libsss_idmap0-1.9.4-1.2.1>t 4 DpQ/=„bFΧ>XN&nXM{B|0j*.+ש9 MG8@܋{J;%ՆCS1@2%W dS<++ sn[s[ŕEo,q$&n[\FڕEwkh6=֟1N.^&yUE<~n88Cx0G+Pܑ% d9f$[,PzyE29`%EHʜ,ǰOxQ/=„)3w#f# wԜC8>7%DlApk% t{Y/iFg=>{uAhQ| t+zi? _^I5 C 8Ie׷A '.8-{ׇ)+7wܵqE5QDEtxFԚ!GV~}Z +v> ]wM”'y@%2|SApq|4Z44A*DݯS3-c6786e19228dcf18df15413fa2f7861a4807c321J><6$?6d  7     $ F `hr|   (8$)9):{)>3@3F3G3H3I3X3Y3\4]4^4Db4Pc4d5e5f5#l5%u58v5@w5x5y5z6Clibsss_idmap01.9.41.2.1FreeIPA ID mapping libraryA utility library for FreeIPA to map Windows SIDs to Unix user/group IDs.Q3build27IopenSUSE 12.3openSUSELGPL-3.0+http://bugs.opensuse.orgSystem/Librarieshttps://fedorahosted.org/sssd/linuxx86_64IQQdffdc2efbb70ed11c52d35ce6f59b765libsss_idmap.so.0.0.1rootrootrootrootsssd-1.9.4-1.2.1.src.rpmlibsss_idmap.so.0()(64bit)libsss_idmap0libsss_idmap0(x86-64)@@@@@   /sbin/ldconfig/sbin/ldconfiglibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.4-14.0-14.4.6-14.10.2QQ \PPPPAOOO@O O|7O\NNw.N7N2N1O@MM?MM@MM2@Mv@M6@M5M LOLr@L@L@L{@K9@K9@KK@KKjJ@J@J rhafer@suse.comrhafer@suse.comrhafer@suse.comrhafer@suse.comjengelh@inai.dejengelh@inai.dejengelh@inai.dejengelh@inai.deben.kevan@gmail.comben.kevan@gmail.comben.kevan@gmail.comjengelh@medozas.derhafer@suse.dejengelh@medozas.derhafer@suse.dejengelh@medozas.dejengelh@medozas.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.derhafer@suse.deaj@suse.derhafer@novell.comrhafer@novell.comcoolo@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.comrhafer@novell.com- fix package name in baselibs.conf (bnc#796423)- update to 1.9.4 (bnc#801036): * A security bug assigned CVE-2013-0219 was fixed - TOCTOU race conditions when creating or removing home directories for users in local domain * A security bug assigned CVE-2013-0220 was fixed - out-of-bounds reads in autofs and ssh responder * The sssd_pam responder processes pending requests after reconnect * A serious memory leak in the NSS responder was fixed * Requests that were processing group entries with DNs pointing out of any configured search bases were not terminated correctly, causing long timeouts * Kerberos tickets are correctly renewed even after SSSD daemon restart * Multiple fixes related to SUDO integration, in particular fixing functionality when the sssd back end process was changing its online/offline status * The pwd_exp_warning option was fixed to function as documented in the manual page - refreshed sssd-ldflags.diff to apply cleanly- Removed left-over "Requires" for no longer existing sssd-client subpackage. - New patch: sssd-ldflags.diff to fix link failures due to erroneous LDFLAGS usage- Switch back to using libcrypto instead of mozilla-nss as it seems to be supported upstream again, cf. https://lists.fedorahosted.org/pipermail/sssd-devel/2012-June/010202.html - Cleanup PAM configuration after uninstalling sssd (bnc#788328)- Update to new upstream release 1.9.3 * Many fixes related to deployments where the SSSD is running as a client of IPA server with trust relation established with an Active Directory server * Multiple fixes related to correct reporting of group memberships, especially in setups that use nested groups * Fixed a bug that prevented upgrade from the 1.8 series if the cache contained nested groups before the upgrade * Restarting the responders is more robust for cases where the machine is under heavy load during back end restart * The default_shell option can now be also set per-domain in addition to global setting.- Update to new upstream release 1.9.2 * Users or groups from trusted domains can be retrieved by UID or GID as well * Several fixes that mitigate file descriptor leak during logins * SSH host keys are also removed from the cache after being removed from the server * Fix intermittent crash in responders if the responder was shutting down while requests were still pending * Catch an error condition that might have caused a tight loop in the sssd_nss process while refreshing expired enumeration request * Fixed memory hierarchy of subdomains discovery requests that caused use-after-free access bugs * The krb5_child and ldap_child processes can print libkrb5 tracing information in the debug logs- Update to new upstream release 1.8.93 (1.9.0~beta3) * Add native support for autofs to the IPA provider * Support for id mapping when connecting to Active Directory * Support for handling very large (> 1500 users) groups in Active Directory * Add a new fast in-memory cache to speed up lookups of cached data on repeated requests * Add support for the Kerberos DIR cache for storing multiple TGTs automatically * Add a new PAC responder for dealing with cross-realm Kerberos trusts * Terminate idle connections to the NSS and PAM responders- Update to new upstream release 1.8.3 * LDAP: Handle situations where the RootDSE is not available anonymously * LDAP: Fix regression for users using non-standard LDAP attributes for user information - Switch from openssl to mozilla-nss, as this is the officially supported crypto integration- Fix build error on SLES 11 builds- Add suse_version condition for glib over libunistring for SLES 11 SP2. - Update to new upstream release 1.8.2 * Fix for GSSAPI binds when the keytab contains unrelated principals * Workarounds added for LDAP servers with unreadable RootDSE- Update to new upstream release 1.8.1 * Resolve issue where we could enter an infinite loop trying to connect to an auth server- Update to new upstream release 1.8.0 * Support for the service map in NSS * Support for setting default SELinux user context from FreeIPA * Support for retrieving SSH user and host keys from LDAP * Support for caching autofs LDAP requests * Support for caching SUDO rules * Include the IPA AutoFS provider * Fixed several memory-corruption bugs * Fixed a regression in the proxy provider- Fixed systemd related packaging issues (bnc#724157) - fixed build on older openSUSE releases- Resolve "have choice for libnl-devel: libnl-1_1-devel libnl3-devel"- Fixed typos in configure args - Cherry-picked password policy fixes from 1.5 branch (bnc#705768) - switched to fd-leak fix cherry-picked from 1.5 branch - Add /usr/sbin to the search path to make configure find nscd (bnc#709747)- Add patches to fix an fd leak in sssd_pam- Update to new upstream release 1.5.11 * Support for overriding home directory, shell and primary GID locally * Properly honor TTL values from SRV record lookups * Support non-POSIX groups in nested group chains (for RFC2307bis LDAP servers) * Properly escape IPv6 addresses in the failover code * Do not crash if inotify fails (e.g. resource exhaustion) - Remove redundant %clean section; delete .la files more efficiently- Update to 1.5.8: * Support for the LDAP paging control * Support for multiple DNS servers for name resolution * Fixes for several group membership bugs * Fixes for rare crash bugs- Update to 1.5.7 * A flaw was found in the handling of cached passwords when kerberos renewal tickets is enabled. Due to a bug, the cached password was overwritten with a (moderately) predictable filename, which could allow a user to authenticate as someone else if they knew the name of the cache file (bnc#691135, CVE-2011-1758) - Changes in 1.5.6: * Fixed a serious memory leak in the memberOf plugin * Fixed a regression with the negative cache that caused it to be essentially nonfunctional * Fixed an issue where the user's full name would sometimes be removed from the cache * Fixed an issue with password changes in the kerberos provider not working with kpasswd- Update to 1.5.5 * Fixes for several crash bugs * LDAP group lookups will no longer abort if there is a zero-length member attribute * Add automatic fallback to 'cn' if the 'gecos' attribute does not exist- Should build in SLE-11-SP1 now- Updated to 1.5.4 * Fixes for Active Directory when not all users and groups have POSIX attributes * Fixes for handling users and groups that have name aliases (aliases are ignored) * Fix group memberships after initgroups in the IPA provider- Updated to 1.5.3 * Support for libldb >= 1.0.0 * Proper detection of manpage translations * Changes between 1.5.1 and 1.5.2 * Fixes for support of FreeIPA v2 * Fixes for failover if DNS entries change * Improved sss_obfuscate tool with better interactive mode * Fix several crash bugs * Don't attempt to use START_TLS over SSL. Some LDAP servers can't handle this * Delete users from the local cache if initgroups calls return 'no such user' (previously only worked for getpwnam/getpwuid) * Use new Transifex.net translations * Better support for automatic TGT renewal (now survives restart) * Netgroup fixes- Updated to 1.5.1 * Vast performance improvements when enumerate = true * All PAM actions will now perform a forced initgroups lookup instead of just a user information lookup This guarantees that all group information is available to other providers, such as the simple provider. * For backwards-compatibility, DNS lookups will also fall back to trying the SSSD domain name as a DNS discovery domain. * Support for more password expiration policies in LDAP - 389 Directory Server - FreeIPA - ActiveDirectory * Support for ldap_tls_{cert,key,cipher_suite} config options * Assorted bugfixes- /var/lib/sss/pubconf was missing (bnc#665442)- It was possible to make sssd hang forever inside a loop in the PAM responder by sending a carefully crafted packet to sssd. This could be exploited by a local attacker to crash sssd and prevent other legitimate users from logging into the system. (bnc#660481, CVE-2010-4341)- Own /etc/systemd directories to fix build.- install systemd service file- Updated to 1.4.1 * Add support for netgroups to the LDAP and proxy providers * Fixes a minor bug with UIDs/GIDs >= 2^31 * Fixes a segfault in the kerberos provider * Fixes a segfault in the NSS responder if a data provider crashes * Correctly use sdap_netgroup_search_base * the utility libraries libpath_utils1, libpath_utils-devel, libref_array1 and libref_array-devel moved to their own separate upstream project (ding-libs) * Performance improvements made to group processing of RFC2307 LDAP servers * Fixed nested group issues with RFC2307bis LDAP servers without a memberOf plugin * Manpage reviewed and updated- remove hard coded python version- No dependencies on %{release}- Updated to 1.3.1 * Fixes to the HBAC backend for obsolete or removed HBAC entries * Improvements to log messages around TLS and GSSAPI for LDAP * Support for building in environments using --as-needed LDFLAGS * Vast performance improvement for initgroups on RFC2307 LDAP servers * Long-running SSSD clients (e.g. GDM) will now reconnect properly to the daemon if SSSD is restarted * Rewrote the internal LDB cache API. As a synchronous API it is now faster to access and easier to work with * Eugene Indenbom contributed a sizeable amount of code to the LDAP provider - We now handle failover situations much more reliably than we did previously - We also will now monitor the GSSAPI kerberos ticket and automatically renew it when appropriate, instead of waiting for a connection to fail * Support for netlink now allows us to more quickly detect situations where we may have come online * New option "dns_discovery_domain" allows better configuration for using SRV records for failover - New subpackages: libpath_utils1, libpath_utils-devel, libref_array1 and libref_array-devel- Package pam- and nss-Modules as baselibs - cleaned up file list and dependencies - fixed init script dependencies- Updated to 1.1.0 * Support for IPv6 * Support for LDAP referrals * Offline failed login counter * Fix for the long-standing cache cleanup performance issues * libini_config, libcollection, libdhash, libref_array and libpath_utils are now built as shared libraries for general consumption (libref_array and libpath_utils are currently not packaged, as no component in sssd links against them) * Users get feedback from PAM if they authenticated offline * Native local backend now has a utility to show nested memberships (sss_groupshow) * New "simple" access provider for easy restriction of users - Backported libcrypto support from master to avoid Mozilla NSS dependency - Backported password policy improvments for LDAP provider from master- use logfiles for debug messages by default- subpackages for commandline tools, ipa-provider plugin and python API- Updated to 1.0.5. Highlights: * Removed some dead code (libreplace * Clarify licenses throughout the code- Updated to 1.0.4- Update to 0.6.0- fix LDAP filter for initgroups() with rfc2307bis setups- initial package submission/sbin/ldconfig/sbin/ldconfigbuild27 13603315711.9.4-1.2.11.9.4-1.2.1libsss_idmap.so.0libsss_idmap.so.0.0.1/usr/lib64/-fmessage-length=0 -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:12.3/standard/bc2921a7546fe7106ee073f9910dc054-sssdcpiolzma5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0x5eb09f896f5841aabb91c1045faee02e2dec5f27, strippeddirectoryPRRRRR/QJ6|,uS?@] cr$x#̚22&uX뭜l2^o"9Az4n'|bbrY1xr;9`8- ]Aҡ7&/^J)cgvpvRk*Z2YSaоmaښM`!ᔑ7"LW)F[}Z﫲ٞہ} Ad8;q=/QE ^joz69\ꄊl뭦v-j d*ykAm_*' p>?npa7!vE\r5j#'c"Li, 'd Ti~=b3Z}(6/a*hQ7]ʉIrD6uA16)ow߮-≨ J@C^Q&IՂ9AƸ$%H ۦLkȏ]lAz X^( !xT?ue->/N38kexj4Groü- uB4$QU[Pω2}*yyHonWHP"/'G}r9 2>5ebMX [){ F!6AN"r{)`'8عD1T˖1fg=J%v2=**l p՟hUa$\NԴXwa$3Ĭ2ieӜCꪻ{} |i_c+BlsQcBm1E[瀢)j\C -5W`[*<:++"Rw y.B e}Vdz&BpiN*uG]nw-ZtBZru1ז-0:+SrTeeu^8IÅ<8a6.|1IO'=L|Fώ1?߆/~{+FU eQR! reZp9ʪ &fJYy}Ey'HY ꄎ|'ݠr8غaP*KY;jXelz&,V<91`ʢ\vwbzZ? /:CZV0B >SzĜ $̣(Р;nzGzܹpȳA )0)Ӹs#A.T^G F~+A¹IJ 2`F`63nJ[I` %0;V6Lc2:><(bqA䅲HPڮ"pA%r=_k-ل`n qp8Z%L¬̑st{sW̫}^FG$豙v'EH+.1ayh`Nַ99=aK A+eUxgV/.z UꄹPm~ 3H;"(Do[f`=%:@5OẊzu@z]W@ Zl|m/#lBNaY43-3͋0B(V'b̓ss'ۦQa8Rar̂˝{\>+*(sE4VST.2֕!L3οˑ(Ѓ\.aBJg~6Y8a hbiS.Ճ VY߭pƨW7jnill3t#j?5m bˤM! N]\GK=ؖ}Ľts=Sq3iLGZLRXFh2[<7͡)} P뭩Z~ktƊ_gagU>VG|z"tD:+k~(e'oy4 ʃeLx,$^npQ6 */h8VqA9xڋ ؽl XOq*gR4J&xNk YPe@9DڡJ&/v/ZY}4Ѭ9xN3Fv3=y-%f=NT1Ϡu927z#;/t$N`p~y,r0txӂӔ%mYw5 8MX+)߿Zۨ{4VΈEԀM[hߔ΋Pu Am FE(}Kb?/aI.@MJ1wOwakK Xd|3jD-S+FwJVs\}90kPb=>1`K"+,pQQY"I ~%Y$ߚpT6[FJ{?'^J#0Kؾ#i6Ή!K{IoEU&MdEQ]z|SO0gy>//COΊ Q7Qj<:!%yZVFE[3 'ʷ\xP'(JFۀK\ឪ9XzNaPYe?O%W S's\+=q QƧ-q+`v.Gu}UR(l%0x; b9Bh~z}\*_|ƫ@x/ECۢa<k !`y[ݙMHaV's@axI曢: 찚~+@@(,*TF>x0\iФf뛃7[i ^sh,(է*/ \*`Ceq*ܚItHXa\G;7 6[ Y"R@m7Ti'7:汞HXZ2 ,pCMj@1,uqdY D^f')oW}q SҢҹk[P7'ؖGtf@=4߭+XDcZdCOҝg+6S%͒:Ёh k5x`wbS;ε^ 4ysJҙF"*#wE`E} 1†Nܣ!sR\ÎBW[pJ>@MC:0=kk}NKq){we@0Ӝ}vfR8=FsRհMŖ.Wb+MzY8"Ҙ" Ij@ۺl_vY|nA'iKq rgSSLAy/`1 KJuܭZeq.2uwè˥[Մ7f|]E=]a\߀v4g9ן e{Vbg $;c?,0A*Zh;WRv)M~lm#ED`C-XqlJ]oW6}[1_)v!>麟)҅\ЄђkŹfQ *y:}…)$fyS& !k}(-ȏZ9>C 'iX5?2bD7xnB?k?bPBf[꾐]+?5oW轤4:b @oA2@b,20%6-hSzɨ,)\m) ّ̍͑C=GiҳT-[ByR4lQ2 l'L:SO6'|'B|PvT{E~_ǜœ;NG՗>҆g]<`>P,5DYPetV |kg2Q7L&PJUinXxQn 28)e\-2 Mxe vE;]TR?eMxK@p缏!oԛ;k&p0t[$ed:jo,begL h/5ViB}aQΙºq$Ptj>PSĞH='*lCyuRᜑ8W[I7qQ%$vmPz r6ӗO+r.Wq*(Cphu:4z'C,(*{۔6/T>H$,]>1 O:nM@lh]z%w!cz/]\@lτbfOٌ%V6(yʲ+`s Y/{O+7{u'RgCg# f60q- ޠ\h|xm mvL"Ҩ+NU|Ž  {k Y\*GKΉDLލmSŗ )Q$QM wls<U6OE+OF: gCM<@Ux TW!J !%OJ<|RBB)+PFÞ5leT! Ƃ5T{iBAnW J}e֊n f~m0}*=