sssd-polkit-rules-2.9.1-4.el9_3> M Mv ĉJ4!!%joLne)Ip-Bm5 ']eK4]releng@rockylinux.org p-Bm5 ']@'/.IT{)w\pUA< {$w p~Y0 !msށc읥kUl1s2% Λ=.1 H y@@,2)kMƸA QYXouZT $oruɱӟugV5l8υk5o!% -/p͖/1}d|qgEN_ 5 |E e?'wIe{]vnu ` _f7\u#P}3/N 1! 7Svaǰ`rWO @-i0R7Y3٠[l<(!}t T\mdс!9+z, ZUMP(MܾꫜOiźR~qD{F б^櫼11W6BY88M .mغi0.No@(|2,FD! Zs"Ku*E"5af924216fb579d5200b1b2c4a9e6562491ef16c63d6e8ea291f5eef4b6dbea5467602115428f113e46fc2a5973f9ef862c475107uO,׼Y  >:2?2ud " H Wk     D\(89h:G/H/I/X/Y/\0 ]0^0 b0=d1e1f1l1t1u1v11112024Csssd-polkit-rules2.9.14.el9_3Rules for polkit integration for SSSDProvides rules for polkit integration with SSSD. This is required for smartcard support.eK.pb-4b2a121b-b27f-4a22-8074-2b95b460ac3e-b-ppc64leRocky Linux 9.3Rocky Enterprise Software FoundationGPLv3+Rocky Linux Build System (Peridot) Applications/Systemhttps://github.com/SSSD/sssd/linuxppc64leeK.aa07dbae7abe641bcaec03c5b04da0695a4a49f2d01e486b4c5de61819ebcb70rootrootsssd-2.9.1-4.el9_3.src.rpmsssd-polkit-rulessssd-polkit-rules(ppc-64)     polkitrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsZstd)sssd-common0.1063.0.4-14.6.0-14.0-15.4.18-12.9.1-4.el9_34.16.1.3e@eRdd@ddu@doMdbc<@c]cdcc@bb'b&bI@b{@b_aZ@a@a@Eduardo Lima (Etrunko) - 2.9.1-4Eduardo Lima (Etrunko) - 2.9.1-3Alexey Tikhonov - 2.9.1-2Alexey Tikhonov - 2.9.1-1Alexey Tikhonov - 2.9.0-5Alexey Tikhonov - 2.9.0-4Alexey Tikhonov - 2.9.0-3Alexey Tikhonov - 2.9.0-1Alexey Tikhonov - 2.8.2-2Alexey Tikhonov - 2.8.2-1Alexey Tikhonov - 2.8.1-1Alexey Tikhonov - 2.7.3-4Alexey Tikhonov - 2.7.3-3Alexey Tikhonov - 2.7.3-2Alexey Tikhonov - 2.7.3-1Alexey Tikhonov - 2.7.1-2Alexey Tikhonov - 2.7.1-1Alexey Tikhonov - 2.7.0-2Alexey Tikhonov - 2.7.0-1Alexey Tikhonov - 2.6.2-2Alexey Tikhonov - 2.6.2-1Alexey Tikhonov - 2.6.1-1- Related: rhbz#2236236 - dbus and crond getting terminated with SIGBUS in sss_client code Handle all invalidations consistently Supply a valid pointer to `sss_mmap_cache_validate_or_reinit()`, not a pointer to a local var- Resolves: rhbz#2236236 - dbus and crond getting terminated with SIGBUS in sss_client code - Resolves: rhbz#2237301 - SSSD runs multiples lookup search for each NFS request (SBUS req chaining stopped working in sssd-2.7)- Resolves: rhbz#2218858 - [sssd] SSSD enters failed state after heavy load in the system- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3 - Resolves: rhbz#2196816 - [RHEL9] [sssd] User lookup on IPA client fails with 's2n get_fqlist request failed' - Resolves: rhbz#2162552 - sssd client caches old data after removing netgroup member on IDM - Resolves: rhbz#2189542 - [sssd] RHEL 9.3 Tier 0 Localization - Resolves: rhbz#2133854 - [RHEL9] In some cases when `sdap_add_incomplete_groups()` is called with `ignore_group_members = true`, groups should be treated as complete - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys- Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs.- Related: rhbz#2190415 - Rebase Samba to the latest 4.18.x release Rebuild against rebased Samba libs.- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3- Resolves: rhbz#2167837 - Rebase SSSD for RHEL 9.3 - Resolves: rhbz#1765354 - [RFE] - Show password expiration warning when IdM users login with SSH keys - Resolves: rhbz#1913839 - filter_groups doesn't filter GID from 'id' output: AD + 'ldap_id_mapping = True' corner case - Resolves: rhbz#2100789 - [Improvement] sssctl config-check command does not show an error when we don't have id_provider in the domain section - Resolves: rhbz#2152177 - [RFE] Add support for ldapi:// URLs - Resolves: rhbz#2164852 - man page entry should make clear that a nested group needs a name - Resolves: rhbz#2166627 - Improvement: sss_client: add 'getsidbyusername()' and 'getsidbygroupname()' and corresponding python bindings - Resolves: rhbz#2166943 - kinit switches KCM away from the newly issued ticket - Resolves: rhbz#2167728 - [sssd] Auth fails if client cannot speak to forest root domain (ldap_sasl_interactive_bind_s failed)- Resolves: rhbz#2160001 - Reference to 'sssd-ldap-attributes' man page is missing in 'sssd-ldap', etc man pages - Resolves: rhbz#2143159 - automount killed by SIGSEGV- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2 - Resolves: rhbz#1608496 - sssd failing to register dynamic DNS addresses against an AD server due to unnecessary DNS search - Resolves: rhbz#2110091 - SSSD doesn't handle changes in 'resolv.conf' properly (when started right before network service) - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139684 - [sssd] RHEL 9.2 Tier 0 Localization - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list - Resolves: rhbz#2142794 - SSSD: `sssctl analyze` command shouldn't require 'root' privileged - Resolves: rhbz#2144893 - changing password with ldap_password_policy = shadow does not take effect immediately - Resolves: rhbz#2148737 - UPN check cannot be disabled explicitly but requires krb5_validate = false' as a work-around- Resolves: rhbz#2127510 - Rebase SSSD for RHEL 9.2 - Resolves: rhbz#1507035 - [RFE] SSSD does not support to change the user’s password when option ldap_pwd_policy equals to shadow in sssd.conf file - Resolves: rhbz#1766490 - Use negative cache better and domain checks for lookup by SIDs - Resolves: rhbz#1964121 - RFE: Add an option to sssd config to convert home directories to lowercase (or add a new template for the 'override_homedir' option) - Resolves: rhbz#2074307 - reduce debug level in case well_known_sid_to_name() fails - Resolves: rhbz#2096031 - SSSD: sdap_handle_id_collision_for_incomplete_groups debug message missing a new line - Resolves: rhbz#2103325 - Supported AD group types should be explained in the docs - Resolves: rhbz#2111388 - authenticating against external IdP services okta (native app) with OAuth client secret failed - Resolves: rhbz#2115171 - SSSD: duplicate dns_resolver_* option in man sssd.conf - Resolves: rhbz#2127492 - sssd timezone issues sudonotafter - Resolves: rhbz#2128840 - [RFE] provide dbus method to find users by attr - Resolves: rhbz#2128883 - Cannot SSH with AD user to ipa-client (`krb5_validate` and `pac_check` settings conflict) - Resolves: rhbz#2136791 - Lower the severity of the log message for SSSD so that it is not shown at the default debug level. - Resolves: rhbz#2139837 - Analyzer: Optimize and remove duplicate messages in verbose list- Related: rhbz#1978119 - [Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs)- Resolves: rhbz#2116389 - rpc.gssd crash when access a same file on krb5 nfs mount with multiple uids simultaneously since sssd-2.7.3-2.el9 - Resolves: rhbz#2119373 - sssctl analyze --logdir option requires sssd to be configured - Resolves: rhbz#2120657 - Incorrect request ID tracking from responder to backend- Resolves: rhbz#2106660 - [regression] sssd goes offline with forced ldaps configuration - Resolves: rhbz#2109451 - virsh command will hang after the host run several auto test cases - Resolves: rhbz#2098654 - cache_req_data_set_hybrid_lookup: cache_req_data should never be NULL - Resolves: rhbz#2106685 - [regression] sssctl analyze fails to parse PAM related sssd logs- Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1 - Resolves: rhbz#1936551 - [Improvement] Provide user feedback when login fails due to blocked PIN - Resolves: rhbz#1978119 - [Improvement] avoid interlocking among threads that use `libsss_nss_idmap` API (or other sss_client libs) - Resolves: rhbz#2062665 - [sssd] RHEL 9.1 Tier 0 Localization- Resolves: rhbz#2073095 - Harden kerberos ticket validation (additional patch) - Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol (additional patch)- Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1 - Resolves: rhbz#1893192 - sdap_nested_group_deref_direct_process() triggers internal watchdog for large data sets - Resolves: rhbz#1927553 - [Improvement] add SSSD support for more than one CRL PEM file name with parameters certificate_verification and crl_file - Resolves: rhbz#2089216 - pam_sss_gss ceased to work after upgrade to 8.6 - Resolves: rhbz#2090776 - Add idp authentication indicator in man page of sssd.conf - Resolves: rhbz#1927195 - sssd runs out of proxy child slots and doesn't clear the counter for Active requests - Resolves: rhbz#2073095 - Harden kerberos ticket validation - Resolves: rhbz#2082455 - 'getent hosts' not return hosts if they have more than one CN in LDAP - Resolves: rhbz#2087581 - Regression "Missing internal domain data." when setting ad_domain to incorrect- Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd- Resolves: rhbz#2069376 - Rebase SSSD for RHEL 9.1 - Resolves: rhbz#2072640 - sssd_nss exiting (due to missing 'sssd' local user) making SSSD service to restart in a loop - Resolves: rhbz#2070189 - sssd error triggers backtrace : [write_krb5info_file_from_fo_server] (0x0020): [RID#73501] There is no server that can be written into kdc info file. - Resolves: rhbz#2070138 - SSSD authenticating to LDAP with obfuscated password produces Invalid authtoken type message causing sssd_be to go offline (cross inter_ference of different provider plugins options) - Resolves: rhbz#2065693 - [RHEL9] Ship new sub-package called sssd-idp into sssd - Resolves: rhbz#2065098 - Use right sdap_domain in ad_domain_info_send - Resolves: rhbz#2062716 - [Improvement] Add user and group version of sss_nss_getorigbyname() - Resolves: rhbz#2061795 - Unable to lookup AD user if the AD group contains '@' symbol - Resolves: rhbz#2056482 - [RFE] Add sssd internal krb5 plugin for authentication against external IdP via OAuth2 - Resolves: rhbz#1937895 - SSSD update prompts for smartcard pin twice - After update to 7.9 - Resolves: rhbz#1925559 - [RFE] Implement time logging for the LDAP queries and warning of high queries time - Resolves: rhbz#1915564 - sssd does not enforce smartcard auth for kde screen locker - Resolves: rhbz#1859751 - [RFE] Allow SSSD to use anonymous pkinit for FAST - Resolves: rhbz#1749279 - 2FA prompting setting ineffective - Resolves: rhbz#1661055 - sssd fails GPO-based access if AD have setup with Japanese language - Resolves: rhbz#1245367 - [RFE] Implement memory cache for SID requests to improve performance- Resolves: rhbz#2035244 - AD Domain in the AD Forest Missing after sssd latest update - Resolves: rhbz#2041560 - sssd does not use kerberos port that is set.- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA - Resolves: rhbz#2017390 - [sssd] RHEL 9.0 GA Tier 0 Localization - Resolves: rhbz#2013263 - [RHEL9] Add ability to parse child log files - Resolves: rhbz#2013262 - [RHEL9] Add tevent chain ID logic into responders - Resolves: rhbz#1992432 - Add client certificate validation D-Bus API - Resolves: rhbz#1940517 - [RFE] Health and Support Analyzer: Add sssctl sub-command to select and display a single request from the logs- Resolves: rhbz#2011224 - Rebase SSSD for RHEL 9.0-GA - Resolves: rhbz#1966201 - sssd: incorrect checks on length values during packet decoding in unpack_authtok() - Resolves: rhbz#977803 - incorrect checks of `strto*()` string to number convertion functions - Resolves: rhbz#1992432 - Add client certificate validation D-Bus API - Resolves: rhbz#1992973 - Lookup with fully-qualified name does not work with 'cache_first = True' - Resolves: rhbz#1996151 - Add support for CKM_RSA_PKCS in smart card authentication. - Resolves: rhbz#1998459 - 2.5.x based SSSD adds more AD domains than it should based on the configuration file (not trusted and from a different forest) - Resolves: rhbz#2000476 - disabled root ad domain causes subdomains to be marked offline - Resolves: rhbz#2014249 - Consistency in defaults between OpenSSH and SSSD - Resolves: rhbz#2029419 - 'exclude_groups' option provided in SSSD for session recording (tlog) doesn't work as expected2.9.1-4.el9_32.9.1-4.el9_3sssd-pcsc.rules/usr/share/polkit-1/rules.d/-O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mcpu=power9 -mtune=power9 -fasynchronous-unwind-tables -fstack-clash-protectioncpiozstd19ppc64le-redhat-linux-gnuASCII textutf-817de5b9e3514aae19d7ffeef231ccb5e7f95268a8a04bfe6d610fda5806c3d9e7d1c3bd591b5a3218cee8981f002cf30f25b762ab9248f9ff8f5c19b9f74db49?`(/h V=% V FfB,7 ǖ$Kx.Q#4T@.5/2vΘR\N<(7Dib;4IDo!Q$@i 4IR=v7se#gxN// %#[ތu ![;[\CJL@V7qpGsڽJ)H$ʁ5G5GD1* \Jw*v]o+RoZqp]f @ :B}d)ɛG)G;B(H)xdU F, +$x).`