libsamba-passdb0-32bit-4.9.5+git.149.9593f64a5c3-lp151.1.3 >  A \~/=„|1aaH7{яJ4Ҷnt ޫ,Du&n Hd^뼥*닊8jpAaP?a@d3 = ^ '-4DL P T \    EEE(89:W>\B\G\H\I\X] Y]( Z]x[]|\]]]^]b]c^d^e^f^l^u_v_w_x_y_M```a<Clibsamba-passdb0-32bit4.9.5+git.149.9593f64a5c3lp151.1.3Samba3 password database libraryThis subpackage contains libraries to interface the password database.\;lamb09V0openSUSE Leap 15.1openSUSEGPL-3.0-or-laterhttps://bugs.opensuse.orgSystem/Librarieshttps://www.samba.org/linuxx86_64/sbin/ldconfigV0\;\;a967803182f3ce81010d033bfc85cd103790bf7f1e0e21bc30be3d008b172867libsamba-passdb.so.0.27.1rootrootrootrootsamba-4.9.5+git.149.9593f64a5c3-lp151.1.3.src.rpmlibsamba-passdb.so.0libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0)libsamba-passdb.so.0(SAMBA_PASSDB_0.24.1)libsamba-passdb.so.0(SAMBA_PASSDB_0.24.2)libsamba-passdb.so.0(SAMBA_PASSDB_0.25.0)libsamba-passdb.so.0(SAMBA_PASSDB_0.26.0)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.0)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.1)libsamba-passdb0-32bitlibsamba-passdb0-32bit(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libcli-ldap-common-samba4.solibcli-ldap-common-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libcliauth-samba4.solibcliauth-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libdbwrap-samba4.solibdbwrap-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libevents-samba4.solibevents-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libldb.so.1libldb.so.1(LDB_0.9.10)libldbsamba-samba4.solibldbsamba-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libndr-samba-samba4.solibndr-samba-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libndr.so.0libndr.so.0(NDR_0.0.1)libnscd.so.1libnscd.so.1(LIBNSCD_1.0)libpthread.so.0libpthread.so.0(GLIBC_2.0)libreplace-samba4.solibreplace-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libsamba-credentials.so.0libsamba-credentials.so.0(SAMBA_CREDENTIALS_0.0.1)libsamba-debug-samba4.solibsamba-debug-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libsamba-errors.so.1libsamba-errors.so.1(SAMBA_ERRORS_1)libsamba-hostconfig.so.0libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)libsamba-modules-samba4.solibsamba-modules-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libsamba-security-samba4.solibsamba-security-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libsamba-util.so.0libsamba-util.so.0(SAMBA_UTIL_0.0.1)libsamba3-util-samba4.solibsamba3-util-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libsamdb-common-samba4.solibsamdb-common-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libsamdb.so.0libsamdb.so.0(SAMDB_0.0.1)libsecrets3-samba4.solibsecrets3-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libsmbconf.so.0libsmbconf.so.0(SMBCONF_0)libsmbd-shim-samba4.solibsmbd-shim-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtdb-wrap-samba4.solibtdb-wrap-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libtdb.so.1libtdb.so.1(TDB_1.2.1)libutil-tdb-samba4.solibutil-tdb-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_I386)libwbclient.so.0libwbclient.so.0(WBCLIENT_0.9)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1\N\e\e\}@\o@\\\\\4\ @[[@[[%@[@[ @[[t[#@[[Q@[Q@[\[[[{[z@[r@[ @[WZZZZZZ`@Z@Z@ZZ@ZZ}@Z'Z@ZOZ@Z ,@Z@YY@Yo@Yo@Yo@Y@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USanpower David Mulder David Mulder David Disseldorp Samuel Cabrero David Mulder ddiss@suse.comnopower@suse.comJan Engelhardt David Mulder Samuel Cabrero Samuel Cabrero Samuel Cabrero dmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comSamuel Cabrero dmulder@suse.comSamuel Cabrero dmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2./bin/shlibpdb0-32bit4.9.5+git.149.9593f64a5c3-lp151.1.34.9.5+git.149.9593f64a5c3-lp151.1.34.9.5+git.149.9593f64a5c3libsamba-passdb.so.0libsamba-passdb.so.0.27.1/usr/lib/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.1/standard/f8490f6d0334c3a4fa732b71fd01beb3-sambacpioxz5x86_64-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=9d0ff47aed4805c746b26051c8106a06c95a9b2e, strippedMPPPPPPPPPPPPPRRRRR&R6R"R0RR,R8RRRR RRRRRRR*R R.RR$R4R(R2RR?R-R/RRR1RR RRR#R)R!R'RR9R R=R R3RR5R+R%RR7R;RRutf-8a99834c3adfb24a63829e27555e17ae5b344f89a31cb58d6f3e55fb95b830ac3?7zXZ !t/] cr$x#ǿ)yߤLcoR"o[2bǃNOZǩOhFXTj63~AqI/ S$<֨chu3h7g]9zxV4eќ`Y-mg EZ݅G֫ TV$˃}W||3'4_÷q؉;O.~h|SG U dʂjXi&O7XY*m,`<Pw`.hnbs8uYZsHEk20( {+1O\d)ԁvɹC4@hp 6ׅCw%WXg}Y~Bc`&u79XO ^on1jGQҌ lhF\LFe_뢇(&ADjxb}z"7[ʂomRυUCXSPFuҀ8:; =ƶ+(L^n /~Ӭ)Cj돏eNcS~k۠BdpI%H[iCR,5 (F ke,ӦN*d!el[ kUE/I/CS{h@s$ "O['N80"zv{ c8aq(r[긹n\vԛ64} %եvOŞ3LSa^WM\]pA1dPJ/N~E?^xLDNU10uy!r¨4f^ըAyC'UfW$zDl TR@v*Bz\gEmRwF^x݉{jȲ,pϣRU#|oT|7RS0W^$9ゥzo,$G>sA2=$)jX{ʰ'')4)HqP-Λgi(SnHJjУ=рnoN])P2ZkWާqz:jZ2p d(#\K/ ;#jid}Ȧ"AFF:CՀSAu%o22h#2YzG)=7Q6`5 \l(BR;NOJǓkBK2džE2+jt24\˻*EP. -.[SfBߘU{y P#l4' 4_6gB9=*k= `W1$u(_EF2B!KzIqw)]S3)%ϺL`z1QD}צؔAO"I/b3??Oǥz1&` 7A~Xg`_s {hg >dNS) PtzE,ᆱ6S0ce:\rdU-N?]l]|(?Enqآh;O}ɍt/J%%q$j}z&^0=[yjGM~v'D ZjQ1y?)7ވDOU NxwzgvA٪-Jk$5T{~tX\IcP𹓥qU+7wFۨav]Rߍ6li'?dPby(} c3) Fk~xQ.sQCk^LmVmq9V݇j8]qԼ %LUqى:4b, H*Y&`i?(dK)sd7&l;.A*eDm`}߽UWRAKf̋JQ,Uw_anF\}To}#WNov48ר׵֨J󰮞2]e|[ִ:[dL Prm0=~8h 5,<8!ae\ h:|?4F* ~"PufeU\C 0'f2B̗KvK Ȅ؀,j_+Os/L+v$s`OQ/wuy= )}e]s Sܪ>G!h4}Xo&Osys3$ [ >O(vy:0O+j&nJD䑫atÍ+2(2"{_c㎾3T,jPJ̉_8髤o 4%=OX4*3⽴"(s2w9P 9#Qi"~o jUxl'a=jL !6VzX̖ʗ]Rug_T;X-HJu)F!C9 H޻葭pWSr+`%;`ܣ' T_ں|8Tce0LRő L_g;G pu@,<=8L:ҋi nCn&T1Yl-4{N sPG+ZG0SV)0YPJA05>nFz>OjⲮe#qu9 ^#!GC љwKv< eNJSKԇZxNjOXR!v2f uPK7l!\=8U֩.'FL Wqc FX-돋X!{dЛ`PFjsPeuq)7 2λctLaº eF SyuǎsC<hc'n ! S-ýfܳ35# ^uWX|i!>XA$G?}a&閐[Cd7}"aKyTs6S +,0=e%;jn'O D&T'aߓw9'rzLeqIǻ3  ܎ DB‘assvtH&$V_73 K+( ja bk d1Etmfk?o#nttՇ!#h>TXq"Co'AVǿTG;C#a3j@I R1;ZzDuVl/5{ٚڱi-u$9610[E$@O'SE$~N5 MRd/P@cY %Ρ6 (6a*],= t#7G&u Juru4P\Vq c_O ql<3E4ry{aϲ@ qu|ROfS$;ABkaqOqV-g#k1 C[?l ŗ/<%Wz?oU4;Y7+:v|y-r`$ B9.AҌ F**t|{,wI2% 9ts!폪ųS5Mȸ{ٌU屌b|6Ty":m5=9f _9e(*@*CzkOϭu;Z?CGGM}nto|7}S bq\F $\qnWϴQ7?cGYv%&X"$#!>ݮjwIv͸@9mmbWj ׆U@]ʡ@qy|ڴI&y7S@]9-w&W_/+I xN^+hy{iM01eb2UQD`"sNy 9~03))ȝCۢuDn=2[B)aj+Ϝ[nkb/87@(d᦬[mEdH,ߞt5;§xJg`<כ'k|`*?p^uՊ c/iE_ϣsX&LL[T8߁6sIKswLcIUOv7;7+=K$aHu",;EAߩ{004O+*ȄD2.F:xH;2Y)PRlCRv\Tdy1+ze )NH2+Z@Γ_7\h4b]8J5/[!ccG-yMOx* t D3;ՒΊ4g5ڨdxnych9/Yɒi/Rqʮ$.q;\-^(W㗉n/Vn2MeG3mEyo/%QwB[R̩S^5շOђ7ylilS=} ) + jdƲ9Mzz dlڰm =تgw*Md<Ұ5@Ns zWeOXb+ί{1i륄jfdoRweiaN>(S1#/xm[V,Heh"VB~gp/-'ZgU}:/AwySԨq} m|؍V00sδPZеԦ2iSLj,[~93\:RAڞʗ}vXfTìF]T>Q_me6S!͜ A\2Dض!W ]Ƶ9[i&M18p=,g_2L}.# I|/ Ma֦錔bO*M昳)ǝ5K17^f<pFzg]cH!]۲ծOKJQ>Flip}3!P tq8 RŭR)5a3c5lb/_/([B%y襴3Q0J$}'o`R4n: %NLE|" Ͻ"pY ,meVqP]|PYbr w+Bh-iZQ +W,y7J7jq4Q(J_u*;"U+& y>3U .齡Bh1p585-Z_٪ǓY췰/ ~pcb,LhycH Y{uU[sˀx@" b3"o8^~Њ=t*Gƻ?s2$c32|$Wuă1]M =nDIbPRV>]pМ+<4 u捋r:qf+?Z,DadTf{E||2okx3?llc`0ibJ6 &Z?~8K$IvIyJߜbj|R5nkAZNaXiWmlB]I`ԝ `蟘ʗ_)-'b0IqqMct GE|P_g2dg}Pˇq" ft4_18wtizW1cLevG$" n:>>ų0ϜsĴyTHR·›Z#<@ƓIHm] ,'\1Bl9A^m!w:-'YLb=YjdWIJkşnĐ35#)trlhXInr ܈"ߧGU8In ԲHN31+&ĐO*>x*'~:1:R懅Jt u(O@8)3f) h "l`q#J_B7)\pܓ&I_9Գ_~$vC|dQxwxx6*]LBdGuj={awJo/s.?&)g #4Ju';a\ZVB"R3z8%!z@H=Xb  !@W$"}#@IMκ6睍"bP2H J%zlpD/XLkk!+(^PX͗+cF|KCRhXiꎢ-s[c C.jkT\Q%&' ^r{پƊUz}J\3U&]߉v x37WZvH&ȁ8${Μs M%׌*羽+SECNG@9+5B72Z}:BP-jg*97,f `lœ$`hav*=mM 7;}2,jĺ Buypyx_i2,~ͽx5CQ^G;8QjxmZq׉R'qxNfW 2WAR~?-e |Ez\Jo#MĊ~z vtg%dU;5Y0 ONb&AR7y/DY5I XxE$U1a',r̒hN8)ة#x 2WhqM/rAO?BrSVI1X㑯}e8쭍tz6cm 41!lq[h{V72 kD0k Ͱa#4Ӧغ" >"e0 ?E|0ݐacxA NoM -qXMo(-Z+d'&X8{ da$%v|Fܓbgm {KZ#0%͇kߕiέ׎`ʁaD\}\yy"{pb{&Ѡ:-g8ZC2 yJ-# \M4^+9هU/=w:HKH9ge\cp?M WλJ]~Elڂz<{YqٿbN<埣x F]UT-1K ! pñ*<|Ž i mIBc-U pE# {ǪηV^!il@#-;M:8\0WUJ- `Z̴W_gJR' r {9}H}bǚ*?xht^X9gAIIpueE%!Y6ގw?Of-Hq1`F " xpASAGAFȑP %٘ k>+|&aE B%,O`HnSu.O&G\W&M1@L   cA&' **!p^Dz%fw$%Mr.EC뭀͒FAp5rTHHȐ[lc끾%Ѫ;׈ŷ ,x"[@aT^B֓K~ZMx[fGAQԥUʆ4khoXoM4Ć%炽}4IdMuZdwJjجeyuX,T욟-\}u)2 ;`QYhZwӎ;mK2<.+ye{ ]둅@=Nuhgn'Ll~oDS\=vxҟ6ldul/̈ ׅP Wc1fS=<-b`N,-*`݊~Ϸ5-DD ڄVtٮM;ϋ:4KHU5 #JmSTD92TR) ]/FH[=)׃VAjB{jpƬEiCZӓQ_v8w__.5o\_dŽdvT}5䩎p!ھ_yR';N0y/Ǡ_&Qۘ2"C v)dIY };_0 M'G xΠGBv%Bnm Tr Z?r9DKHoTz65( =pnisAo_ygVf>CpsW8BJst"5{&?@洯\9 +(ZTSTnfആQ 'O] 1>-[e Y`-*⸀o48Neܙ<Y $plF5w/s?Diܐ7͗R[^} w3ܐ]PIJkU1Ch8-֌NHbBj [b!CAxqĵCs.@z5~qx+;bّ_@^nq'jE9vAIS$]"`X3$y4x;_<-A>7kcQJm&u5`$P=IB]GRU: _LJ"d97QhV'pEkxUOOˎ:[:-!DX{*-ېWa8hZ)2FzirLTLA8-~M>*~/A QCGط6E^8?޺,F|\UJw}AY*|> ]k5]RS.kɲ<ѻK^l/ӋGG[:$1ZsPCGB,kU]H $ ҕ%S!pt!۸MՂ"Z$[ dF<ҚfP''ġ'<$ݖ9ϷK^yWtݤo2F34YY4ZƮڰ2^EUiA6[0=pd{x ucAQXZU k3ocW6or0XVW2PcȻ۔PQlޏsђcW(v{PLiA8Z"*K2,WXI}+ܓ)eL\C]7|+#LLw@_Fzڂ{9jTC;abZ߰$ɽÂM ϻx^&:-Sw%),rIQIN S^m%K> v\% q3g !Ii䳧7.An$ (8˒{zSH2Uvb1,էͣjҞ{V<ĆA fGc w4CRYc*(\dD،qtSӹC:yc'I.)87}_ tF 'ǟh,}nYcusa( K1uP:mgxʨ ! i|)Ylsn3'Rm)6L+g>mVj H9֞+pPE:3#&HipmO:+r@ p-SNu&@ |[ql+W^bzPYel aK/ԍOK;xwA^톐o 1i"]9O>^ "=x0Up} ƕʹӝ$ڦ>:ljvX7P[Ɋe(]/26ZC˄soab~/_:՟X{I..STI8*9<]켚˹_뼿_WVn=Bo<ֳ?yDŽ"T.ip=0u _sL /)FЀZϙ,' }v4OLxQxzv%YJALCO,C7Pi9KFO^UN"o@DŽrR_`Cdx.NрP;,fZ{NVpIk^K."R diwWf1UI(cy  AWy.詑ի{P?vA3jϙEV"\ LcxM%u{B/]`?F"}?24Opi(ځ`: OC$ -3tRj#xjY`E͎Eb( U5P9`n4l?٥'$8e4X5y}'rbޡZu\i&@L?ۢ'\Zmg}LYx$b)_?{i| ? mF#Buebnc5g=T˲ 9VE[;p_Q4=@8HDډE֋͈^}zz[]M;Q0F0^ 9*ie1*0\=~@Tl)uj?Q#F`>f#9l Kd9F$59H%pPM-]nBnUǐRqk2g'u>nuI*J"8_| ,$ \"U#lQLG!\ sO%1 OQGAȯ?gHfurpyVE2g޺Nht˺&d'6?/R1^#:h< `jziWo8o,e 7wGOg)):;Z %d0՞A]_6& صOkZ3+]\Q+Te-/+xK,\8/,ߡ8xJLqI2R@:@ܥ,`lRӿDO,§}7 ma/zoGm 敻ڿ {n@eAhg͝ǂhݤ^%EV2ѼSu`eL(< <\!0 eiAʘ6OwJYZ}xz 9b! j̐9 _|. U>@qL=Y.0sȣT :c;]rI  4B.nT_5xy *#ցnmE.} 5Ppd!CFUj:;BjRGz0OanΤ,=`<9)ToTLBtm~O'ӟt2孈7>s|+U]L=Xä5r =5+ ?HxD^)Gº8]=(yC_h<Ί.P[+% Zq׭GcgU&aD: :N֚F'ډqRpnUҦ)bMQ͂Rnf4"HiҟzsfO7a}2%(/s3ya?PiS,_M$&Z'}`v#gwgbflHuUʣHV-_lKāTUǴqbx[FA@z1bt)7)P{ ڷ62.:[L#Qa,U^Y\ZwY-f5vq@8b%ձ9ò1?D9 ׶ 0s5up- Q22 &H{ERH\(XM)떻"G<4Pu] XС,=buv/9+i0&i3יЏ¯"pTG>=;VsUxe`mq^ʇĀu 2a#:u8-À~@^@e ""Jڬ է,K e3 0:\X-}0_8gI ' "#ヵ ȷ\8l,1_\IZs_iV-ZBƻ€ʋ(#ev%Buvz~|t XN* ݚI" 왝?<xqL>CPeB\1 >N j약s\NmF #C+('G,Q²!s9uG [}2YR5"aIO~`S5!`'}?gBy Qx6޹)x`U/TwJQ2q}CbD\:ޤ8_],Τ@kUBd|?Mt,3]u^i,0 HU#} |A Z_jc~sx0eխDM@yi@"0b 8jѪ1]y%,`M[.^PD`2g:vg4+W๹r2mCt.qdk)PmzɟL277N;V(zMz]t%Wyr&4ѭP2UVeވLKQ-5 6d0%~.òi2R3κ! K7Y{<))_9|5bS VUTp#'Wd$3SB0-p Q¸RQG :6 s5ʷmѢ.#Hvˀ4{ݍEGo,|=V^YxSzn˧I=prJ(0S k3]~.mNSay9-v^HL>Cٝf\إI }"d`x0IY2b[^L& ҵcÝ'Y~Ijy5gj8|/30ϟizR`hoZˤ㽾'e]v4.ߘşKnN=^c5O0Ca69̴*\B [oZ{Έm$0G4#kh[v}8๞Mq7l𦧙ākVex[6} '"D,#KF$dMpD<2[w{)+yK /uIGje^yEjotP>إy-$|~Dr,rƐJAF] ۗrmӡ`+.aX ? 17&[R%2p;FIuւ2Mc *6@ sD(9v` ,onWv|[Ko ~P=6 $O8 ueO=f3 UIv6ʦ4^*Ӊhj/ L;ĠKnM?t#WU^|i#I.B~ݶڱ0##qtj)sM[' J$3dW3ux9haGH"m9 }l:dޚ$KyۨE+;vnKFI*W fvp"W=$P-GB">QEG2 $9PitaCmR#` _ ݦ- WD@Ls`Wv[W_g,cY h-T3]?&! V&R_Xޖr5I_j,hz)K#C }cGpuܰdEU"XM@42`(hQF4Y?G4×O"6;lvNgf kf= wAp˦,~s Ya/ ]* H}mtFsƮXvy| e!1z0`{T<= ҷ%SqgSUMҕqHEhV+Iϲf@AR玮koQ󰝬)EI'<\Lږkb( $ge~YJ9oS L*GOky|Wsu/f܂.~EI"ڮ>geqjq De?-aAdٵ]d%p̉'l nԩߍ[^MNd쩕A4![ QS41ч'_Ic Ŗ!>11Euj,9"%!WA#˜[Kjxhն(xNm"o xo g ތk vӝ–6d1F+I6/D֦w5}`Q'~w5dME!E=Dj| (E? w.P./"jo0Ww"CW!܁7׌ X 3[D((Wx 7`óڻQtXڕ>B^'fx@i ~d'/olNkb6BlwG`kCPU+*Ll;I͵O!Ҡ0`(0 0l Kj1JC=~j/[espP\)boSsh8įl@䝣5Dҁ;u;sKk6fA){oM[ۚ›qtNF\j)K(x˷,$k\8߰zgf9X ɮD4,@.[׾ :hOHIP mxXS^~`kpjӔ߆s;:Ebh&h!ƣ_ݑveQz8w `%ML9M~t42JQ/(9v+ʵнcJg:-nPrީȬ!PGO-)1 ᫾V"`)ȫHvG-$Ҷ:FeGMaTwՂKv*F d ɶ#Ma#xMi3[(?p"KB->o*H(7V#9%xgDE ]j@TXeYۈ,;QFdx <<˚辧\b(]4o%th`e 8''r\ʆ]YX /P(K޴ L_PaI{:)ގM`vcՑsJ ҳ_ takbZb$[UtMIl`C}ԥ>/?;xFE'au* ex?;.'*j(64NN/x(`8D'ea&( VxM+B ҏ!&~D2jb6cmv˚sY~'~BX\*s[p, I8EMNӲ')GsXP؂ifޥB+n=*0x7{'Y@<8z Ȅzv :|ŭ=Rm]{.IPt6 S7L%l`S &=4x @;MRЏySwJXJ|cɳa|ƙJb:/:I_"+-9IZS+X睥a5y22K(xF>5"(v sŋ b'JXX (%Wx] ܗF#Y0^ґ*L wѼR3.&a)[r9G⚕,xl}@V V!؏>a[T0@dlSb-AUg@J/i:xwDsx/]l]N$>XCjI^)i흷hwxFT\ k19$"7w1kFuLEZ8MFɿfA4vBOOPpYnQVX$}%Rѹ]`"hJ*l=4m`-U,iA!\~b)9B)ir:n$Wn{[ uፗ;o'yp$fk0DztLC E،TX?ok/V Ԓq dPJ(ҕPFD~A %2 Y>@( ED7ԓdG͡䲤6SQ߇޶4(bMU2JVMA2dZ<C;xp҇# "j-[LsJrH9~g\hH`ӥtC~ms1fQsk"OG=! G,`qer4:eʙhHqa߃0ml=EU y/5KE" s KEU E!b]\w N,^Cb% 8QLt𸣊4H21HvZȦ3aѭ/"XOElx׆Hb1 :,=E~щg mȎi,5n0,@whN*[= ~MK>i* (6Ө?l D0879a̡)H~yUbi*4 x9kkYR6to=-b ه((>҅jI=֗4&`#|G8v\˽=9p\;q-H:V_}~l*K3-T۫~%U4#^@ϏQe> <"PsN"PbIj;[nkS/w ֆ1Ss hѮwdȩ(QhiFZ"*pKi8M0 bDIuI[K$$q[٬PB>)MӺ(սZ^?W=b~Ko*`' @jv szە&fЭ3eѸQG>E鶪;Gb(;`{$qV1[X3R-Ls4nE'ox-k>ɰzw^s\xsf5="a,~ǎ(98.JY*T $Is^yc!κ% ؠX|\vVCvU/O1&Y Ү#8[iհ?#*FOJg8TjԎx9 \>侧N4Q8{j^*PSZ"s5@z3R6ڦj( GvNTnfak[Bqe^+2i4QT+` qG 9v5RFe `Cvַ5-t /=;yZ3N~4x44kzjgdW7|,_هpUE a0(|+Cjcqz)7gE@V((!>*$8iY[5qM#p>CsvD=Ifh:lipx^o,[JibhTXw-90<}̹,}=~xuc*(h#V}|ۮf}~r Vi'a8z~HJrxٕK~w[&T UMZ{o"Xu*(~ݿjWb\E?ԎjxZ?I;kvG,2Rp@8W)X .-2r+*做1]Yz8yA{a)΅2UVm=gH`PEP[eٷ:2 'VJb., >@ d0EGNvfmM44e /ЭND;FXi%'Ğ[t+D1:xy_TNs 0bRLj(A:0E.Hmb9VSxkocZf-cUs@Q}OM'H<Tp>,\j<ŇTDOCfְwvLAG!x@.*<ե(Yai-FTUg`CN c޳mP<¶z* cBF9y*"a9D$`Kц7V@:jKKNHv8VgK@<և.AXbcFB'--`L.1\b*(Q7$A=bv>Qz!]Pi1O~su|8" ICAq^:x~=sH&V1w`2lu< >= Q6]M*@8 qfp4>qDSOAAl";o9ש=m{䕽IçUfS?Bwq{5)יVA>B:o3;U8EXVf!0SρVlXE6EL,jЁbƌ+G+lK@ZiYcIW t>)zQz^F^42Ab""F2wZJQ<49}|5`0)3?jYҲuW\ o!p/mױ\;mjjwZ ͞?eRu0Q6ǥ}gAG ]RѾ"bDFܚbׯҹ-W֋q6I#sNޡHQ7XA~9Y[P3r&AyA.+ĥ:cR(sP9Ù>9.bb ~RFd.3+.$cBhdZ7]r5 p Og_jYq ތxk$oFhMmVtC9 )V`㼎4a<푩o1*b $E6\,O57ۅmp1At>3Cs 9B^~LLV@u/ On0'xm ^mתIjOc37ilF_ik(}hpķ42 H*U+g^U1 =ػyBWGaLa,4Pn!XákgoA c/VqҲe$\kfO (xcZg."E78̟'N0:Q>%3oX΂xړ[*c1u$(^D#8B&._DAqQNa0'q`v ]c!Ce5i7.I@m w6 'm0P+hV_ǀnFRt\Y߹Wpi첑HF7)%I 4 3!wQ]ּ^ʘ+QlVZVmL+-5X_|i+Wܫ/e%em\?o#^+#~/5(cФ|Ls43V•~9}^HUsk40rq(iZ]ul_Ab7Zͤ!֌$IQOdmgWFIPͥzC 2Ɠx 7$o@qȶ}q~fYQ0-v)hWHsa⊵5?p^G҅GWƼCowfwy:dޢ<…~r4[.!M 3) 䔵+>f%3~:쨚Mi]ϳ1hdUŖ yrH?TFn(np0kLYˢ" ~@u,~`fl8?꾾p ` ĺp{,܍ϟf/BDf ("'Iy~-^R}Cs雉Y)lnO]$).v+ZnP tOUt{]zDˬxA&/ݳ&A?R^etR[;ViG H4?l ~1][h}HpN e(ZMqvJ=N 1ЗA,[u7sG+s&ejr Xkw_82D}v {ׁHLvM5j`H( 2+"*D#z|Ի+^l?@L ,5Tm}#WrsXkVCNOt H:z n h`z ,p<3gw 3C# x+O`"8ȢMH:\ώ*xCu7p:Y#g}JP[Ne:0N2FYi[Yz0Ēx8:,y~$rbPQ_93;`n"aί2x` C;hw{1V+F4t7() @.`eo|D!>z Sp]A^Ya(.)qQwU U )&vmGIAP!7kj|2I"= rK}DORbDi"*5G7he.4#12Q(ġ<|iha gtOx{h;G1q(8UéxcI]xE{kG6a]䮈-Aq];( 180Q'D+gTzj(A@7ɳ~[@tA sx/ u\VT:)_3Ai&< ObԷ ,61gnpt ^)h#o )_ȷ6N|N ډ,l:[6e{/W_|=q6'B̀OJ2iR% uϓWWiL< gpѓH )Y]z3-䝞f ;P+/"E'4cS+5xی zƌ]Իg<ˆ0*Q1[ba+ҔRF<#o[>A`R$fż&~ Kӳ>E]SA?rKPg9 IAQE~`+i'pR/A(K"L;o J6Vd -~ԙnj2k{!7 W :asa9ب ǝhiSZt΃0!-Cv?Y.Sz9g ё֮yϔ˜:!W'g|2K@&]|5Уt;J~+kRz/%-(+׃ŹaZUhmSZըb(HLi*9؉buAF>ϦRs`ƬAԋ::A`Ԧ>=l;цH:"aLHDi̼6@6AE@U\kThCleb`oGr臆. 9xnQ1+$h;|솗T''0@8U=\YqG \]gEjo< f-
kSGآIvy=%ucu"{r@j1ٺS1`(G$POםdV͐lHe.N*7\0w(6[-aE.08G2YJdD6GHlC(2~-Ofϼ"$Dkη P?@N-m 6D})C5wp!@:vWXR$Os)xں\伣1ʷ+5kM8;?ZFΣF请\BDy/rX]+r"!f~1Jt`5J" .yv(X_3;2׵ ڄ"/:>8 !|m%^h?0os'_B@j ŭ#jCLt±e~[  sx\ qڝ!xǥ%Μ͡o¨G8!55),|4&]ϱ+*3J9i) % Zs2)b"{W:ȆiJ3e яL%[PiDg(>sI]"P~ө+p.n< mhӅ|oBDqUT g=UQ1 i(ٸ| ȏ(NO(%_q(wغۡՐ&تo@ҽio6F+@=?y]Ì lv*^p G>^SNdzu2 A<%TXB?l?x5`D-5ksDFq'?P)k,gU탫E+DYqc#8!?#yyh0STkG7xX9 ~tmA`CL3xYؤ̱i /3jVD5W|=V_Z yrf9kpc7d} _WfY`1[)+([s1@ wL^a݃1kތK!|N9Ycӡ#EJS~յ=cGG3ab@rR%6rf! .YRdLXF԰35ӌaЕNBM#m}|N<$H9I@N/=},;88pvFyۄ;XѽM Ye$\>4: ID&<^A&9cђʴNi`dzwA?#<轉vA"!LxN!is&΢:8$}(kk[gv-Iξ~&3Ym^%z^b!tTZU%e=kZ!8#Q']jUm {3 @bQ2 [T4+Úpz Uy;c<3mUAg 0:Oto!_Fڧ.UYs#{Q.?rgwh@>ixeC~ꍍ*Nm^#L"\vr.>"MsAlʘt[9+잙1+*KgAܥ"f-HR.9"9 x]aY=KjzNRhroE~`}2XvFqFdUQf֑G_爪n V.h_ ϱF&psfZx!`~S~ܴϩt\h-!]8IR6#JP!RfVMQuvcF ώ.վBTBDV.Fu0MEm96#@P-I5ӑQ q.2!Kxb *8{urgъ@ q3|xrzȳl#tXuք?x52V(+h9VHƂs,m)i^Eo3M5E &9t. F=KYv hVݹeBzHRx dF奈Oy-&*SUFs&:iRuBtY벿{JiŔ'\G 8UzU.ϱ׻K^23 `t6m]w/HLßC^\g콆p! n:ERP:V%/|d2ƕ{+ݡoJ;$Ëb3F(2obrVfSzІ@ k+8uw-h3J ؖ, n@C4 H:\E&'#i0]eZ*T*f%L i0oB@ʼtX.J 0R25).JMĂA! ;Bx>?݃8wf#EjZr}&F8 r{1a3kk?St94a1 yPjDJozj:f y$vZA }!#2pSt+6u* Q_(V0rB;sշ9y6$Vpq >0#+$iڛ9B_) QR) 壋Uu*BS]{-N KtoM;n9jņs4|K}pIbtIB@|'\vX54FW͖ 0=o/C KZ$|DC*χKT3 x)I~MR$[輓}S(@J4FypogM:4MR-bjFdgO>Qhx0 W{(-VJY(\ Pa-١G Ow2m ?1 %$@aS7Sw\i谤؂ux:rBNsQ~rF/`%$#}9muݯfQu|u.G}Q״b0c5`--7@Em,€>\wrG9E&勧ÑwN<8W @ZٔPM  B[/1v6I4(#sgg̀*@\T[˜Oct\~ l|Z) o䧔}JD-5+;ijHB**(ܦXMhL?s_p0M 2҄Ae+2K1C!o }:DAv06 !ؙ!<4# nʌFC9%d Z}<: = yl We8#:A'o^b1N,f{ZE܋i)(y"| zliIo9&?[Gdf?j"M%zI\>W- \Vɘ$tcmSJH#sШqz#v29+$ Ϋطdžw²Ba] x!} 1;6$h6ZemcLrѼ'I-%jq1 BOG$V$L'V=rm=@呦8)enpC #ƊH7Q3xA34r7Mb5ڿE<0ܢ԰IK('TOI2IN̬ۢ,Ֆd@#)k'e@[/r9Ħ+6j#QSv(hW ·q (߁ת' ULBaMdgѥ]y?{$yo+\rBm+&98ڠo@)%s]t`QSk Bw-?_lFJ&تC-^Iy}b>&RAw$\ s`w2+ʕ'aW,WҞa~EH Pc~Ck1~Hv:^;iG奉5 ,aeΣ_Ż'͉\ ea! 9];rJX'Hw)_ q:AHYwKomBJ=>M7CM/`To2ٓS1o-'ɪ!nwŞ@B/kao1Y.:j_j|ՙaER6JMܧ+0Db_T,[Tǰ=Ľ_L?uc}jƍ/զ\j^i"yh :l%Wmt'3?n4u`Hsf6٫.eouHV .a5-;կH62$h~ЦciAFcoB-~vF ׻&L 淇uTXXVC~2'/A~~E*I~f/̨2xg SN+{7ϖ*/;Cq9`p6kP_y#hܯŸfڐg7KC=ֈB_+ӿA67zve;K@)Y)cMXTd@vٓ"~r.=:9 N@BCVv'&Er ;.%;Ɂ..i2A-oܒՄw"v@!^` l١,pi?cN j||oM0ʹ̽+//[&8ܱd)Aܒo)S0zu(W$ZR Գ]0GlD8WR: wk?I#h俶ȥc:1TvK'g޺^4Qw u(gPuG`yt\ЭL k~сQelZ1X }q1!~?:9 0#zJ. RR츥gfѾ r)z}pVrӇc UUl~#n8ޚHif"eѷ,X(# E FO:9|:Ad ^y' TXzvhTo^:x%]K/5zmP=SjdIzoJZfb"<3^vǝ\G&VRCBW\ K?*і^ސI~Gn{NpCEbaIdώ++9~/X-!7h,m;wBn}И꜋D_ 3Tb57B} J?@Ze^ _#y2gwf'i2-.'ؾ~y(&Sɋm &9 >)3JQ/J"#2QxguQ_YR~c//Snw!v5#x.`~k%[gp'|UBy xA㸇QW,?q+o!&ܫ{)Jucn9%cek J.;z'mw+7K30F$66"iU$W]5:y)AATi!}"ҤpeVSt [=2koNjwjW2%\apۚ]7 ϡ50-`ZTv24dZV'$Up/vBL[aXh'f3S tynIb~rqTZwasFvHV}fV4f_йZj,4wSHe:~Zo2cOIz=[㾰8f.Awʿ/#(iD[mx:2&2K5/ 752y;S{ï{@_Jf]:\y-h4=:CyyZ8Rm>4  :j$Q4'"ݟfb +_*}virx…*>'"DBLNEnc"HrM*G1h(X5d-9g1<_<3s3NzrZ'SBݛh-uKV0(XcI̅XDGO@zpVȘavc[tKIgs&qooZ ³ H@31\c+y4 wYL?VlK$aε2ʷZ_yLx=+Gdyߡ0% qk˪oW[' ͒8<:IJh12浠y RFuMVEJfoQU;]s7rROܕy:SAX,+4X: [w.酤fEk%ȚJ%&Lξ`EˌR $>$N1i5xgRisɝYq Q;0 r}x8 SݔdjEKahkd*kv攌ADž WVBC^x+In|шvj _&)q<>ŽKûxBi F8 vOgL{:.2Sgӝmۜ3)AQ?yS|[o7m,IV,wJWR+ sǧKQbV>纳d `ۻs* +j3*CLbRq6y@Vh}]Qya_>^Zg]lp}ڴ`gFh] N?*n8{zL2]Xmܜ_#[>1-\ @x؜384unR'{HQZWJ[YRN;+aKD"w<7bRFhKjD DY?j+HEQ-ޠ09߿mdj$utQҎ ¤Mon=>Nqq8 d}@#^u$IY9"ʙn,xEy2/52hq29~fFuķLȽ?HU 3J!`P쾸a:QЫpڈ=fvoVj@}nW#v=6Vణ<qwlo;5֌sl.̀0) .b*= u(U&E ?h`;˙F 8~<=%~ԝ&J! ݂$_ ܝVVW^7$:嚖'"O|yD'/2bfhoF{1m^!t0C'׆1 T1r8Ba~C=)dk`m @Ifvx43kaJ%rAuRpgx>4"@Q+A= ggB8eh},FfolN({=#'zsTOS~$DL?aԴ4$>NnYoݤ#S"hF1!A*,F?A䊥0FlD|nˀn >}-{wd(!^@̖袴6Ľut +s4.ۤNmQj UCq]؉_խ_h[%c[Qړ׊nЃ݃k17WCը6pn&)E#LgT:¨yOb~8ye'L01Pp{K"!OaN !%,hR [Vo(u]EnsFOOþl%hx+kZصYoVrKL[.aAU:U܁Z"Wй ă4YP@Ѯ(t<g tq^0_-WhBR[?>q*䟶I7Id;3ݹڮ1a;Q\|]J뉹wiB8I- .ѐmI>Oq%$01cq}L#VL^H^Khfvlf;; 2'q_yae_WNx'Ќߝe5oNt"mCHn݄AU@qUTPbyOW*:!,+Slk1v ;gYF10k[$zZ:S`Oa8!>+A޾MwZ(7#t#} fdbg8 Ed8,qKg(ý(vkQ!M3:)K/XIz zDNJ ޫ *Z|W򋲪DuDZA}[7=<śN8A8ȥN#Rae@<DCY`U'<` AbY|ԕL_C@},Gz:YB.k;{_3Il䖛c'.ćnT˹@'*vklZIaPn;*r⥹\hdRDlU$p|[ ]j1az3 0KQْ]`ICd?@M[ˮP[R(b$A1 %G[q*fG_m 7Y34eg#ݜv-1M]u__g_0goZrP |aze6C*}fH='XH L^VB-ϕ#I$ڐywNB-[ndP}Q,0kZO)1Z*Di)acJbP^FI%eE!Cǹ?~I#"j[\61%`elds0HM>Z[DR,epʯkH|eoTv2{W,#`s %n\af6Y=WGGsTMnƧyUQqD{uzPW0L/H^jSWYZjD\|~OەhB'Q!=VTtzOYh=>6ZhƟejF7B@¸̳b^4z1!"O*$&XqUB%S*n*`:QC$jX]7z efODo'AEȅ39ҤUL֤_ :KN :M44=[#n%p!@^ȎdYzbvv]Wr=dONRMC=$f΃"s_U .-kx֙ r՟ۯi;1χE8c[9`0X9{;œn+A LkMwco}^ٜxFyRÉz?a!`K~]͖I\5ٱyޮ}K@]b43r(+p{"&( b ?N[GD(CHxlb~ert\, ~vj }&lJW>.iSN\m )7)RBViF%g3# 6$ cb(?zK !nBSisGSi6QZ#Dg&V8Dֺ匠-䬹1 󺡜[Q ]8rv=ӟB09<Z3%` a儗{L|Шl`eU|%P+ʤY‚ o׸~-пm@K2R>BU{Q%uLLjb,%U:M'U'MVJ&JN(U9eyi`]bW[p6B>Z11(A7w+.-p&4ƩH\2Ƙfr%!m]̈`ẖA@4ci:.zd&Eni |C~Ljz`e任12LVey&#e􃵙5tKS,n鳲\ .$(Cƭ)H4xx?`@anLηY-u4:>ṵ:ĤeXUfѝ.H Sh3Nl32=Vd'9ˆ qvݳҿÞUo1w՗=(dxR芿6Ajŗ/M]@Qr _:`xGHN!J>wrޝM ў)S}!:cQJ: pT?|0-f)]'ϨaTvT|9@OK^# ڑilqbr0J;RF8F&3N8מֆ5FYņ 6v;>g?f9c6H)8ks.{6^<*r]@>Hg*si }{}%yS[7AG֕Q#mC fJ@ vmgQ5+SwңV.|+<˲2cӄceyBS<yӟ|a_@h9X8fCF2 B0SN4zйZ=J6W%PކW^7X$#;̺>:3N|yjJYN/=y )V(h\mSk wェtōc I1:ٳ_[s9*_R f!G0A #+tGn'=r7y}E,kR44REaD}g >@:|: "x/]qsDMd-fϑv Ӿ7 ;D b3W&B*1pwI# "t@J`=\/$ݭwc򾟡 f'v>כ!Q`+`sǾ €T+xuCLhS81꯰jOYLU #e1|iL@ϰJ}]3kQ ?<Π3cNXOQLZFԤJU86&Y7R6%M.p鎞GZN»( Z͊\'Rp!G*Xŧ_W@ lFQ:)ڼ)ZufUu7yP:)W!@V@D-?r .c(2ehtJۤ „؃# 9cR(rȕ_7Κrzt[$%cod}|-> 9s$2V`c+:+hmT&r=|;F(tbExeKICpEv~\(K5DDkF=dװD%zyrw 8RVENseZQ$岟>pݤ2gUDZoݫK֒0lk nOvm%vv'vLہv9էm1wqVJÑUF+H VM> 0t0Iacq#`%$t5US[I||5NFfpj&Ro+RbW9"p;W85y 6<øp9AOm\p+/!]z!:k U58#?:ꆻ+Nu$:m䓋}IҵLH0`v Ҟx=FmlLd0tZh׹K-X]+Y܇_Hx7:ˑ$ArRV6`MgA ǔù65 ]'""1W'tyP!ڵjgCY(H!TsVM \Pɞ=7ċ?aqx;j  {RGW!ܧ-й(E>҂{NRlo(ѦY6.ۼ"!Pcubdh2A$_*=CK=Loa‹fp̱NkU>Vvp,?ܭdSuTgz%]F9I5a 'q#Ƨa02И9v,êMg;sUᔝˀ,bQX`.ydr-39ZWLh \k`vFbQp&a4o贔5h'[ ؀Cp/Qu珊?7B23=5}WT ۈ@sM㤊=9"tYR2k( o]eCLt}c̍hxl2!m;a#tk_L>?jw'X~sWqZ;#50u<#ʹЃ; R(g*-3yb뭨b H*%r^GRcwKnحVx|[F=Z_uy*s^˻ȼfsΞdDK ;itHII[[ÖioF̸p5MQ'q8pfm.\=>|g7y U:\toA0+} E9]2ĔY |wֿ#zJHXkf1Q@vqS0('hG|b6)H-I PBf,` )*4eLTd !֭m{+quM9 -M]*7 "U|D9xϿ*MKe!`Ԧt]lz7|\vݨpv?")|C(*~NAsG,]iWZU'Oib<988[ET67c3*)|,zv⸕Tijs @D͜ ,' 02΂Siǵuؼ^o)̈́yuLIj@X%b_\Q5XVKœ:;(u4jlK~ͰG[wnS[B($jS<>^׌&sʑ1.rYBOF="gιX^u/Jځ|V\`SΝ+XG]lw G ƚs@TIyJ@V^rGmg Y]XVl4[r2ݒC:He骱?M^%Jc:Ƙ'f{@*W76j+@X⮮TGYGhvp)|Xx@mN̈́G r[M_DC6|},L~{=5IGUιᅖ( וGOߋ~Lu8XZD(l"W+qQMj;RP7tc éP fxi6S +$^8o`%ae|ˢ5'Wx.F=i,>,q2j(q+ js͂!u(nyA@V]P#A}CŨEtfFz|2irc=gV}V2؛e!.N"_BK)]ĐB;z uo o$"Nm8K%Pڒ. 9y0ZoT<?0x,_nQImzÕJgӣP`-X "[*W u3(>&t3X~E!QUPݬ"*ub 6~/^/ptySK X?'̥7 K*0Lㅒ L܁ d< +M.9Xba2zzqHL18}dSEajdoZ_`B6< G&dyfQ|jYOV.h]1,lKi(ӜED2$Iz|n!~lJ-ÿud cf!u}%ѽ k!CrQ`fE5RovSqp5U9OR@+kF5 !ؑ@y acxǡ͛$i!} l灵Q`~9if q@p(~TS7`5{̩Si(3qmAJ]Eh΀-xݹvRͯsÖc,wdH+D+SW[V|l1~ٲK eҬZpnd*?k{Z7yf57ObP;"[Wˆ(,e)=^V#jϖ $VR;!WT/H^Ъ[+#boo} bB5B0XUȺe&$@ ¬qRT3LQ^O,^Rs}nrI hx?//= :!B^ΈZUﲈz@7$mX>3*] m6q<Д_koČb&Qr vs;6*xtאx D ^ ITU'lw0Y۬.AX0AZ'k 9{#`“$@UM;'a[=Z -WɸF9ZӤj FRNg9}vfG8B ٯ7nw@ߛYѓ %2C#{9l@d|ue)0AblGN$8X+&j!k!%夀g*PN2_oNn,`UVcJ.0SU'?֡܀mNZD}{1ڹG~5G\\*5%R6{dPaIވ}#Lm{5Ʈ>D"*kZ`i'C! %95Eࢦc 8" *@$vkJa6]] H}r=e`?ϼPfrI\^';! ϟyݰvM5+MciHo;vcH>O '9("/KRtF18xۃ~=AAL/пw|m >|tbv7~+!q&x!wh.]٢&^WW#)K&ۑǁ?di;XRLfM#%J[0{v[|}N-eaYY<D?%‘c8Pvq'?> ;3?4>BbPMBx/+(:ypD`~le냋R͇.+=ԧV${>:[zJ"tმBKY$}Y0`Xߘ'np&mNޘ۲ڊ_R!ܢ9 /BY#0ed3+GyUүՊ Ԯx&N,{Ff!4atV = eNiۭldӏ1;-*53ð=܏Bn:O0;&ekm4!gujHiWƅ!Xs>u2p >e|rÊᖂTjo31*pYq7̚t0ϧ PPR#4sN座`[/p,s](Gyf;+JY$gӗb%ί M`-t`2mc:5GsڙEraKYܣ"_X" GդNv Hg ٿkͧJ1ZվqDxui ccK~c 8_ImAłQEYj;|W+Ǝ| ZiGdz0J@8N[= 5 lL|":fP=2J~:{ߞT'DLnVGw`7ttZp\< o2K)ph4[j{ OmnDt|z]ܿ{24(Ab`I?pQQrDFS Q+Z~BQq{|Ԑ b'Xc{| ZZd?k"#JJad7w (o&VzѪս ;̡ @]mR]0EzH\olg?=nQXDҟ ?-Gh,,a-xrJ\(V At> Eu~d0&0GBX뇹PgcʖRʦKnwQɷ1le۠-Lr6T^~-(_a6J$Eq%eU ~7)1/o0yđ(Hh= JYh\I rq ӷrc{zZoyqd0f۾s|Sʫ4^ҁ8'6KnTS^gͦ% R!aqJM܁j…B4Taq8gllVB4Ӓz֦#}㾅 DcO<Ȯ|;&0ԝ<:S8 v]fN4 rK4߰䪉hF'{S0rPl*F=vn"mP4]5es"bXW Z6yk#fӧa|Ei\b7u{HGp@U!]P]J%V7I0WF\}鷰RN( M"׷s*P\9-LMb< K a-5ŋ{mm+k|ٱ{Z GUVDYԓR؍SLաS ܦ=5ijT{> C\DMA!Jr/U4&ӞZDU߁{yt"_Փ}R8D+fKj (:6Th5Ν=G =/1 Wfؑbf[!fb.bH4!y~l#f_F!Kj xȞ県nKjrM3֮ម애jIf#pQC]B 6J88g+I]y6~-jZ:yR `$m/VA`쒡=uaE)MݠT/g2YN}4G+BH=햁WUlb&Szi>&_RcѲRHC+%vL{3^-F&f+PBuIՖUIG"xk=P%]dЄmgLJ#GT4cV9D#i`zlCȄ}p$KiKdW#m lxԡW>FE%ðCHdf5` {5FS EƎMS!"0E'LuEr"z5(zT`c<}e0YiBDw*KF7 }8Id3X;̳t634(~AIU;Wca8oцhHt0445Ɠ ^lR $¹tDj*玣x+˅QpgtQ?3y,f02>FkV8c/iGWavM:m0lEҢ)P4PɒRY#%h) 3PEa#ÝE|bȅyF@o%{2*F6XIaG"^ eGk=jG&x]zѝ ZfmQS== &fa9<\TN bdH)k bm?ϻ͢RM:DOme0 7II0Gj{fK yxsINbT*y\Ͻ(|L פ"DN ;ZÙna_̛gk7KwϵL=(Ow#}t'[|]I"?4ON]IZN)D)-U˹')ӞC!@W$;4ض@ Aek(!a:/4EX^A4NĖN߻g=;<'!YBqgGWGq\;C[4>05qūԵD$yeuUnɺ3bBYmGT'6 )tYRTMvsp (A 2iqo.3F(bB%KI4nG܁rߍaЊ-A+:lE1P_\N4v(#UD Ehi; ^rNȩ";=@k$!Ohht ąuA_#F9bamoN ATkӜFCw-<":`,!'(Da#J4"rp8V1&o{/z{WZ7jsG\0WKECu]QuEjp@"xusG}MzHֲ{S-^pi3ހ[~y@odo Ǖlݝ@CӴ PJ 7V\_4Tp3&w52-1pWm:[-WT~K_yzyrwF.nʱB~f}yNaC* LF*ae> cC>Xqη Xb!7Z$[Ag FJ6h;v$М`KAGfގ0QwOд'DtCFjRк6Fi:Q#̥_`%Qd.͎S"OxrhM_<^L mPD~*l `\Xٺ4gn#Ay_<3r? t il"ɚ@DYH3`ܝ_&h;\tb9,a9IW7HYD`P #[ ™SśYa#Q"Xq {BI UUZ9bQᘅˎ&*[4{͘tD`Om0լtGȼ We)4w [K?xP3QE?.&"G ;T?шz+[W7~ T]~v.!o }`UK!MKy< Wvvэ]]-XP=jS}"ם(M(_Mua Qv.l rAg% YMgJØ>Ym1_y"qP9.ږ7tk386XW:o-}5{ߌ7^}hP˨*EQER㴻6#f 9.P6ʒ( 5 /@.Xi<=͔!ċϽ[YP]e\ f*>d- YG"6G~| &u?x_b.@%X[+섅ԮߝPu o써fkˎt5=ldESWjL|7ڙFۑzh )]] Z1:`覸1+_A$? ZK]?1¹Ύ4.5/0w<8#Cz4UĜ RI&E:^׽j=ғKǀuSΛ_~+VJ)iOah,bt3u|D/aѤe;0ۥ;\#O#U!6n=5bS_>8~qC1`|/b0͌|NU#y8g,WkeY"N8:V`ȈE&2>6Cbop2 ),=ςj/>-EԠQÁeB!)l*ܟRZ`|Vl(-E@?/i~e: ΑB v׾cQ/G~`tzYۈKW^ S !|T܇oܚBp$]W[$g!a9=![wO2z{T}7EҭyNil޳aYk6(0TkzSyTtgs7)#Y?>fv-2cboxۗ8/#{9@%S¶= G#^05=Q@Wss u6! Tkqv62wu(YKvz\#dUiӀnLβ9jaN#¥kTӃNBF|0`QH5\Vb6W \|S#.%d &e_{LX G1xnp }f3Dޔ1 .^6us0^>BXXY?_Z @osUS;OP%pID 6nw*ha`O}ݰ ]? *Pŗ'ioAԫ"En4!Ehԇ QO4&\ k߳'FLK-;g˪%E1ܹ@VcM?wB0_$JtLA;q5`e\cӄCZ~hE=EYLQ P~)jw6^|B χѝc%C{Y ҴsG!yhChg$5 ,fj;7lM=a,ܓ届 L[@E``x"8g$e _\ƥQdU6,a~/~?JJ|iۺU@0ߺ IZ&W8O3H|C1~#=Z~weԡRf%n~$Ӗ/&`Тp3jAy%r0b#ԃ!ѩzTXXh@'Y08xW "59Y?,d*E:"SmxKXLI,2RGA s},%Tclzg`u+M1U# ]=fϤULh`Qݚq_Zۢ~9CLIk#Yڱq>Սxn}9,{O (dU{Hmy:R^kyq3w~c" *U@5v,0ݑ#!Y@ؔ OEf[?_ l}< hH\F[1"G׿Vqwp]Yy>Vʺ(xCg# Z\:y_#tRb<< Ki`]'Q6sP~6H]]Ydxic |$#bR+?Nwsq9uKE#U{08eCCx0D6@;w1;xbTHLN*ƈa\ނ`z|ycj[BDE];F#.&.ńT-$ Üs۟ Ɓ5;ӛ^ViA3UQč܅vEVR_\5+$v G;#zI\h1PfM93g'h&3&>`q҄VN ٗZمB` 9\(ULN|iS){ Iڱ ,} XN_[dأd*Ym5hUxr;njdZE?պYb KxּMjm%J&BCpɽ Q`mnn'>q&* BXy(}H1N0ݕfpHduRﭙ~DBik^! v`&JbʭUDPNcb*;#2*IݿOA4G˱˒n.GLYoO)aԑtVJ)jT0"O#os\=u"0#T̗U2s>y&>ׅ4`y*0nujl)9-g!4AK~dߊ JW)N*H+37Wf6fp$+j" p>|^Cl)5wIpRv~bYLeֶyQ?2=&cCԭ<:~fcN]8!\||7=k43e}07W{}VD _=wGAaj!Ҟ~ZSwA(n9+庈(8K3N{cH]4MC)jF~J4W![H5&D71~IDgf(_c.7'3;lDI:2MxxD{\qAPTߩc7෪I S^B {MkNdtǹOef׽Ēl[ȑ. >kik70 d|Vy =<+8hb$ow7u9@~8-QK؉Gv(W7bAN2Hw͚|C]q$HZj-pzrO:%/;״ G$QC~XV_3)BOBڃ)6ϊ ]% pp\<!`"f>{ˏ0% ۦuķTc"cT?ds%1oz\v^BEk^pϟ3*( AbL)#sy ZC X/(B{gFDgM#8fH ANo%P9dZ7p Xi$Щ&m'\MfMzc2ީ9e~%x3<!ـ%9QRJR,T+k< 8X}?0';A}kfu|63MjU-lp@lؚn_-)=tJjԖ}Fcibÿn;+0 5Rd W.<~ +7`'5W ´f3:K=),:P)zf N v+0~sxʧl BG==a7whbnuD9qdm| Sd'5i'kZeQ`عZc6b~67yI!o١ )!' a=s`@P뤢8sb,K;CkUMLNFet&K;P.YO @D9=5{R0m-ve~Sܛdئ6>_ɬeLUZd(RU+a>czQS3zǜ:#œILD D}>FD4F>Ovi0SIE5Q#a d9]5Jɲzm2'ČZ :TîD9?n0e$%ӓ4_2O#O$/@3 Hs%M78+eżJ|yjPBa8 ¼W_Hv\^h{L-ٻ" {JIvCMA>liY"_|^|eܱ?J‹쓼~E`zL u!$)PZ4*T%5%Qp "*ӹɩ@a*K-ͨGz.!r%[}?J@`:ɏcU J]͏KêCAϩLAq$\Ԁּgr!dni)5 @=@Ȿd:e)^L}CQ e?ϧ# CE06>^lv2gĐfv7#s*E: `~W:;9~Z2Wg1DCu}:#ubeh6B42P71֢3F%:ފ`hڪdbE(YiF~i츍2\2@2(zk83RsPCΊUPrTn~=_Vf9\e ҸzH%/Tn[]Oeh]Qrf\}F# ؗ?:m plDmf!yIˁ6q6]kWNbBěQ5^rwKńahiv^=X?VuSY7)6dr9\5(_ ]Uzv51aٴـ5d* /ncu`ܦǺG^'3 F0>@r&К^ ȕ8_"%ODƵ0)ݺ>,c& XdHnXI'i{7m7*f­>%=}ڤ+Je|nSj2xp,a8lc p V<5_MK伇1xJ~m{J){$? W#<*´ip54T& !-Yj60ƈEpZm->@{ $'g )ꊫ]7E̿.`=F9|Ze+ZtpwZS޺裴Kub"?1윐{~-QhDT`EƺLAr_`>SmnܳHr*tJ̷w7\KⳄ'悲Dlk8UY`32T;!isnca^a&!.*WWn; aódxl:ş_l#Fm++%W " "tTߛ>3 'gM'C.hT'&XGg%~vhz6L~ub!|meʍqY])nlMF+o~hd0CNbL2;FO*fj{{6ǷQl}_ "쐙o}dNMKO:Y\`;(pJh4U" as:nLŋdT0o{ծt8JRsfxv2߮Qn}b_%[bVhh?Fc+\-n\)ZH/FI_/chһOL܋[D`;} z_? Bj\oa E:_ATD F߉kJp^zG)~Q2(v aY s2Mu0w@Sr6%IJOA[L7r6|`1,@*i^yDd0n/+X9Сg8[^1n%a 0s0#l!BXMɎKZ(q~룸;8.ItX]9  -6vKc G}ZWx/}mzJia,ѫQfquGV7.4cg2-&cxNͨ}(eӫ؄+brJr|?7GH}?~q(rɕЛ/TzS4&UE٨K4K:6=_: q‹2!+#~b|h h%ȏUδ~P>G(iK_|C#Q#XٻSa|rW$!njzY| m%DZ>mB7(dED!Ė$^M_M4|ڀjm0s?Nl )4Ɔ<MAU\صPFHhqC_ 7~ȫݏ _ZWDTE肤ՈF/m +b&oX@~Sp Xm]>m+[?Irc.EǨHz2Xɾ Eqdǻo:S*Br݈u WYky=ۤxݝoks-/lD=wg?Yv@졄LP3;C =isg>i;i֠vx~V69{^]|uZ6 Sf@-BLbj`b; K#̆Nķfdjm 웚` ?hq!ˬ}Z&db#HcG$D* ?eJjN} wMv|իZeDbO(hLAjӘ\ӖnrsMMy0䭹IOHV= @HgXޡ*lwX8ڗ2z"ii2Wi-Tu`Y҅ $"<Q;װ$0wr;]^}<5vDNù#Oԃ! / 3a4M2F) TuW%]`ߧԝh|ӌZ֊Qw~;1I4M=~F]XdqSgМA@ȋP^dZ0ˉdL@ted 5ڃz$ 9tg4ءn0Mً40L'漛6y7€>7v|"nhͿaʉ}"֦ H,FsՇXy7'0Ze/RG W0ϊntPJ?:e,#{I-=21ФBU`U&m~Sx=䮞=2lR&㺥U_lF-vi$$ޟ| ˀ OUr]Puu y =Δ$!A!3l6kq3َ- ONذL=DVm,fTioX dL;1(6D'ќ)L[4r0:e咈< ncP2T#:Bk%Bҗi5/"Ą2U73@$؃ 7'+e?L̬6)-Rrb&EW{ۇ ֥3P٪AjͅdGmi ,p"!J{0~XHU0T{Y-Vy9U^/Bdͱz 1~o+NU[@n0v6U~ũa0TRUAxw.(Cj.Qn p\L4v/vcP?wr׳CwVL ‡)Icg#vHyTUM/ *ՂnlEBbK1^<Wb{ 1 L1nr %dFCzvLޘcDӖ[%Eiz.G =@/ь~m;mI/7"HN졬#[dtqZ`ģu hG`&R$Zp8 ߯Z,<@XՕii 5z)9CV$DTY aR̯~P/JOnle>$ُQoʨ+:~XF|^Zҟΐ&l) +!|o6{nj$O/"-1B@R2EiCZT$VKC2z޸[D'|of@u׽s:cbiB!j,4"-G!w쐎Ћa,O?Kߪᩦᄡ{i Větg^uui/sXM!tVbV,JUo]a\$`DA[ȥe'.9^YCsw ӫ'!BҶnA|>@ &)zep6 )h[0mh#*AA6C@"?8hk?".0V){Ǯ2E50+$elw땏.MW)α}UWT 1<p S8XΤn"uLƊir5XV#1̞\xmV89OHÄ&&񜨰Y+H`A.b::)WF}/<&#z ц q,QR8`VN&ٞBTft+HႰɡ8%uU@~HU/:"˾CӝwH$1~Y%'t#/Jb~B%sD1\e$|+6=/GS#3nϱo >~|dKae>$zHGܤvpeĵv*Cɸݴ~cCevSQy/Ix)Lr;2ZQ^,11 I M/,ܮ0buW_&c!BR١>j 7ωb][eTېe%@8ƇCrj^^=\xv~9O 9)x i!d~L03 wKY=Ԧg]֦ P誈ҋ7gD\O"ВRc ? c=-a:)v|q;joQ?*H)1u2^(VG'&?{/u%un ]TrW@s!ś ըbTKj[kmw(K7Ra錔ݻGC;3)eaL0@02>AgWB)fܳbi~iť݀U?DJ˞.##@ (دmF9t;:ݯ)]Bٹ)/ĕ*hdGk\i$2 өIS+XpW.H聲8H3ExLp8eS`E|aQ6sMnO.5r2 ?7Ȓ(\G:)ytV(ǍKRb|\mO="UFl-ppqDKɾqSB%d$ӅڟN0Bh7x6ɺ*daZ=GݑT'7]U#&AG VO@CqsnY0B$?dMy>j6cze69d `8)FkmR6sstBT8XFKZP~wl>uSacH/K!"oM\ [-L*%orwk+?v&H>rCXY.lU%^y6qo|0[Y c8*Ј5όR|`Ż> cQJ4REcG=y )q+`.Lg"( LMst$zZ>3[>~G,٘Ν,(jԪ D "U\[;:"g٩(+@N*P%͕ lAȒ]^S0t8[tmZ(R{Wd?GE鞰.UCwAS90^CM1o6fw"0d߿cٱDz@ü-ЬF[d}(&_ysc +7sÒ0)/hq$,ҁf4[;UA=5z(qa 8}|) U*6 Oo ?Uy;W$Ix]OE=e CM; θds~͉-q4x`5O:[yd`20L~PvԞc6S`k.(lK4 xZ<>yp颢.݅P0r~3?}n< ``(O/Şf/yI:l@᜹=IQSg?1dSZɭA^P&BĶ c̟d@((yh-TvR64&˥z}k@FrJW>bf:xS!nQZntؠ?~\80NkmU8? \L~e0' vG%^ǼBCb3Оhv`'Ƣ \LI61 UXj2O/&[ތ9I~g{3)j %v0AI*q󬑞 uQClUo! 䏜IkqS4bpnB_:SkfBcL:X3s^ ,sk0H3@ԼX;_DyjtS'`?+8m h?=74c<Dc66S7&f0;)4,0T3w/D .~Yo `v@#Gd4IB/76@nne%Ƽ]q Tۖ~R]Vy_7 sh"AQr;;'684ʌ^MۣT3hl9Bkÿ́8_D =(kZ>fhSGX-  O ŏ4Z -]uIV*ᅆ f̐4;K T6^ce۰:Y^Y_*m1m,s!}-"! _#O`K#c?=q}P$.W.NJR6#cj`$  !ld˄[F>ׇA<}v/Yo옭`Dqy,B6˷EY|XW>bILJzbt5po+L0KfO`.H1HyOkM[WldH5&Ϟ.(2?/K5нӫHqNĈ?(Wru1qs\<3f7Џ=SCbgEǐ+\'*w_s:@5\g E2au`Iv0zdEnN]CκKʕrDhwUS.v^4lNq,; ַ^U'OTX.ouG d2]qIC9 ./)b= ^s"z҆WyW3Y\smcHPü:f.1177=5 zDV G*R;* ޵OX72 F "|OfXOAb%Ta};hn3{ǝ""wr9"9c^f^[mO1z@{42lG *Ou- 8/ aD1Ky~S XɘSJ֘''2),@}0DEeJ#ҁ5jN)̼Qeܹ!= +s+~Ý+$<6#64wTHݙ/fQ;YJĀi(T棢}iy<-$y:݃ Qn_=?]uyVڔ{"2_qP"c$J9H}SW&rfb{|J҅(5.G%p%Vk/Ǐ mFݜ kώW L0Ou$ro*As|V5 ^-/d1Ϟ{"|*bYȻʁlmEPLr[N V&.g,N'2MЄkx=$% v^K<=;\Qw!ҕ/#r_>ȏ9{SSpًv& KOaCZڟ[SdxK#c !q˲aSvI|o FJgǯCcw`N2b Uka(*MNjSHt3:3/ { 6dDη wT JD(F}PEa'lND@VZPҩG YX.Za’Rٚ@aDey8GZ)$걺Hy+)'s7^\&^=9X-u.pJy@>_[(1j?n9f[ꈹ7Ύ|0 @)&a`xu10"bq@:sbyǰSmg& N7{[d W )U*i Pt]V,n1;QI;2~5=xZ&$YzVe$@mX+jL {4[5nc*!xa"VA\p}&9`eF8O摅Һ<,;q8ИN8͜/0)_G+Wu$;@)x_`X͎{']@aKZ' !QQ†F9k:eS&A`<z?8W0o" 8 `Qcǒ/JGi8zH8>t}nI-0V; PE*UKh*^f^.xO+#,)Yx8CY<'|$Q5QŠG譨xm[|Q6-)$͖2ʮF[j~-5^dRm gӤ\ &r~ $qP֚E~daꫢ CzϬNÛL85^ 5h**g>N`kB©31Zqh fsVcY/'>WeRͮSf2T+Z8ȤRէ VlEWbw܁Y[$\ByO*=ma_Gl? l<k“TUj$*%\ \XxpNT޼ZY180 zī2 SܔK5P@:P,~ #}<00r ޱS4Xy7ڵi_tLabJ2p6v m\`ؔ0DJctNw X:Zͬz&ifuAw+]}UBґkm0&8Ԫ͘9O;oVI+@x@}8O)9o֬K²y 뢝ֶi!Xit{?*7j0]k ֓M$ \[ȗ vTq eH~3dž ߆K熰9nls#knKס$GvrP@"s&Y4x_> (i$C{ .z 8 v4%E/ҟx kƇlh%a#PϾ 2li*&>8'̓b)A,EKQyWO^H:}f[ȱճR:͏H8eM8Y?.iQ S'`ڗws!>P`.rk°XWX{]riZ(H?qŭf` :1"i!s (%f'zUxI>ڲ3 "WR:8ӠQ`yj+вF  g^|#P8j[l2CxJx;cDat8Nm ]Z'T` @]ڟVjއGP&6# KһhS8a_կD(|>"Gp.!|ݜpk UH:;kdR $Ϻej4 )f^@)"7k?\ac3LחIT4& fl {o~.qK!X'r6pI}guXds3GD/ uC˕⧵-R^Xk)P9 }9M&:^48h|WA 27W=Y2M**r}фXTdwwSϭ3%'qGQyEdn/Dfj{y߭y]!!K޳@fFoOD[a#o2aaEtN0壵zȯQky߀hL`jw-sKl4'?a"nX%;{:$'e]I1D2e8`ȸT|rU" Rm+_:I4Q2Ԓ(jC՜pk^NR`'1YySfա~/LS:1f?+dvA?S6kj>vr@JV P^03]؟Khd@hn[m+L= 0Fn 儃X4~& 3U$Cs UcpGF9?V^!5WOFWW򛊒[g7~˔3u!Sb `RJ/%i^A,nV2v A۫'*X4SCpFIz5nQH20-],oMcZ. Ϭ d=Z@q @ gyGoky vB/?鼉`7x7ŒS?Ϋ>8}U|:f<ͼAF\WG+BarfP 䧟F(6;EB1%QpISW7f7j;Lqf;WfȚu:Ɵ)΢H4p~=6وJˋyGfnordSؑK #K^)z<ę POTI*60V%N_z5^c" +F –|nґ<ȇ幧xdcseXKj}9Ğ^ \KI1gU"iTG+W{$[QbqQriI8-?QA72Cʬk&HrQM.;1mx(WuB6/7Hhz z ?vd%g,A-^4@.tqFwcyV"v~xuy QEcL:VzAg .GRc0?s'\T.\JY+ J8 t'nruO[h dHbj+\JF(Ä_ufU㔧l%Nt~Q1mkD4…5˜*#]: ZIMDFg ԼȪ9"VPx kS~W )drzk /0]|;B}[C v(91C`6^; V*Y 8˴tn.)kb J'y0t!p ,[zgAăb4irMР~, ԭ ;68uo6_*I~pՑ/7PptI\vŋL 'm -`13`/E ǯ[u9nB=6V54f~?C=9ygdtsY)؜T׳{EpZ 9qB?$Z`fߟy<ܰ59*9aY}$B-ti=j40_/l~̾{Vm)-pJՓl7㛱3X7IiĚKWøߨ9̻`_?{>~daJ0j㭘+!}Siөw;ngpǾjoqX`pǞ2 9*Nm 9Vtip9l}zv/AI=ykU+X/U 6 qz ٷj97k[Py>$C NOh&̒u߇z`]ܲ] Q'[U.}#j{QJFpmJUW#W;1cJ%ZdԐdIjGWߙL@*zdy'1o{`Oߤ6b3lw[<#}}Db(xMh"&އĻJ`pwͿ 1g@s"6E86bAȠ+GfSϋTHF"BS2r$_룛42”ˣ--#]sF:}qh1Z;v]D)^PFa}2jiъln.ae?U$Z43D[ 4Ҭf-)5kն-2Ӭ1WRU'85op(%zH|L.}X9ZE )RfC'.983%ĒT^8+pETY0aD >x3nBw֑ A;ģy/gEI+E).;Zj6x2k}WK~ ;!\D{'#g>-^?ىE[[ U1'\#!_{H0T-9} D]s3 GUo"? ^ xl+\4t민]Eu|9[gF|i+ ]UC JGM_? AgpMyhu'IVI|VJo-L3Fm$Thos#ʛjZͮ R]1*@d8(CIۋbDeȪ:kop|/3+~˴dsۗ”WV5ӹ [L-?>#I5KKL כtδyk1p{fE6*ڞp>Urjl "H ђ[~򴖠Z |H÷|9΁P6 }فD+=g+D;^`uVY uO Lu3樸Yw>ŸfNP{?BQ7,71螀1> -`4̼DP4rn;:#̵5wt%Oɉ6\GZAQsܴDwYjBpO,GWs_BHMW΃U'O)B|F!.JDzeIbo,o{ybO`8L%+w3{YY8=ʶ ǗVu؇ہ~+b..sRpƵ: RtH|H=]FJqhnWrJ$rR<_o \ק^\£/w%z=!` IerJsҐ݈b/ 2#},\cDzno֡^er ǗW5pzKv!Z|E:ѡn d Uh g1DO5H[Yۂ~5j =Y! E]P*MR|eT{E,+ŬE@h@k)[dYA!膂&Ue)it/xҚAnhր6zg<;JW!4|AT^J&E-ع!-%"aNbOj1h@Kᓸb^PC& =QC| @4~|1St!*X=[%/{jH9T~en}u=Si3.LϙJ{- g~[[+94E>iw5_IЁڽ|v|!V= z/ a?X(8k*\# dC~I)nml0? 6 fxdhI ']HLP7HKt3okя)T-`=0jiݿuu%ra4wiNQ(`cLmԸX'2N?O!]|ns{f:mg py=!PɔQ ʈ5ϖqY3z*f3G鯰io8Oz73FxƑLJzLeqG<%kR"^AZ߅aMҞ&ㆈ^s}l7mx`FԀ6.i}[G Rd 3dcW <=j^!4.`p.!JOWO (;ZwOV%OW ?Z8~)28؍Ws o:X0wx-sU-VX[z`B6"K 6P5Co`ϗdzJ\JE6[5VJ/sK[i TъEe}G^x۶nU?T9y?R5APW` L%N҃αHi =6廆5$r݉oZ@4p@{wl""YMctLl6x-F&EdѼp&hrHJ |'+HhKqKmD>Ha  I'FWz?AdY;B%9"2O_Dh. dňspL|%GՓh^Q% zE +,9BXߖOQ,QD"ydӁ?}Cq5%pypEScSڕ =:Lcn06-B?6*< (UCy`N QjԹZ6K8E t Q*ހIxjg}Hj"(O5SyE*F0d;las^g7 l<q쟈x^m=͔_j2kv5Yt]^٠ǎY`j} p6^A2KeQ),/m71C?+HxNT=[ [{kTCm{*OVs՚قn,6$YT.y<*-gkRճj49}w5"dف<.=ʗHna_LTqCK+Qew5/F]\jYaUʼn#u fZ¬ 8Zʈm'XXms)۲]3,IC[s*D?wexMVڍr;~CxՅ. x.y^ŕp܌\ǹ6LZX,|&k"6;hW/u|o$'xLۜH.JFN?DsU{i2.#ٴV`I"CWyض:)uIMA)z8Fl͞HEH<{nN?yȃoMH{憋|Xg-r'] `S[m$ak P:M rOq |5<:Vo@ 'EFYBt<ӑD<4q!Nf1jr!,W3M_w$L^WjU`2H~#_ Ah[U+M G뗵*M7ѯ,QiK7G6{}QQrM(v? ifW.c=ߗiO M`F hw7>7:14`uxafN& "ZXe{|F.댋̖ iť qYw3˴sG#Nvbh8 b; 9wuN36\o [i ̥"iC bnfPYj|.dJ~sBwiQa\u t#+-i]֗“#Dj/{ N !2 [g.6677PyPtlY/U߽eb:cX!L-FT5/ޤJ[v|Ufxڪ&Y;i.ԣ_su|)Y=эJD t&Oӕ_u9r BoWg*Pʶ"WH8_q7EV Yv+7CFީ/1%*Yr;5[7,ޏ/ FejUz~ y:=~xQ[H1Zy"V%{x1{tim(B 7%I qrIҦYHUv.I$FĘʘ7z.29K(U7;kC$Zj"ZRNˈ#y8Xg6>G `ϙFްd/&9&=.r}20 ;,`2aq*δj-d% =`ssG}%p5Bt/ BA*LϾr.o6\vߵ&9^Д4n`&'8QT,X+U=VmЗV*(G_PӆPLh ZȭUu[T^L6w<[jDVJhؔ YP$0n/lv6~_G p9"Fr8ǐky&f}VXǗi{.I%XLc20Β8rG-o| m L,ɤ+V&8 DJ< [B8.ѫףj_ s?}d&;+/G/|i,%鏏iD|_gQ8$&&:*X V$ent4M|2KaR; >罞B  qu,:w9+h#t#lqp8. L. )R鮾46i\_%ө$ywG*;~#9ݥ0hʭrpa݃6q֌oT:, ,d0"N-v&xr}4m^wq7 BG 7-L}ĘىO V=JPmFoh8 ͩWZ/]B_& ֝vr}t>r$MU6c+Ţm4W2tO"։Cɫ{oIXvHnFn;"KL6;wgƫ_G]wu͆zݚ ezynʴ|'J!D>斌^Fr'05~g3wff,:1yM~}9 K;aQYubmQ㳿Z8$kO==dIUIO\TLۭ6@@&⌿` IS=srαlG=^[9~]& tD`=xgPf9ƾ:q &qx4܌n^^''!573/o?m}_":fL7g ,Zܪ_4¾t!M,~3HW׀@<S&ѯq&(< âu t K%,fnɑ qVCj#rhp\Nj=n9" ZsتQ1>eL p%6a~S0C*>Q_cK^˲ JÃH z+SԥHnxANT3V;dB~_&3feBj+|@ڗH-37I{  [q (̀Ԝy|>hZ* XbVie_J9s-_D_6췓{9My-&ȘJ,oqV{Y<^\d_NxmB%"zΖ!|KTʌBwU?*1pQO w::U%Tn]B *6tz7j*g(mKoZ$/@L^KsQHJ@Q/Ch?~F/W`9EFۖv^u3 ssmNO-G,Syrf4tzRk>_T]LT)')ɶz KB1?Z(?{<'#y{:3rg]?hʧPo.qɢ3e٬ɲ=R䐌;ѡ#j ^@1{UNxMJ6iĊ+GE[`ˀR>:X6i)=KTWr|1D3MUdʺ5#ut2 is6Q[``Ee_;a 3?nj?fQ;- f.Wa 7&0p|m12;W l5e~7#>+CWuPh=j.V-8|kTKagH7Pקl<.䖨-|1O&lD KCOA^}ЩqSh+ye5ۉУֶr}d@$.|Eڄ!)92PjR2LGHְńe9!$ɡCezO-bKiibӌ:,:L(S/+[b.[/Տ-_%Ny UWAZ7?q,k͑ }vizǎN pJɢVgZ 埡o_jێ,zgsX-VRddT$? {ı9)A{cM/(tY71[(S3WYZLpaFO/~C:>\N,0Ӂz~K/N"`z'tV_w93!Np0F?^vM$nN.Wm'fWEa7~B]q!'JGJ2L:g(3U bV2C$Op9'9 C(IXK;> p{ohpU7pT G{NOPC6?#琶-:5(h"VRW>Jܹ6o+z v `ot̤4ՉjRBF^&(,x>Gc"0@`X/t ΍Λ/h ྇N֥M=r߮+ŷfRs:{QMEtV0*#>']%'$v Y wUcR5k%-Yc%JY?H~zyq F6 [f}5FeӮuFǣWyL%-s85eCΓP1"u)NQDuP*d\fQ4mc[,f+&*4cn]ߋҌ v UsW'rAVwCݭ9`~{8ìA w : &wj9O4b. 6<ѱ6g[i|_. B9}𧹤i3EY(#$6kOmIO^.ay%@bi1ЬDWV`Tr)MӍil4 1tTĂ}d ׌ E0r3%TO(Tu%OW JyёM"626F3dREge;OځG!w&:ϑxMh \ebnBh&G,YY`IMvJ+Iv0t)RbzXނ' Y; vG_L?AלGoX?-ˆՍ+8^0A Ja$ ^#z.'ld:x1e>rf+—Y6Rd_;r KC3Vr81v6ASnPTC0Oƈ!fPC_ڪٜ.+6/QNT"RC{$e7~"yʼn遜!^WSC3P ] wV1$66C}`Ggˎb$tK7)/]q*;$PgAtLa[tѩb(p8ŨSP`DXhUBr1U2T/T oP// ;YD⨗o EG*x/D*dQ|WI7"`KA! >ϰ (\)4+)^IvU¨jT5apͫ0}Nwđd%#4AG]k@[peľ00NJ@*IGw8od$VQ.7KyUTzqp}ˁp[WP񵢭Y>#d:6SSrlԳ{̥W1S*x6ꛑ9t E"~d>:p94 =zOQ?¬a|[>. k"T12~K50I)j@.F(q𷋷R [ 't1ʏ`L-٤,ɂ8}73^1Mn]qxՏ=>uxT;IA8orP<7{qyw¤^i潙d*MO1gc,Xn63>QOǎqnqN2L &2gLn@àAa.M:9_EڜK->aֺ<d5IÎ0 -ko)en. b-/KҘ&L4YƛXFdέ\H7 携$RiO"".:Vs:rsg R%ӢpCw6|}l׈"ɓϫli8EJW%"pԢx[Rj Kui"vْ]{GX?/5KsGo6*ۼ^犈>{f|YL= Ny줤-F5^؝/we5"PPs :8ͫ1=eQ^=@`ؚjg| htao_JX~)^\k69iJCZE22;PgyiV5sEbHN `Ίۡ@[gwcЋt'֑_fsU5䚁lJ71T2YtRɎ=ЌD / %ئtʍ6'^AjȢ7݀xbİ_A,EuM=>B:7gݸjVaw^+* 3W ^tJƭ3F<^iu 2mN_׼+]4{8뀴g9_4 67{]7ڵ2֗cv>؍nCm*gjna2I!iEDr{uBg,7A%)0RO>{Y590"Ll>Ay#;erq8 go}Z4`xQPX+vpsD*)'F{GfjK\CJ7 l=wVm>KC+t_HR؂cN*}o /X9=WaW܀ߏ/ L S< {CHRHs\Ԯw}l}Og}"A镛d̜ޏϬ-A B]]g$= 5]U{n):Ȳ(4,% `wXY!ty;<NЃ7CsUOo1JmTӵB[leZ6z{qUU(,xi٩ skiȤ@v6;}w.8uMBd]H߶CH4I.mvcEz W_ː*Hb@r7|f5DR~#>~b T&T Je-> LКUrvs'֎%㎋k;y'QTM0mzaS&Z`#іkX'|zݖN(i}||1c#.0|\F+q ӋAH?ln7^3liw8W?fH!f,d ?s Ic >SQrbj-g_Aߚ2#~-ea^.R3s2iW1Oҍ&EBdȋ@ CPiǧr:; 7|FOWeX(4ŪgCq= A^r(E\zŨ4}D‘/A8IBp'KiZ3 J|şZbO ER'<ښ&&Ɉ,t򃖯aɨ*\vSyID)bZUs66`.$G,D4, yZBбS ^!^_Hjз?"!{wQ8VW(VdȞ{N! E3W6r6X6bE+k;+zuLz0?Hx=p v ,uRsXJJX9kP9>KKu*'g1,~! d}Nn+BPWp:l:]D B\ltKTW·eI[9OdaDW) MT@}Š.@p\#Jy֌y_`DH|R`.ʹObh-ʼn D3p\L1wp`PU)1.~c[V<`!q̗)uؓIT%<&BQ-gLϫd]پ2ȞEq\l H>\ļ^䭍Hys{)M`WVwayurz% 8)>"E(X@Ȇ=WK׻}TE,V*D[6|w>. Iv<`QJ~ƥQUX !`/䊎kR܊s;C51OBn}"D&O(4~gvIp-KP)@tY;S_̓{k$},iӕA\@<_ևyFy!|4`﫱^U[KC 4v4yH A>d\pn(Qo0ʐMIz>:>!LR|[zJjm|oןwO]Ѝ+mHbrKw1p;4$:he|r!)H^(Oh޸-Ȗd!/c軨e+*n#<Ԫ,6y[PɳōkMū=uSl25#0WC _QS_0S< Y ei=-4LT.8Ī_e< O HKyވ#fzŢԴ56/tVb կ!X=3#/T~8S'GUc"1sRN6ۨa#czP 66Z juǨٴt|5l/Lzs"SHl9 2!aJOO?oɽ̑uodc*J۩ȫ4PDË 6v xզݯF1w^=Kx=ʛ~DZ넏 #T"#\gLoML5# 7T1D:o|xZ$ej u~|8Nze(]}tNOJ9Qk\&㱅 2_}ǷX|P:mc9 8*Kk\QEm'3+`76X+y"}_k3eE҆=UXnuo<^&$p@ݦjTXˋkNFד v8LA#SUNvb[̠. U}PxW9q1,}%Krcsd@pw':n/YrqKb|=n`(jF$&N3h[6d+Zjaˉm`剞V@nLΩ24j0o][rRdJqЊtfDe6\h|H* G1(J OlɊ۳BTUnq*Ëw"er F<.\ŔNqc-L^ Kk3.>akB&kqR zDLr8oiAg0_Rܨwvx΍dh'p}7wfPB5YJB|bَ'|k/I݌.HhM@WY8h7G$HEZ=q{&ʼnw W"'rʇk誽h8B8Y.+Hi8HI^psua[ D(L:X[SN~}DE;rH @Uk2$RK}Å6^`Z{pߗ"'3 =!bcQ7|H-[Mmq,O/st0XN*j(~Uh™P:([LMԅUj%mH Vu3lJbvWW±c>C0cڙH/%0e#f}Sl/Iѱc:BTLe]d9\u5/8 H򓊤1d'gpUӫ7-̸?Y<͔K ڥCh K~ؒN7rCֶ kL7?ھ4s6y --vìeK"Bkd:<f5]d=sj{d~MX($-NYrej}r97DJ0u<͍JzV90Q0yw8sElqʃ. DH NK-ebq.vD3lfx YZ