resolves: upstream#3501 - Accessing IdM kerberos ticket fails while id mapping is applied- Backport few upstream patches/fixes- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild- New upstream release 1.15.3 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_3.html- Rebuild with libldb-1.2.0- Fix build issues: Update expided certificate in unit tests- Resolves: rhbz#1445680 - Properly fall back to local Smartcard authentication - Resolves: rhbz#1437199 - sssd-nfs-idmap-1.15.2-1.fc25.x86_64 conflicts with file from package sssd-common-1.15.1-1.fc25.x86_64 - Resolves: rhbz#1063278 - sss_ssh_knownhostsproxy doesn't fall back to ipv4- Fix issue with IPA + SELinux in containers - Resolves: upstream https://fedorahosted.org/sssd/ticket/3297- Backport upstream patches for 1.15.3 pre-release - required for building freeipa-4.5.x in rawhide- New upstream release 1.15.2 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_2.html- New upstream release 1.15.1 - https://docs.pagure.org/SSSD.sssd/users/relnotes/notes_1_15_1.html- Cherry-pick patches from upstream that enable the files provider - Enable the files domain - Retire patch 0501-Partially-revert-CONFIG-Use-default-config-when-none.patch which is superseded by the files domain autoconfiguration - Related: rhbz#1357418 - SSSD fast cache for local users- Add missing %license macro- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild- New upstream release 1.15.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.15.0- Rebuild for Python 3.6- Resolves: rhbz#1369130 - nss_sss should not link against libpthread - Resolves: rhbz#1392916 - sssd failes to start after update - Resolves: rhbz#1398789 - SELinux is preventing sssd from 'write' accesses on the directory /etc/sssd- New upstream release 1.14.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.2- libwbclient-sssd: update interface to version 0.13- Fix regression with krb5_map_user - Resolves: rhbz#1375552 - krb5_map_user doesn't seem effective anymore - Resolves: rhbz#1349286 - authconfig fails with SSSDConfig.NoDomainError: default if nonexistent domain is mentioned- Backport important patches from upstream 1.14.2 prerelease - Resolves: upstream #3154 - sssd exits if clock is adjusted backwards after boot - Resolves: upstream #3163 - resolving IPA nested user group is broken in 1.14- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.1- Add workaround patch for RHBZ #1366403- https://fedoraproject.org/wiki/Changes/Automatic_Provides_for_Python_RPM_Packages- New upstream release 1.14.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0- New upstream release 1.14 beta - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0beta- New upstream release 1.14 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.14.0alpha- Resolves: rhbz#1335639 - [abrt] sssd-dbus: ldb_msg_find_element(): sssd_ifp killed by SIGSEGV- Resolves: rhbz#1328108 - Protocol error with FreeIPA on CentOS 6- New upstream release 1.13.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.4- Resolves: rhbz#1276868 - Sudo PAM Login should support multiple password prompts (e.g. Password + Token) - Resolves: rhbz#1313041 - ssh with sssd proxy fails with "Connection closed by remote host" if locale not available- Resolves: rhbz#1310664 - [RFE] IPA: resolve external group memberships of IPA groups during getgrnam and getgrgid - Resolves: rhbz#1301303 - sss_obfuscate: SyntaxError: Missing parentheses in call to 'print'- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild- Additional upstream fixes- Resolves: rhbz#1256849 - SUDO: Support the IPA schema- New upstream release 1.13.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.3- New upstream release 1.13.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.2- Rebuilt for Python3.5 rebuild- Fix building pac responder with the krb5-1.14- python-sssdconfig: Fix parssing sssd.conf without config_file_version - Resolves: upstream #2837 - REGRESSION: ipa-client-automout failed- Fix few segfaults - Resolves: upstream #2811 - PAM responder crashed if user was not set - Resolves: upstream #2810 - sssd_be crashed in ipa_srv_ad_acct_lookup_step- New upstream release 1.13.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.1- Fix OTP bug - Resolves: upstream #2729 - Do not send SSS_OTP if both factors were entered separately- Backport upstream patches required by FreeIPA 4.2.1- Fix ipa-migration bug - Resolves: upstream #2719 - IPA: returned unknown dp error code with disabled migration mode- New upstream release 1.13.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0- Unify return type of list_active_domains for python{2,3}- New upstream release 1.13 alpha - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.13.0alpha- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild- Fix libwbclient alternatives- Backport important patches from upstream 1.13 prerelease- New upstream release 1.12.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.5- Backport important patches from upstream 1.13 prerelease - Resolves: rhbz#1060325 - Does sssd-ad use the most suitable attribute for group name - Resolves: upstream #2335 - Investigate using the krb5 responder for driving the PAM conversation with OTPs - Enable cmocka tests for secondary architectures- Backport patches from upstream 1.12.5 prerelease - contains many fixes- Fix slow login with ipa and SELinux - Resolves: upstream #2624 - Only set the selinux context if the context differs from the local one- Fix regressions with ipa and SELinux - Resolves: upstream #2587 - With empty ipaselinuxusermapdefault security context on client is staff_u- Also relax libldb Requires - Remove --enable-ldb-version-check- Relax libldb BuildRequires to be greater-or-equal- Add support for python3 bindings - Add requirement to python3 or python3 bindings - Resolves: rhbz#1014594 - sssd: Support Python 3- New upstream release 1.12.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.4- Backport patches with Python3 support from upstream- Fix double free in monitor - Resolves: rhbz#1186887 [abrt] sssd-common: talloc_abort(): sssd killed by SIGABRT- Rebuild for new libldb- Decrease priority of sssd-libwbclient 20 -> 5 - It should be lower than priority of samba veriosn of libwbclient. - https://bugzilla.redhat.com/show_bug.cgi?id=1175511#c18- Apply a number of patches from upstream to fix issues found 1.12.3 - Resolves: rhbz#1176373 - dyndns_iface does not accept multiple interfaces, or isn't documented to be able to - Resolves: rhbz#988068 - getpwnam_r fails for non-existing users when sssd is not running - Resolves: upstream #2557 authentication failure with user from AD- Resolves: rhbz#1164156 - libsss_simpleifp should pull sssd-dbus - Resolves: rhbz#1179379 - gzip: stdin: file size changed while zipping when rotating logfile- New upstream release 1.12.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.3 - Fix spelling errors in description (fedpkg lint)- Rebuild for libldb 1.1.19- Resolves: rhbz#1175511 - sssd-libwbclient conflicts with Samba's and causes crash in wbinfo - in addition to the patch libwbclient.so is filtered out of the Provides list of the package- Fix regressions and bugs in sssd upstream 1.12.2 - https://fedorahosted.org/sssd/ticket/{id} - Regressions: #2471, #2475, #2483, #2487, #2529, #2535 - Bugs: #2287, #2445- Rebuild for libldb 1.1.18- Fix typo in libwbclient-devel %preun- Use alternatives for libwbclient- Backport several patches from upstream. - Fix a potential crash against old (pre-4.0) IPA servers- New upstream release 1.12.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.2- Resolves: rhbz#1139962 - Fedora 21, FreeIPA 4.0.2: sssd does not find user private group from server- New upstream release 1.12.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.1- Do not crash on resolving a group SID in IPA server mode- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild- Fix release version for upgrades- New upstream release 1.12.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild- New upstream release 1.12 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta2- Fix tests on big-endian - Fix previous changelog entry- New upstream release 1.12 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.12.0beta1- Rebuild against new ding-libs- Make LDB dependency a strict equivalency- Rebuild against new libldb- New upstream release 1.11.5.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5.1- Fix bug in generation of systemd unit file- New upstream release 1.11.5 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.5- Handle new error code for IPA password migration- Include couple of patches from upstream 1.11 branch- New upstream release 1.11.4 - Remove upstreamed patch - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.4- Handle OTP response from FreeIPA server gracefully- New upstream release 1.11.3 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.3- New upstream release 1.11.2 - Remove upstreamed patches - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.2- Fix potential crash with external groups in trusted IPA-AD setup- Add plugin for cifs-utils - Resolves: rhbz#998544- Fix failover from Global Catalog to LDAP in case GC is not available- Remove the ability to create public ccachedir (#1015089)- New upstream release 1.11.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.1- Fix multicast checks in the SSSD - Resolves: rhbz#1007475 - The multicast check is wrong in the sudo source code getting the host info- Backport simplification of ccache management from 1.11.1 - Resolves: rhbz#1010553 - sssd setting KRB5CCNAME=(null) on login- New upstream release 1.11.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0- Resolves: #967012 - [abrt] sssd-1.9.5-1.fc18: sss_mmap_cache_gr_invalidate_gid: Process /usr/libexec/sssd/sssd_nss was killed by signal 11 (SIGSEGV) - Resolves: #996214 - sssd proxy_child segfault- Rebuilt for https://fedoraproject.org/wiki/Fedora_20_Mass_Rebuild- Resolves: #906427 - Do not use %{_lib} in specfile for the nss and pam libraries- New upstream release 1.11 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.11.0beta2- New upstream release 1.10.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.1- sssd-tools should require sssd-common, not sssd- Move sssd_pac to the sssd-ipa and sssd-ad subpackages - Trim out RHEL5-specific macros since we don't build on RHEL 5 - Trim out macros for Fedora older than F18 - Update libldb requirement to 1.1.16 - Trim RPM changelog down to the last year- Move sssd_pac to the sssd-krb5 subpackage- Fix Obsoletes: to account for dist tag - Convert post and pre scripts to run on the sssd-common subpackage - Remove old conversion from SYSV- New upstream release 1.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0- the cmocka toolkit exists only on selected arches- Apply a number of patches from upstream to fix issues found post-beta, in particular: -- segfault with a high DEBUG level -- Fix IPA password migration (upstream #1873) -- Fix fail over when retrying SRV resolution (upstream #1886)- Only BuildRequire libcmocka on Fedora- Fix typo in Requires that prevented an upgrade (#973916) - Use a hardcoded version in Conflicts, not less-than-current- Enable hardened build for RHEL7- New upstream release 1.10 beta2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta2 - BuildRequire libcmocka-devel in order to run all upstream tests during build - BuildRequire libnl3 instead of libnl1 - No longer BuildRequire initscripts, we no longer use /sbin/service - Remove explicit krb5-libs >= 1.10 requires; this platform doensn't carry any older krb5-libs version- Apply a couple of patches from upstream git that resolve crashes when ID mapping object was not initialized properly but needed later- Resolves: rhbz#961357 - Missing dyndns_update entry in sssd.conf during realm join - Resolves: rhbz#961278 - Login failure: Enterprise Principal enabled by default for AD Provider - Resolves: rhbz#961251 - sssd does not create user's krb5 ccache dir/file parent directory when logging in- BuildRequire recent libini_config to ensure consistent behaviour- Explicitly Require libini_config >= 1.0.0.1 to work around a SONAME bug in ding-libs - Fix SSH integration with fully-qualified domains - Add the ability to dynamically discover the NetBIOS name- New upstream release 1.10 beta1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0beta1- Add a patch to fix krb5 ccache creation issue with krb5 1.11- New upstream release 1.10 alpha1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.10.0alpha1- Add a patch to fix krb5 unit tests- Split internal helper libraries into a shared object - Significantly reduce disk-space usage- Fix the Kerberos password expiration warning (#912223)- Do not write out dots in the domain-realm mapping file (#905650)- Include upstream patch to build with krb5-1.11- Rebuild against new libldb- Fix build with new automake versions- Recreate Kerberos ccache directory if it's missing - Resolves: rhbz#853558 - [sssd[krb5_child[PID]]]: Credential cache directory /run/user/UID/ccdir does not exist- Fix changelog dates to make F19 rpmbuild happy- New upstream release 1.9.4- New upstream release 1.9.3- Resolve groups from AD correctly- Check the validity of naming context- Move the sss_cache tool to the main package- Include the 1.9.2 tarball- New upstream release 1.9.2- New upstream release 1.9.1- require the latest libldb- Use mcpath insted of mcachepath macro to be consistent with upsteam spec file- New upstream release 1.9.0- New upstream release 1.9.0 rc1- New upstream release 1.9.0 beta7 - obsoletes patches #1-#3- Rebuild against libldb 1.12- Rebuild against libldb 1.11- Change the default ccache location to DIR:/run/user/${UID}/krb5cc and patch man page accordingly - Resolves: rhbz#851304- Rebuild against libldb 1.10- Only create the SELinux login file if there are SELinux mappings on the IPA server- Don't discard HBAC rule processing result if SELinux is on Resolves: rhbz#846792 (CVE-2012-3462)- New upstream release 1.9.0 beta 6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta6 - A new option, override_shell was added. If this option is set, all users managed by SSSD will have their shell set to its value. - Fixes for the support for setting default SELinux user context from FreeIPA. - Fixed a regression introduced in beta 5 that broke LDAP SASL binds - The SSSD supports the concept of a Primary Server and a Back Up Server in failover - A new command-line tool sss_seed is available to help prime the cache with a user record when deploying a new machine - SSSD is now able to discover and save the domain-realm mappings between an IPA server and a trusted Active Directory server. - Packaging changes to fix ldconfig usage in subpackages (#843995) - Rebuild against libldb 1.1.9- Rebuilt for https://fedoraproject.org/wiki/Fedora_18_Mass_Rebuild- New upstream release 1.9.0 beta 5 - Obsoletes the patch for missing DP_OPTION_TERMINATOR in AD provider options - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta5 - Many fixes for the support for setting default SELinux user context from FreeIPA, most notably fixed the specificity evaluation - Fixed an incorrect default in the krb5_canonicalize option of the AD provider which was preventing password change operation - The shadowLastChange attribute value is now correctly updated with the number of days since the Epoch, not seconds- Fix broken ARM build - Add missing DP_OPTION_TERMINATOR in AD provider options- Own several directories create during make install (#839782)- New upstream release 1.9.0 beta 4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta4 - Add a new AD provider to improve integration with Active Directory 2008 R2 or later servers - SUDO integration was completely rewritten. The new implementation works with multiple domains and uses an improved refresh mechanism to download only the necessary rules - The IPA authentication provider now supports subdomains - Fixed regression for setups that were setting default_tkt_enctypes manually by reverting a previous workaround.- New upstream release 1.9.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta3 - Add a new PAC responder for dealing with cross-realm Kerberos trusts - Terminate idle connections to the NSS and PAM responders- Switch unicode library from libunistring to Glib - Drop unnecessary explicit Requires on keyutils - Guarantee that versioned Requires include the correct architecture- Fix accidental disabling of the DIR cache support- New upstream release 1.9.0 beta 2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta2 - Add support for the Kerberos DIR cache for storing multiple TGTs automatically - Major performance enhancement when storing large groups in the cache - Major performance enhancement when performing initgroups() against Active Directory - SSSDConfig data file default locations can now be set during configure for easier packaging- Fix regression in endianness patch- Rebuild SSSD against ding-libs 0.3.0beta1 - Fix endianness bug in service map protocol- Fix several regressions since 1.5.x - Ensure that the RPM creates the /var/lib/sss/mc directory - Add support for Netscape password warning expiration control - Rebuild against libldb 1.1.6- New upstream release 1.9.0 beta 1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.9.0beta1 - Add native support for autofs to the IPA provider - Support for ID-mapping when connecting to Active Directory - Support for handling very large (> 1500 users) groups in Active Directory - Support for sub-domains (will be used for dealing with trust relationships) - Add a new fast in-memory cache to speed up lookups of cached data on repeated requests- New upstream release 1.8.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.3 - Numerous manpage and translation updates - LDAP: Handle situations where the RootDSE isn't available anonymously - LDAP: Fix regression for users using non-standard LDAP attributes for user information- New upstream release 1.8.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.2 - Several fixes to case-insensitive domain functions - Fix for GSSAPI binds when the keytab contains unrelated principals - Fixed several segfaults - Workarounds added for LDAP servers with unreadable RootDSE - SSH knownhostproxy will no longer enter an infinite loop preventing login - The provided SYSV init script now starts SSSD earlier at startup and stops it later during shutdown - Assorted minor fixes for issues discovered by static analysis tools- Don't duplicate libsss_autofs.so in two packages - Set explicit package contents instead of globbing- Fix uninitialized value bug causing crashes throughout the code - Resolves: rhbz#804783 - [abrt] Segfault during LDAP 'services' lookup- New upstream release 1.8.1 - Resolve issue where we could enter an infinite loop trying to connect to an auth server - Fix serious issue with complex (3+ levels) nested groups - Fix netgroup support for case-insensitivity and aliases - Fix serious issue with lookup bundling resulting in requests never completing - IPA provider will now check the value of nsAccountLock during pam_acct_mgmt in addition to pam_authenticate - Fix several regressions in the proxy provider - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#799031 - --debug option for sss_debuglevel doesn't work- New upstream release 1.8.0 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental) - Include the IPA AutoFS provider - Fixed several memory-corruption bugs - Fixed a regression in group enumeration since 1.7.0 - Fixed a regression in the proxy provider - Resolves: rhbz#741981 - Separate Cache Timeouts for SSSD - Resolves: rhbz#797968 - sssd_be: The requested tar get is not configured is logged at each login - Resolves: rhbz#754114 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#743133 - Performance regression with Kerberos authentication against AD - Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - Resolves: rhbz#786957 - sssd and kerberos should change the default location for create the Credential Cashes to /run/usr/USERNAME/krb5cc- Change default kerberos credential cache location to /run/user/- New upstream release 1.8.0 beta 3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta3 - Fixed a regression in group enumeration since 1.7.0 - Fixed several memory-corruption bugs - Finalized the ABI for the autofs support - Fixed a regression in the proxy provider- Rebuild against PCRE 8.30- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta2 - Fix two minor manpage bugs - Include the IPA AutoFS provider- New upstream release - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.8.0beta1 - Support for the service map in NSS - Support for setting default SELinux user context from FreeIPA - Support for retrieving SSH user and host keys from LDAP (Experimental) - Support for caching autofs LDAP requests (Experimental) - Support for caching SUDO rules (Experimental)- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features - fix netgroups and sudo as well- Fixes a serious memory hierarchy bug causing unpredictable behavior in the LDAP provider.- Resolves: rhbz#773706 - SSSD fails during autodetection of search bases for new LDAP features- Rebuilt for https://fedoraproject.org/wiki/Fedora_17_Mass_Rebuild- New upstream release 1.7.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.7.0 - Support for case-insensitive domains - Support for multiple search bases in the LDAP provider - Support for the native FreeIPA netgroup implementation - Reliability improvements to the process monitor - New DEBUG facility with more consistent log levels - New tool to change debug log levels without restarting SSSD - SSSD will now disconnect from LDAP server when idle - FreeIPA HBAC rules can choose to ignore srchost options for significant performance gains - Assorted performance improvements in the LDAP provider- New upstream release 1.6.4 - Rolls up previous patches applied to the 1.6.3 tarball - Fixes a rare issue causing crashes in the failover logic - Fixes an issue where SSSD would return the wrong PAM error code for users that it does not recognize.- Rebuild against libldb 1.1.4- Resolves: rhbz#753639 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758425 - LDAP failover not working if server refuses connections- Rebuild for libldb 1.1.3- Resolves: rhbz#752495 - Crash when apply settings- New upstream release 1.6.3 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.3 - Fixes a major cache performance issue introduced in 1.6.2 - Fixes a potential infinite-loop with certain LDAP layouts- Rebuilt for glibc bug#747377- Change selinux policy requirement to Conflicts: with the old version, rather than Requires: the supported version.- Add explicit requirement on selinux-policy version to address new SBUS symlinks.- Remove %files reference to sss_debuglevel copied from wrong upstreeam spec file.- Improved handling of users and groups with multi-valued name attributes (aliases) - Performance enhancements Initgroups on RFC2307bis/FreeIPA HBAC rule processing - Improved process-hang detection and restarting - Enabled the midpoint cache refresh by default (fewer cache misses on commonly-used entries) - Cleaned up the example configuration - New tool to change debug level on the fly- New upstream release 1.6.1 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.1 - Fixes a serious issue with LDAP connections when the communication is dropped (e.g. VPN disconnection, waking from sleep) - SSSD is now less strict when dealing with users/groups with multiple names when a definitive primary name cannot be determined - The LDAP provider will no longer attempt to canonicalize by default when using SASL. An option to re-enable this has been provided. - Fixes for non-standard LDAP attribute names (e.g. those used by Active Directory) - Three HBAC regressions have been fixed. - Fix for an infinite loop in the deref code- Build with _hardened_build macro- New upstream release 1.6.0 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.6.0 - Add host access control support for LDAP (similar to pam_host_attr) - Finer-grained control on principals used with Kerberos (such as for FAST or - validation) - Added a new tool sss_cache to allow selective expiring of cached entries - Added support for LDAP DEREF and ASQ controls - Added access control features for Novell Directory Server - FreeIPA dynamic DNS update now checks first to see if an update is needed - Complete rewrite of the HBAC library - New libraries: libipa_hbac and libipa_hbac-python- New upstream release 1.5.11 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.11 - Fix a serious regression that prevented SSSD from working with ldaps:// URIs - IPA Provider: Fix a bug with dynamic DNS that resulted in the wrong IPv6 - address being saved to the AAAA record- New upstream release 1.5.10 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.10 - Fixed a regression introduced in 1.5.9 that could result in blocking calls - to LDAP- New upstream release 1.5.9 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.9 - Support for overriding home directory, shell and primary GID locally - Properly honor TTL values from SRV record lookups - Support non-POSIX groups in nested group chains (for RFC2307bis LDAP - servers) - Properly escape IPv6 addresses in the failover code - Do not crash if inotify fails (e.g. resource exhaustion) - Don't add multiple TGT renewal callbacks (too many log messages)- New upstream release 1.5.8 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.8 - Support for the LDAP paging control - Support for multiple DNS servers for name resolution - Fixes for several group membership bugs - Fixes for rare crash bugs- Resolves: rhbz#706740 - Orphaned links on rc0.d-rc6.d - Make sure to properly convert to systemd if upgrading from newer - updates for Fedora 14- Fix segfault in TGT renewal- Resolves: rhbz#700891 - CVE-2011-1758 sssd: automatic TGT renewal overwrites - cached password with predicatable filename- Re-add manpage translations- New upstream release 1.5.6 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.6 - Fixed a serious memory leak in the memberOf plugin - Fixed a regression with the negative cache that caused it to be essentially - nonfunctional - Fixed an issue where the user's full name would sometimes be removed from - the cache - Fixed an issue with password changes in the kerberos provider not working - with kpasswd- Resolves: rhbz#697057 - kpasswd fails when using sssd and - kadmin server != kdc server - Upgrades from SysV should now maintain enabled/disabled status- Fix %postun- Fix systemd conversion. Upgrades from SysV to systemd weren't properly - enabling the systemd service. - Fix a serious memory leak in the memberOf plugin - Fix an issue where the user's full name would sometimes be removed - from the cache- Install systemd unit file instead of sysv init script- New upstream release 1.5.5 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.5 - Fixes for several crash bugs - LDAP group lookups will no longer abort if there is a zero-length member - attribute - Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- New upstream release 1.5.4 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.4 - Fixes for Active Directory when not all users and groups have POSIX attributes - Fixes for handling users and groups that have name aliases (aliases are ignored) - Fix group memberships after initgroups in the IPA provider- Resolves: rhbz#683267 - sssd 1.5.1-9 breaks AD authentication- New upstream release 1.5.3 - Support for libldb >= 1.0.0- New upstream release 1.5.2 - https://fedorahosted.org/sssd/wiki/Releases/Notes-1.5.2 - Fixes for support of FreeIPA v2 - Fixes for failover if DNS entries change - Improved sss_obfuscate tool with better interactive mode - Fix several crash bugs - Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this - Delete users from the local cache if initgroups calls return 'no such user' - (previously only worked for getpwnam/getpwuid) - Use new Transifex.net translations - Better support for automatic TGT renewal (now survives restart) - Netgroup fixes- Rebuild sssd against libldb 1.0.2 so the memberof module loads again. - Related: rhbz#677425- Resolves: rhbz#677768 - name service caches names, so id command shows - recently deleted users- Ensure that SSSD builds against libldb-1.0.0 on F15 and later - Remove .la for memberOf- Fix memberOf install path- Add support for libldb 1.0.0- Rebuilt for https://fedoraproject.org/wiki/Fedora_15_Mass_Rebuild- Fix nested group member filter sanitization for RFC2307bis - Put translated tool manpages into the sssd-tools subpackage- Restore Requires: cyrus-sasl-gssapi as it is not auto-detected during - rpmbuild- New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options -Assorted bugfixes- CVE-2010-4341 - DoS in sssd PAM responder can prevent logins- New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Solve a shutdown race-condition that sometimes left processes running - Resolves: rhbz#606887 - SSSD stops on upgrade- Log startup errors to the syslog - Allow cache cleanup to be disabled in sssd.conf- New upstream release 1.4.1 - Add support for netgroups to the proxy provider - Fixes a minor bug with UIDs/GIDs >= 2^31 - Fixes a segfault in the kerberos provider - Fixes a segfault in the NSS responder if a data provider crashes - Correctly use sdap_netgroup_search_base- Fix incorrect tarball URL- New upstream release 1.4.0 - Added support for netgroups to the LDAP provider - Performance improvements made to group processing of RFC2307 LDAP servers - Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin - Build-system improvements to support Gentoo - Split out several libraries into the ding-libs tarball - Manpage reviewed and updated- Fix pre and post script requirements- Resolves: rhbz#606887 - sssd stops on upgrade- Resolves: rhbz#626205 - Unable to unlock screen- Resolves: rhbz#637955 - libini_config-devel needs libcollection-devel but - doesn't require it- Resolves: rhbz#632615 - the krb5 locator plugin isn't packaged for multilib- Resolves: CVE-2010-2940 - sssd allows null password entry to authenticate - against LDAP- Rebuilt for https://fedoraproject.org/wiki/Features/Python_2.7/MassRebuild- New upstream version 1.2.91 (1.3.0rc1) - Improved LDAP failover - Synchronous sysdb API (provides performance enhancements) - Better online reconnection detection- New stable upstream version 1.2.1 - Resolves: rhbz#595529 - spec file should eschew %define in favor of - %global - Resolves: rhbz#593644 - Empty list of simple_allow_users causes sssd service - to fail while restart. - Resolves: rhbz#599026 - Makefile typo causes SSSD not to use the kernel - keyring - Resolves: rhbz#599724 - sssd is broken on Rawhide- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)2.9.4-1.el82.9.4-1.el8.build-idbcdfade874976f4a68361641646073f748340259sssd_pacsssd-common-pacCOPYING/usr/lib//usr/lib/.build-id//usr/lib/.build-id/bc//usr/libexec/sssd//usr/share/licenses//usr/share/licenses/sssd-common-pac/-O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -fexceptions -fstack-protector-strong -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -fcf-protectioncpioxz2x86_64-redhat-linux-gnudirectoryELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, interpreter /lib64/ld-linux-x86-64.so.2, for GNU/Linux 3.2.0, BuildID[sha1]=bcdfade874976f4a68361641646073f748340259, strippedASCII text0RR'RRR"R+R-R.RRRRRRR)R R RRRRR!R%RRRRR*RR RRRRRRRRR&R#R$R R,R(R R/RR3utf-8320d1e9de20a01e61e3723daa511c385c6450fd99a36f6a23eb0ef733249d7ba?@7zXZ !#,] b2u jӫ`(y//cBe5ngt<hqy[uCLjiǰ:шuco}W|cxzcX玈iަYD6cm  np3M瓱PCghnMFj# :~ !1ߞ (eEW%__Ol"-GfR!_S1Jk!?'t=3Rl\l3Vo;Nl/`1 VȖ=YC+Fqhƺ;Z}75FG0V=9mZ4@3#,Ga{9MZ츽;ly%]ǡDp۳Bzg~tZdv򨎝_K?Z|Kt.7sPǬ>A -i_PL(u5&4[Bv`<mx!f1KjgR}Z&_$i϶;& 8g7M!s, ^_;D"JZS"m#+¤)0_qYf:Zs7;thS 3,ݚLC6o"DǪmkpOBLl;9{V8=g_J,C#١yWҴꗵrNŏ4C }0M<'Wr.BBLƳ23iBuLW)VԦa2YܴQ?~k+ O!|z{ SҰ̚Xz _ 40w.`̚V?E qa [ E ~ÛzbHZ0"{c.6AyԂ9&yU&jo(gkW\~I~A$1n̆lA|$H.չr38KnU+#Br^ԭnDFR2ܬܣiK$镌Ymc=OB93p[DXOݺi(TTI3Jw0/;SV+ V=i~y \UYOU]+QA@iOed,ek=.ĩUH7H]p6_z*?+=$5>HvpQF̎ZZ+W,5C_zM pi\G@c̾ ʳB!!Qq#Rż1Ć5< ^"%nD4 #e)i[ܘKP [z60V~8ptQq5^M dfDQet0ç PC{-ؗK +Gc0CW٫픕?IlumjT>,Ր9 p`k\0{NYx[4~5$o HS`hnu`uX%? eyJ0S̈G{UgC2Jߨh1e@Stlo=WecN.{ 8J8 Uj2&LS:UmlxהNπ^k{YJo+&6)zr(;}.Ou=6C\;'ߏJ9>V] vXIONO^pkLWm.ӞO?('},ҐUZ'\`2þ ?EKMt\;TKG^^:,gz0EK5=bijzJu]a .z85v)$? @DKwsuSbWB\+ku`qcîC{0ׇƲ_Й}gf㳆/B44PbwdH?.r=ujւCPTQ,^F>i/QF"@}״pc ,ک M-q@\zP>D,=morh=ct$PS0>Pā v‴;8Ct)jIݞS̰֨*aB'~|Vz1'oو0H5~5Aܛo~oSʲe lxBm;B~[v{Їr3 rt7mߍp#:q-#eyfP#ޗU, $])%'<or^_,]%!Wu3;u~5Qhg;}M[N>ȼftZ2,*o(ĤorUɎq/?Pۡ6 | mX:^;ҺAݴoszm= ϐ*4H5u-bS?%WDƢ \EUb<ڰ2:\ZETB>B*֧?rPm/7U=tƶ,}HG;vyuofG% j>Dq[E3>BƉDn/ޔ 8Okq{m-9)l%dvCC*d^ T,, 7Ѝ|{hŰ (Bo#n#?77X1Y n'Mhn|9`m.@H5F#hb7^d#`'x -jj~'8'HF$[Z!-=GH |X r2{HY$ba an[x亂+Hߟ]UTq:&d舠ϛ Qr[[8|ZL G%D"QM w?rVբɧD`ꐰ(t˛=հddq $ 5;Ǜ K Ɔa?_#N${!:zI>weosa>6@)%ڄgͿfp['*ƣ,J<cEoYq_>d0le0ҋ^ݼhf(fd>-/xA+ړc$zwn5i-G$M<'2^]? vZK?y?LWPknZC!:e)kGճ H:)6Ɏu4 YN2Nd=TI(\Y!x^ataPV^ݷ79[- IҀet^D&)4&.|7 O×܇*,8vn``19]1-ۓb/F^ w5b('!m9)<X ^1fߠ ZȕrP&F]4Yxq6BZxjVܜ+Myܫc4腖Cx<%/γw1ƃ(JRdwahq>V,1'sSBݝq} x@QH&4;Fqm'Xh 3\(1CSp%vH#P%g قl7Iw<g#Q EtxqDE*z oChA;n;Eg|ѲFPT]4co\棑7PaD|e4RJ7rKlDe61j~.k A1ҟL5(ʁuɸwTA~-ՎcArD_a9P$~bU>UⲊSٌcrt@y-N8vmө"4>Kp"Wn A,hq@bl'I|{Ip7 C3k:ޭNZ2|+t|GS%镔r W e'hN{mi8EV&;XPDOu5G 94VRgpFcw:R( 2LC"l263>?5>\iᲙh6DFWϪ.|֭kY 0D㜑jf\eWMV[0[0Y&c$3"dfzCuqdEQXDFG~E4,]65{OЉhnӚ;/Q4n%27koQr;n,KԮm\h>8Sv+5C) R4x!4oˡtؔD7WPYyw]xhW'~Zѣ3pӭ MHHMsL\z#lt_WhVz+~ S:e1q7YM0]}{Z/L> K+_!jWIM)$>`0(OBcm긲tnV(]oY5a8+\6׮@Q)m2yJ:[*$I"xjo'+gXe) .. LzG,;Qj(;B}+n~_]Z$iSǤ3!d-Dž鳾 l* D<1D-^Ǣxjiyz]M}@#0jዶJ%7(<}7T<I~CO(qIJڑ:);Ж9u9:^݆}jsCIs̰=9 ϖRR9/3t49?_$ZgnA  bA$X_j$*B>:o3 ] O-[Ċ+($Q^S'-.z hP[A-.;r{8O|TK/)2ΏyV12@ oN0>BI"dƂ?C>b >IS#̟&؟ѽ$4`P :hCMD1zNq֙,Qo)Ax`9m]:$t&,@u,XH,Dt=PxjW0Pjsy?uY0?յ.e>]6aiIѪPP݋-gOjqh?ƺ&`.+}[rN|{:xMh`Na/vn3^Ak;©Hho &9變1c$Ȳ[#OnMzaIJ"BηzNoB{K8`wg H޺T P\t_ yZ7з>5տ'U'둞S)'<mxfE|s{iۻ>K\inQ舲# "` sZ=ͅ^ в`)h$&6Fa̮r27)8J8>A9%E^  f\7qDT#@^{*`S];ﯥUAβ ?0$U(K g٨6B$̎ X`u!FIrtbq˷>{ E"hVGٲ3~ڡ#\[tY+Q뫧3|f/-t] >'~ot !$['Y4Z=t}ߤmOB!6#1aV9mÃL^6Q czJ$!',_- =KaaLyg9 [yA!JytLRIl ߷轂}\̳]Od4i࿣G S:u A8jr*iB\7"8)/ZЏLALN%D~]1;QHgtSܽ2`|<4xO3)=J-3NJ/eQy%cʱ~]H_ɳJ50v}sv.7P_-/^1TQ |'`J7 IEQؗ/Z@"w>*\K{­uCO>yHG{r} YQ6]swnnl ǩC p(EC֖m^i=\蔇Mj@&4)=+0&7휴jM7esd"'-KE**f햳JBPT6y 谒 Խyw'~UdfZ~Itsk:g(R}ڃgId{HgV @Ӡ/XM_fEiU6K: Q:ݰ6lNa)ٶ~q(,`T} [ۘʉN x ajWƳQY_Ҟ тT  P<(v/?]Ǻe\{u_VD F&?sSiu= ~SRˊ| kB"}n!=nmW|GClTQl->Wq"^ho޿ .GBBHc1FbKcpxm`Ůj[< ZNȤ>XK <O59&$AOtv-z|ΌxϊSge?&]f*Mu:bc#IDe[fL'ScPYM&jܮZ= 8E6zOv.ͱʕ U^{aR!֌X2A㷾SL ]p|yz] 衊2r n@fbyI.ooJ 'XĴInaoGDZ#qxmV(`(>f!+0GөX@vji"({_ܬi.^$!+T6ZAO5& $p#9-sm8V8dC^K@ y_eL4ÿ܈\iP⩹8o#ڍ 0}PG3ϳRinp;hq  _m7>{0S2:]ZDPi^""dM>D+B$5B2OKs<ꂞel{EE:n!' EBlfÍe=KLv5X=1fq Ţ$r9)N;c]x,h G P'WM)^ uG0 1GH`ZL<=Қ9uojR`0OPF ]4_]zh҇{+qdڗ쪓w)Dyꠓn90#x*0C0m0>M>ۜ&6-0ovWb 94@ofsϒԔl'H.Qo7dDӒ2Eɜ! R(aXv0 oW2tަ'Jr5ĚsMmov{{9g@-M&pVRđҒ0A|ڵnfLO 2 ^(~<7,90?xB@ՖVMr @ n~/ ߐxk=f4"ֺ9zB6қg{l6Zr7G52eOb6@kduDl `>Ş[ҝ=uZ~'?C%)z4s/Wq|ٔvd q*+C#Mu2̌/ q $tbےae ONȢbDrJi;؀xfCOš,Sc4)Ao=-yf?Z@@'@{HxBݭv.0D.e$+QށʼLgGi^&*SYw"p(pĒ9>HU/Uˏ{?b.Q_[Ա`:w3qi:_wOxQӺ@;n&<\{ rz&QvW79ylIW{y`i"ZWuD_Uql =. i nV VFSݔbt#,:dE@~` owOs؛\m?gǢ;ȟ9X^>8zy{8yĀs ?@wCP oQ}#.aqE鮝ܿF13z#9Yz˛RYq-J'8E=Lk22z< * 383ڵFudW-l7-z#ԏ;sAkrźNx}Ni]0p] ^7 AZe)#s0.wD"-]*Z ;DJ-M2Yh=cd 5[K}Ԙ=XKit-D3I,W3-b֢҃S/be9B *Əɋmh){H J#= ^6/ UVɨn>E㔙U5hArNv`.ƛ5s Sxbd͆Cw?ycFF<#\oiԑ:0R``E 0Ɏ$NT@=N|, /":r*&nD12YxzΣh[(}v#98`3g~HUu>PtN"K$ZBw1㨡:$(@WtdWUH|9k#O;oݻ_ 7!Ƙ7YxM.Ք5ob>#¶:c0--S9LR :ۍϣ̃1 iJ[lTM իCح`_z=_ Y.) [J'e{]s?`T[<`C/^NKRaS u2ubAfi=MVqTʐ'+ :`&߇~8IyRhJM܄ ~KIeL)&^Wu5 -3:h_#&/qw_5͉υ@I_P_4ٺX}1E!R*0Wˤ~*ܽG*d*!?; ,.+nMR ZLicLlW)be1/ъT6&U0HE%ixu&TyzzCTl)HbHĎsI w k&YdžC l RUmo{W0I͞t$ dɇ-mP#uN3b`[ՇId0ޥ:gY ]ʭ,y'_eL T6:D(FR#ucf?kr͌zn>)lmIT)Qvvjv7|x(Sܿ1醊>|zSw%esJ?pwqzKV-foع9e@JK3ڐ_'2kT(ח6Î3EPDk ;/'b?Ra02ܓbn3N$Vڿ*_ρf( `Ԙ U*n"Vz #Q LfvtӺ5׉41xA՛lrM-- '~z^2g\uw\HX,rF!.;fg}nI[hdg 8b/N~;g-4'kp.lTȐ'Sk*'/ aU?:Nah772FuQ*]%0b[w,&P| UNLF^ˎ{, lȗSXwL9<ӆCk_c5Jl@N67<'&r(9rT3Nɺax=o4;uH~no ר,ht~۝B_d6q).ASD@y bGG#>6Efhm_Rk9 #'w Z 5 kjl֑5՗W>ҠM18ͮqݝ:)[* 'K u{Ҝ~EP~==ކ9b"ecG0)d%Q1P4s/r>n{,XX|&;l?eOTJ|-%'_%V=YB axy8\|pӱYAgnj'VHna,͞_]UdMCpv^wsX!ʚ` ^>._ݗVy;|>rBZ}٣"I "hvL{џA2d !8pv < IpQk2c2uCQϛT5 Qmq7Օ\-8z燕982Zm>ٞrkih_.EWGmpޤERDQl_2-kK`Fk j h"Awʉ+]9?u=%J:74fy'gNXi-A1[;5܃$OJeE0EnmLo`h/~-/XA\˵oh3,Nj£HqQJ&XфLya끭,>Fjݒ%QYS T{=rl7|ҮwU}mWc%Fۑ.\a))뵘MXvl.% 2Ҧ-؜%)orEeO*@.V|ECI7tz7MSpy ]VtOx y(U!z,m0%=Jhp$i~xd >Tvb= gSF}wܺY|m ›َLl]R֦~ncIط PI4:5фϧFn 0T'y d躵 zj.T6f|qh69  ]L-|6͛'tswDМJZSCϵUBf9^8eTIi}(韕Uje!AwҬeK9V?T| SRCvО*I|DH`{Y?CؔĔNِ(o n$fX69&s0Y `ҙz*2$TZ44Pk7("g}0%r kirBg{x`VZߕW/H%в*)ڪ Nqv#N>EU:T6>z+$8 suφh-(>ӅN363}i$]w`] pO1`=E,Z-=vmOQ:Bf ss]w wx6 _&mPHK)pό@. Nh>hxcۑ-\p (sFSh>u%Gw^>"CHaU/ P/_ u\x+ׇ؅\@DȽgk63XaH&1lN]ޠXwDBwt>W@k:a%bVAu!YaX̭Q56Ќ65'ro2>/Q,}#*2՘Q_&q n৮ִ~9c4꒚+p(8p#.k8;ԡUPR)ȮKD!Aʢ5/rFv q|eϵ]Ȥ8%OUP J'➚ HE* #Mz$ WjBGth)"I%")0bsAߗeV_W}-zZFeEOf.^khJPX ׈EOq%O_ƍJ|msdca]{MQl$1nI-dm.;2 GH9gt uPb T>I*=eM}6̼g:(xXsd0 !4[ЅCq#dAŞItEKM?X)4)ir }S!F\hϑײ"̵T.y?eU^$0Rߓ6) q ud w"8s0#WՇT  GQucMv,S|Hs; _+oe/0'U"$_HI݃vC MBnCXþA[Cj|n z/3JjE['.ðF^`Y<>d}C…D0+9ޜ&8(OT8ӺOMZ6 3րMQAKD=EU*~&t|}G.wMwFZ,#ێIe/5чt"MV)m7(Zc*A,czYzv$lo[D[r@IS.gΝ+R֪|V6m躿6'+Z*h#s}̻͋+ 4<1%Rͳ5YLP*`͍^]^q^z7sDo;, +me5qB]6`j)<g [HsK5ssA*R!z4sETbV˫ 24oe]܍u"","EeYT\!.0@?p矩=ޙtr}O`2t{]CUm*т3@{lrAUYbf:\r2r|ӓygNnt[߫(=H!g8C!-5)&x:G:-ȸ(mGrLЪ^C7V^*$΍K3IBYphn]:-GYYNuM(6UFKQ6$},[HB$ɞD]I1B|2ˉDYy7T&S0gJыPF. +X.~GX;a{V SS,V ,>MILwvUM'6@-څ04hcoz;Μh(KDK%~ ~?}dU@vcgr +W@ҝe7)D c'7r~~~k<+ I..{, 00 a?@;ۓy0Gdތ|Bz}wBrTB=Z4(ȼ\@ERpq s13O#n}f/FOs\jk6RFȔ`TA[]T0b{grƦ;성b̡%yȶ<ښ/l[4JQcܜyٶ4UD֝uAXݵJozFSM:ddU$ MD7{H3]d?rqRpgS%VLxH9*:[*zGNmʂ'!5ez^ki4O pwxDa2\"47m DK?Zy>ŠI$Lp<av?Ю<=r[nl7l7aQjޘk%μ2AK$lSre)`ظ{09CF?|>^\r^/ 4H?gM4l[i/m.7:0+Zp(=M[{ qflIk" *ϒ'SYo3Xp"gde Sd5QMsǯ0Ţq#rώgI iZ#0yg~C]er$0jUb\(݋(NT4&E;KC2wWJ|0M3JDPzVG^Rͭ.j|{6}NAOAUb5Ppf8*aōFċojLSQ󨩈|)$N9`Yv K%92Sߖ&"=na?324@I')5R7ƨ-) _;ºtI趠2jsڃh]/I̢uv~TȞX| ۮ^{>eH'^x'k׾y*?#ߍg\i H[f)J"y!]pF/cxRܠK3b5>@[]&5Ű~IYK93Ɗ} }P m݌#d:[";i:kƥ _nKנu< b1jl&Y0 Ǟu ./6ukeFxbo:HZ5MMNjbf`NT.}M߫)ܯjd"t` GEjU` "wjz|7eqjFZ V ӤnC}̈́0ˍ^%Fm*x[a;-hj\I):! ♯&5&[52^O8mZ!ISN,n-#/ꏠAU`f~m~!3C5)U#q9YWER9#l44Ф^ m9<g`jֆ`jgum rYiۗ `IPxy$+l6U uM5xY7(ea{ =`-լ+I1t{X]m/6>(~.H*/RsY6DU&R>| B8 xYukRF&Lcx[zNi<2B "mvr>ooVz OWg}ۚ$4>T$ ] uz#GnyHI C=׺nu<V)AsƛBBB* Afe<[֏v#~]'ڋMw{_q][h||^bG`*k'{7W:]*ƭ{09i؇{ҏ; tgճGFT^K#E"G"*$^IX;fJIf֠,T(<-y ˲_}G84B pN;*+甸 Vm<"šlFWJN0Yzq| ڦca,@RB;XX2Oc[\0"ՐrZiF$Oz $tH'gԭ,T][-re,>NMz iT-yPA V}ZVj(ի.U^Yʚv3 ,M4>(dEmK!5Yװօ8f4y8&@yHem9[FJNTO3_&qF[Z 4%;Dzx P _&;#~\x+pI`z8V. !ꙅM?vnO:̢C Y- D'vWQ*%E.?e=36[}7৾fY?_eD0p|nE#yĉM;hS c+:Ja=@/e]ʽ =rrIXz#ȭ4%c= Om'!0+tlj*z&G-vrc`:W5 89HvI J{qߠ#,@n@;vX_h2_@i0BI!1l5iE~o/ Vz*]5tȢu3!Ƈ' @X39 *s㖑7!MyB ԂUOs?Yh-9YW,DQovaxN)P7ȀfmϿb)Q /Ԏ7Ξ:]iަtlйᵋg29_ҙG.ղ|UNMB|gm c3d29ny`w M!RBuOPYQ #A,X. E~hkDK'd90WJ;I筀~n>0av*FºЉQ;kԔ8à1|5"AmU@iZ!!yDEZfYr /9xf),j4nD`%aVÐXJڔ1vxZIly~$$R;Bh~1K߮:Kϲ7X.q f: !KK$u2f[1F\Xa:Xꁇm!x%AfSDw'"/ I==I%i8V ^*lkG"A42tE.L1Տ,`^&H&Ydɀ @@!jbyݡ((j`8gK glE#s?q(m6r^{5Pv]E>RXWBڻ]/ ɺaM4:vϤ >*pԧՊ|? 4<{>ΟG~ A ]2&LP8hR:eOV˺MYJVusf-fI}9TDx?'Vc@!*:WBC{.(me*o!g0 <2;ˋ|R{$3[ ["Vs sWܦW h?8uo R9\084(+_{- <0{SP"RQ%RRIPCƐl#\gNV sLOqOQu5ingZ]gHx^5pa;'Ͳ:Z1IKv Y ܀/ƍU8Og Qt{}\1JNHh}_~> 3+g'*p U}SXq,m'FiEHJH nyl/0!'o )3W?+CɃXjFP,KvO2&! SQ+X"e@xTE.X$1SV-@& v: ɣ#hlQ1õEA%ePcV SRDC miz,[;*Հ1aCaf2a0<ן / ?Ͼ͵Zەps8l=rI '|V @6= Qt`1%+3K/\+Pzj ,@FQj؞kjQx&\U=ld#~=6-?n4/@om [s64'\nٺGQRad A7nzEb3ɜ9нH(3Lt;u܏Er\"^Pq|ҟˮAPeWg+\Ji N9/nN9XzޑՆ mŨ]Id:y Ks_8ht{U C 6.OPpY $7e)w`ۈEe)6efgrfqf wo9H0R}d2TT5?DEE5w*1姛X%9] "[6ˇß{L(kJ\Q/H-FaNI?E+ҰR \-ƱM_&l[F}za־Z 4^ T\3 *4VC _SVRmGKF/-pԅd|P@x& qA5 7ri>#7|ɻP/.0)Hm0hA,9dMIJ[¼u}g@R mlEXԳ=~7Z vJ|zĭqF /d4 *74D߆7&k ܓZh -?  h)"@gA"/ۉ2T7ZE6:X!y(9&e=S٩oM֧Q|C2p#SdE6!-Ȧd\5"IB:ur"k` BF쎲<>Ԕ!peRQ}H9sYT6Ѱ.o#6U`wsĬhߩXzs0N{FvtXͧlEm兤V O[z3x L/_Py ]aR{(OfpI5g.#TF tT|TTѣ-Um;;@*?EoyPa칭? dJNM+aO 1~ Bm}X"6y&[LƢ OyKÔa!VnȄ1rLcGpxΌy z]e:8ʂgFSgE]; k9rB=InE|E7;K8Ŭ떅JJY0]]hD/j}&cr,bV$/I#- }e}+grB:m$wJ { lJ#*؟qh2$.6+<#:v |8Q 4{Ѭ 8VvtŸY\n3N6\Wќ}rjpS3.s KY EI+wUs ܇&e[BdžJ s.ynWVA>tWHp)Mד&Ţ^"Y`tkDy'k63y3>W@#R@,Y3;I` %-߿E/ijM?s뉺SLsBsKM_w(i8-$F 4~#ߩ?h:WE3٢N1W<;h! BP{hN)enc ze+ElPͯlN׎KGA|4 3R6 ; FD`Ĵi,8̽sr vkKګc ")_x\p]P? &@?kx Ӛ.EN F 7z\ͫ3+ s<>Eڂ#S@PzsRXQ%!NQ>B=ģ812X(ȡË#xm QKq&X?MсL7`>y51 ̘aY>}".9D6ՆhR?U0o+_ ,ݒDUW87V0͟/ !h`]9 `<0*~v뻼܈y1S`pM5243t>&| %[EB`xAUB#3D;P)6D\H OR  Svq|׾{Q.rb+w4I a<~:7/}зyjۅ)ބ9:7/\cꔚ],uU;ٔesu27hf߲U70`iߞ|k@h11M۸YZxCC1v BdA$u>d tvлZW~veLV?d]]-4lRtEbzkRtRԀ_TKq:L Xy>^:!_mj>킥F^\IӡEr: 7J4SvNT}x|h2ȋ@޸$o z! GҗԒVoX{$o_cy~ie~ka9wݓ \E~6PZXy C-{ج84J}7=Go15d.3r~P嶽8eG?C_vR?B-;'ѐ(x4F+ic˕iT}o9(vug]!K{''y$ݩ~9&O ֖̎T-a=pb27[ iCqqAZLNΙaH* Icu|rYKϦSl\?@;o ,&MA< 3@$l7\|?&Jv*I@U"%^x8DGKu]@6qg.N4 ':dCq]iqkp1DaRGsdpަ+ pzv{.# ~U](ºfT/ + $,z2z(VkLI3Ҥhq P&!  ]*d{1u#i>sʹV揞12vD}oQs!W2ho9b"[k%`bzde$U uvi ؛A|t9MD00AZOyEi T LpaAL;Ua Oß8}h\)Œ 6A8 9j9V:# U6u80d2KL=sO zQ ]=lV UQL7)h0SnB8%zIa̶`V oRGD#/E2NM;-۸d0TB b~O.W8OѝvU@ ;^j)F$qqL)pqMdr! ;^,Xם֜p]u+ۂm}vƵE*[/M$g˲liH?Kq;ԤFIa!a6"ɅaDK6n; ~J8"ɥ] On߯mh}} B{Gӣ98x.}uIAN#C@;gb %'xO; RUMBb*@)H8Wzӝ+ `PX-_(cfc\c]6y.BVwCk&xDqhaJ1t3xG\΂w0L߮ύtlϝs?C7|>; Z]&eu @Z KǑ}@no6]b-9]XA3soBAL'M|ev0=< Eo_قl:chl~kـ~{$By_5H2n!W5_ ] |%&Si ~A:r/$srnV leZte-q(}TZ:L5 jY*jmWkr5C-X3Z"׹zw\jf.JmpB,{Ia CI9eǩ'|n{l֒âԇA|f ޥ^I*E;si X8Z+# @S;S}1 ( N@3@Nkc꒗Q`($вʜ7  B} s8]^E4i>Ob^?hC_)}G =9_vCryR-]-){m $eZr.k;<:]6=ya嵢C'U+у^XBVBvJJ=_W23\:+M/zUlwcȋؔ@1'gEN;b`뛙 ?Dמ(@B.v8I vrwdG+DP(Tȉ{>Ge z_%EᏒ* BoTONRH+ Q$S)q3:.sA'N%q?Pwг<9C1h`PRN4Q脹Mp%3`s{vƮ L )^C965s}N^\9{ix_r 05?Y6ZJ7mHkiE@~E4aⱑ:'?$,hX_!Z@Z1 K5~vЀrN}a9'z*K-,IDŽ1ZW'7Sij]u5;V'RCh6 p˥T6Q29o6Lì$ozUlji6=3l]/Ix7nU<Ŷ)d1- 5Kggiax׸hh^e ixb[5=r{+(<~DOf| 嘢o-p=\2Pz"~B}ȵl1T*J]CL^W]|D!%.H$ZVέ*;dmYL:y_Ynz,N mS_sӆ?sQ$;$Ƴ{,v{KG+\pHT<K߭V`!1+o)!)6NZHRLˆ9(/`%bmͿZm]Pb{?=Zu\`zJPZ^"'kB n4DⷾT sv5z\eyc{9&a/Y%iuaiږMzV A }%Xb)i䜉 Lypgw)O}d`}uF⾜9:?܁(FRrևǔ^ 銶h酉<i"4j2LIY6bދYJmE%HUAl z'ҏjI0,h'_5R.bod:L/PÅhE#'gp(OX444 T+icKDL"PFDy)ξH|F^ p%ǬY6 1:{aGz n^^{p6УB2+.| pm1%ї 5Y60[f>qλ=MK@ ˷" `_3H34hHb`>Gl9!.HA`;^QнFᏏ0G|Nh&4- IZP(3 R8w@?xLo!WK݉8ͣv6dX y@}WZc握vHApR6A\6~1t'ʕb4Ty'f @R?y zN!Oz=A-9o9@NHCؐD ?! vOWlQ![&}eR)jW[t@z˴SI@c KU@ {H Oq[S`ljpMcbC4<6-lAM4PbqғL Y(z]_JIHe^%vfx7TuvRkՠUni<H85~>(Όp:#~X:6WWkI>3BJHzH73|[t<\J#~P<$\ea-)Ƴ0?Mʼ pC NHG{Q} 8WM܏p FMnE߳l"/cu)m0rt!jJK{w0 BD!t^" ѕxMğF {PV=tQO0MSؼ8^p*& 6\[A?:k$ln[;=N r5]ݹXBjQy͝avi'8WJاQYMԛXd1zY0$)12]e+r 9+ᇠŒǨG¡QHL-LV1Fz6x]Zyc8j¤׷ipc~ZsɤEjOAңm,܃(nNPpYyniGFo6h@c Q䪉J \JccT(9|,|<5Fǿ酖?[jDƺŀ[-dY LZu؍7[`8 w<-| n>fK ެw8[.kXL OR1~nM"746hBǓ ='(T(sFOv +,[ƤmjftUޮ.IkeivjbRGj4KѬ Ȍ8Lix< 6d[O0翄5 U=F8$:dVj5}zN{ջ^_)FT"{)`MCBe2JCLՆNl'lx\[ NZ&d&Ӛx.uyiƽ{hUp;eG_[U5\%1w3Goݥv;N>ry:|ůT =>ՕFrd`qfUr<)?йk4mߨ'̎G@kg0λ"^O*5`h|5NxMtd9\+:J4'{yԿWMtkn6O4/[E-dn{o&;vkO9% 'De" yR|kF!j!rPhzw1Opo)ENj[E¦'m@I~!N0XBJFP0u&hZ_m]J@)7blfӁ:0u=r?}ܲ NuP{f]և'ACJ][7nBg w}]BMokԒԛ+~+mrr"/ S 1a<2+[!+ǀmfMu G#1~_qNKJݟ|ۏ%fW/<'Y/cԝ6S"*4v[ݤ#K}t uP"H$x4Ѥz]AݝSբs=!# EMGsEb}@vzP$j1;V*)'b2qMeЖ/n܊ilEUy#6ym,+Cpoe^"$]8P҈nWij`{ -yr<;Wo6ٻ.B`Ov-?$@wHT@ o٬1 ԯq^xJ[=!e[Y?U_c1# V]MQthhOJh,sLRȑ9?IVDu~YӆX .&Nc,] YBQ#x,M$ kt!--ؾWI*',T.mg_{6~c̏9+CY lz#`D`ɾx %:_:t8YBZSZ>Βj]K`m=ݮBƸrdLQc%^Qnϭ0xa|MOY ȶ 3Ջ"fP ( )"ۻ U kR╩u? fCo^:bD!Y7dnh3R*~^ğ`ݫ%E*~\=mҹXUhVd(8 Ԟ"&(%N0xaZy)đg!PZHUM&8)zAc.MșM*n%ԞwM1L-_(_>.7x/='(, ';ޔsC4e 텰!o] 1O'[8uU=S9nm@wdX.$ыi';zMV(db拋8)QI:Fx \!iՁ1 OE \ %mlty2@ xtY^%$e۾"Bde)~zzG0 0,bф7!2ܤo {1aV{GFH{ /1Ʃp̑ӫ,%[)<c0Wv(i T]|f̉ӆITUȥw6\xCN$6t"&r0}yMNmQ?e}WZՎs{mt[JV2 /~mI;UO[VIC U![(|FY"` iH+ΟieM`)`j?䮹r/`X=u|%\+#Acl}^pCNDմYxY Ѓ~< !4zX%m;L`8D0>j&)J]BFr8w2>1\_q|>SjX m9/%HE.B#Sk=pgy fbыtE=sL1Miv]4@- iSب8\lJjknTVY/WgnyBb+l x8 dۯU(qizcM!6R4P?rnTJ+~mPm>mrhMe䤗9ZtFkZ9â@y,FPPOOߧj܆AKpi_F']=9 h_E(T)ഏB;W/4 t{4Upy}ѫ }_ͭcE\ Wt@y.0F38O8E#LaX?WtM35[sh~!G!p9鈾; !,d^e25΁!.zfސEdY!u.O6Iu4NIq[qpd?$s RUUA!x D*^ztpS|?f8^b2 C(7爟(iT5ahF6D|AJXd)^3}BpsS kb)lJ\e1+8)':fck`&%ӭya@B5mMOG0s+BR\JpX@O&wZFҜ:AdKw?S<\"vbc]MMLRav3@h#(TV/ a+l`P Bbku%fSj0C}|3vso%A=IτA\ψk aMiv" EVx[Mlќq.\m*+vdW懃𳛙_U<$q|h]|G++D9ڳ0Q{uv|%<%!u7Ҳ.esAOܤy<IJDTU%.J̀&BR0$@S=ry X&o"՗d}[o.HVl۵]rtW1+wSP+N%䚧(y9gKcB8˜~x蘲C:kSpx\-]%h oՈ`ǚZE8eD XڃaiT 0-]RwwV'q  7KF3Oxu7VB|;j05rEė'88(B{uvu0myB|nȑnRi1<_$c$Nw0~mؖ]Rh/.eH2υ M_JEb{6-Kl@]miv&q͉򡽚6dV?سo(<B}<.Þ#}px™h6#:,Z>ZmG{ݜ iW˸WiλiEDJd[ cuYW_F0Ǒ@#`t",}9}-LڿM_nȖӊ>u.1(Rs^LBTqaXBxJ=+-51r:='g"pdJFLG+si,*X3^~PɵF5mi 9.2;DdR-hp2e'qfeqsmOpQ0gfaƽ/W{c5k':Wae D_ 4ͥܲ;RT+jڨ *]wa;vG7=U9UU**d&ZY7ГgGUV"k%6&-)9e:~|!_Ei ń!dUTn/d4Rű1 aќN=W,in\ 1?upxتX ?_+ ':C"ΝMj@3ƓR']N.;fw; EXbH1}YiHf:< fyt3K%WZ)G]^KkD|WH TͪgiPǚ,1fnU]dOqfo~TLPy蹯Ai0~N +i¯_qD盻0v8g#"lm#oDn`Ĝkj5jAHQ}Zj^_Hc>GؐoPڽX$uEқ6S־B6Yl-vgW\UC9[uz5T}`^K6.:'G.; 5yLd쉌Nz.8~$c.qa!z;'.z5@#oK.J3 owwX7C%ovhMVD'j%vU/ 3B r?)Y.تG+%ʋXB~v&dי^ݜ}?274C.E|) U5|p9C|ˋ (EsYf&%J#}btq}N.l:pXerN92Cm{h=-/|2Qs_ֻD.ڜ3YFGEA鰈Dz]pTߪ4j;%sBq,K> y^kI$mmةB. Z5ƸvY^Hipα/WCXչr>Ǵ@?u<\rL!@Y@'VzcHRLb֙ ?ː $=/C&}Ow|_x ƒa*L HlnfTgΖ\ U&<&>G7|ŘīI_rrW ;Ԝ#7bp">g"hʪw}}L < *1ti+zDH xlaa2caPaթ2 Qw5ՂhXTq%x|j') T#$%YGSiXj;r@ߴ /2Obe&/o0r`3qW`XM)aZt}年ИwY6%9n]Yaց\x0B@^KWqcA;&m`ekX z_{&!GDO~;n˒3 a)Jw<}dUbK/"R [naF2|޺\bAm(q swn$.+==3#0:x cDG+Cޓ,>*DO'J1%!Pִm'"с_^k=Mrz;hz-T'vM~չ-x,onFpJط#qfbm9b9 "p#XPcWg8>|n[ Xd}fU8 p- WUŕ_ krp.K{gmSJ~"?6WqCxLO(}e>5oƅt2rZjuj~ܒZbHe-W8pkak2&L\B,윅a%ꦊL`ط,BUL $%yzƋ2dvxE&HJճU 5>C׿Nb2+E qo,h1l 2Ѿ9zST%u[mOL4*K IPV\#%4m-6Wy9q}@dKA40/4i'FrăBtl-xCuC N]:C=ӲR$eM7ȆfIY_`Q:XB%8+샃_V#"TjB{ 6{NڌVxbKz& $ (=/ 5fkLOYD9}f*4|^jB7ȲJ+xWfs֧عM<ܪ;z#m#7zRHuU̮OSP;,]Re&W#Iai릞zdDGŋY [ +ͣA|rA))&Gdc7`^X}c mt šJDCl :Hqd8Rng^8(7P཰<*ӷ[OeX"VSS"wŁ8Xn]p|͢H? yыsH1P1a(H MmK]A0:.U"PSN<5[{ $mQK& g̱ʔ*+k4"^ҘzιRSEt5$FYI@R_5ݵxeD4U-ͭ^ѫf✖ײUN;g\Spfkcu5[yGr2\;\Ѵ@dߤV\;#K'!Bd'M/] )xI]9ƥrmIyG:0I['B<0-:JTG!zAzNxͰ@{̼ nߔۆUˎ4{}9(޻M^!n"VڡiAE5!t;H`-_tZ8V}f#ma8퐴f!/ z|@9&Ruwwl}`Tر6{spND&fBg{J)l3nM>VƗ؅xvW벌':{tjZ-&Ռ㦌>m[#)=hnXΨ" ǿVo؎ȷ*"71|jiktcIzil7Q]xrUvҟ %E7yC_\{5/Ioι"*đ=r'4,.T pLvdj*b|ңM2p?2](nRbrpJe0elvrKqBжvĄ^茴RQx_'Ri(-1WrEPHf3:]h10/3rs^d)5?c,#6NI 7"Y_pVOh{yHyMdw ^+8@+z\ORw0@6/ BCVf:H6RgGrk QS.~1,HM'hӾ깚Q<&#R'z`1{sR`/d^ >GH$_Cݛ'ґk&:qO槎x?9;aG7Ig{Ku ӣT`D4bQҪZNw9\ F\&7qվj` 9PfkIȂE2U*x{ *抶MYޕ~g)czzӨ8lLs5!: Ђp6zO䤱z%. ¡agQ\Fe3@@ƕo*.-y ۸ ܅_؇lٹ4@Dwvuf;8W^t:Tދ"އƳ5R6rXbkPtx[lE#5I9GY`!@Bu$@oTr켌rϳ.u&pmߣQ֊VRO[6Gj5iJ0ʈ^4܄b:6ۆ@su$t(Bpa*/u2``2 IN "mlFAYE ͻFb_4pl q#D}z~XC& K< woDJ@ }Q]$VeNow, }P-x_~\3'=3F|{}J&2dkwC9:[@BqqzF uIЀbT7 90%_jD'f ~f;9: q=;I%8׎aQH[޽7*ެOdT\~cϳQXdM/-֭Lh8A9T8L2'^Ϥ jl/,4`;THqaEBO}yI9ܽV}"㢕r#y0eFo#1 jjeާH-2!S5Y!}~ JȦqGp\SٲX9)$%̭1Boih9a]w a/ q=*Q ψRuĴgF{4MshpʗȨ,Bo2μ(KAnhv&yÒo7= @&|U/7ѩgs fhܵ&F_X+r s5ײ)COf)qѢC͒HHFN˨N "&ӻ) b (^ONbZ(񬳋R;CˠMu1 }aFpwK-i \ic[ NP565_aK  #KٶW|KP@'QP$`]ܽܗDLnکc2Vc h2 ^̼=])]tѿ{iA>,f,&cËO;$>bu ' sľEj%G.ﵖ [Q]=T/9)K7܄׵!}I53. A=m$Ųh:E%e8>-Y ^RlWUl9+Yow\ < (o`۝ fh!l'rc9FJB'F x<u~楰m:tԾw%Qu@aφ =En]NBƌ%^ʔͻqh#(,y.j3?0wي |1k}{L +qT> "K\Zd!jHR18-jCf|Wp>9>4DĞ y*nѠb26mO&3!`{;o , ^j^i7ẁ(D nD1 iVg>:ow'}5]Ւ|_w6{u$QF{H Hٺz ȨGJ:MlZ,!ƀB.h0xz+? W0oқ׺g?❐ӛhP\/oqW Զ8 ly}t O$^ $8Fҝrav!N*0UŪO|8OLg O%fe}+WfU؋}F_<9"2,H'?M)|Ǭ,^LYRZy0]&p{%6H"n@s(URKlG /lTAڴ %g&EbbXPB$&'([Јt N.i³sU*9Ք3v/T͸+>ÙrNkx (4D) 5JځIebT-;HN:}+۳rYM澕wxx1pE⧭ݔ?Q#T%8{We iJ"ʏb8ZEڷs9W%zbT%;)߇pl0kM8/grڳ'Ynog`n?cfh\4=ltǚs.mL#)c<-^ gn&;Ӭ$4] Q'wcdk ^bI9&0׼lsǃRW%68@'Am`^@7>.p O)!3{%<9weWT_Ȇh%+`eP]x@J\Zn8ł062|@+m_bv z@O{Iyjkr/,M(#@eT_& _X" ?ڽT ysKul ڙ[.S/%5 @^fsFP)#cZ*{=%,P3![Qߒ$coTЄҨV 'QSuB BCҋUOr<[aY@|ӓ4Sc0]ТV3ƚ&1=Xv?^m(Iz (e0`=;cr1+ ^_ep@qU,3'7ҙYΊl(e ybIWu]>sC[Zg!_0rc[7K_w*Pk,ЭZ|nYhxɥc@Jq"v(AսlU{U{N #͂GŞ& >l0=bGEW#n@շbE˹+&- MWNr?Caࡢ4C'UBuT0Kkonzfp:>Os[)?ܫJoU9&P+_j!l$jTU$ B2c:a }%g\$]-b/=`șj-[¬Bi2ލ3Qcm] MILR?3b 3On6*COw/?Yx`[1wrO4:??]up;%ΙAG `: d!67]cI0)o6č'x瞒]C{|>Aawc%Vx k54@p-=2T811 "Nn/ж_㈅E_zzSQ )yU[XU Tq_ 'k_C&#(oeҫą$Ihx3WR+i6#Q=l/~#sG.D#Q[zd熔UdIJl^mxȐvP?1KE cXƯVՑ{|2LhlOl_fC_)w W4nd]:õ^$h]A5FFjzTM!l%]ؼ+&H3b\Of#d%-eK|vg_Z~5?6·Nʹal tjC+lh͉|'p:?,9]㏽tõHjY Rwy:L 8KԦ_; xsKܢAxm4gP{<Aj"5 ~ [fp`P:hXZ=y]*C-X d6HE$f<+SYdC@tBRs4wSyκӣ{[<+喗.ݪmU'1:ГDGYo9ִHXA 8ΪHLMi{=K;7+# š?`4&t5"Z 2x4w͵`v0uY^a&i76ٻW[+9 V2q*aڥtӽ X#5:LyIyܛi*vX]Ja s&k,ZLGŕ_#1HuH }~6iszRrupb^N⫆PW#ӿcD]XT*TtIh7j+Nh FelyUPBWRLIP#@45OvbKYxd_[=9Z(Wۏm%rs;yYWΈraTM`7Ϗ{+ )@,sBm[DJt4aeLf ^3ә<ύ)k; >}->w'}I\lC|0bݠ|E Ctns0uwu`텕Tmـ\ ]g\͗*M&e^Z$hd*IJ^5+ZI7Iݦ (EN! 5ī9֮KCDBHA%WEz4<;=jaaGOCZU=nMrxm䗯J,.aH~F#5p0lW:b5\Iք龞й ~/(PFf4\Kt ga2_GIFNKfcjVge[`.z6$0Y]XD-̣f"N9l)"ᤖ"+6(llLuBDډ+O<:)Hˎw]&Ku/y˙7)m&`yp1&cS:o0e횕+C7foj %VOh1Hx%SdAsHO %31+ǯ2LKt-Ȇ]4 ug%XSLlȐ9:5x\2 GD]Ӝ\ JRߋ?%2>rAmA2[(^wm8j(=t}C$2V@b?>r"qUa׃'@c''x_R} Cv Ω1wlay^*As -&F&s0{9Vp86H:O[ c#%;Ʉ;z=^I%/xLw8v$)/ZnJS aThHo}ƈN}0SL Ue'È6AIiUfs6VkE3tKeHo&9 aeIYVG9`5(vs 1Lށ.p31GIqhzUFvp7Uݭ+bI~4WɮQyײy$zXV@7(HO!Z7h E5bj3Dٙm~C;!y G"!RA>g$-hQ8{k\;~aM ~;c+L1⺷`Iw֋nQVssy;* #i Pe^u5JA$-a_0 />#[[IL31ThZYHc7`O<ɱ#)&7Ϧ򉏦EqoЎ5щbڲkn:#-i7lC8aF\1sњzX$b2n`ȁk rW1g uTk{Oſ</CW(bm l>q# CL, lsbRJ6 $/[b7j!d DED=a7DJRy')i=@QQ1"6GM*m!wjr,n s˳`@~BlYT2glLO:ojpʥ4gTvФf~2.r ȋSW51 j@.Yv=v.%IJ)QN+6wVu_1)(_)CZ6KoZʢhe6o~:-MAIs'S UqNS==vmo^B5W\j/\],c9^|lńR<fE#c4 +={R_+~vM,zAG8fdiϯS 't/9[`K]Cc)a[c4.\oD^CI:1cH"5mp[ {+2Wӊg{ 5k^ %fDy#l'Hjt?6-_ [TGV?} 5k҈0y&Q@*y#&Gy_Be|u:(T;Grj#/3Gid*: 2")A3VaDW{^ oi{X^-6D)8]VMQ6# o=KgOq57>Jٚ M xtWgt81II},U]S(T`_ND60+\fa!%c)|2Yru9 D*#oM+Һ4@3ғ-8l)NncǙXhMFC™lSIf'3yd(bǠ'fcK~o+Zʣ{VY)I3;[~">g#,447-8#h;f} Q F3}vW^(6b<3Dq@q\y!E&yXH7t"kLf[uW7cr=n&#q,1g`*XXuǝP7wU'DOѝ J3pt")GgwʮdT._g<,:* j bG?xq0~(:PMzʝ}ͯ}.mgcmi@P{3cyC7AE`+qe'])ےU)2q6J>]@(Zs(Sa|Ax8dY(6 RDs !e%Ec9/x3ZsLQXrIbv䉔Ql0 fR ^7 YA }T,}VЅ-Ml3xs}흕i.!bC'.ms7z,?wɆƞrݔ}4t>H MEAPVZj<@keKVK/y]! B +fPu5 !iDq-B+8R>2]: ASYȷbkӧG,'P8lBrY6s}J5e\?zf"tβZ4ӝ8R >nӚ&JgXpc+c|:f߀mxGK㇂K}rW+c\Vxrh(} <kF' q40ljrc{1Nʵa A '.Yr{4k`Tb(+ANVp_iX>8{X5$Tf*[,ěHf%W?̹I&%2r6@Zc)u7m9*Qa^$C-a"wΰ3ceۉز$i&ڸc}'$T&.qsXjNxk4)ҾaXiܡ}c}B]8+w;Rig1QAmҫ𙇊 8mXQVye;qn. GAd똽| EcTQKvzDU2K%&U.*C߭I款]-l"DϛdwCv(NDp:cf*g;X5r,H䄕jP](qżUiZos7>MkOl '..՘P8#H S7=n%p/"R$ލF Li^{usJV\uÌmEo|"v.!`w~6SH9}SqX۶"%#~4/=X(#w)MF1Ij>a̳ޖPR]vwlQ8OKZaJL}WҞG#UX7d9R/ O=d؍O=sAw\(u'ʵZC.U,WΔX8Roz8-8]d$laK>$&60cV3Y2 /̹#(apxӰc7Igl&4 yV0ꪱC{HZO?wv07mOA˂9G9THˍj~DSJ "C [H0 Sqs 7A#WFdEWU@QiB4=UkI%WVc%]18E^rKQ,Rtΰ{jSqO+ OmĄ=XuN^L{:#B3Zh5mXj$gsꌃ|nS-[WsUk, >=F%z黻eۃp|nܚʑXq|IK-%DBZ^Q;W8 ]-We;DX/J9pkm\3RUBi,n/ޒR Z1aoWʧvXTh;V2"2 ^UwMRLv CiIԈ[T>j GuL">3Rwl@hJl=kV m;sR_hJWD`!svd:_xOrƫQ\fl8DOyF (s "fo5X>3T{ գ۟ۢq@e9D2ptZE/[5P9ƺo撎l޷ws:㞟m`7baU;AVC8ѫΒ0P ׍Fvl"QFN̷.:G[ Cƒt2P`r|9tf uQAV `(r3WZ QIjyiP5=7Z6_i&ʸ4mpTPe]:峠À){EdyVgv]tE;J5U\%4ؙT QK-/c݄\rL bRgnjL7fv:H7:ѯiz!`]lMP#a|"=C0nEGF@Ų_m]bEiM21owP!o#}005 ̪}6baR5V RWэQ9uV.` l Gdѿ'<&pH|YRce}&.6M$[^`:%c +yW; 7%&fŸ㷿 6%Ok`i1lGT|5[5*Q3"k) `e|"a'%&jbǴ +Dn.:뫏V{gk[8fv lHXW(yhC!])Wb#,Eސ! 9?c3g#?+!@_; q#˓&,}i8@4m 7%X䊟eR!yK N8 ׹tՙI Cqf  I`9؟0!?vŚ XN}Q ҷ7$ٶtz"߅646 :A(7bKm`||b։щ0*뿼i!nfh#bYSsq70ޯ&'Lʏ?:U1wTNYҋ 4GSolWQ Ɍ}Y誔1CLYr{j*R΅.VktIU|i(j4!<&=;[Y:%f0X4nߦyL, Ĕ гSEbA9N1+'rf#7=:Y7JLym*a|DK9UʻXS< l'zWPpn ?dn-4Im[ c|&)yP%؆_O)fF Lm%}j|PIk!q+m%Wn CM{UFgz|V rZg`x|y^0&1Nȯ|EMd8fYHΒ|;k[[Ʀ4A ෣C]X T8zmU;LO>_p;wjҼ .AI,xO_SzZp1Q|[@"y|7% B `aJr HIi|35y_ F_մ#E0 . voYC>պNR@vepΦJ%zB*//4y{Kzg"t -3Uv=N7 gZ"H _H0F`h, 0ѪE6Ez4zFgU|7`ekNx}b"aD6Lr_Z~ vk{3kwΈ}!i7RGy0 r=># Rl:@NS&ײI߹7ANgTp, fJ:— 40r10'(ab*]|,# =X:Cl@omnj5tnu/=7mQ5 g f8Ăk:W٭NIoM6D݀?.9Ybrt_MI5A?19Iscrd!G"1ܠuSlJbX1gB߰E!;fZ  Vd.aߒ@EPJ>։в*ZH\഻g,qT|Jb^־_<"6SFS%3SY ~)5f< i&v$Zd?>a=YeM &y3]DË443nk"ZwU@m߻\"d Ā$M˵&wk%?CJ.`@RB Np"#@rf_^>onƀh! A_At&Gһa=B_j{-=y&OtDj>6'tJCfo'_%}%Y]y}@Nl[ s'md1PXzb^t53lc\(\je1g3ZL`tR 5փzw6W^RIA"6>ۍΑ,'!U1K.%RDDԌ'&8`zQN ,/$RZ]@֔?9gʺbyazcXiψF'=3_kϟt(9+;CS⛚h"Ph_i̜%cQleJf~&s mِ\`F4, %.xnsQ;":5[$聰c=gm\=avUB诤,/(=Ǯ2GsRs'iuy8F hƽOZ }I%[e1_;Kov)E*9 (P U׌idylCDQe+U݅?[[Zhn݌m8o5iލ.@ 0 b'Ҍ(Hdp+O`eM,F -ծ˻b;"N}PE^jY@ _s8~6[1~&ǺB[.TT8~xن2p¶_՜^d]jBʌdPK+~:(v+-&d-M a/o׸XHb~:|ݺCD {՗N35[ ǖ`"?bn垾\푰?/갢#Ck)d Y_N~(0 8QgG/\ :2p!L >,i yAVƨ[stĶD8dum^tɟӷ'X|`D|ej+=B7~q&ږ#Qwo mj^8Se{ sJK !r2ӆ}bq{ 9uG*d+d#'-:j71Zg1O \S17zag$& UTvۤd9Kp!OAhoفw.W'G/jM@1[(ɓn[5m8Ňs,_/f\_ȏ'ν ~^p+A n -Sx}jӢʢ'LPNѶ,S2L%tueyVK C~{I\E{r4z"GS(n0vtQ*Ւ_{s'k 'P}(3jS QN釙+9(8(GLX9gs^4~S]ӝV V@(-0Sv]1V}U\E􄼛tvr%p GpY2O~Pe}Ү7B8p"]DY5sǨk­WY",RU4*E)kdvqժxbӤrs:R iיP"ٕ=ݜxLT:(C29G p&1Dۯ؂)X#)K)o~LThc߆1ͬoT'RaL.<ō\c{ZSl3uQ #oQ21 `A:"qI8w7JZ#|_}qD.3YѾȺ'tGWnNwgωX Wherڟ M؞wnٵ \wZ[jw~'.&qU2W=Pu z v\` KD&y!8BD9BxPMVkz @b$nK 0Uouϱin ݫ 0$d:0'k.`L鸍F#K0F.R ҷ"u;g:Rpy.H ck0ؓы'V'3szd Y"\|WXBeҞ8w2=1f`<=D@ȉoF0ovؐ:!u{#-ظimߌ5[Ifa2љ?[ .S}TKם>Mǭws>&P$ڻ4g)1I'Leh*/HkaE JB-Jp>[^{v:O֊wGY2UnyI8-E7-ɓX{I#o~32994&۞/eƳwiWZɑ/iZ5?L8,04o}I;W^p'0|0zaNE kzmJ]c^˄IO4hԈguQ`?Ul DMXC@x- x4` 5ÔL+|@)pmL{?2SQJ$QJz2ϙ_ Ni5/Lķ1KQH!,_gDeSg\6itr``+g&A1@ N)T}4h)U[6yMOiiciRIC@L&~s̸d jD'VwZyk#blQ|GD΁v$WqE!So(ZtLm7xsyQ &HlesMMzp8z'ȣ5SPW2l:z}Q)-g ː^",|t!*6uU7Gp qzZ,dMs da`w9Aj@%nMG|L %2Rz})pҲs#1m7-6d0T:;CzuUxzՏκ.T9>OST6ʰUk*)V~(˶.h%,FڎJ:3&Q|>\Vh6ʀo~I9b;NMiBYZ*%JvB 3UF;6Lm+"j{cyttkGY.8Qo FȌ"tz5mJ]#W24ax Ej>TۄqL/sRMF`]u_`749,݆Gv[!^5~Fn%Gh;X@÷s+[OS.yQ@AW>Qݚ94 :Bi-ŕBK{g\y'a}aZ.wn6IwKMTm&RODP? dt'.(|VDv%00{q#f}DmAF|{yŊk{DZqؔ \^ʔ8J4è0 sWACϽu䈫cCNک{k:M(,r [u!oZďgF\o%)5jjIyOezI^rI߻GFHX<%MRD׿C`5Pe& x ik|".%!65O6뽓Jn͝-OځJă4Dw\o#AR{1|]cA#3M4M^5؂Dn?DuDB0)ۂC2 $2I`зމ^bsjg8QT@,Oko'(Ԩ/O3C@y06/j`&uudfŜ[];fzF|7@Zl}׉-FE|BIɇ\CgO(/+Sp |l~ ,l ,l NLpM7cǤxTI)E؄6'z ߏۘevkg3J$fDf Tf1Ě16MO p7·qww ]sd6Yxk]k!0V ># *(tvJA`FxI~ tIgw%0Z~HxY)EUfݕRV?02$!+3hv-^}JA)ՔڬA9Kh !I$I9_KNl&Q><[q{lr.R~ܼs&yiY65}]KN)t9"ӮXR.l, /0%O=s'F^"w$RzM9qS78J3~Xʕ@'6aTVXcer{ܗ+edR'ɯDg~f?[5.֥F'#|{85_Q 6${M1bԌ>Wpϰ 7}RaBۥ(Fʕu7[^,(VI[gWZ/]$}Fmd-(ǦXSv݂tyĝ`mNT @]3U;>{h*i|+v̘1s8oQ;x(COSz_ wtJ V 41[㲦JJF0Rt\&K%F:L=ɏa:zgtm[s*XQ,iïl'Rt$>ec&sψ 7aQr\`Y2/̓U>󠔹&h6<ʦ+!gz1| @o+w>WjS8B,?wE?ogv䌿#Kx/m Q܁mQH7ޅm Hr|#NE2WGˇݥ7-ntsSB<$Dc^=4M&1lGR9dHMUt75pMQ[yr9l$q È-/I搞$q@[*W/(M}sCZz]w:TI/SKעX]zmÙΫ+RRy+Z11[daaل̛ 7}DBf[v{}Ao57=x 8j5.6g˖jN V%y=3ˎ.\]Y@X!=>^2_*?"nr\'L1f"Ǯ-.n9&]`^R AϻnKPx56Q HT-ڎ`]u~⃣j.fe j~vEv{*չQ1,)CT6;h=֍ Co2> 8ek#}*G¾([8 jz(h %>lUְkKm:d{|Ȥ5)kAQqu?R()Xԩs<@Ɲ]G?@`3ƻ[{D<*T +˺L0sB(]!37!07p {EºsYohR3&лR ͊l@;L:yXyc9%EԐ?33[leLw(n߮<8BQfuN'Vݬd(8〳r NƜT+x3 S.9y~h_#dgn2^dE }56b <ߪJ e ge?MwuY7, EyИH2Χ:{@rfOH~;BWטUN%R<}EcbWjδTI <>1|k, /?,vh#px&]PӉ{,hлHB{Jn Dr{N%6tgAg@/*lp{H5F2dX!Epыu+[Zs.ʁbi)o#3:pgE 8uh8)6߈io%\ǝe82ԕ+(-Cx]'RFz1!qr<ɨ3].ۑ4a%K(\YXL'1 ncJ ~gHL/kbNN=7z% s#(#H`ۤO;և]b ~,T0[EoXTYΘeduM &5v)l4soY[|fsX[;&gH,$5Ͼe+Nq@"H 7{1m:KaA D oA6Y[~2WݾnXzQfZh3tuMCi*haNRbLަT<8( (7b[J{XxN/Ф3`KqfF) f:t˴`7S?CpO(Ap&{*p|MQJ>|'2^я1)7)r smfԴz!m?CW]SxT*hAAƧ@MznEOq oLA"H47Tj?QSp%)+MfZ 7n݃pE!wvRKB}E^T8' KX!zbGY/pjO\K%p 2?1r-\lj}ohQݭ YB xkS[rAn#ݚSk!O*HE@xsn!lY#5I]P]!°^{˗\t%gWi\-Y<<Xos)8~RLJꙙBO2?{7:Zq8"p목9ؗ'yhf"ҩ'~Y< xpwbc,C%r(-iP5Re6 ʏj'Z$eRKdҝ='< #OX`Źlw[+7Uں&uX)rDvʺYB[n#{31;N\ !LN3^F)RQ(at; 磷l0W5;mvNթ,m[i>Coa!GGC{9,-{(%rjXSIoֱnWhX֔[{>(){)r /ܹ ӯ~EԯG(M|lgעtOY`1,\EOԱVL c=aL7= Cy_MxYɭn&!,m:U~z P9ueK€$)]j|8F:1J5j9 {g呢CV)8jHtwS̱Mm IZ|aGyўCX_S!` v `v􇑸sҸrbkRb67b56 Erj>`ŽFeHW;_/-2rI|[Yz1Y6K $6 &-uܮwszG'+-l"PۡS:O^iF{/w =A4';rVm~&2~(D*8CE+3NB{q*9οXk Pp|lf14D82lO2GdZHIj)kqJ@ x<=4͍?k|S%LȫI#0A|dPy4r4RRk*}SSVfIkH5Zp:_ơF ~&<g}=>O^3:5Q(N0[Jumf8PY_|8R2L8֏ՀA.!/'A%  >[k)񎻕+yoy v+ 0Kχ{e( A GdR&_4puh؝*C!yz<\mx|tl/ ^2-]O"CZSt )޵pTu$xöJ}rjbs]E$Yȴ^ܣޔu>e >+>qbE<C><#Jf4tT1L)ٝDmO 7)DKˀd8 4 t)m(8<'7ȌAdŵsʎf џ}'\Pŏf&.|~یլb@tTIkK@Ɨ L2tqik-љ! k 0xn5(1bx{} jJW8hӹP&}jY-i1ళ '"~O׎AobH3Skw %F8.B8o[1`vBM*tK>zcbi~x9&_7~ 24hUɅK1 K~ޔ/ ⻠c;y94 E'\V T BE8lÔ.hQ ":1i+W^f}za%$^f(|;aiZ,g~yⱟ !Ń K%È75zCz%<*=U:a$6+tLJhޣ;_ɷ3&2Q6C>*\-1\ã2 . r.̚r\rT!<,'ZDQG¾ڤ]X%nvY(1RjP>Q]>r\->̵-kϛ&YϋT\!e]OM;gjX֣YJAc{)'KӍW a 8]ra괁R(qXxAgRAr_>tO{dC^ ܩin* uWJ8!7C.]Uj7p#RB(֑'jfYz4jή"oϭ_m+u&R2iʖj ,5G?S``7&F \3Cp&ѝŗKdFabO)LVy= Q"CWV4i I〡+yM/[|m=>~kؽ\_FUMG'C&4$ō"'LTO?N6_ [y@v?LqmpǙ7LT1@9ϛ>YH3v_F=P(&ṧ"D{}RhOHw⌺?-4 Lݹwn:&g'uN^}>y9{㭀r=,3a`0OhWć|(L$=t/?uߦ+Hǝ:R) wuɹ}D),yW⊾qw[__&p93I9L7W\ݻv4jР&bO-3 '"Lk)u[ q˟5SAԋ')dpUDHp0_p[`NBu]ws->COYx\XQ3\}a!(diRˆ 0lJ4Ҏ**3Zܠ: qB \(_ n'i^DDQGo Y踠NG8 Q;^hV&YVn qRM|33kp{:lut!2L3 ,AB&ԑm4~b<,{H` 19>cla FO7֔Q./:BנٽS,ԙ/t::QB^*O'Aa+°R=汛2.t#;,P lw?dMCK3{$8s7-S4ێ:b{UӃt 6T*K,"ɂM\ob/oZn)Z:kX?+/070—#u4|/s ̦lXr|df~?"S];Wᅘz %e4^N XEqXVr,Pd*S@KgǕ[e Ca{W*'l< o_J E AGKH{=&IMZ+4 .% XGs薟s Yl̜2Zy UjMnjJ\Fb3~J恚ae vp1@)j5f$[;h{RL _4fF]\.{񽫹k Aw6dګ; ):d%eW|o2!M)Ct @/o\v& әʃ3:Z|ڠ[n Ȓ.o`O d]\lreӿ4fPm.̇&EO?@+vϱ|Uzc0r7#M`51Yy{6i߶Y>sQ?2m*aALfT0ڇJ۟.OrnЃ1B]n#EMqj/ x8Qdo)a_ ǞSYʫ.VۄVO1 6GIoJ|jV>X,ۈbtp}TSJhsOGdUQ-/RݯӘ:d}=hZ,5(IB&0X@{x=.Y|چf̉%ru0_.0)DSP:Imcpp|w]] l C6bғ/";sHhC)! v}G\p5пRid8-zƗh+=2y&p%û3x}/v<7ÀkO=u-xK_u.A-CfBYXi0}bUV۴jխGqrܐ.pa?ʡͩ%?N^o&PJH1!~\/XdH!e 7"/ä-7 O| 4;I(CL5Jn\۩o ؃eȿ/ʿHaQruzfLj3M~3Ǥ ARcn ~$꽃! WA^R u]O@Tmbz1T-K @{'" Z`8\2A p5sNX+Ahv}ELO\"v-mP0n`>c9UpkgMΫQ4-v);@Y3 8k(N+> ߜ& tk2"/-)1q$Ҙ}^[h1q4zE@#H,fɤ% 9уuJQa;tH=s)T &?`4y/]lзwvLA5D[)GeP{*=_C@C+MiO/7$` 28lȈ?M{_13ͨg6QI:K s[ ݻ䲮Ċr8ǿ etA\ Y>srwitqajYebuN.tƜxZHe2k;_=iZ';?0QU}Hw,*g/V=pG8@05:].yX.4ԭAug^^noKηid٧E3;$ y>+ae{^\ D<PUztĆdÅb5ޫ5*aKX4GSBbRG+Nۜ$ A{ܣtk`llc<ƒn)7V/P_$kM]#/&^uo6Ȑ+^/|L`.^ƤUivbra$xrCN1_0>A,y#@r|`wl}_EnD1_P6# Tm )QڷC{*lW|ʌŦ\ǃ$zLAa&0cߘ6?n/wC Ɵ7ʔ<,hls$ͯ> 2U tg)Ed;6蓙`s`ӣisv5+Qg ZiѴ©uOkq&$j ~U"kuqukA.G{uJ$*zx06T,cNAqJT)8>^ֵpޏ Ȣ-Jȟ3@5m*ȢSiR.gfPyD.)v [9>cKn~.Ew$)oƎr -T9'"QQwdzr©$ӑV"B5%!76My<2:FDK?q$עk YVTU#N𻮸` S"qetGw}BJ}"SR~0C&*_T/_em棃|3D,r]5L,DTi[6c$94eqEI`^[Hd7w렼 zd'?s9V_iupG0pnv5? _cUq=9o>"LK|1)H$K_1UsCPaLXne XscZG-C,5`vx×!:Cd Ψ츊!"l5J[7}Y Q-Nz&h 7ρWjb8-HWÓ#i \%y>):&#i[}Qh6s9r߸KCpAn LHwϟtA~Zj(+ n/0u\U7}]1%}صknU"}pJ]ussARlw@s"ZqafGMz,.rbܐ}lC|)mi{oO(IDΆ_^ȏarA25d7uu[`|M Ҁ̇jd i׏4M 'ΖU%" K#6z]momEk-|+Zx"ƭzvǡQ3T}fs +w{yquq:*at3`|ֳ)R@ƒ5Z0 HT"}۾x;7Kn϶V4kr=sT:NgdH^@3f6Q4f6U? wBD˂Q$D'U҃H'TLyRz`Wְ^r{ԁ`~ ن\$R+Y4pq, g keTߺ;eDjBlF P潺5 G%e[mos1wmTȷ 2CYu2) x`2,М g`XARO-E*~| B5(.rS1)W9"LLww]+tAȮW^>0K7 ϛ8]/^0I#DGvb9oOtdY\^ <j{#W|_DǶ}4糧Pj/Ä^6)]t8{f[+sq IUӛC DBNX>[#kENJFNÀv\ƿrq@,ٚe# ,+' kDZc/~TĮQXTM{ąUvދ!.-j4Q6` vU `34HݔS~g9 `5!2jH : 6g.>B@:>>VxzDSGf 1Es^Ǡ*1Vt ]p̈b(Ά$yrqQNs3ޞXl}1j-}iaBNՙ#͹\[JƛG&4Q tBo8D?`^*C/Z !VsXH̀7C&PhM;/ڹ+|]q`-3~ؐklaG|]D0AhL) h NJ[L^C$)߿^K~~zltwZc*vRA18 ̓ $ϖ}@7&@NCrͷrܽzjp?m Ba@L=O F=]Pe8uuv . C|S{ M ljď1VU>i@㼈q[Uw8'ۧPJpOVw*$&n -8OoG{!%rޒgh':rV$xM PFFQY$! f)Ҝ~E@`3bXڶ|}# Fd*XDQR=kz')�|E+~XP\9CIKVh:& <+rpo/^>غz%<={o)蛽 , aWS>C"NpdĜ/DcÍ{i/}H9ԙa;X#U.ŷ*t)]Bd#5Hو8 b^e(KMAP $/Ic:1qNOϱ^3)oٺ[ VWg͎ZԈx}@:U Bu3ƎmvMxpF-xn~QDRmu0yej8ͺ{9BV tpY<[{fW*a 9*Y `oXឦJvUb a%mcwWmrܐmlOSW*,wZDX ~q< 4]%}+^}6kjϰCʎL)e㕠۵_ TU 2K,*/Yey6J}*:m#Z(n#N;:PrMEg`<.Wٹ y&eVH_FyJfv ju>r.N8YfG09pޕ:9?NЗS AwM8IRC\I8խ7f#[lw=rcon B&#wo_JmzrG DnNFC>b?q@kw|6;VIUoAW+d)fmn_Sޫ?Brg4Hu(kR \*(^X#ҕօ͚+)ӄft9F _.͉)rߍw/8vJ6́Bg oo/ gf{}6LLr3)_F䫫]-xK)]w1PQy$ K ta TnK: 軺T&LǪNPv0\11Iq法JucVKj22p), =\~yV1 cn^S֡u[Yb& ?쵾RiSyUC 5rqzg,aQ^ G䂅;V5ŘH5fBfHIʄ0LVr3Q-=#aϰx>| ^v]3U ܂EUC4Fs [Ld7~U dr| -b!9pgxŜ]c:گ %XYx؞ }q8N=DGE$.{*arKL3hݾ:XxS |Jvp U׬"SS`䉡g*ua1̿& +|ؓH)%K T }n;{Q=Hmz2W;^ht9ou6FF%xihسXi/C;<#1Cqnݤ.VKEBG뉟ϋhPnoÓM޳ G.CP\B }[Sͭz, |'q^!m`D\IUvb8gɔ727x0}5&S3TfاQhu\.k ~ucЎ\ F²` ƌףL:>YV#y PԱ%Vz[/z ѝ /tk\ fF39%=0,HYVDM'0C}1̦-PueDTF<⥭A#hxnЄ~0e.tt­CzohșC3+"+1ك^L:UP9=-QżF=І\ Nvoo m`q|mB` VICj44T٫0̺F2᛼{Ex᦮q>Aź(]H?Y_t?;^aWF2KsM YZ