sssd-ad-1.13.3-58.el6_9$>oT!+O)>5?d   6 "6TZd|     .LlAA .A   ( 8 9:f*GHIXY(\L]d^b,deflCsssd-ad1.13.358.el6_9The AD back end of the SSSDProvides the Active Directory back end that the SSSD can utilize to fetch identity data from and authenticate against an Active Directory server.ZTx86-01.bsys.centos.org7CentOSGPLv3+CentOS BuildSystem Applications/Systemhttp://fedorahosted.org/sssd/linuxx86_64(K'5}A큤ZSZSZTVpnZSZS0d0fff06aa10fec374b67f3378784b964e61f7fda767cbf5a916610f423cf81e6c2bf229bbbe458b78442036a00945700552178147934d8bebe73b1a0c16e06a8ceb4b9ee5adedde47b31e975c1d90c73ad27b6b165a1dcd80c7c545eb65b90390328f0f4d649aa9caf29fc016858218cc19d19107f2691c6fabe1e32ea7d8f578db51ca3a7af6393f58494322644b5bcf4b53b216f4dd043557e55348b4dc0arootrootrootrootrootrootrootrootrootrootrootrootsssd-1.13.3-58.el6_9.src.rpmlibsss_ad.so()(64bit)sssd-adsssd-ad(x86-64)   @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ sssd-commonsssd-krb5-commonbind-utilssssd-common-pacrpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(CompressedFileNames)libbasicobjects.so.0()(64bit)libcollection.so.4()(64bit)libcom_err.so.2()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libdbus-1.so.3()(64bit)libdhash.so.1()(64bit)libdhash.so.1(DHASH_0.4.3)(64bit)libdl.so.2()(64bit)libglib-2.0.so.0()(64bit)libini_config.so.5()(64bit)libini_config.so.5(INI_CONFIG_1.1.0)(64bit)libk5crypto.so.3()(64bit)libkeyutils.so.1()(64bit)libkrb5.so.3()(64bit)liblber-2.4.so.2()(64bit)libldap-2.4.so.2()(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnspr4.so()(64bit)libnss3.so()(64bit)libnssutil3.so()(64bit)libpcre.so.0()(64bit)libplc4.so()(64bit)libplds4.so()(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libref_array.so.1()(64bit)librt.so.1()(64bit)libsamba-util.so.0()(64bit)libsasl2.so.2()(64bit)libsmime3.so()(64bit)libssl3.so()(64bit)libsss_cert.so()(64bit)libsss_child.so()(64bit)libsss_crypt.so()(64bit)libsss_debug.so()(64bit)libsss_idmap.so.0()(64bit)libsss_idmap.so.0(SSS_IDMAP_0.4)(64bit)libsss_krb5_common.so()(64bit)libsss_ldap_common.so()(64bit)libsss_util.so()(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb.so.1()(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)rtld(GNU_HASH)rpmlib(PayloadIsXz)1.13.3-58.el6_91.13.3-58.el6_91.13.3-58.el6_94.6.0-14.0-13.0.4-15.2-1sssd1.10.0-8.beta24.8.0ZX@YyX6@X6@XS@XOXJXGXF@X@X6@X6@X-X!@X!@X&X X X WWWW@W@W_@W_@WWW@W@W@W@Wi,@WYZ@WPWPV@VJVJVV@VՄ@VՄ@V@V&@V=@V=@V@V@V@VvV%@V%@V%@VVVVVpVii@V\:@VXEVV@VV@VV@VMV2 @Vf@Vf@Vf@UAUUuUn@UmUjUcUcUUUUUJ@UB@UB@U@U?v@U>$U8U.RU.RU-@U-@U-@U-@UF@UF@UUUUUU U U U@U@U@U@T9TTTTTTT@T@T~T~Tk4Tk4T$TTT@SvSvSvS%@S0S<@S<@S<@SSSSSSS/S/S;@SFS@S@S@S@S@S@Si@S@SSS!@SsZSpSNpS 4@S 4@RRRRRRfhRD!R1R%@R @R @RR|R|R|R|R|RRRRRRRRRRRRR@R@R@R@R@R@R@R@R@R@Q@Q@QQ*@Q?@QQvwQkQIQ5@Q0@Q']Q @PPPP@P@P@P-P@P@P@PDPDPDPDP[PPPPP@P@P@P@PPPPPPPP @P @P @P @P @P @Pf@PPPPP @P @P @P @P@P@P@PPPPPPPP@P@P@PpPpPpP@P@P@P@P@P@P@PP@PP@P@P@P@P@PPXPP{P{P{Pz@PqnPl(PaP`K@P#@Oĺ@O"O"OOO@OO~O@OOO@O@Ou@Ou@Oc+@O]@OYOOdON@OLOLOLOLOLO;@O5O1@ObN@NNNN@NNNj@NN$@N$@NN@N@Nx@Nm@Ng\N[@NTN?N:N:N:NNN|@M{@M{@Mߒ@M@M۝M۝M@MM@M@M3@MM>M>M@MM@M@Mx@MM=M=MwkMwkMv@MtMtMc@Mc@MbSM_MQ0@MJMGMA^@MA^@MA^@M.@M9L!L@L@L@L@LNLNL@L@LA@L@Lk@LYV@LRLI@L7@L(L_LLGKj@KK@KK@KK[K@KK~}@K]KY@KO@KKK/c@K+nK"4@KJJ@JJJkJJ@JJp9JlE@J?r@J0J,@IcIcIzI)@I)@I)@IV@IV@I@I@III@Jakub Hrozek - 1.13.3-58Jakub Hrozek - 1.13.3-57Lukas Slebodnik - 1.13.3-56Lukas Slebodnik - 1.13.3-55Jakub Hrozek - 1.13.3-54Jakub Hrozek - 1.13.3-53Jakub Hrozek - 1.13.3-52Jakub Hrozek - 1.13.3-51Jakub Hrozek - 1.13.3-50Jakub Hrozek - 1.13.3-49Jakub Hrozek - 1.13.3-48Jakub Hrozek - 1.13.3-47Jakub Hrozek - 1.13.3-46Jakub Hrozek - 1.13.3-45Jakub Hrozek - 1.13.3-44Jakub Hrozek - 1.13.3-43Jakub Hrozek - 1.13.3-42Jakub Hrozek - 1.13.3-41Jakub Hrozek - 1.13.3-40Jakub Hrozek - 1.13.3-39Jakub Hrozek - 1.13.3-38Jakub Hrozek - 1.13.3-37Jakub Hrozek - 1.13.3-36Jakub Hrozek - 1.13.3-35Jakub Hrozek - 1.13.3-34Jakub Hrozek - 1.13.3-33Jakub Hrozek - 1.13.3-32Jakub Hrozek - 1.13.3-31Jakub Hrozek - 1.13.3-30Jakub Hrozek - 1.13.3-29Jakub Hrozek - 1.13.3-28Jakub Hrozek - 1.13.3-27Jakub Hrozek - 1.13.3-26Jakub Hrozek - 1.13.3-25Jakub Hrozek - 1.13.3-24Jakub Hrozek - 1.13.3-23Jakub Hrozek - 1.13.3-22Jakub Hrozek - 1.13.3-21Jakub Hrozek - 1.13.3-20Jakub Hrozek - 1.13.3-19Jakub Hrozek - 1.13.3-18Jakub Hrozek - 1.13.3-17Jakub Hrozek - 1.13.3-16Jakub Hrozek - 1.13.3-15Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-14Jakub Hrozek - 1.13.3-13Jakub Hrozek - 1.13.3-12Jakub Hrozek - 1.13.3-11Jakub Hrozek - 1.13.3-10Jakub Hrozek - 1.13.3-9Jakub Hrozek - 1.13.3-8Jakub Hrozek - 1.13.3-7Jakub Hrozek - 1.13.3-6Jakub Hrozek - 1.13.3-5Jakub Hrozek - 1.13.3-4Jakub Hrozek - 1.13.3-3Jakub Hrozek - 1.13.3-2Jakub Hrozek - 1.13.3-1Jakub Hrozek - 1.13.2-7Jakub Hrozek - 1.13.2-6Jakub Hrozek - 1.13.2-5Jakub Hrozek - 1.13.2-4Jakub Hrozek - 1.13.2-3Jakub Hrozek - 1.13.2-2Jakub Hrozek - 1.13.2-1Jakub Hrozek - 1.13.1-1Jakub Hrozek - 1.12.4-51Jakub Hrozek - 1.12.4-50Jakub Hrozek - 1.12.4-49Jakub Hrozek - 1.12.4-48Jakub Hrozek - 1.12.4-47Jakub Hrozek - 1.12.4-46Jakub Hrozek - 1.12.4-45Jakub Hrozek - 1.12.4-44Jakub Hrozek - 1.12.4-43Jakub Hrozek - 1.12.4-42Jakub Hrozek - 1.12.4-41Jakub Hrozek - 1.12.4-40Jakub Hrozek - 1.12.4-39Jakub Hrozek - 1.12.4-38Jakub Hrozek - 1.12.4-37Jakub Hrozek - 1.12.4-36Jakub Hrozek - 1.12.4-35Jakub Hrozek - 1.12.4-34Jakub Hrozek - 1.12.4-33Jakub Hrozek - 1.12.4-32Jakub Hrozek - 1.12.4-31Jakub Hrozek - 1.12.4-30Jakub Hrozek - 1.12.4-29Jakub Hrozek - 1.12.4-28Jakub Hrozek - 1.12.4-27Jakub Hrozek - 1.12.4-26Jakub Hrozek - 1.12.4-25Jakub Hrozek - 1.12.4-24Jakub Hrozek - 1.12.4-23Jakub Hrozek - 1.12.4-22Jakub Hrozek - 1.12.4-21Jakub Hrozek - 1.12.4-20Jakub Hrozek - 1.12.4-19Jakub Hrozek - 1.12.4-18Jakub Hrozek - 1.12.4-17Jakub Hrozek - 1.12.4-16Jakub Hrozek - 1.12.4-15Jakub Hrozek - 1.12.4-14Jakub Hrozek - 1.12.4-13Jakub Hrozek - 1.12.4-12Jakub Hrozek - 1.12.4-11Jakub Hrozek - 1.12.4-10Jakub Hrozek - 1.12.4-9Jakub Hrozek - 1.12.4-8Jakub Hrozek - 1.12.4-7Jakub Hrozek - 1.12.4-6Jakub Hrozek - 1.12.4-5Jakub Hrozek - 1.12.4-4Jakub Hrozek - 1.12.4-3Jakub Hrozek - 1.12.4-2Jakub Hrozek - 1.12.4-1Jakub Hrozek - 1.11.6-33Jakub Hrozek - 1.11.6-32Jakub Hrozek - 1.11.6-31Jakub Hrozek - 1.11.6-30Jakub Hrozek - 1.11.6-29Jakub Hrozek - 1.11.6-28Jakub Hrozek - 1.11.6-27Jakub Hrozek - 1.11.6-26Jakub Hrozek - 1.11.6-25Jakub Hrozek - 1.11.6-24Jakub Hrozek - 1.11.6-23Jakub Hrozek - 1.11.6-22Jakub Hrozek - 1.11.6-21Jakub Hrozek - 1.11.6-20Jakub Hrozek - 1.11.6-19Jakub Hrozek - 1.11.6-18Jakub Hrozek - 1.11.6-17Jakub Hrozek - 1.11.6-16Jakub Hrozek - 1.11.6-15Jakub Hrozek - 1.11.6-14Jakub Hrozek - 1.11.6-13Jakub Hrozek - 1.11.6-12Jakub Hrozek - 1.11.6-11Jakub Hrozek - 1.11.6-10Jakub Hrozek - 1.11.6-9Jakub Hrozek - 1.11.6-8Jakub Hrozek - 1.11.6-7Jakub Hrozek - 1.11.6-6Jakub Hrozek - 1.11.6-5Jakub Hrozek - 1.11.6-4Jakub Hrozek - 1.11.6-3Jakub Hrozek - 1.11.6-2Jakub Hrozek - 1.11.6-1Jakub Hrozek - 1.11.5.1-4Jakub Hrozek - 1.11.5.1-3Jakub Hrozek - 1.11.5.1-2Jakub Hrozek - 1.11.5.1-1Jakub Hrozek - 1.9.2-134Jakub Hrozek - 1.9.2-133Jakub Hrozek - 1.9.2-132Jakub Hrozek - 1.9.2-131Jakub Hrozek - 1.9.2-130Jakub Hrozek - 1.9.2-129Jakub Hrozek - 1.9.2-128Jakub Hrozek - 1.9.2-127Jakub Hrozek - 1.9.2-126Jakub Hrozek - 1.9.2-125Jakub Hrozek - 1.9.2-124Jakub Hrozek - 1.9.2-123Jakub Hrozek - 1.9.2-122Jakub Hrozek - 1.9.2-121Jakub Hrozek - 1.9.2-120Jakub Hrozek - 1.9.2-119Jakub Hrozek - 1.9.2-118Jakub Hrozek - 1.9.2-117Jakub Hrozek - 1.9.2-116Jakub Hrozek - 1.9.2-115Jakub Hrozek - 1.9.2-114Jakub Hrozek - 1.9.2-113Jakub Hrozek - 1.9.2-112Jakub Hrozek - 1.9.2-111Jakub Hrozek - 1.9.2-110Jakub Hrozek - 1.9.2-109Jakub Hrozek - 1.9.2-108Jakub Hrozek - 1.9.2-107Jakub Hrozek - 1.9.2-106Jakub Hrozek - 1.9.2-105Jakub Hrozek - 1.9.2-104Jakub Hrozek - 1.9.2-103Jakub Hrozek - 1.9.2-102Jakub Hrozek - 1.9.2-101Jakub Hrozek - 1.9.2-100Jakub Hrozek - 1.9.2-99Jakub Hrozek - 1.9.2-98Jakub Hrozek - 1.9.2-97Jakub Hrozek - 1.9.2-96Jakub Hrozek - 1.9.2-95Jakub Hrozek - 1.9.2-94Jakub Hrozek - 1.9.2-93Jakub Hrozek - 1.9.2-92Jakub Hrozek - 1.9.2-91Jakub Hrozek - 1.9.2-90Jakub Hrozek - 1.9.2-89Jakub Hrozek - 1.9.2-88Jakub Hrozek - 1.9.2-87Jakub Hrozek - 1.9.2-86Jakub Hrozek - 1.9.2-85Jakub Hrozek - 1.9.2-84Jakub Hrozek - 1.9.2-83Jakub Hrozek - 1.9.2-82Jakub Hrozek - 1.9.2-81Jakub Hrozek - 1.9.2-80Jakub Hrozek - 1.9.2-79Jakub Hrozek - 1.9.2-78Jakub Hrozek - 1.9.2-77Jakub Hrozek - 1.9.2-76Jakub Hrozek - 1.9.2-75Jakub Hrozek - 1.9.2-74Jakub Hrozek - 1.9.2-73Jakub Hrozek - 1.9.2-72Jakub Hrozek - 1.9.2-71Jakub Hrozek - 1.9.2-70Jakub Hrozek - 1.9.2-69Jakub Hrozek - 1.9.2-68Jakub Hrozek - 1.9.2-67Jakub Hrozek - 1.9.2-66Jakub Hrozek - 1.9.2-65Jakub Hrozek - 1.9.2-64Jakub Hrozek - 1.9.2-63Jakub Hrozek - 1.9.2-62Jakub Hrozek - 1.9.2-61Jakub Hrozek - 1.9.2-60Jakub Hrozek - 1.9.2-59Jakub Hrozek - 1.9.2-58Jakub Hrozek - 1.9.2-57Jakub Hrozek - 1.9.2-56Jakub Hrozek - 1.9.2-55Jakub Hrozek - 1.9.2-54Jakub Hrozek - 1.9.2-53Jakub Hrozek - 1.9.2-52Jakub Hrozek - 1.9.2-51Jakub Hrozek - 1.9.2-50Jakub Hrozek - 1.9.2-49Jakub Hrozek - 1.9.2-48Jakub Hrozek - 1.9.2-47Jakub Hrozek - 1.9.2-46Jakub Hrozek - 1.9.2-45Jakub Hrozek - 1.9.2-44Jakub Hrozek - 1.9.2-43Jakub Hrozek - 1.9.2-42Jakub Hrozek - 1.9.2-41Jakub Hrozek - 1.9.2-40Jakub Hrozek - 1.9.2-39Jakub Hrozek - 1.9.2-38Jakub Hrozek - 1.9.2-37Jakub Hrozek - 1.9.2-36Jakub Hrozek - 1.9.2-35Jakub Hrozek - 1.9.2-34Jakub Hrozek - 1.9.2-33Jakub Hrozek - 1.9.2-32Jakub Hrozek - 1.9.2-31Jakub Hrozek - 1.9.2-30Jakub Hrozek - 1.9.2-29Jakub Hrozek - 1.9.2-28Jakub Hrozek - 1.9.2-27Jakub Hrozek - 1.9.2-26Jakub Hrozek - 1.9.2-25Jakub Hrozek - 1.9.2-24Jakub Hrozek - 1.9.2-23Jakub Hrozek - 1.9.2-22Jakub Hrozek - 1.9.2-21Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-20Jakub Hrozek - 1.9.2-19Jakub Hrozek - 1.9.2-18Jakub Hrozek - 1.9.2-17Jakub Hrozek - 1.9.2-16Jakub Hrozek - 1.9.2-15Jakub Hrozek - 1.9.2-14Jakub Hrozek - 1.9.2-13Jakub Hrozek - 1.9.2-12Jakub Hrozek - 1.9.2-11Jakub Hrozek - 1.9.2-10Jakub Hrozek - 1.9.2-9Jakub Hrozek - 1.9.2-8Jakub Hrozek - 1.9.2-7Jakub Hrozek - 1.9.2-6Jakub Hrozek - 1.9.2-5Jakub Hrozek - 1.9.2-4Jakub Hrozek - 1.9.2-3Jakub Hrozek - 1.9.2-2Jakub Hrozek - 1.9.2-1Jakub Hrozek - 1.9.1-1Jakub Hrozek - 1.9.0-3Jakub Hrozek - 1.9.0-2Jakub Hrozek - 1.9.0-1.rc1Jakub Hrozek - 1.8.0-33Stephen Gallagher - 1.8.0-32Stephen Gallagher - 1.8.0-31Stephen Gallagher - 1.8.0-30Stephen Gallagher - 1.8.0-29Stephen Gallagher - 1.8.0-28Stephen Gallagher - 1.8.0-27Stephen Gallagher - 1.8.0-26Stephen Gallagher - 1.8.0-25Stephen Gallagher - 1.8.0-24Stephen Gallagher - 1.8.0-23Stephen Gallagher - 1.8.0-22Stephen Gallagher - 1.8.0-21Stephen Gallagher - 1.8.0-20Stephen Gallagher - 1.8.0-18Stephen Gallagher - 1.8.0-17Stephen Gallagher - 1.8.0-15Stephen Gallagher - 1.8.0-12Stephen Gallagher - 1.8.0-11Stephen Gallagher - 1.8.0-10Stephen Gallagher - 1.8.0-9Stephen Gallagher - 1.8.0-8Stephen Gallagher - 1.8.0-7Stephen Gallagher - 1.8.0-6Stephen Gallagher - 1.8.0-5Stephen Gallagher - 1.8.0-4.beta3Stephen Gallagher - 1.8.0-3.beta2Stephen Gallagher - 1.8.0-2.beta2Stephen Gallagher - 1.5.1-68Stephen Gallagher - 1.5.1-67Stephen Gallagher - 1.5.1-66Stephen Gallagher - 1.5.1-65Stephen Gallagher - 1.5.1-64Stephen Gallagher - 1.5.1-63Stephen Gallagher - 1.5.1-62Stephen Gallagher - 1.5.1-61Stephen Gallagher - 1.5.1-60Stephen Gallagher - 1.5.1-59Stephen Gallagher - 1.5.1-58Stephen Gallagher - 1.5.1-57Stephen Gallagher - 1.5.1-56Stephen Gallagher - 1.5.1-55Stephen Gallagher - 1.5.1-53Stephen Gallagher - 1.5.1-52Stephen Gallagher - 1.5.1-51Stephen Gallagher - 1.5.1-50Stephen Gallagher - 1.5.1-49Stephen Gallagher - 1.5.1-48Stephen Gallagher - 1.5.1-47Stephen Gallagher - 1.5.1-46Stephen Gallagher - 1.5.1-45Stephen Gallagher - 1.5.1-44Stephen Gallagher - 1.5.1-43Stephen Gallagher - 1.5.1-42Stephen Gallagher - 1.5.1-41Stephen Gallagher - 1.5.1-40Stephen Gallagher - 1.5.1-39Stephen Gallagher - 1.5.1-38Stephen Gallagher - 1.5.1-37Stephen Gallagher - 1.5.1-36Stephen Gallagher - 1.5.1-35Stephen Gallagher - 1.5.1-34Stephen Gallagher - 1.5.1-33Stephen Gallagher - 1.5.1-32Stephen Gallagher - 1.5.1-31Stephen Gallagher - 1.5.1-30Stephen Gallagher - 1.5.1-29Stephen Gallagher - 1.5.1-28Stephen Gallagher - 1.5.1-27Stephen Gallagher - 1.5.1-26Stephen Gallagher - 1.5.1-25Stephen Gallagher - 1.5.1-24Stephen Gallagher - 1.5.1-23Stephen Gallagher - 1.5.1-21Stephen Gallagher - 1.5.1-20Stephen Gallagher - 1.5.1-17Stephen Gallagher - 1.5.1-16Stephen Gallagher - 1.5.1-15Stephen Gallagher - 1.5.1-14Stephen Gallagher - 1.5.1-13Stephen Gallagher - 1.5.1-12Stephen Gallagher - 1.5.1-11Stephen Gallagher - 1.5.1-10Stephen Gallagher - 1.5.1-9Stephen Gallagher - 1.5.1-8Stephen Gallagher - 1.5.1-7Stephen Gallagher - 1.5.1-6Stephen Gallagher - 1.5.1-5Stephen Gallagher - 1.5.1-4Stephen Gallagher - 1.5.1-3Stephen Gallagher - 1.5.1-2Stephen Gallagher - 1.5.1-1Stephen Gallagher - 1.5.0-2Stephen Gallagher - 1.5.0-1Stephen Gallagher - 1.2.1-28.4Stephen Gallagher - 1.2.1-36Stephen Gallagher - 1.2.1-35Stephen Gallagher - 1.2.1-28.3Stephen Gallagher - 1.2.1-34Stephen Gallagher - 1.2.1-28.2Stephen Gallagher - 1.2.1-33Stephen Gallagher - 1.2.1-28.1Stephen Gallagher - 1.2.1-32Stephen Gallagher - 1.2.1-29Stephen Gallagher - 1.2.1-28Stephen Gallagher - 1.2.1-27Stephen Gallagher - 1.2.1-26Stephen Gallagher - 1.2.1-23Stephen Gallagher - 1.2.1-21Stephen Gallagher - 1.2.1-20Stephen Gallagher - 1.2.1-19Stephen Gallagher - 1.2.1-15Stephen Gallagher - 1.2.0-14Stephen Gallagher - 1.2.0-13Stephen Gallagher - 1.2.0-12Stephen Gallagher - 1.1.92-11.1Stephen Gallagher - 1.1.92-11Stephen Gallagher - 1.1.91-10Simo Sorce - 1.1.1-3Stephen Gallagher - 1.1.1-1Stephen Gallagher - 1.1.0-2Stephen Gallagher - 1.1.0-1.pre20100317git0ea7f19Stephen Gallagehr - 1.0.5-2Stephen Gallagher - 1.0.5-1Stephen Gallagher - 1.0.4-1Stephen Gallagher - 1.0.3-1Stephen Gallagher - 1.0.2-1Stephen Gallagher - 1.0.1-1Stephen Gallagher - 1.0.0-2Stephen Gallagher - 1.0.0-1Stephen Gallagher - 0.99.1-1Stephen Gallagher - 0.99.0-1Stephen Gallagher - 0.7.1-1Stephen Gallagher - 0.7.0-2Stephen Gallagher - 0.7.0-1Stephen Gallagher - 0.6.1-2Stephen Gallagher - 0.6.1-1Stephen Gallagher - 0.6.0-1Sumit Bose - 0.6.0-0Simo Sorce - 0.5.0-0Jakub Hrozek - 0.4.1-4Fedora Release Engineering - 0.4.1-3Simo Sorce - 0.4.1-2Simo Sorce - 0.4.1-1Simo Sorce - 0.4.1-0Simo Sorce - 0.3.2-2Jakub Hrozek - 0.3.2-1Simo Sorce - 0.3.1-2Simo Sorce - 0.3.1-1Simo Sorce - 0.3.0-2Simo Sorce - 0.3.0-1Simo Sorce - 0.2.1-1Simo Sorce - 0.2.0-1Jakub Hrozek - 0.1.0-5.20090309git691c9b3Jakub Hrozek - 0.1.0-4Sumit Bose - 0.1.0-3Jakub Hrozek - 0.1.0-2Stephen Gallagher - 0.1.0-1- Resolves: rhbz#1534618 - ABRT crash - /usr/libexec/sssd/sssd_nss [rhel-6.9.z]- Resolves: rhbz#1473005 - The originalMemberOf attribute disappears from the cache, causing intermittent HBAC issues- Resolves: rhbz#1404697 - SSSD does not skip GPO if no gpcFunctionalityVersion present - Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory- Resolves: rhbz#1415785 - ldap_child does not remove temporary files when it's killed with SIGTERM- Apply several more smartcard-related patches. - Related: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard- Resolves: rhbz#1400643 - sssd prevents sudo from getting data from LDAP- Resolves: rhbz#1393592 - SSH-CERT: always initialize cert_verify_opts- Revert the ding-libs requirement - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Related: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Require the matching version of ding-libs - Related: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Fix a coverity warning - Related: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1382395 - sudo: ignore case on case insensitive domains- Resolves: rhbz#1369921 - Members of nested netgroups configured in IdM cannot be seen by getent on clients- Resolves: rhbz#1324428 - [RFE] Discover forest's root SID even if subdomains_provider = none- Resolves: rhbz#1367802 - using overides causes segfault in libldb- Resolves: rhbz#1329378 - pam_sss set KRB5CCNAME with sudo logins- Resolves: rhbz#1382603 - autofs map resolution doesn't work offline- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1321884 - IPA sudo: support the externalUser attribute- Resolves: rhbz#1299994 - ssh client checks only the first certificate on a smartcard when the card has multiple certs - Resolves: rhbz#1300421 - Screen locks and smart card is removed - must show a message to insert the correct smartcard - Resolves: rhbz#1372681 - ssh with Smartcards - skip invalid certificates- Resolves: rhbz#1329648 - Protocol error with IPA on RHEL-6 - Resolves: rhbz#1329647 - IPA view: view name not stored properly with default FreeIPA installation- Resolves: rhbz#1339986 - [sssd-ldap] man page needs attention- Resolves: rhbz#1327272 - local overrides: issues with sub-domain users and mixed case names- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1374813 - SSSD fails to process GPO from Active Directory.- Resolves: rhbz#1377782 - sssd is looking at a server in the GC of a subdomain, not the root domain.- Resolves: rhbz#1365218 - SSSD does not fail over to next GC- Resolves: rhbz#1367435 - Intermittent sssd auth failures- Resolves: rhbz#1369079 - sssd runs out of available child slots and starts queuing requests in proxy mode- Resolves: rhbz#1338619 - segmentation fault in sssd after upgrade to sssd-1.13.3-22.el6.x86_64 when upgrading cache- Resolves: rhbz#1324107 - GPO: Access denied after blocking connection to AD.- Resolves: rhbz#1293168 - Inconsistent user synching between IPA and AD- Resolves: rhbz#1340927 - sssd-common requires libnfsidmap- Resolves: rhbz#1340176 - The AD keytab renewal task leaks a file descriptor- Resolves: rhbz#1335400 - In IPA-AD trust environment access is granted to AD user even if the user is disabled on AD.- Resolves: rhbz#1336453 - sssd_be doesn't terminate forked child process if adcli is not installed- Resolves: rhbz#1312062 - sssd does not pass LDAP rules to sudo- Resolves: rhbz#1313940 - SSSD PAM module does not support multiple password prompts (e.g. Password + Token) with sudo- Actually apply patches from previous build - Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1313940 - sudorule not working with ipa sudo_provider- Resolves: rhbz#1209600 - Getting ERROR (getpwnam() failed): Broken pipe with 1.11.6- Backport of a more minimal dependency patch to avoid changes to AD provider behaviour - Related: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1308939 - After removing certificate from user in IPA and even after sss_cache, FindByCertificate still finds the user- Require a newer selinux-policy to avoid issues when prompting for SC PIN - Related: rhbz#1299066 - smartcard login does not prompt for pin when ocsp checking is enabled (default config)- Resolves: rhbz#1264705 - Allow SSSD to notify user of denial due to AD account lockout- Resolves: rhbz#1259687 - sssd_nss memory usage keeps growing on sssd-1.12.4-47.el6.x86_64 (RHEL6.7) when trying to retrieve non-existing netgroups- Update sssd-ldap man page for the recent ID mapping changes - Related: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1295883 - refresh_expired_interval stops sss_cache from working- Resolves: rhbz#1268902 - SSSD doesn't set the ID mapping range automatically- Resolves: rhbz#1298253 - Screen lock prompts for smartcard user password and not smartcard pin when logged in using smartcard pin- Resolves: rhbz#1292458 - sssd_be AD segfaults on missing A record- Resolves: rhbz#1262981 - sssd dereference processing failed : Input/output error- Resolves: rhbz#1290761 - [RFE] Support Automatic Renewing of Kerberos Host Keytabs- Resolves: rhbz#1244957 - [RFE] SUDO: Support the IPA schema- Resolves: rhbz#1298634 - Cannot retrieve users after upgrade from 1.12 to 1.13- Resolves: rhbz#1287807 - SRV lookup for KDC servers doesn't work- Resolves: rhbz#1273802 - ad_site parameter does not work- Fix memory leak in the NFS plugin - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Resolves: rhbz#1296620 - Properly remove OriginalMemberOf attribute in SSSD cache if user has no secondary groups anymore - Resolves: rhbz#1283898 - MAN: Clarify that subdomains always use service discovery- Rebase to 1.13.3 - Remove setuid bit from proxy_child, RHEL-6 doesn't support running SSSD as a non-privileged user - Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Don't own files as the SSSD user - Resolves: rhbz#1289482 - warning: user sssd does not exist - using root- Resolves: rhbz#1279971 - groups get deleted from the cache- The p11_child doesn't have to run privileged anymore, remove the setuid bit - Related: rhbz#1270027 - [RFE] Support for smart cards- Resolves: rhbz#1266108 - Check next certificate on smart card if first is not valid - Also enable OCSP checks- Resolves: rhbz#1285852 - sssd: [sysdb_add_user] (0x0400): Error: 17 (File exists)- Silence compilation warnings and Coverity issues - Related: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - Squash in packaging review changes by lslebodn@redhat.com- Resolves: rhbz#1269820 - Rebase SSSD to 1.13.x in RHEL-6.8 - The rebase also resolves the following bugzillas: - Resolves: rhbz#1270029 - [RFE] Add a way to lookup users based on CAC identity certificates - Resolves: rhbz#1270027 - [RFE] Support for smart cards - Resolves: rhbz#1269422 - [FEAT] UID and GID mapping on individual clients - Resolves: rhbz#1269421 - [RFE] The fast memory cache should cache initgroups - Resolves: rhbz#1265429 - If the site discovery fails, ad-site option is not taken into account. - Resolves: rhbz#1254193 - Fix for cyclic dependencies between sssd-{krb5,}-common - Resolves: rhbz#1247997 - [IPA/IdM] sudoOrder not honored as expected - Resolves: rhbz#1237142 - [RFE] authenticate against cache in SSSD - Resolves: rhbz#1232632 - Kerberos-based providers other than krb5 do not queue requests - Resolves: rhbz#1227804 - Group members are not turned into ghost entries when the user is purged from the SSSD cache - Resolves: rhbz#1227685 - sssd with ldap backend throws error domain log - Resolves: rhbz#1221365 - [RFE] Support GPOs from different domain controllers - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1196204 - sssd cache holding gid values for nss, but not the alpha group name representation - Resolves: rhbz#1194039 - [RFE] User's home directories are not taken from AD when there is an IPA trust with AD- Resolves: rhbz#1266404 - Memory leak / possible DoS with krb auth.- Resolves: rhbz#1264524 - SSSD POSIX attribute check is too strict- Resolves: rhbz#1255285 - cleanup_groups should sanitize dn of groups- Resolves: rhbz#1251349 - sysdb sudo search doesn't escape special characters- Resolves: rhbz#1232738 - Cache is not updated after user is deleted from ldap server- Resolves: rhbz#1227860 - Provide a way to disable the cleanup task - Resolves: rhbz#1227863 - ignore_group_members doesn't work for subdomains- Resolves: rhbz#1226834 - id lookup for non-root domain users doesn't return all groups on first attempt- Resolves: rhbz#1225614 - IPA enumeration provider crashes- Resolves: rhbz#1212610 - sssd ad groups work intermittently- Resolves: rhbz#1215765 - sssd nss responder gets wrong number of secondary groups- Resolves: rhbz#1221358 - SSSD doesn't work with ID mapping and disabled subdomains- Resolves: rhbz#1219844 - Unable to resolve group memberships for AD users when using sssd-1.12.2-58.el7_1.6.x86_64 client in combination with ipa-server-3.0.0-42.el6.x86_64 with AD Trust- Resolves: rhbz#1216094 - /usr/libexec/sssd/selinux_child crashes and gets avc denial when ssh- Include several upstream fixes related to ID views - Resolves: rhbz#1215195 - Override for IPA users with login does not list user all groups - Resolves: rhbz#1213947 - Group resolution is inconsistent with group overrides - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1217328 - autofs provider fails when default_domain_suffix and use_fully_qualified_names set- Resolves: rhbz#1212387 - sssd_be segfault id_provider = ad src/providers/ad/ad_gpo.c:843- Resolves: rhbz#1213940 - Overridde with --login fails trusted adusers group membership resolution- Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used- Resolves: rhbz#1213716 - idoverridegroup for ipa group with --group-name does not work - Resolves: rhbz#1213822 - Overrides with --login work in second attempt- Resolves: rhbz#1212017 - Sudo responder does not respect filter_users and filter_groups- Resolves: rhbz#1203642 - GPO access control looks for computer object in user's domain only- Related: rhbz#1211728 - Only set the selinux context if the context differs from the local one- Package the localauth plugin - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1207720 - id lookup resolves "Domain Local" group and errors appear in domain log- BuildRequire the proper libkrb5 version for correct localauth plugin build - Related: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Resolves: rhbz#1194367 - sssd_be dumping core- Resolves: rhbz#1206121 - ldap_access_order=ppolicy: Explicitly mention in manpage that unsupported time specification will lead to sssd denying access- Resolves: rhbz#1205382 - Properly handle AD's binary objectGUID- Resolves: rhbz#1205716 - Installing sssd-common-1.12.4-18.el6 might install with wrong user account (root)- Fix a typo in DEBUG message - Related: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Handle TTL=0 in SRV queries correctly - Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Cherry-pick unit test changes from upstream to allow cherry-picking sssd-1-12 patches - Remove unused LDAP provider code to avoid static analyser warnings - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1206092 - sssd crashes intermittently in GPO code- Resolves: rhbz#1202728 - sssd-ad requires samba3, but ipa-server-trust-ad requires samba4- Resolves: rhbz#1203630 - SSSD doesn't own the GPO cache directory- Fix warning in SELinux code - Handle setups with empty default and no SELinux maps - Related: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u - Resolves: rhbz#1202305 - sssd_be segfault on IPA(when auth with AD trusted domain) client at src/providers/ipa/ipa_s2n_exop.c:1605 - Resolves: rhbz#1201847 - SSSD downloads too much information when fetching information about groups- Fix PAM responder initgroups cache for subdomain users - Log extop failures better - Related: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution- Fix internal error codes broken when fixing rhbz#1036745 - Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Resolves: rhbz#1200093 - sssd_nss segfaults if initgroups request is by UPN and doesn't find anything- Fix Coverity warning in ldap_child - Add better debugging - Related: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1098147 - [RFE] Implement background refresh for users, groups or other cache objects- Resolves: rhbz#1173198 - [RFE] Have OpenLDAP lock out ssh keys when account naturally expires- Initialize a pointer in ldap_child to NULL - Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Relax the ldb requirement - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1194302 - With empty ipaselinuxusermapdefault security context on client is staff_u- Resolves: rhbz#1198478 - ccname_file_dummy is not unlinked on error- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query- Resolves: rhbz#1171378 - Read and use the TTL value when resolving a SRV query - Rebuild against latest krb5, add a versioned BuildRequires - Resolves: rhbz#1168357 - [RFE] Implement localauth plugin for MIT krb5 1.12- Related: rhbz#1036745 - [RFE] Allow SSSD to issue shadow expiration warning even if alternate authentication method is used- Do not mark the selinux_child helper as setuid, we don't support rootless SSSD in 6.7 - Related: rhbz#1168347 - Rebase sssd to 1.12.x- Resolves: rhbz#1168347 - Rebase sssd to 1.12.x - The rebase resolves the following RHEL bugzillas - Resolves: rhbz#1172865 - sssd.conf(5) man page gives bad advice about domains parameter - Resolves: rhbz#1172494 - PAC: krb5_pac_verify failures should not be fatal (backport fix from upstream) - Resolves: rhbz#1171782 - [RFE]: SSSD should preserve case for user uid field - Resolves: rhbz#1170910 - SSSD should not fail authentication when only allow rules are used - Resolves: rhbz#1168377 - [RFE] User's home directories and shells are not taken from AD when there is an IPA trust with AD - Resolves: rhbz#1168363 - [RFE] Add domains= option to pam_sss - Resolves: rhbz#1168344 - [RFE] ID Views: Support migration from the sync solution to the trust solution - Resolves: rhbz#1161564 - [RFE]ad provider dns_discovery_domain option: kerberos discovery is not using this option - Resolves: rhbz#1148582 - inconsistent group information when multiple ad domain sections are configured in sssd - Resolves: rhbz#1140909 - sssd.conf man page missing subdomains_provider ad support - Resolves: rhbz#1139878 - SSSD connection terminated after failing anonymous bind to IBM Tivoli Directory Server - Resolves: rhbz#1135838 - Man sssd-ldap shows parameter ldap_purge_cache_timeout with "Default: 10800 (12 hours)" - Resolves: rhbz#1135432 - Dereference code errors out when dereferencing entries protected by ACIs - Resolves: rhbz#1134942 - sssd does not recognize Windows server 2012 R2's LDAP as AD - Resolves: rhbz#1123291 - automount segfaults in sss_nss_check_header - Resolves: rhbz#1088402 - [RFE] Allow login through SSSD using multiple attributes- Resolves: rhbz#1154042 - RHEL6.6 sssd (1.11) doesn't return all group memberships against an IPA server- Resolves: rhbz#1160713 - TokenGroups for LDAP provider breaks in corner cases- Resolves: rhbz#1141814 - Password expiration policies are not being enforced by SSSD- Resolves: rhbz#1139044 - RHEL6.6 ipa user private group not found- Resolves: rhbz#1103487 - CVE-2014-0249 - sssd: incorrect expansion of group membership when encountering a non-POSIX group- Resolves: rhbz#1125187 - simple_allow_groups does not lookup groups from other AD domains- Resolves: rhbz#1127270 - sssd connect to ipa-server is long- Resolves: rhbz#1130017 - Saving group membership fails if provider is AD, POSIX attributes are used and primary group contains the user as a member- Resolves: rhbz#1111528 - Expired shadow policy user(shadowLastChange=0) is not prompted for password change- Resolves: rhbz#1132361 - use-after-free in dyndns code- Resolves: rhbz#1099290: RFE: Be able to configure sssd to honor openldap account lock to restrict access via ssh key- Use the correct sudo iterator - Related: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Add notes about offline mode to sssd.conf - Related: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1127278 - Auth fails when space in username is replaced with character set by override_default_whitespace- Resolves: rhbz#1127757 - sssd can't retrieve sudo rules when using the "default_domain_suffix" option- Resolves: rhbz#1127265 - Problems with tokengroups and ldap_group_search_base- Resolves: rhbz#1126636 - RHEL6.6 sssd not running after upgrade- Resolves: rhbz#1128612 - IFP: FQDN lookups are broken- Resolves: rhbz#1118336 - sudo: invalid sudoHost filter with asterisk- Resolves: rhbz#1110226 - Requests queued during transition from offline to online mode- Resolves: rhbz#1122873 - Failover does not always happen from SRV to hostname resolution(via /etc/hosts) - Remove spurious systemctl call on %postun- Resolves: rhbz#1111317 - [RFE] Add option for sssd to replace space with specified character in LDAP group- Resolves: rhbz#1109188 - dereferencing control failure against openldap server- Resolves: rhbz#1084532 - sssd_sudo process segfaults- Resolves: rhbz#1122158 - ad: group membership is empty when id mapping is off and tokengroups are enabled- Resolves: rhbz#1118541 - Floating point exception using ldap- Resolves: rhbz#1042922 - [RFE] Add fallback to sudoRunAs when sudoRunAsUser is not defined and no ldap_sudorule_runasuser mapping has been defined in SSSD- Resolves: rhbz#1120508 - tokengroups do not work with id_provider=ldap- Fix potential NULL dereference in IFP code - Related: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- BuildRequire the latest libini_config - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: rhbz#1110369 - sssd is started before messagebus, making sssd-ifp fail- Resolves: rhbz#1104145 - public key validator is too strict and does not allow newlines anywhere in the public key string, not even at the end- Rebase to 1.11.6 - Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Rebuild against new ding-libs - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Backport the InfoPipe patches needed for Sat6 integration - Related: #1051164 - Rebase SSSD to 1.11+ in RHEL6- Resolves: #1085412 - SSSD Crashes when storage experiences high latency- Resolves: #1051164 - Rebase SSSD to 1.11+ in RHEL6Resolves: #1036168 - sssd can't retrieve auto.master when using the "default_domain_suffix"- Resolves: #1065534 - SSSD pam module accepts usernames with leading spaces- Resolves: #1038098 - sssd_nss grows memory footprint when netgroups are requested- Allow combination of proxy id backend and LDAP auth backend - Resolves: #1025813 - SSSD: Allow for custom attributes in RDN when using id_provider = proxy- Inherit UID limits for subdomains - Resolves: #1020905 - Creating system accounts on a IdM client takes up to 10 minutes when AD trust is configured in the IdM.- Do not crash when LDAP disconnects while a search is still in progress - Resolves: #1019979 - sssd_be segfault when authenticating against active directory- More upstream fixes to prevent memcache crashes - Related: #997406 - sssd_nss core dumps under load- Resolves: #1002929 - sssd_be segfaults if IPA dynamic DNS update times out- Make IPA SELinux provider aware of subdomain users - A better version of already committed patch - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Resolves: #997406 - sssd_nss core dumps under load - Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #1002161 - large number of sudo rules results in error - Unable to create response: Invalid argument- Silence restorecon on clean install - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Make IPA SELinux provider aware of subdomain users - Resolves: #954342 - In IPA AD trust setup, the sssd logs throws 'sysdb_search_user_by_name failed' error when AD user tries to login via ipa client.- Print password complexity hint when password change fails with constraint violation - Related: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #983028 - passwd returns "Authentication token manipulation error" when entering wrong current password- Resolves: #948830 - sssd do too many disk writes causing delay in "getent netgroup allmachines-netgroup" nested netgroups.- Resolves: #984814 - sssd_nss terminated with segmentation fault- Resolves: #966757 - SSSD failover doesn't work if the first DNS server in resolv.conf is unavailable- Resolves: #963235 - sssd_be crashing with nested ldap groups- Apply a forgotten dependency for patch #254 - Related: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality - Add two fixes for better handling of faulty SRV processing - Related: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router. - Remove enumerate=true from example in man page - Related: #988381 - clarify the disadvantages of enumeration in sssd.conf- Resolves: #914433 - sssd pam write_selinux_login_file creating the temp file for SELinux data failed- Resolves: #916997 - getgrnam / getgrgid for large user groups is too slow due to range retrieval functionality- Resolves: #918394 - sssd etas 99% CPU and runs out of file descriptors when clearing cache- Resolves: #924113 - man sssd-sudo has wrong title- Resolves: #924397 - document what does access_provider=ad do- Use permissive control when adding ghost users - Resolves: #928797 - cyclic group memberships may not work depending on order of operations- Set correct state of SRV servers on resolving error - Resolves: #954275 - sssd fails connect to IPA server during boot when spanning tree is enabled in network router.- Resolves: #954323 - SSSD doesn't display warning for last grace login.- Format patch to configure sysv script differently - RHEL-6 patch(1) apparently doesn't like the output of git format-patch -M -C and doesn't properly copy files on renames - Resolves: #971435 - Enhance sssd init script so that it would source a configuration.- Resolves: #973345 - SSSD service randomly dies- Resolves: #971435 - Enhance sssd init script so that it would source a configuration- Resolves: #961356 - SUDO is not working for users from trusted AD domain- Resolves: #970519 - [RFE] Add support for suppressing group members- Resolves: #976273 - [RFE] Add a new override_homedir expansion for the "original value"- Resolves: #978966 - sudoHost mismatch response is incorrect sometimes- Clarify the min_id/max_id limits further - Resolves: #978994 - SSSD filter out ldap user/group if uid/gid is zero- Resolves: #979046 - sssd_be goes to 99% CPU and causes significant login delays when client is under load- Resolves: #986379 - sss_cache -N/-n should invalidate the hash table in sssd_nss- Resolves: #988525 - sssd fails instead of skipping when a sudo ldap filter returns entries with multiple CNs- Mention that enumeration should be discouraged - Resolves: #988381 - clarify the disadvantages of enumeration in sssd.conf- Call restorecon on memcache files to force the right context on upgrades - Resolves: #987456 - RHEL6 sssd upgrade restorecon workaround for /var/lib/sss/mc context- Resolves: #987479 - libsss_sudo should depend on sudo package with sssd support- Resolves: #951086 - sssd_pam segfaults if sssd_be is stuck- Resolves: #967636 - SSSD frequently fails to return automount maps from LDAP- Resolves: #953165 - Enabling enumeration causes sssd_be process to utilize 100% of the CPU- Resolves: #906398 - sssd_be crashes sometimes- Resolves: #950874: Simple access control always denies uppercased users in case insensitive domain- Resolves: #921454: Resolve local group members in LDAP groups- Resolves: rhbz#911299 - sssd: simple access provider flaw prevents intended ACL use when client to an AD provider- Fix pwd_expiration_warning=0 - Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#911329 - pwd_expiration_warning has wrong default for Kerberos- Resolves: rhbz#872827 - Serious performance regression in sssd- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#903078 - TOCTOU race conditions by copying and removing directory trees- Resolves: rhbz#903078 - Out-of-bounds read flaws in autofs and ssh services responders- Resolves: rhbz#902716 - Rule mismatch isn't noticed before smart refresh on ppc64 and s390x- Resolves: rhbz#896476 - SSSD should warn when pam_pwd_expiration_warning value is higher than passwordWarning LDAP attribute.- Resolves: rhbz#902436 - possible segfault when backend callback is removed- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894302 - sssd fails to update to changes on autofs maps- Resolves: rhbz894381 - memory cache is not updated after user is deleted from ldb cache- Resolves: rhbz895615 - ipa-client-automount: autofs failed in s390x and ppc64 platform- Resolves: rhbz#894997 - sssd_be crashes looking up members with groups outside the nesting limit- Resolves: rhbz#895132 - Modifications using sss_usermod tool are not reflected in memory cache- Resolves: rhbz#894428 - wrong filter for autofs maps in sss_cache- Resolves: rhbz#894738 - Failover to ldap_chpass_backup_uri doesn't work- Resolves: rhbz#887961 - AD provider: getgrgid removes nested group memberships- Resolves: rhbz#878583 - IPA Trust does not show secondary groups for AD Users for commands like id and getent- Resolves: rhbz#874579 - sssd caching not working as expected for selinux usermap contexts- Resolves: rhbz#892197 - Incorrect principal searched for in keytab- Resolves: rhbz#891356 - Smart refresh doesn't notice "defaults" addition with OpenLDAP- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#886848 - user id lookup fails for case sensitive users using proxy provider- Resolves: rhbz#890520 - Failover to krb5_backup_kpasswd doesn't work- Resolves: rhbz#874618 - sss_cache: fqdn not accepted- Resolves: rhbz#889182 - crash in memory cache- Resolves: rhbz#889168 - krb5 ticket renewal does not read the renewable tickets from cache- Resolves: rhbz#886091 - Disallow root SSH public key authentication - Add default section to switch statement (Related: rhbz#884666)- Resolves: rhbz#886038 - sssd components seem to mishandle sighup- Resolves: rhbz#888800 - Memory leak in new memcache initgr cleanup function- Resolves: rhbz#888614 - Failure in memberof can lead to failed database update- Resolves: rhbz#885078 - sssd_nss crashes during enumeration if the enumeration is taking too long- Related: rhbz#875851 - sysdb upgrade failed converting db to 0.11 - Include more debugging during the sysdb upgrade- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#870045 - always reread the master map from LDAP - Resolves: rhbz#876531 - sss_cache does not work for automount maps- Resolves: rhbz#884666 - sudo: if first full refresh fails, schedule another first full refresh- Resolves: rhbz#880956 - Primary server status is not always reset after failover to backup server happened - Silence a compilation warning in the memberof plugin (Related: rhbz#877974) - Do not steal resolv result on error (Related: rhbz#882076)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider- Resolves: rhbz#884600 - ldap_chpass_uri failover fails on using same hostname- Resolves: rhbz#858345 - pam_sss(crond:account): Request to sssd failed. Timer expired- Resolves: rhbz#878419 - sss_userdel doesn't remove entries from in-memory cache- Resolves: rhbz#880176 - memberUid required for primary groups to match sudo rule- Resolves: rhbz#885105 - sudo denies access with disabled ldap_sudo_use_host_filter- Resolves: rhbz#883408 - Option ldap_sudo_include_regexp named incorrectly- Resolves: rhbz#880546 - krb5_kpasswd failover doesn't work - Fix the error handler in sss_mc_create_file (Related: #789507)- Resolves: rhbz#882221 - Offline sudo denies access with expired entry_cache_timeout - Fix several bugs found by Coverity and clang: - Check the return value of diff_gid_lists (Related: #869071) - Move misplaced sysdb assignment (Related: #827606) - Remove dead assignment (Related: #827606) - Fix copy-n-paste error in the memberof plugin (Related: #877974)- Resolves: rhbz#882923 - Negative cache timeout is not working for proxy provider - Link sss_ssh_authorizedkeys and sss_ssh_knowhostsproxy with the client libraries (Related: #870060) - Move sss_ssh_knownhosts documentation to the correct section (Related: #870060)- Resolves: rhbz#884480 - user is not removed from group membership during initgroups - Fix incorrect synchronization in mmap cache (Related: #789507)- Resolves: rhbz#883336 - sssd crashes during start if id_provider is not mentioned- Resolves: rhbz#882290 - arithmetic bug in the SSSD causes netgroup midpoint refresh to be always set to 10 seconds- Resolves: rhbz#877974 - updating top-level group does not reflect ghost members correctly - Resolves: rhbz#880159 - delete operation is not implemented for ghost users- Resolves: rhbz#881773 - mmap cache needs update after db changes- Resolves: rhbz#875677 - password expiry warning message doesn't appear during auth - Fix potential NULL dereference when skipping built-in AD groups (Related: rhbz#874616) - Add missing parameter to DEBUG message (Related: rhbz#829742)- Resolves: rhbz#882076 - SSSD crashes when c-ares returns success but an empty hostent during the DNS update - Do not version libsss_sudo, it's not supposed to be linked against, but dlopened (Related: rhbz#761573)- Resolves: rhbz#880140 - sssd hangs at startup with broken configurations- Resolves: rhbz#878420 - SIGSEGV in IPA provider when ldap_sasl_authid is not set- Resolves: rhbz#874616 - Silence the DEBUG messages when ID mapping code skips a built-in group- Resolves: rhbz#824244 - sssd does not warn into sssd.log for broken configurations- Resolves: rhbz#874673 - user id lookup fails using proxy provider - Fix a possibly uninitialized variable in the LDAP provider - Related: rhbz#877130- Resolves: rhbz#878262 - ipa password auth failing for user principal name when shorter than IPA Realm name - Resolves: rhbz#871843 - Nested groups are not retrieved appropriately from cache- Resolves: rhbz#870238 - IPA client cannot change AD Trusted User password- Resolves: rhbz#877972 - ldap_sasl_authid no longer accepts full principal- Resolves: rhbz#861075 - SSSD_NSS failure to gracefully restart after sbus failure- Resolves: rhbz#877354 - ldap_connection_expire_timeout doesn't expire ldap connections- Related: rhbz#877126 - Bump the release tag- Resolves: rhbz#877126 - subdomains code does not save the proper user/group name- Resolves: rhbz#877130 - LDAP provider fails to save empty groups - Related: rhbz#869466 - check the return value of waitpid()- Resolves: rhbz#870039 - sss_cache says 'Wrong DB version'- Resolves: rhbz#875740 - "defaults" entry ignored- Resolves: rhbz#875738 - offline authentication failure always returns System Error- Resolves: rhbz#875851 - sysdb upgrade failed converting db to 0.11- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#871160 - sudo failing for ad trusted user in IPA environment- Resolves: rhbz#870278 - ipa client setup should configure host properly in a trust is in place- Resolves: rhbz#869678 - sssd not granting access for AD trusted user in HBAC rule- Resolves: rhbz#872180 - subdomains: Invalid sub-domain request type - Related: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running- Resolves: rhbz#873988 - Man page issue to list 'force_timeout' as an option for the [sssd] section- Resolves: rhbz#873032 - Move sss_cache to the main subpackage- Resolves: rhbz#873032 - Move sss_cache to the main subpackage - Resolves: rhbz#829740 - Init script reports complete before sssd is actually working - Resolves: rhbz#869466 - SSSD starts multiple processes due to syntax error in ldap_uri - Resolves: rhbz#870505 - sss_cache: Multiple domains not handled properly - Resolves: rhbz#867933 - invalidating the memcache with sss_cache doesn't work if the sssd is not running - Resolves: rhbz#872110 - User appears twice on looking up a nested group- Resolves: rhbz#871576 - sssd does not resolve group names from AD - Resolves: rhbz#872324 - pam: fd leak when writing the selinux login file in the pam responder - Resolves: rhbz#871424 - authconfig chokes on sssd.conf with chpass_provider directive- Do not send SIGKILL to service right after sending SIGTERM - Resolves: #771975 - Fix the initial sudo smart refresh - Resolves: #869013 - Implement password authentication for users from trusted domains - Resolves: #869071 - LDAP child crashed with a wrong keytab - Resolves: #869150 - The sssd_nss process grows the memory consumption over time - Resolves: #869443- BuildRequire selinux-policy so that selinux login support is built in - Resolves: #867932- Do not segfault if namingContexts contain no values or multiple values - Resolves: rhbz#866542- Fix the "ca" translation of the sssd-simple manual page - Related: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- New upstream release 1.9.2- Rebase to 1.9.1- Require the latest libldb- Rebase to 1.9.0 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4- Rebase to 1.9.0 RC1 - Resolves: rhbz#827606 - Rebase SSSD to 1.9 in 6.4 - Bump the selinux-policy version number to pull in required fixes- Resolves: rhbz#840089 - Update the shadowLastChange attribute with days since the Epoch, not seconds- Fix protocol break for services map - Related: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#825028 - Service lookups by port number doesn't work on s390x/ppc64 arches- Resolves: rhbz#824616 - sssd_nss crashes when configured with use_fully_qualified_names = true- Resolves: rhbz#824062 - sssd_be crashed with SIGSEGV in _tevent_schedule_immediate()- Resolves: rhbz#822236 - SSSD netgroups do not honor entry_cache_nowait_percentage- Resolves: rhbz#820759 - AVC denial seen on sssd upgrade during ipa-client upgrade - Resolves: rhbz#821044 - sss_groupadd no longer detects duplicate GID numbers- Resolves: rhbz#818642 - Auth fails for user with non-default attribute names - Resolves: rhbz#819063 - sssd fails to provide partial data till paged search returns "Size Limit Exceeded" - Resolves: rhbz#820585 - Group enumeration fails in proxy provider- Resolves: rhbz#816616 - group members are now lowercased in case insensitive domains- Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Resolves: rhbz#805924 - SSSD should attempt to get the RootDSE after binding - Resolves: rhbz#814237 - sdap_check_aliases must not error when detects the same user - Resolves: rhbz#812281 - autofs client: map name length used as key length - Related: rhbz#784870 - SSSD fails during autodetection of search bases for new LDAP features - Related: rhbz#814269 - sssd-1.5.1-66.el6_2.3.x86_64 freezes- Fix typo in patch for SSH umask - Related: rhbz#808107 - Coverity revealed memory management defects- Resolves: rhbz#808458 - Authconfig crashes when sets krb realm - Resolves: rhbz#808597 - sssd_nss crashes on request when no back end is running - Resolves: rhbz#808107 - Coverity revealed memory management defects- Related: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false- Resolves: rhbz#804057 - Initial service lookups having name with uppercase alphabets doesn't work - Resolves: rhbz#804065 - Service lookup using case-sensitive protocol names doesn't work when case_sensitive=false - Resolves: rhbz#805281 - sssd: Uses the wrong key when there a multiple realms in a single keytab - Resolves: rhbz#805452 - Unable to lookup user, group, netgroup aliases with case_sensitive=false - Resolves: rhbz#805918 - Wrong resolv_status might cause crash when name resolution times out - Resolves: rhbz#805431 - NFS files/folders are mapped to nobody user if NFS top level directory is chowned by a SSSD user- Related: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Resolves: rhbz#801719 - "Error looking up public keys" while ssh to replica using IP address - Resolves: rhbz#803659 - Service lookup shows case sensitive names twice with case_sensitive=false - Resolves: rhbz#803842 - Unable to bind to LDAP server when minssf set - Resolves: rhbz#805034 - accessing an undefined variable might cause crash - Resolves: rhbz#805108 - sss_ssh_knownhostproxy infinite loop hangs SSH login- Update translations - Resolves: rhbz#802372 - Pick up latest translation files for SSSD - Resolves: rhbz#802207 - getent netgroup hangs when "use_fully_qualified_names = TRUE" in sssd - Related: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies- Resolves: rhbz#801407 - sssd_nss gets hung processing identical search requests - Resolves: rhbz#801451 - Logging in with ssh pub key should consult authentication authority policies - Resolves: rhbz#795562 - Infinite loop checking Kerberos credentials - Resolves: rhbz#798317 - sssd crashes when ipa_hbac_support_srchost is set to true - Resolves: rhbz#799039 - --debug option for sss_debuglevel doesn't work - Resolves: rhbz#799915 - Unable to lookup netgroups with case_sensitive=false - Resolves: rhbz#799929 - Raise limits for max num of files sssd_nss/sssd_pam can use - Resolves: rhbz#799971 - sssd_be crashes on shutdown - Resolves: rhbz#801533 - sssd_be crashes when resolving non-trivial nested group structure - Resolves: rhbz#801368 - Group lookups doesn't return members with proxy provider configured - Resolves: rhbz#801377 - getent returns non-existing netgroup name, when sssd is configured as proxy provider- Do not auto-upgrade debug levels - Tool still available for manual use - Reverts: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#798881 - Install-time warnings - Resolves: rhbz#798774 - IPA provider should assume that ipa_domain is also the dns_discovery_domain - Resolves: rhbz#798655 - Password logins failing due to a process with high UID- Fix explicit requires to use openldap instead of openldap-libs - Related: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64- Fix multilib-clean issue due to upgrade script - Remove old copy from the spec file - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Fix typo in the patch - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Use a patch and install the script to python_sitelib - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Fix multilib-clean issue due to upgrade script - Related: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade- Resolves: rhbz#753763 - Provide logging configuration compatibility on SSSD 1.5/1.6 upgrade - Resolves: rhbz#785871 - wrong build dependency on nscd - Resolves: rhbz#785873 - IPA host search base cannot be set - Resolves: rhbz#791208 - Entries lacking a POSIX username value break group lookups - Resolves: rhbz#796307 - Simple Paged Search control needs to be used more sparingly - Resolves: rhbz#797282 - sssd-1.5.1-66.el6.x86_64 needs openldap >= openldap-2.4.23-20.el6.x86_64 - Resolves: rhbz#787035 - ipa - sssd slow response with thousands of user entries - Resolves: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#772297 - Fails to update if all nisNetgroupTriple or memberNisNetgroup entries are deleted from a netgroup - Resolves: rhbz#783138 - Backend occasionally goes offline under heavy load - Resolves: rhbz#797975 - sssd_be: The requested target is not configured is logged at each login - Resolves: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Resolves: rhbz#761570 - [RFE] support looking up autofs maps via SSSD - Resolves: rhbz#788979 - sssd crashes during initgroups against a user belonging to nested rfc2307bis group- Handle filtering python Provides in a safer way - Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3- Related: rhbz#735422 - Rebase SSSD to 1.8.0 in RHEL 6.3 - Resolves: rhbz#786553 - sssd on ppc64 doesn't pull cyrus-sasl-gssapi.ppc as a dependancy - Resolves: rhbz#785909 - --debug-timestamps=1 is not passed to providers - Resolves: rhbz#785908 - ldap_*_search_base doesn't fully limit the group and netgroup search base correctly - Resolves: rhbz#785907 - [RFE] Add support to request canonicalization on krb AS requests - Resolves: rhbz#785905 - [RFE] DEBUG timestamps should offer higher precision - Resolves: rhbz#785904 - [RFE] SSSD should have --version option - Resolves: rhbz#785902 - Errors with empty loginShell and proxy provider - Resolves: rhbz#785898 - Enable midway cache refresh by default - Resolves: rhbz#785888 - sssd returns empty netgroup at a second request for a non-existing netgroup - Resolves: rhbz#785884 - Honour TTL when resolving host names - Resolves: rhbz#785883 - check DNS records before updates - Resolves: rhbz#785881 - List the keytab to pick the princiapl to use instead of guessing - Resolves: rhbz#785880 - debug_level in sssd.conf overrides command-line - Resolves: rhbz#785879 - sss_obfuscate/python config parser modifies config file too much - Resolves: rhbz#785877 - on reconnect we need to detect that a ipa/ds server has been reinitialized - Resolves: rhbz#785741 - sssd.api.conf and sssd.api.d should not be in /etc - Resolves: rhbz#773660 - Kerberos errors should go to syslog - Resolves: rhbz#772163 - Iterator loop reuse cases a tight loop in the native IPA netgroups code - Resolves: rhbz#771706 - sssd_be crashes during auth when there exists UTF source host group in an hbacrule - Resolves: rhbz#771702 - sssd_pam crashes during change password operation against a IPA server - Resolves: rhbz#771361 - case_sensitive function not working as intended for ldap - Resolves: rhbz#768935 - Crash when applying settings - Resolves: rhbz#766941 - The full dyndns update message should be logged into debug logs - Resolves: rhbz#766930 - [RFE] Add a new option to override home directory value - Resolves: rhbz#766913 - [RFE] Add option to select validate and FAST keytab principal name - Resolves: rhbz#766907 - Use [...] for IPv6 addresses in kdc info files - Resolves: rhbz#766904 - [RFE] Create a command line tool to change the debug levels on the fly - Resolves: rhbz#766876 - [RFE] Make HBAC srchost processing optional - Resolves: rhbz#766141 - [RFE] SSSD should support FreeIPA's internal netgroup representation - Resolves: rhbz#761582 - [RFE] Add ldap_sasl_minssf option - Resolves: rhbz#759186 - [abrt] sssd-1.6.3-1.fc16: ping_check: Process /usr/sbin/sssd was killed by signal 11 (SIGSEGV) - Resolves: rhbz#755506 - [RFE] Add host-based (pam_host_attr) access control - Resolves: rhbz#753876 - [RFE] Add support for the services map - Resolves: rhbz#746181 - "getgrgid call returned more than one result" after group name change in MSAD - Resolves: rhbz#744197 - [RFE] close LDAP connection to the server when idle for some (configurable) time - Resolves: rhbz#742510 - [RFE] Separate Cache Timeouts for SSSD - Related: rhbz#742509 - [RFE] Add SSSD Tool to purge cache - Resolves: rhbz#742052 - id -G group resolution takes extremely long - Resolves: rhbz#739312 - [RFE] sssd does not set shadowLastChange - Resolves: rhbz#736150 - [RFE] SSSD should support multiple search bases - Resolves: rhbz#735827 - [RFE] Ability to set a domain as case sensitive or insensitive - Resolves: rhbz#735405 - [RFE] Option to disable warnings for unknown users - Resolves: rhbz#728212 - [RFE] sssd does not handle when paging control disabled for openldap - Resolves: rhbz#726467 - SSSD takes 30+ seconds to login - Resolves: rhbz#721289 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 during auth when password for the user is not set- Resolves: rhbz#773655 - Race-condition bug in LDAP auth provider- Resolves: rhbz#753842 - sssd_nss crashes when passed invalid UTF-8 for the username in getpwnam() - Resolves: rhbz#758157 - LDAP failover not working if server refuses connections- Related: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#750359 - Major cached entry performance regression- Resolves: rhbz#749822 - SSSD may go into infinite loop during RFC2307bis initgroups when groups appear in multiple nesting levels- Resolves: rhbz#749256 - SELinux errors with SSSD Downgrade- Resolves: rhbz#748924 - RHEL6.1/sssd_pam segmentation fault- Resolves: rhbz#748412 - Memory leaks during the initgroups() operation- Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742288 - RFC2307bis initgroups calls are slow - Resolves: rhbz#746654 - SSSD backend gets killed on slow systems - Related: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts Fixes a crash introduced by the earlier patch. - Related: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names Fixes for internationalization- Related: rhbz#742278 - Rework the example config- Resolves: rhbz#743925 - HBAC processing is very slow when dealing with FreeIPA deployments with large numbers of hosts - Resolves: rhbz#745966 - sssd_pam segfaults on sssd restart - Related: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#742278 - Rework the example config - Resolves: rhbz#746037 - Only access sssd_nss internal hash table if it was initialized - Resolves: rhbz#742526 - SSSD's man pages are missing information - Resolves: rhbz#743841 - SSSD can crash due to dbus server removing a UNIX socket- Resolves: rhbz#738621 - Lookup fails for non-primary usernames with multi-valued uid - Resolves: rhbz#738629 - Group lookups doesn't return it's member for sometime when the member has multi-valued uid - Resolves: rhbz#742295 - Use an explicit base 10 when converting uidNumber to integer - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names- Resolves: rhbz#741751 - HBAC rule evaluation does not properly handle host groups - Resolves: rhbz#740501 - SSSD not functional after "self" reboot - Resolves: rhbz#742539 - HBAC: Hostname comparisons should be case-insensitive- Resolves: rhbz#728343 - SSSD taking 5 minutes to log in - Resolves: rhbz#739850 - Coverity defects newly introduced in rhel 6.2- Resolves: rhbz#737157 - "System error" appears in log during change password operation of a user in openldap server with ppolicy enabled - Resolves: rhbz#737172 - "Unknown (private extension) error(21853), (null)" messages are logged during change password operation of a user in openldap server with ppolicy enabled- Resolves: rhbz#736314 - sssd crashes during auth while there exists multiple external hosts along with managed host - Resolves: rhbz#732974 - [RFE] Have SSSD cache properly with krb5_validate = True and SElinux enabled- Resolves: rhbz#732010 - LDAP+GSSAPI needs explicit Kerberos realm - Resolves: rhbz#733382 - SSSD should pick a user/group name when there are multi-valued names - Resolves: rhbz#733409 - Improve password policy error message - Resolves: rhbz#733663 - Authentication fails when there exists an empty hbacsvcgroup - Resolves: rhbz#732935 - Add LDAP provider option to set LDAP_OPT_X_SASL_NOCANON - Resolves: rhbz#734101 - sssd blocks login of ipa-users- Related: rhbz#728353 - Resolve RPMDiff errors in SSSD- Resolves: rhbz#728961 - Provide a mechanism for vetoing the use of certain shells- Related: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID- Related: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Related: rhbz#718250 - Remove DENY rules from the HBAC access provider - Fixes an issue on big endian platforms- Resolves: rhbz#700828 - Process /usr/libexec/sssd/sssd_be was killed by signal 11 (SIGSEGV) when ldap_uri is misconfigured - Resolves: rhbz#726438 - sssd doesn't honor ldap supportedControls - Resolves: rhbz#726466 - HBAC rule evaluation does not support extended UTF-8 languages - Resolves: rhbz#718250 - Remove DENY rules from the HBAC access provider - Resolves: rhbz#728267 - When non-posix groups are skipped, initgroups returns random GID - Resolves: rhbz#726475 - sssd_pam leaks file descriptors - Resolves: rhbz#725868 - Explicitly ignore groups with gidNumber = 0- Related: rhbz#721052 - sssd does not handle kerberos server IP change - Use ares_search instead of ares_query to honor - search entries in /etc/resolv.conf- Resolves: rhbz#711416 - During the change password operation the ccache is - not replaced by a new one if the old one isn't - active anymore - Resolves: rhbz#715609 - Certificate validation fails with message - "Connection error: TLS: hostname does not match CN - in peer certificate" - Resolves: rhbz#719089 - IPA dynamic DNS update mangles AAAA records - Resolves: rhbz#721052 - sssd does not handle kerberos server IP change - Honor TTL values when resolving hostnames- Resolves: rhbz#713961 - libsss_ldap segfault at login against OpenLDAP - Resolves: rhbz#713438 - sssd shuts down if inotify crashes- Resolves: rhbz#709081 - sssd.$arch should require sssd-client.$arch- Resolves: rhbz#709342 - Typo in negative cache notification for initgroups() - Resolves: rhbz#708009 - "renew_all_tgts" and "renew_handlers" messages are - being logged multiple times when the provider comes - back online - Resolves: rhbz#707997 - The IPA provider does not work with IPv6 - Resolves: rhbz#677327 - [RFE] Support overriding attribute value - Resolves: rhbz#692090 - SSSD is not populating nested groups in - Active Directory- Resolves: rhbz#707627 - Include valid "ldap_uri" formats in sssd-ldap man - page- Resolves: rhbz#707513 - Unable to authenticate users when username - contains "\0"- Resolves: rhbz#698723 - kpasswd fails when using sssd and - kadmin server != kdc server- Resolves: rhbz#707282 - latest sssd fails if ldap_default_authtok_type is - not mentioned - Resolves: rhbz#692404 - rfc2307bis groups are being enumerated even when the - gidNumber is out of the range of min_id,max_id. - Resolves: rhbz#699530 - Users with a local group as their primary GID are - denied access by the simple access provider - Resolves: rhbz#700172 - RFE: SSSD should support paged LDAP lookups - Resolves: rhbz#705434 - IPA provider fails initgroups() if user is not a - member of any group - Resolves: rhbz#703624 - SSSD's async resolver only tries the first - nameserver in /etc/resolv.conf- Resolves: rhbz#701700 - sssd client libraries use select() but should use - poll() instead- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix segfault in TGT renewal- Related: rhbz#693818 - Automatic TGT renewal overwrites cached password - Fix typo causing build breakage- Resolves: rhbz#693818 - Automatic TGT renewal overwrites cached password- Resolves: rhbz#696972 - Filters not honoured against fully-qualified users- Resolves: rhbz#694146 - SSSD consumes GBs of RAM, possible memory leak- Related: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694444 - Unable to resolve SRV record when called with - _srv_, in ldap_uri - Related: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#694783 - SSSD crashes during getent when anonymous bind is - disabled- Resolves: rhbz#692472 - Process /usr/libexec/sssd/sssd_be was killed by - signal 11 (SIGSEGV) - Fix is to not attempt to resolve nameless servers- Resolves: rhbz#691678 - SSSD needs to fall back to 'cn' for GECOS - information- Resolves: rhbz#690866 - Groups with a zero-length memberuid attribute can - cause SSSD to stop caching and responding to - requests- Resolves: rhbz#690131 - Traceback messages seen while interrupting - sss_obfuscate using ctrl+d - Resolves: rhbz#690421 - [abrt] sssd-1.2.1-28.el6_0.4: _talloc_free: Process - /usr/libexec/sssd/sssd_be was killed by signal 11 - (SIGSEGV)- Related: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683158 - SSSD breaks on RDNs with a comma in them - Resolves: rhbz#689886 - group memberships are not populated correctly during - IPA provider initgroups - Resolves: rhbz#683885 - SSSD should skip over groups with multiple names- Resolves: rhbz#683860 - Skip users and groups that have incomplete contents - Resolves: rhbz#688491 - authconfig fails when access_provider is set as krb5 - in sssd.conf- Resolves: rhbz#683255 - sudo/ldap lookup via sssd gets stuck for 5min - waiting on netgroup - Resolves: rhbz#683431 - sssd consumes 100% CPU - Related: rhbz#680440 - sssd does not handle kerberos server IP change- Related: rhbz#680440 - sssd does not handle kerberos server IP change - SSSD was staying with the old server if it was still online- Resolves: rhbz#682850 - IPA provider should use realm instead of ipa_domain - for base DN- Resolves: rhbz#682340 - sssd-be segmentation fault - ipa-client on - ipa-server - Resolves: rhbz#680440 - sssd does not handle kerberos server IP change - Resolves: rhbz#680442 - Dynamic DNS update fails if multiple servers are - given in ipa_server config option - Resolves: rhbz#680932 - Do not delete sysdb memberOf if there is no memberOf - attribute on the server - Resolves: rhbz#682807 - sssd_nss core dumps with certain lookups- Related: rhbz#678614 - SSSD needs to look at IPA's compat tree for netgroups - Related: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option- Resolves: rhbz#679082 - SSSD IPA provider should honor the krb5_realm option - Resolves: rhbz#677318 - Does not read renewable ccache at startup- Resolves: rhbz#678593 - User information not updated on login for secondary - domains - Resolves: rhbz#678777 - IPA provider does not update removed group - memberships on initgroups- Resolves: rhbz#677588 - sssd crashes at the next tgt renewals it tries - Resolves: rhbz#678410 - name service caches names, so id command shows - recently deleted users - Resolves: rhbz#678614 - SSSD needs to look at IPA's compat tree for - netgroups- Resolves: rhbz#670511 - SSSD and sftp-only jailed users with pubkey login - Resolves: rhbz#675284 - "no matching rule" message logged on all successful - requests - Resolves: rhbz#676911 - SSSD attempts to use START_TLS over LDAPS for - authentication- Resolves: rhbz#674164 - sss_obfuscate fails if there's no domain named - "default" - Resolves: rhbz#674515 - -p option always uses empty string to obfuscate - password - Resolves: rhbz#674141 - Traceback call messages displayed while - "sss_obfuscate" command is executed as a non-root - user- Resolves: rhbz#674172 - Group members are not sanitized in nested group - processing - Put translated tool manpages into the sssd-tools subpackage- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Also add the updated ding-libs to the BuildRequires- Related: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - Explicitly require updated ding-libs- Resolves: rhbz#670259 - Refresh SSSD in 6.1 to 1.5.1 - New upstream release 1.5.1 - Addresses CVE-2010-4341 - DoS in sssd PAM responder can prevent logins - Vast performance improvements when enumerate = true - All PAM actions will now perform a forced initgroups lookup instead of just - a user information lookup - This guarantees that all group information is available to other - providers, such as the simple provider. - For backwards-compatibility, DNS lookups will also fall back to trying the - SSSD domain name as a DNS discovery domain. - Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory - Support for ldap_tls_{cert,key,cipher_suite} config options - Assorted bugfixes- Add noverify to sssd.conf - Resolves: rhbz#627165 - TPS VerifyTest failure- Related: rhbz#644072 - Rebase SSSD to 1.5 - New upstream release 1.5.0 - Fixed issues with LDAP search filters that needed to be escaped - Add Kerberos FAST support on platforms that support it - Reduced verbosity of PAM_TEXT_INFO messages for cached credentials - Added a Kerberos access provider to honor .k5login - Addressed several thread-safety issues in the sss_client code - Improved support for delayed online Kerberos auth - Significantly reduced time between connecting to the network/VPN and - acquiring a TGT - Added feature for automatic Kerberos ticket renewal - Provides the kerberos ticket for long-lived processes or cron jobs - even when the user logs out - Added several new features to the LDAP access provider - Support for 'shadow' access control - Support for authorizedService access control - Ability to mix-and-match LDAP access control features - Added an option for a separate password-change LDAP server for those - platforms where LDAP referrals are not supported - Added support for manpage translations- Resolves: rhbz#660592 - SSSD shutdown sometimes hangs - Resolves: rhbz#660585 - getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#659401 - SSSD shutdown sometimes hangs- Resolves: rhbz#645449 - 'getent passwd ' returns nothing if its - uidNumber gt 2147483647- Resolves: rhbz#658374 - sssd stops on upgrade- Resolves: rhbz#658158 - sssd stops on upgrade- Resolves: rhbz#649312 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#649286 - SSSD will sometimes lose groups from the cache- Resolves: rhbz#637070 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#642412 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib - Resolves: rhbz#633487 - SSSD initgroups does not behave as expected- Resolves: rhbz#633406 - the krb5 locator plugin isn't packaged for multilib- Resolves: rhbz#629949 - sssd stops on upgrade- Resolves: rhbz#625122 - GNOME Lock Screen unocks without a password- Resolves: rhbz#621307 - Password changes are broken on LDAP- Resolves: rhbz#617623 - SSSD suffers from serious performance issues on - initgroups calls- Resolves: rhbz#607233 - SSSD users cannot log in through GDM - - Real issue was that long-running services - - do not reconnect if sssd is restarted- Resolves: rhbz#591715 - sssd should emit warnings if there are problems with - /etc/krb5.keytab file- Resolves: rhbz#606836 - libcollection needs an soname bump before RHEL 6 - final - Resolves: rhbz#608661 - SASL with OpenLDAP server fails - Resolves: rhbz#608688 - SSSD doesn't properly request RootDSE attributes- New upstream bugfix release 1.2.1 - Resolves: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs. - Resolves: rhbz#603041 - Remove unnecessary option krb5_changepw_principal - Resolves: rhbz#604704 - authconfig should provide error with no trace back - if disabling sssd when sssd is not enabled - Resolves: rhbz#591873 - Connecting to the network after an offline kerberos - auth logs continuous error messages to sssd_ldap.log - Resolves: rhbz#596295 - Authentication fails for user from the second domain - when the same user name is filtered out from the - first domain - Related: rhbz#598559 - Update translation files for SSSD before RHEL 6 - final- Resolves: rhbz#593696 - Empty list of simple_allow_users causes sssd service - to fail while restart - Resolves: rhbz#600352 - Wrapping the value for "ldap_access_filter" in - parentheses causes ldap_search_ext to fail - Resolves: rhbz#600468 - Segfault in krb5_child - Related: rhbz#601770 - SSSD in RHEL 6.0 should ship with zero open Coverity - bugs.- Resolves: rhbz#598670 - Ccache file of a user is removed too early - Resolves: rhbz#599057 - Incomplete comparison of a service name in - IPA access provider - Resolves: rhbz#598496 - Failure with IPA access provider - Resolves: rhbz#599027 - Makefile typo causes SSSD not to use the - kernel keyring- New stable upstream version 1.2.0 - Support ServiceGroups for FreeIPA v2 HBAC rules - Fix long-standing issue with auth_provider = proxy - Better logging for TLS issues in LDAP - Resolves: rhbz#584001 - Rebase sssd to 1.2 - Resolves: rhbz#584017 - Unconfiguring sssd leaves KDC locator file - Resolves: rhbz#587384 - authconfig fails if krb5_kpasswd in sssd.conf - Resolves: rhbz#587743 - Need to replicate pam_ldap's pam_filter in sssd.conf - Resolves: rhbz#590134 - sssd: auth_provider = proxy regression - Resolves: rhbz#591131 - Kerberos provider needs to rewrite kdcinfo file when - going online - Resolves: rhbz#591136 - Change SSSD ipa BE to handle new structure of the - HBAC rule- Improve DEBUG logs for STARTTLS failures- New LDAP access provider allows for filtering user access by LDAP attribute - Reduced default timeout for detecting offline status with LDAP - GSSAPI ticket lifetime made configurable - Better offline->online transition support in Kerberos- Release new upstream version 1.1.91 - Enhancements when using SSSD with FreeIPA v2 - Support for deferred kinit - Support for DNS SRV records for failover- Bump up release number to avoid library sub-packages version issues with previous releases.- New upstream release 1.1.1 - Fixed the IPA provider (which was segfaulting at start) - Fixed a bug in the SSSDConfig API causing some options to revert to - their defaults - This impacted the Authconfig UI - Ensure that SASL binds to LDAP auto-retry when interrupted by a signal- Release SSSD 1.1.0 final - Fix two potential segfaults - Fix memory leak in monitor - Better error message for unusable confdb- Release candidate for SSSD 1.1 - Add simple access provider - Create subpackages for libcollection, libini_config, libdhash and librefarray - Support IPv6 - Support LDAP referrals - Fix cache issues - Better feedback from PAM when offline- Rebuild against new libtevent- Fix licenses in sources and on RPMs- Fix regression on 64-bit platforms- Fixes link error on platforms that do not do implicit linking - Fixes double-free segfault in PAM - Fixes double-free error in async resolver - Fixes support for TCP-based DNS lookups in async resolver - Fixes memory alignment issues on ARM processors - Manpage fixes- Fixes a bug in the failover code that prevented the SSSD from detecting when it went back online - Fixes a bug causing long (sometimes multiple-minute) waits for NSS requests - Several segfault bugfixes- Fix CVE-2010-0014- Patch SSSDConfig API to address - https://bugzilla.redhat.com/show_bug.cgi?id=549482- New upstream stable release 1.0.0- New upstream bugfix release 0.99.1- New upstream release 0.99.0- Fix segfault in sssd_pam when cache_credentials was enabled - Update the sample configuration - Fix upgrade issues caused by data provider service removal- Fix upgrade issues from old (pre-0.5.0) releases of SSSD- New upstream release 0.7.0- Fix missing file permissions for sssd-clients- Add SSSDConfig API - Update polish translation for 0.6.0 - Fix long timeout on ldap operation - Make dp requests more robust- Ensure that the configuration upgrade script always writes the config file with 0600 permissions - Eliminate an infinite loop in group enumerations- New upstream release 0.6.0- New upstream release 0.5.0- Fix for CVE-2009-2410 - Native SSSD users with no password set could log in without a password. (Patch by Stephen Gallagher)- Rebuilt for https://fedoraproject.org/wiki/Fedora_12_Mass_Rebuild- Fix a couple of segfaults that may happen on reload- add missing configure check that broke stopping the daemon - also fix default config to add a missing required option- latest upstream release. - also add a patch that fixes debugging output (potential segfault)- release out of the official 0.3.2 tarball- bugfix release 0.3.2 - includes previous release patches - change permissions of the /etc/sssd/sssd.conf to 0600- Add last minute bug fixes, found in testing the package- Version 0.3.1 - includes previous release patches- Try to fix build adding automake as an explicit BuildRequire - Add also a couple of last minute patches from upstream- Version 0.3.0 - Provides file based configuration and lots of improvements- Version 0.2.1- Version 0.2.0- package git snapshot- fixed items found during review - added initscript- added sss_client- Small cleanup and fixes in the spec file- Initial release (based on version 0.1.0 upstream code)uk1.13.3-58.el6_91.13.3-58.el6_9libsss_ad.sogpo_childsssd-ad-1.13.3COPYINGsssd-ad.5.gzsssd-ad.5.gz/usr/lib64/sssd//usr/libexec/sssd//usr/share/doc//usr/share/doc/sssd-ad-1.13.3//usr/share/man/man5//usr/share/man/uk/man5/-O2 -g -pipe -Wall -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector --param=ssp-buffer-size=4 -m64 -mtune=genericdrpmxz2x86_64-redhat-linux-gnu?7zXZ !PH6lٽ]"k%r}zK抯It_i!G؉#ﰺo˴z̍kxp"L,z66;.Sm_Ldd1ug3ŵIݹf6. R ~\b@NZR;ec4MkT2iQARkU+\2<4O2o^;9xEyd"O~ b#V QZ1STC: H=W64L!S\*TywOC&-"۽ceG>KmCeCU4daN-4u< hP@Z(3>{E҈fSȲDcy D{⤒20VD (Ư'I[q@(ab #~e;ۛ{^ү@^ %uAlIc]:T,-!krhu$X%_ET 7ipdl߂,seE7z].EY`N\k^g:JFVr.z 9`J#KKJ}CԱ`}@vvw4V|2ΫDr/`Gړ P4V4"*iܺRT0m,5v"]Jo5*hl?k9ֽGbIBYA unm7fT @Ifpw4Ih\A]7+oQ:fAِE$V q"@VT`sбeEOo4 a[‚T%Qt3yQZ<~BLaX۱Jq"y2S-&djv6@)|j+Y8`r &]EE"ՠUH},v):q٧ga-n|'eRPe㔯/, )ۀ9xitE[2\-wH)zSE0 y|OD4D;ENԕ #U[K5޸U<8c7-K1R _fJ>kpl[x(ʅQL*NR .н$m'h ΍wxhBE;}uvz#୊9u5zNlFiN,wF|-?R/.wl2u+kIhN%B@ McKf&=6=٭rFw%)H$I\ @dvC/_T&u4ͱHW'%^t~u1zBsd)+eTl?)P)/R_yCh8vѐR~OQ3Dꊵ8b3 Ka>*88a;w*u cmꄗduNӆY `m%t.cWCv5т8ѕ<7 L $Ֆ8Ѓzw6Px#~NQs"q2  r= q˼ެU^&ZؔdL#ey*?i <%Bߺ25o4kw0GXGU@DPeCpOv]5 T=_? й3undfhw`)R]Q>wGv Lݠ3Y_78PX$xSPZC6 *ɱ5O#xo 򈌠^B{l澆6k;cKPW>cZ~UMӛ*]rSjc>׉ӹH4‡۶q6m'H[4شb' dTɰqJIiOͳLL'zdno@䛨@ۿGwo{P;)0HƧؿRr^;Dn31ՆEJjp,@e|MGQd]I1p"}os% $U(,{Bh"JumK\_{~ @wqr:y}ռfY?Tb!!cMkchH@"O1Hv7pyuFrzn|/:&%qpq&55 XV>a7]rruY|r6=ͥ\A">LJw|LkJfIj||9ųW2c Rv\}qG|hUu7_͗5Ui&/NlK,-HJ?LLc~UK+;V]$3!V_)\V݋z79Vmna%ɍ~-wF],%$"{ rs|2{/31?syNA Pɓ\|åq"(Uc#Hn&r3`0o;տF"(3NTl~ֆu4>2sH-f afz>`2KY69$HVkdmj yoǣG)6w+ &%?Y[:zUKyaY( s Q1i;Q%r>L #|t#&!*0SmU*e"LpCY Jalzm310 1s."L3Equ+>!E8trN[lKiG';W{1/s !il>>q+hZr-=H@[;'a9:Jrw>n4-'5U<ǍX~~L`T[l!NkAH'֢fBנC2{=~zXT\91_p xC,i197]Z'?[E-6P[E?#5to%MKx7쟦,J 3~ ^ 1%u(86s93wÃgn#'Ane?ϨІv= | $bu8kzͱ'̋;NߒU-׻QPF2pHIWݸBkeFp͹@U:.qS =wv9cx!f3=~3q ]D0S&/^%}J+  ˥l?y{t`i:BJ\w7j)+"Cu z$ A'I *Q\X )ُIRx kǕɜ)9ZT< u`]rq(2V;'O#|{tjw|z.ҷ=8 U@3'͋Ɣ7ܹ.20x~Wn$շcIQl囤slm EOg־mcql-0 9($fi!Pęb=jϲ">5AG?{MGOwig@rZ. `+!6[i%(/CQ+Ɩ 6)K0]ԕ/"#)"i@o>#'^rDE3(^O\E^wD/բeV5I@DV3QK8՞r.%5(Jqvѝ}砛 xuk鳈_G{qD (:NC$ZB zFYa-Z␚.ι5kM!;Dl%ӝ~U* sN>¤]:Wgc*lHZ\JMAL'0Y%o4'65v,Rs5}y4쐇 K(LZn5j e5Nε i ͣkyѸsQ-% =0-xNwSF7J6 }d}0oYZC~z L{I* Bw̹:aWd .ɰm+[wS6=JI1Y݂v&_~KvCWѥCf!KpD}Ut$U -.Rcj{xD#2- gSn"ɶI`[Rt)`9"(|r?*LQŦh ^'4-6 6RQ`V׻!v.tjÉt}t}\^ДUVr6p4 pDrI0$#bm)*`oC?'"[ (|_A@. J)RA&' g-}~ި6FNp[V<Q{MHx }"2EY=U ="T%H!ͶeolgڴR*Z%PY ^f?EjV tqIC!ou R)3qewk36o1dpNDˤQfuj:I[rgG7}%@1WB_R[JpJȄzp$ZGoGT>G)#!x_S RD^PwJlǟS UWr"C[qXpt 7A-G/*c]C'+z qHa݁֏m̿$4 }OsHO1qu qeTfqj{B#R`~epI"'ґ +r<ޭю.CHA-yiP~>|C Lxqk2քt( ` j3QQ^_0#8bCnrZy rڱq*5 S59_6}%v2NßsuDW$,Ȥ 묵{1n+N8v2hGf+l i< B"Cc9Zx c<|LFSu^Puj\uo}v*;_~;.EeX ;.5 )'5Z M>3$w? zʀ#5i- dNx|Hz 1?b[F%|fP#I%WZl$%,]vZob\CTN׹VdEdRq{ǢsZ` - "{/#@gN&HO?3 :q85Rxsy@b_dXpQ\wuPcXvTdE`/e֌TMQ1/HEޕm#\2Ď&S{&^p*h|͸|:L4 \8(c2[> rH@wզ m?Vy' Rpp!e(V 6>*"ų1jK,J{LĞ}8-<̀hfQ; ~ :JoHMC0ꡈ0,v#stN@٨JPkK^yzIeH6XKɜyJ_H+a9{b kCm܂;"܁lgoF l+ؗ-UŸ~ a?FiҙOD1{wx*c ?DP%Ge4SCa#&fk#9iѷMZ jOsTqР'xkp)hO}I:7A$:Ԙm$žG^-x0U)fc)`XQ9npV kUF|~W UgxJ`))x+S^7*M`h yݮŠ os/ )-qJvB 9nuvI^>4Ԯ[QѶU:#Y2567"n9cy E>:‚΅!dB,O#pwҸ)csygZca&viE$@۩q:I xW \ .عx0m|C;'!+;8\Ku* N-B%t5x4&ko+ucJ*9CUfExMokUcK CoSXcՂǟ!=]2\M YT8UVW8+K=k> ÕPWIꣁevfdA:vZh:ո`8bT Zr'@lmZ@;Sad$jH)&B:TV:]$s`7ޟ;}2 u ĎZhfC@`)QsMvE5.v*)|\ZZ+ll*/)C>=SAN |_D?at_^9rU=7aؗpSL 1Sܥ.5ΜPdA,j֖9 O)B(m؋AJA}Ԅw Vc J1FdKx_X|,] srbS75{oGFu1MvPFt^s6;tУ6ylNdJC$I (]ɿ ]{Vu E-4l1V\ǚbGԐfWnulns 47Devyì^(` irtpf^tے r䰋ZZ\i9u&6U*p %r:}'͙ ,5vmdzebCC8~.~;\5}'E3_/0nu\n}a4m?p 4'g_ ^iC47nK!,`#&}bۛ8qsa@"=ziq7V!)l3l7Vk}^#';/B JtЍQ{i,1x9u;ǘS(z"/ v )mDo]? xKKX{_zOtMآ<|76Ae[Ksm)WcG8""ЖPbAlăhןF@J(.j"R9$0=/0"Zxb[&zq9sHufAAf|1ϕf ƨ*a#h{QCxKWL$$y1'rps佩> afK.0ō/U l <6oL2מkgPe01__wZ*2vJR5hQRTWuk^^=$;.kY,y5.^ 4Ro)=}W]#91ھI 2*ybnKᰌ+Ix=,iɄ*sb:"tR]Lϼ4#\4(KT2ޘ}IpE2'P[lQFG  %0J-^l)9ɍP#k ӂ䬻f|RG7"Z88 &W6cm%%OV0xf$UtiB"TW p1J=f E8ȠFRQ;Rҏ6+,#ؤa.m )=H=B8%p1^7OH{$Do1̍PTd6tGǢ?F /G >Kǻt;!UȈ$/n^`\/bP к hq*{򞀸vLlx&21[4!hK &E{{e2<%4;1.C ]>l; >:!}/pbh 0@8$[NQ*fۏKzӌ|Qjx3J7np\\ WHDT i>Ɍ6B+9j` <[=ÌW<=yBZL.ȎkPn M+JcZ;K΂h41k)hd{+*XENXA/41 M ,|(g=V)8\2E3嫄n_, ;MWB:*Y%@75*6,.VvZyρC )X-ufgm̶eͬTkϊH"ē/vzA,,$NQC /lAΐ='?]R 0G>Jϸ|"** ?4 [6I\a6D7K!CqB(Al6Lvd R٧eENx+u@7}gdkG$.$HGf4(U\ 4Kg$ZNZb2)dњ~DȪFc0mH !r:ecPZr`=v1_k9 2L 嫾<Ė(4,?Yi3HE.mr(^}g"y #7R#5$Z Y?etA^jߜOH-3{ tе2z7hGq%0%ZrTِc$rv}m%\?[+ ] ,T=u:mrQ9vqNekʚM28giV|-"h4K֪*JXfEE۔.ˈ-fn\cr(EIC(>UJ }{Z1+wB;L/K`}u7 p܎Tw?VtXRK[:g1 >+a)ĚrBRx KcCϒh4Km Uh>]}ك.-Q`mvYKDl/Ja~l,qnxrp*ţrzgS)$jg 4Z!zqk**GTW|Mr?S(!:TZsYk{FZrg,QL/2NH$9Tp|A ڸ9,1q"rn7AZKgM%y_ϵCOU Ze>WLll}[{[H]`- R;˰N'xS4j=ٳ#D"@H,I34FC2j)n CEmOiUV7yp\yaDR@}Įjp\MfS*/467H JbJ9JWqx\Hyk$^`6Nr4םO$bD~:MD%Si4xEd0y* Y<Q"u4FP? .Qأ#ViM/i,,nwF$\UUӽ9u TTf^/]Ӗ^.A2Brs2hz3$]i p`qjEصǔؑ΀Ox+rrUȺ*j". 9c"\ABUX'N7hZa$#d61`Ҋۜ%y{Q a S|ץ󹷄K:F0].m+k j.dl fFՁkS'rsēPXdi}Q=4p~-id?m'}s$eo]g29$ r#)ı"Cq@4z)P ͳ=*ܑc< eK_/;7'yk$hy!(NEjr-`Df>B>7; G(AlΆMn.G_99 6mBsG~kEߔ!!mAj1ZK2=~P~9.픉i$'U,>鴞ذ"h}TwcVSmJwPAp|^h@qa)C5(\s M:;#U:>yl*4B5;W`un;TmBZn"/*q2~H쀸c3\؇gYB>?71 ]F*#v@tՉLf/ u>>t56:iLq^/i㬉_X"II<;\F9C/,reh`׿AT"ΛfN=BA|$wmk0O"Y+Ea1{c>[ g5XŕeW{S:G2 sZW;{2\ N dJn$P&+dK\O(˭C{]+-Gѩ"d~%|Z"l83Ѳ^[ֱmQw/jVa&섵䄭$ZCp*ۨMvaDzz "w~Tr-dN,\5˝m܎ oN>2Z\ZPbu#G0F+У|c*~s\6X-R037U //ۻeo%B)a";~P Wlᬫef^䭼>ϩ1 Ĭ0%{re \B!9 i%M^!L8$5C đQ\_/vvBCgBn[C^{ipT('[[C@ZRUiR4IQ`:ApYo[k a?J` W(nx"nI朗F V24k/mVg ;C¼׈ħ=sF%կbmoҙftU۹`rq `$W{%&iZu*~R[E-/oL`T/4u+ .,,I>o5ϕa79VO F(JGo mX5JUH g;@*#R+$4 J֧X'CJ].;EmiJTp1baDht#:6Z#H{HsծXCL>;*VFk+Ъd|5HjgvGE3mŃ>Fe ,GDagP}eш5a:1K`D{-Qo᏾1Щt] +JЇm-78E"?8jӣ3 =ȮTwTTwSk7VLgf֝Vz޳a %/Lf= hQ<`#Ńhy=&g-ndK~S_%2'QEqգFŖ'\wx9Se w#3>_ܧT-Ivdd}39< ;cXeaeDU}#<:^5VN e{rFKF}>< 6$ 3)0d/?#=Pl;0Mn0l  +\ 5;7>(Ik!$ fL_z' 2N@-6O@.'arZ~EYoC,Y^wl]y|sYD[}.t-{k`;:޻BT:&R P!X4].pS2c Q5+nH 8l%Հ*IZ$ ], O}YZ2gYBLpߖ򋊹`Ukc$C['O5@*TرZBȼtvݐN蕷wFla懧n p`R tCdC'r$VY;i},KդSo H%IÌdC}G M& Aiib6zL[B 0$`%}0@c3[/.keR)|RH;ZވB-@ExmGvx Gvfј""]vOb!" ^31Edb"~|"r8ԽA%Kml6ͬ)O*жK6@ȀJE>pПΙ[r|pa'kYyq5zQ%~I/bV>76 ?TSg[UH6@7|<,l =NBiSY7Њ>DV%qSɔS*c,!} Wm4},_Ԅc>@fY 1# BD7 Gwצ1&?M q$F~x)^ٵ՘MbH\p-fs=7O &ˢbG%6=I꿲cf{ J֩>fȢ4 GaaUtwy["~WMyq]t[%ZᗽX:Ǵcsc `Y3)rDf@W{9]H&jk/etmFVvd}n_s*WE<6)=eT;5xȈ#P'# I|*K =p]6Q==4{ B13.$DmBZMae#y!!&-iWYlPHB?}V5윊pRxg?]Զdf|Iΰ/#CsH?{'Y&뢛.b}Ce~`RD4>eҶJH=&t *Yw|T*X݃ j* y3ѢQtw oTr9'](Z-I[y_u:zvTֈUOb 3}jP(#ɠsU]-{\g|U (՘BRs>rdRCYU`r~y-(݊qzu;Mt bqBQfZnd꼑 |s*ܹ>7U_6t>H(`Mt_{8= WBftђqJjXl7I?DyN*[́M%_~ASޙs!v1 mL"=C 8[\4c7z$`y齑[GāYlq6_Qo78~wӹr>7܀Ue]EvD{y/wga,ȏ \fk`.ᓹW3HJ3߲@ V{Hgbrl53WW3' ;^ϼ9Gôc} 򚅅uJn:lxUW kr!iFlMj._nv`at4V'F֜D S[>{ OÙ@9xuSW?`ǐx@v#8Hezv6էUwrhmp{C# D$ig_?bfEvLGom2:L]L:a5^@PmK%~Û G^C8K|'*mr Ms_(РtJ,s^vW$D>3{xU5/spUXAb_uDhFfrH!`S@AB*+%~P)crt3K5B+R~0Y "4e߰ DrS]So] nEywQ;S9Y|q*^K uϪ@$eƧq"Hu[ʃ. B{4TϽIBvp;*IUtuQHOl8wӬ;-5Bd  sa |ƛ63 yiE]cY= &L"B3ŀE&$fB< ?% j8_۬/u--dS wkhMF,hCDžVyI+ɢO][xX6E> -OɓHnW׫ sv/[¤t< &JŗWO]>~d׉xĤʉnH|{pv"_w O'D,ת E ;t<49&2bGͲB(c?IS~vʯ}¯}2_]1lPfM++4 LI2hcAH!]IΒ* _*4៟LD&2bEwQ?DZk|UUlsʵRL 6!ªڞ|g/>"ȇ)SQY(w357oA!~uCd C>I\<~5:-~@/k.x lQ[:tMQiyJp*S[pNgF>_(GџZi!$>\~~ٖ+*/Z p‚.hs<1AO);pe3LPsZf*zet 3AmC0R6*޴vNf)bM#[aK#ܕw)bBaOlu- )io(Y.t GtIZZp"[.ܲ'lfɔ - s)>DZl >Xz=` O1e'[NLh4xܸp&T]=712!dO+`S5[},eH7ku%/1(:KfM="?|rYrYKW'#rBg% ث4PweA_!{~ؼ&9IJ%べBjVihk dKP u k*-!a[/Nz@6kܘ}[3RٰV7{',//+7E5-X6_k*Qtf"Ms'Bn;57aUxoգMX؁Hڂ͆G.C0ՃqB׈c= ~ =ZDQQj> "v+Fe2ްx oQr%o  K=ګtQQoeq|!U+>Iҏ^eB}TmKqK>zHhWj}.' _r98f2UB1ci/ ^(trң!5ۧv *~t.7G<|š}8ƣ?>*;" NWYTmSwm谍üo55ΖphE@,.̑>097hT` vzLg1~a[-2!:ڌTeCΤ|g!BFYIML,{DhwqT)QĈIܻ1GxgolhmdO#^¯h쨞 A}Hі,u3U7O0qI:vx]9yjP-X&1` } 1{-]۱аN/wOEO*΅, I= ٘lVzV0zCw+#TuA_5bjcD%)~cqVO7#9o,2 Ȭ'߮JWL[iKI'vIo~̇V$CW-kOW+,wڌ_q b@4xn' sVd|6’j􏀗W2X|pr@ D-tX!wo?PbK2d8I)85U|R VpbPu/' oS;<ѕ瘲r]2gj/X&#w:>č\V5(nub1bY_bs,A΄mn h "tIa&g., LNE(9^NB=?|ӏ0 O+zĕTɫQnܢSչqiL ̔]+_rߘ+3LLGt蛜j@r<[kzQImJhj&;-$F5کp5W*2#uPQGA'[k3O\gV2 A3BE s#zf[? ۀkIH>m'5>Ec}Ez/755>Ah4lNEMpǣ:q0,I~%\H46*|5Sʊ'\xׂ%5f?[O'Ocab\ 3阉9|w*\'rj)R%zn! Cgԫb0W0pdg%>Xټ 78RA0:f&v= h*s 3T%:̉=-CfDȓ9 Ua r+ A[3uY N ښ ud?"mA9t5ۛ5 VDn]<3/L\!)u]a54VF0&|y1VJY_c5Ӿ^aG]^]%&>/_C#J>Fkl2K4CypfP=Dl[s=ZE=0,1FGI:TD+YL0[ $KND$j՜U'(e(^dcPffSTS|PobC{ Le\>/7 ɶn%/LM (iF_ltœ= Ӂ:M"gV# wtn+ߙ $D!k1w9Ы&t{+5%M=E`  5F6k<2E"y?/ GXaQ̮GA;Q)˭&YaINðȍb1ɷ@"&7ʙF2,Ә.^0._tGKztnhj3xu0M#I=a]y癨,4ŇӱwJ]~aT"C@x1DJFSPfNT.77?o3]W`iQQ zH~2GPhỌZgβ4fe~Lhy CwJ %VשaTd-MJߧ %ro8^ѧ`BWCNp[*;cd~΅f^͋D`7ͪ2Ŀ<޸ Q"#=AkQ/QHO Čc>:ɩ43N?ɾ-G=Hra82{LWr^2 2W:1#De"JU]iSw??dvHD?DlqPsi|p8W6Jg ƴa{JMi[W:ҁHIW-l FuA WXFq3n8z c|\ZuR ;md<%=Cy"J\M>JuU#E"F]@r*OP*wB/v_ nVVcYBn?,kY3S2!L@7x0E#KbO#vi&oE鍊JIn"uZbr0l.k?FYV52\G JZ1(v?o~lWq01HS/TS:n^9,=KwAOI2Ӈy=X"8 ֶo)J>73;Y9&.jK' Ա PVJy; LNDEGB"jb7>Dړh(}{߳!Պ%v/GNQJnE ifAxZb%/Z6xMm%:@c@wI8[,PR~ VbZm7'X)zC 'A~jV dD`~27m/n%knY(? ^p-pRB.ohk=I4kGDU<݃vڵ$Nk|ET˔Jk&PvoVق$ ]{*JqL7YdiA_(t0}Q!a5>y1wpXVGLF+"$Lī]PQ5=̣^3qH_Y7zLxz#6JxXRrN|:WF~+1z׏¤G^AeQ sg5c-.|+:q5=&>J]Kb P`Nc7`uxYD3:C:_W"ؕ1_]k`8@X]6n*ݖ@䟭*MF-2@rnqw2ʸNGA`5 zY|uiW=vQ4›)G&0Ѧf@ >6{:L:@nwmard #d>4WwЋB(P bŒɂ#-PeAT%R& JcE=DC <$Mbd{V5k3|+A~,(7D*^n^â~O4:r&,O<Gy[KWg7UN["b_IC=d ?!uQҏ=]'/zQ-@.0CHKvR]]_cK\+fKd'KacȞa#z튿:a$T:ܡ/otg9U^+ͷ-'QhEsg )8'Aj@wC=)MBK,W8z]XdU2B^>Y*nN%b--92%!)CwR7$ݝg,Dy3>Yʁ1G`Ҫߩ| Q7Zz 󔠠<"H6v+Č D@FwK1d3Onrk0XfUر$(N4*#cXwtZR4_}sjVze߶DFָA̾;{ #UQiD__r]*2Q9T穞N%U$©&_8 UJ [z`hؓBm7L&A\pV6ऱ6N7Mb׬fc]|Q!7] l'(kQ:ɇ!{dPi,n!tb/c|}/2Ȃ V8T ţ%bb)|0cx <_hLHYbz!~W5UWW|8DUtӈ/6{d6mn)` I^,}ShNgx!5Kh*3jT;)@'/=Sðٱ4Uc$(֥sgZ|3oEgZƻiLOpˎ3F[8!!ZH.0ƎHUjn\d,J"F/EB/TwyŤHskZ"X+`WsxA j29'%e ͐Hn5i( <U8.RK(:+K(lNtvG^LĢ(pa'_΀uT@J&܃ b Q"v0`zZI vp!O#-Vu ҤPJ4ܬ@CUj@ 6H0CB Kxmy0ˇ$qxP2CVsu9֞͐5a@JP<?saCsIQZKaoVaO R=v/Ky| 8PK"B-@@f 1 tKMwioGףj=Q!žǐ@[i&uss:,K+26_Ç/!yIaٚI%#1㟁W΀k4^Fy`B1bm4"ME_}eCF*q;\KO#PʈB!И2b(}"Ѝ$* \GFJ Ϻ{cqI.Y -rDut X"wC0mga>;pFiwѱ,+@T:].>o\;45N[8v ^&wՀ}.\<ϦdVئcAܮ(:y="mEr-p 8eQGbA+KݾsEY=@ A dL^jߓy^Ɇ`nj7 BOX!8Û[FXEX D]cGdgNK|d F$dt K%ō@ёjnŁ)%z :ߖH-+s$NqG4]F%}( {&<+$5oC+_TYb]ŇvV or#Ru~AO"Su:q@vhZ-&{vZ KiO^:u;D`,88FE@7&s+SliJ a,̷Ag_4v@T(wڼ7#3)gGf@ ^Ͼu-@#V)3^yqd^~a8Κ BmA;slN>\FZc~ٯu$ D*"b=cEޚxɮ{Ļ\IϱC@r pSYOo~< 2hX7h@) Go"vl/{79)G Ha3sE>Kg0S~zmg&ΔRAIU=)D*f> ef\}J>߱r>` *֧K-hV1`];J% JPp)懗bPsﭬ,_=kK| Z :aH\Qx 䖸AsaI-oqj}0`hexTJ` rl#zfo!k^*#U7V9ۼY/L5PA~7{-Y.wCYVHVywp[-ZBm2)VR6uuУmta~7|h۹fylHhI{"Kle\lEGp5lZ=/5-uu%T . S17g0D,H ~b}YL8Yӷ5?5 T™[#LHN-8Lxlzz }d]B!R~EXgmy2JL!oSƉ i Krck2fR0S^q}Bo%Co8_~ܪ :{Xqd0Ʃ; *N,mE ׌!i#D m^Pqh%9XE 1m&N _iȔ]E$;cs6B*d>Dz7 <Ʊ蔱(r@WJ}}5QD=+g.'ooEji){U֏RvY3^vCxNe[?"GyGrPQڊ&s|$gZC>uãq2 Aȡe\pQ2h "l/%-#hI, [ /X$э%?)4R_Atբg Y~ȱ\.qЗpz%C̼5ݷnA, -S˻a$j9cE/slI 'R8/ &9i Rz䉫R|K}~]yce;Kq-WVk3LHt+ 3nQ rԞ|op҆;ĵ !xeYdp%(T2_ŊhZҍ}N8||,JOϳfusƬ~}'<BXp07쵛7D^H üDK}÷Z:.5ʾo 0qsߠCFWWU上?$AWZ, y|x FB=.e1TE-鏴3Om18-;%4/l+cs[!޸N]1-U+Z3c3vyFEc}<2Ә%A\bK-o*16ޏq!* ),W'Rp>DޑҍJ.F,'8 غ `a Dn1G3z'AݯHS!),4CDm'OT, vnϋN_)s)f ܘ&\!ib,#O8xʷy!`JO36@ĩ+>-n6":-!=ן/o? \Ya㋔!uBZӏupD R-pU\aB5PY)פzuቍS4;@$&X->ein#]F2༵ן觇V|dtV2!CpwMR.rbX5374.\lW*AYoj8=r氌d3*58/t}aTiV ^P3OྟcusP J6x.04,td Ϳ8D1 G)%wovShBdsI?NW:={Tbf:O* 聇b$"Jby4c{mЯi{{‡/mC_̏9ZL=ur&qKU8wS8gH#t^|iq;ؽ {RuW>>}S7*}>Ҧ'*kGJw٧Z'"ۅ򟘽Y)1h5MVڕ)(luǘV`VZ)xW17w_:8z_՞pj׼d=o ns.sm| cƶ=wX:X n3'`űpj =>=B (;^bqg4VcR;)&#ށ+4*] [Dƾ[o+Nc;{.34\NKIn1V+QW&#75q~'V!-ȻN)0?aLxnܘu]\<~|VNCЖB('cWdbrcmcUw@^ : yFHҏ?r՜qƢ~b z%p ,Ihθ';{}ivrG GJ'Ru sOKmn5;Vs7*čY8~"*ey|U)P%HbV/&W=u'-%j[So̕@$<+nI"2Je}{eNqS?pڄ#Ttn>iJUӘ xѠǒ=NsYcijvla|@ l,+K> ˙]#l)z4νPY 5TGdቫk/^6 m܉cnvsi@gTљud>.Gϕ_?+Bm爛wtBFu.<\$ZktOgE+Fl( p-%YYrU` $@@XW.G'`n+9ᦊ@ O Xh껖s}Vd?u6CX D:R\ (ryfC"҅ii`OsR-#Qo3S X$93l> ehZhe/Hl\fG_^Z!jD|%v(؜M|xX`WhxίD[&ԻfM%sA҇35!mELo=Ƈ8a)Х貳k>G(a'G@^Tc^iEr/p]Y$r]%G|Ύҿ{XĢY5,o+qǿ` Dm._3"w/ak`cdDLz rz^pL/2< rtLgZ P}ȯm (nrJ\ֆ[!,D~0@.3.S.aM{Nj'$: R0fRtOe"3؄Im'!upP \G=4䩹6QED;è1&YDѻ@oKvKj?R@T i84A=WOAr]=Q4C֧ZLD(ΨauoC em-):DQ۬mVuh~B88գ54$^p5V(Od8LN(>%0+g08Uock1Ho47L |!К +%/mf6ĵkf[]^h#j&*]uRI2@=ҩd1%;ڇjs?ЪS?U{3,jo+>fx+iJ:)br*YɳyFVʐ@t-~9 \ʜy\-2rD9/n ; pD6ӝIpQ^$ *h1[X\Nj:5l݉00[q4a;T a azp odlq#Euk4RJM*"}ׂ+dߏuAvF~bi$GOfA\{WTeMF_:U@Z6DI }<(/T>QI[ƻ\H8xRgX mbK`1TDGOfU' ,6?<W mG ӫm0!?Spz"͔:WP[zH wM$>U'g8.& b%K!ž}'θ:4R OXTNهda+e(%.$\K=KH2ɥ$>"GlF'qܸ/4)۬>$M(%xݖA'5DqJ6iwW*%vXTi2>'s֥npVC8g~[Dvy+(_[ٰh*nC|W-&Lo70ib 8^G(aFnYOSIzu ږw'$g6DʵI#빰nl|éHqKTL( ?Qpגf%PN\S~wJypP}V2j86r .CL?ҋ鱋 JY&c`S˔#ݐH!e6uׯҢ33?6.S`Fgihwe"&#/=l;8r18Qo9TG,}M(_zȑ*na(lnXr";G\|ޡs3q0y%5)㵊׫bTWx0>,` fFH[XS6fz=Qmy :(WH}D?>,Ym"[2*6F#nk*?ec,G&T6Va6`5pi3*rZy?0I"G/t[yTG@~x,IX f>b(!6ݖ&@':NȬzr:P 'c+rvi&R6W0[UVL 3%&d-i]\m[dļ|-`OM CqjV9roUdlŨQ@x X%" *ͫ|u]X3?WTхYhk~^&{\YfB 7&[oxta|[h8O)ǿpҙ05ΤdLO `n~°C.0N˲]A$[FK)sR^qr++" g.%ywD~odl~wyӨd-eCHat+ySʅ*\I0W I 7Ckؤ5:}slX\n,y/5\Z@FQ;87.aXYsjj6S:cn nJ&ݔE DqY]ŌX ZC,K@A;eb2(e5r"Qy\SKKy 5MhJ$殁P~8O q+߮;@FuWdP4z_PSԡ{o-^! Z9lHG?Hk'ohW駭%`1xW3iTꎩغA"^AO/}In ? 4M>BB,9o Gu?`∽MVa,ac<@.~-kT8Dq"u tR08V~:Mw=Mr")ЯCMU%mjRy_T?_7b>*3 YG LJp-b'ws#Q\>&$vX<87*NI#.X%| ~\C3:*F|>BD!W+X')DYtOIMLW*o&.i9bÑ^CH1T;U 厀WL;5`z%*fptS@tZy'ÿchGou.4_D59 375Lf r(ȯf׌\D' |; -o; J[D).Z_-F DF[.# Tѕ{@TjhB~ J&e=[,vF?1FcF)X µ?h=1nGD:.la.D˿\y *GmM+ eրbԗ,ܫ Q'~ pv)-PxFaM%OKS _0~!)#A$E2$uk:Ctةqn_Љg8_&-0  qhTGvi&3`0+ pUKJHJlE14"i#Eۓl1`‰=AuJ{YD@}!Hlq>( {hUW%{xVP eSU׼v96 % 3ePעI1E`zG}|׏kX3$#C&wӤ_'='5p;yp;Pi3@RODK$p"n#d(hH:%rŽR, 7HТr ̉'< tDpgcN6ZIv̓!2ʚD/uF$^NUڴ5`,=\rRkaB]T\%Ì<+O bt:pI~s857?ϔk!”d"5?d)g5*k06c K,V #@0OŒ7dWaB%gRP 1MGvOA1z_nt`݄@ jsHFec5hAuj;6 \(ڐOmu;Erظ.2fܚVˈy6/N4lz~Z و]Z<6^N^TGH0КQƉp#̜mC.C<~&khو)T6};GḊDgf^PZlHy^;%v !Ѿ{iÀ d/kaIU~g>s(.iknx2ZJr'o:9 EbQ.Ӹz7dlEU yaJxJ>P}3+%T$EoF}ҪjuwS⮡mr{q$5c7gVRb ^ 8#:1p{RjJ 3$ ѫO{ -p~6`yD1 OpQˡ /=NSߊN޹ zh5&pu,Ϳ`-7s/ p uu.gԁ4XbaQ33 yq8\M8zIU_e8kq~ c I>Mqsd-^~B'r  DWr 7TyGKD-y*Lnf=W%W31@P##ה_̜]:ଲN*X x\x@h#=*917Qx5sW&rRA~Șo~\&1`~&eL*[(P)NՂ+GE-oGRe0Hg_D$?4F/:r09g )oe[ *{fLKZ?R1[e`vNT{{4dΠ%.V̯4nqS-],H4%#m2Y]_n*o9{J$#6 7ԡwnu9 *_ 7yNS@[.PTU%Ah_14==NjW>a/t֚u%sQ~s︔6tޣ7"5! gcȖf{XqR6cN=loMx&iN-浌H$3꘿xl'2GJwvI'uyۆFMPߏfↀm/Z.2tNHښ[ՙu5It?܎ƀ^vֺ&BMjΑE0i߇>[ђ]>YUwM)cLMR ܯ[c6+ss&K#k9k|[J _ & &U-[QN xVGm wb4(W\/7J%Sad/Д棿1 7r_W5|  `S]QC AΤHKY$$ x6Aj!)xG'kh 6!ɞv&p@Ex8/PW,#wg6ì*{ $7 8FU6A\O =E"V$\xn"lAx:Ei۩ [@1_(PgAbgekxBaKb|,4lr k=)ur;<)Y}Qs=0Š<ɄƇ!ZAcĉ.Yq J 6PİoS=.x(cD]p J(3`iP̣Xm!8xiJT5PڒhDN& -x-<-_'YGoǝ91E#g,GјhᎎGj9kcdS[rJ<F? ͤF>BͿy\ 8*Jx=.ޞ[q8o^Si643cUb3P3gL/(}"+ KkG"aC-w %µf@smSF6Jʳr7%6@ދ=@F8!C). YMi;m%պ&vsÑ-1")`]JW?V<3'jr+Ƹ yY@cqBA=\4(rͶkZ錀}mC t*n>vsSn*u7MЙUەPң%y^q*zF2 Ÿ `{E۠BK2GgJ+~o,8\[p^kE}qY3#"%^#'dDs]q6O ;k,Nt!\]/tyzI=޳ m)~ pxfB~-wΣ7{䌆:@݊e;YmH| DȮkՕ -tI *ZN/1sDB胄@!ÂԈСHK5ȃ[Xp05#c"lA^3 }|M\Ϳ0+kd|(s} Jܕeӌ0s؊ciNZъjLJ6sψs}Kk=Jmcy{('eYj,J^e@fxې 5EJFziJ{(O.NeCq+Ur(KWax MbPlƻPzZğ+5 #?iiչv^nAq>95Nz w xkt̔J+?kjESi9S>b|T v'TBؑVe2ί&8l3lq n_ 8"g~¤RLZ58&%8ۙ4i[[[CHnu-Wrai&oc~r%4 Z OoϷ IX=M2 GX%+wWAoJ.GXS_icZ a~aPc 3Gַߪz>9FĄQye kQ*|cGcg(O Q⬢+}N؜SDȋ+ޔ>x{!Z?_*l,E#h~w+?4©qH$HG0k~X3N+LfŪ@h1RN5fyfי|t:~E]Cؘ}sQOP3 "r#!UI-:nx ?lD6Fw&/*jGyH$`޺S(l'"nԖC']2橢E2ib_ffSN~`:)2+/=/C 6Z#ISq9xi7P޶vpE4L'cܯX;.tFNhXw%mY"(]l1b9ל$WK []׭{{8FLjpzSE kf&MG8 K<6($\C `+3k}q:C1uTwކtPXlbnڝ*P Iir6wPA#@X /q*aRo"g%wv-3i 3-1NjQ,Kmd:kaRރL0hrr+>gKCK4NA=jX9tKp▫|8I 4~ L=T>^/sj@e6.t 7(u~ Эm2Hwn~0ruH]1-{F.ݯ@{AN+[R}z{KqYlO-tTH<ߘ04B6,3 n-L2ҀEmCR65Tk~ 787_8OAm^Ʒ7@]01Lwk};P:ˌT;߭)R ^ * *T=w ?qVi,H9R Eȁ4#HQu}{h_cƩ<}zf7v8ѷz#s3zp$EBc(Pe1(Lw/Uϵ=?rvA$ `HJȿw]zR6߫kỠrlC6RC Kuo@, yli,Ob&9b|q:-8R¹rhueJOHS<N=R&u:*` 6`oׯsѐ} o`=- o Kn!&?I ]`ĎXnf6}>|^ڦʹwI~{qi\?eA w]TAao)(G7MQ)ͥ3}7zD/4=#<3*0;bpT21KbVcNb~JEgkmP~w@SX]]gk'Iqy.ݚs0BShe˩ U%A $gw7bf.pl:&rwqplgYʤ+NLעҹ<=C)PIs]HE\poAہ9G$j8AC%4Z=|`,FEp[1I/FvPo~vOdئŪ~W̵(:qe&Os%s\ٺ1U^ƽ Ppk@IuJB7'9Ag("t]ȆNWJTf䑠 M \wؖ  i]XxV#"k-Ms>+x=9n.t; eՍ"KSqo:B|g׫,e$tdhhCiC!t?`n߾ew3ɨޙ狴>MSL2.9Ipw͛mjwWHD7I3<տZq%>d2BJ#k9wގQ ɛ;0)D7AJRk=qI∥RKvo4׶V g^̗w.h+b,oht@Tzn^r9Tii Do|۹9ML*T(DO NĐƼn ?oa'VEV fNs@7ȇ; Єx9Oݏ䗋~fQm;f@G2h@kǙwuB !ꆺUePaq@+ϋ>!@G!u{*U,R @-Pܵe*!WcN (-[YYGf+i p:%z)Rה9_{#WK7{Li>&l^8zWZtC%U,tl~NjWaP.3 k9H_W_¡5Z{cpCt!61U'l= vESAj̙8p3AQqM?,D>&)FfV#a@?W369Qc!_d3 Y?`\Xӌ|uJ=sH%* `{M?ÆTTv<$"}sPRB.y˂eY}B_As.f0͉c\S! =f;JTu h/(Ѫ4)FO wGZ׮i_ elg#v4ajdTzՒͩKwٙCB뢚͒"xԾ1B{fHA  "[f xE;SiGdCh,rkGk̔8OpJ?RØR;Vˮ׈Ca?<;xI.-x/PÈLoF7GJf8S6jm8 ^tMZ 6&9Z<FG-, |mT1&?E*ռFAΣϝ4O ˏis;f=K+N`dnD)x+of~P.RHJ^g(fZJv_2jv@6e`\YwH dG,myuO%P[m[:Z4t-e6.ϹbL()T<;愲m)A5O2RMԄǀ\Z؎:v~?JM$Nn: (յ#g)p,|m}wb~}ivyA4e(A ZK,*;LႺ7챮BT?mP(*>,\'Z6M!4dʻS+pF]M21NlJ\bK;pzIz3mP܃K<~3]K?ŗRT: RUK -X̍4i"(qR$0D2F JĦqbڅH&mFOJQӪje+LWcWN _W)(qе`i~殡 u+vsHyʰ#uY8wA'"R)(? EV/+au>4~K]o6@ }gXS AHK0r-@٫]'w\E,64LA|o7 xr;O 畠 QVN'pM뤫 0Uf.m%ZUh@={'U+!?g.i|qfS}Ȱ7G7\w{NDM2ҥ{UJEm8+Kb D}v^.N͡ a ;Eej梇zH(0G9i05mESubΧ:Dq[=j8 I,5 .XM.+FbOigk{P8UK=b9vCF6`fɤelVfKZ}ntm`ڲ샬@|7X1[;4pږä1ʈs 4(gԛq E\r12c/pb#Q* m4!B`z o#{(>s3MJa(ݢcC3ޛue:ez$rhU7VV3f΃U]am1Qzë˽f'q9=2Q#V8g+}[yxY!&jc:ƮI?q\#ސ$4(ŀM(VBqʭD\ ѩ v/pEkdHhk;bRf_wLE#oAe2-Md(Pd eV%( K*2Rd*\Jԉ0eA+a#,=W/5o?7P_5agQw¨.YR;y 7F WIJڲB(}j<wAOI73գPdkʸ_d!  t"xΎl kP!8@^d./o;bb2nnZxNj[[ &lLxS HROiY辗]d2ôN=-ƞD+fʮaċƾ}U+ !~un5t;?JU;~#-:0iΚgN%6j>+8vֿLNg6 zg{{*\iÕXr+sqe5< Lb鼸2!:0W`gW3R*l XE䫞<-"B!Nغ8MiP T^ruCiJV҆ ~_˶taf` lj\j4$~/r ]J{ 8SԤWA'E(ey f!lB9(UuZٜ0# .ZFkņ}€7j&4 :GFRki;NV`8V p>Pbw&|_.qS6gEbwUY4Q="f@5EkȟKߟ]*HNu3|zEl0f nyqv[V3Ͷý!nvfxrzQa+x`VgMQK3lYTF8ldD 0w _;MvKߠܠP:ul.Lr 3S3ÏY`V}cS2Νů:FĽJ*Y^O'$i  , dVሤ~qs☥Zo=irOK&FW+Bs?9!sIe&,h#_uh}PM|Dәt *OֹKI]@8ν;b.}46I:p]̆ fc$!1!bmNs!Lv.8@ɀ' ]NFhECӴ3B{Yl\FD`h.W}b^]B(sFIL? |JՌ6$Fnlo MO?VIUxr4+1z4~٤ZVܛi >i )Ecb&+b!}ZEޯC"OiK4sEF\+l#8`.C;c6qwm7M6NM/ 42(lM?uR*"&MX̻-<蜠1= +vm *_lU_սD}Dlp=6+.ܴig~ 0F'}+oҀ{Tʗ$JeYE; `* O! Z:;)Q\2Lwߎe!$<9JR7=GlN09 ߓ?G@@ ևY74=t~~ 7E7qF} u {;Y~~MJ+uKadm`vAiW`4k%yŵ&=ޙP[ʡ7&5Қ7P"<w[&Py+ ْ4s"SW K'׏}o=BEm ˎL4wOƏZFD,DCp:l ʲ^90z6U )YsX|(Jh -|6oLZsa}(JT!'qSo<,_1j֡@LE20k+bG|a9βIXD t59eOS͚fHt!":s7۔e1M29oź?Jhbp|"}:4'¤ T25J+aȪxUci89Cn;X'!4ndTv \? f !6^қ$U8c(*Vą|`Od@~uO