libsamba-passdb0-4.9.5+git.149.9593f64a5c3-lp151.1.3 >  A \}/=„&yƠ~r=B=dkV: 'q b)۝mbߴˌ[ "СAQT+?yUC,p3@dԊN\oZL܋ehukJo;{*wvݯ\o*)]6ŭ^.)5?%i9tOYn¸܅@.ˠi-h,EYU^>^sSH&5Mh#%'6jHB'E+R7ec2bd2e8c7bed3eb12b62fc53b0da27dd1bc62b933dd88f302dffbde0424e5b39dbb6b4a857e46c657316b23249e961738f99b0H\}/=„ g|S6; ]Rdq<[!+Ǧ;E( #qg}40[r3Hp@nLF؃3b# D (%qQCN0_!m?irr8Pu]p8rI:(YDoX ^s}7YR<2@>iㆌfɭV[>5#íx{Uze]/*te/S/-jsGj:b֣LZ'\W>pCc?cd- 7 X %,4 8 < D   FFF(>8H9 : >_'@_6B_EF_MG_`H_hI_pX_t Y_ Z_[_\` ]`^`Cb`Oc`daTeaYfa\la^uapvaxwbxbybMzcLc\c`cfcClibsamba-passdb04.9.5+git.149.9593f64a5c3lp151.1.3Samba3 password database libraryThis subpackage contains libraries to interface the password database.\[sheep83XopenSUSE Leap 15.1openSUSEGPL-3.0-or-laterhttps://bugs.opensuse.orgSystem/Librarieshttps://www.samba.org/linuxx86_64X\\"24ecf317910a34e7a8f907c84c26a32384ba21ebc2bf290286f68b26af4f09f2libsamba-passdb.so.0.27.1rootrootrootrootsamba-4.9.5+git.149.9593f64a5c3-lp151.1.3.src.rpmlibsamba-passdb.so.0()(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.24.1)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.24.2)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.25.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.26.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.1)(64bit)libsamba-passdb0libsamba-passdb0(x86-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /sbin/ldconfig/sbin/ldconfiglibc.so.6()(64bit)libc.so.6(GLIBC_2.14)(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcli-ldap-common-samba4.so()(64bit)libcli-ldap-common-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libcliauth-samba4.so()(64bit)libcliauth-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libdbwrap-samba4.so()(64bit)libdbwrap-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libevents-samba4.so()(64bit)libevents-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libldb.so.1()(64bit)libldb.so.1(LDB_0.9.10)(64bit)libldbsamba-samba4.so()(64bit)libldbsamba-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libndr-samba-samba4.so()(64bit)libndr-samba-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libndr.so.0()(64bit)libndr.so.0(NDR_0.0.1)(64bit)libnscd.so.1()(64bit)libnscd.so.1(LIBNSCD_1.0)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2.5)(64bit)libreplace-samba4.so()(64bit)libreplace-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libsamba-credentials.so.0()(64bit)libsamba-credentials.so.0(SAMBA_CREDENTIALS_0.0.1)(64bit)libsamba-debug-samba4.so()(64bit)libsamba-debug-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libsamba-errors.so.1()(64bit)libsamba-errors.so.1(SAMBA_ERRORS_1)(64bit)libsamba-hostconfig.so.0()(64bit)libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)(64bit)libsamba-modules-samba4.so()(64bit)libsamba-modules-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libsamba-security-samba4.so()(64bit)libsamba-security-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libsamba-util.so.0()(64bit)libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit)libsamba3-util-samba4.so()(64bit)libsamba3-util-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libsamdb-common-samba4.so()(64bit)libsamdb-common-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libsamdb.so.0()(64bit)libsamdb.so.0(SAMDB_0.0.1)(64bit)libsecrets3-samba4.so()(64bit)libsecrets3-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libsmbconf.so.0()(64bit)libsmbconf.so.0(SMBCONF_0)(64bit)libsmbd-shim-samba4.so()(64bit)libsmbd-shim-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb-wrap-samba4.so()(64bit)libtdb-wrap-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libutil-tdb-samba4.so()(64bit)libutil-tdb-samba4.so(SAMBA_4.9.5_GIT.149.9593F64A5C3LP151.1.3_SUSE_OS15.0_X86_64)(64bit)libwbclient.so.0()(64bit)libwbclient.so.0(WBCLIENT_0.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1\N\e\e\}@\o@\\\\\4\ @[[@[[%@[@[ @[[t[#@[[Q@[Q@[\[[[{[z@[r@[ @[WZZZZZZ`@Z@Z@ZZ@ZZ}@Z'Z@ZOZ@Z ,@Z@YY@Yo@Yo@Yo@Y@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USanpower David Mulder David Mulder David Disseldorp Samuel Cabrero David Mulder ddiss@suse.comnopower@suse.comJan Engelhardt David Mulder Samuel Cabrero Samuel Cabrero Samuel Cabrero dmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comSamuel Cabrero dmulder@suse.comSamuel Cabrero dmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2./sbin/ldconfig/sbin/ldconfiglibpdb0sheep83 15569334674.9.5+git.149.9593f64a5c3-lp151.1.34.9.5+git.149.9593f64a5c3-lp151.1.34.9.5+git.149.9593f64a5c3libsamba-passdb.so.0libsamba-passdb.so.0.27.1/usr/lib64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Leap:15.1/standard/f8490f6d0334c3a4fa732b71fd01beb3-sambacpioxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=511620fa6f18aa9f1c615d1c947fa67bc49acba2, strippedMPPPPPPPPPPPPPRRR R7RR#R1R!R R9RR=RARRR-RRRRRRRR)R3RR+R'R;R?R/R R%R5RR@R.R0RRR2RR RRR$R*R"R(RR R:R>RR4R R6R,R&RR8RΈZ>ҷN>Fpqgɬ6M с@Nݜ0i~V/pŒdO\,pVΩ M06[ʗ&mb6~[m~:2dF%b}G9p]sEr6ƫ'Y *>jMo[BHfO=lNJy#mlu~u"6)n3+j]ujFv8Sn>yx^/JuMTav96qy3U lԉ01E`7նMᣲWTrVO0>4$PW0F+h ޴zXcbs&t:1R`vsnf=&4sP6h3$:f.WS')yX&DZ(?Fm2" # BT 8MkB9,vq?\7VItdDRsg.oMZ:vM`H4n8+P{Xe@8lj'Bݺ<$*523{H+6γ6[_yVSs6B5#zGu;W(Jsa\V^"; ʠ@rϐ3dڔepN?c|Zv֛LƔ=X@Q+'4DhCΊ3G LCzjjkn 2Zp_H Zf?wLQ B6/33~Ԍv ~\iψ 4+}GYlM-\w22,\*ߺ@Wԓ#/0M@nDOUoFa\|%S~ 3p }oārFd 3sq/U\E",ذOSJHc6Uq,McnhCE]5z"n& %)[MvNiff.AQcC7fpoyJךJ$9ݑ&!TV!BNWIBb h: v$R">}@$RAot~mUx.u:,ӟPۯ|SZ?*Sz  ^pV=6Rg9릐39 S *>/_(&X0*q3eY尨NU|78u;-5]k$^)2D:sPٜO=]xn8s҈j-nBʬ5eq?A : j hS]98?wg3x 븞ގa?D/ m'('ҧVǞtX&OP͂3O "=΋,CᕕdB*M:ć6LGKiQDF{ë\4fbu"t<>he5Y&՗%rCq`%>H̋<SvuGH4Q7} |4=0X:BLqK.=j9lUQצƅJ99MQԆ;ZwsL \jV?`Uq*g T=, {&:ޝF-$l I3 R ;PZ; /mā#).2,&8]otIЍQj }d͎ ?V {I}=a1{z7]K;jЛjRoܑp" %B.QÞGS1w^znNU- t,CHNHyeuͅ[8h;t1nR\1FFk˧Z)y Ip HFG!Z(F 0GxwJĽ#lz'@xTj%\G;@T|`) )*DO@#h6T0*4wNA.-MS87fS%VOne2s{xPĢ_^W xujydg ` 4ik aha_I%0uN+*ܧ*$}Hh29&.2-˪c~[:U7|xQ4yOc܆WvslxoUOJ\ Bhspxi5~\r+Ƞ,gJʇ~9@ n⥟i/Gp"p7z 9iJxsCbFÐ5kU` ff\غ.=xdz:Z36ݨT&%hnY|)=b}.eiPu1vBy,^pN0ns*ҫjqM"@ nD^*xdYt}2c̊5nY{4DuiN¾3"/:Ls9pkp}$CE)?ٹyJt"7sEjOS 6`gg(ow6;Á-Vڞ Q}EfW*QT-o7.u? 8zmU7{Ћ%Y4,E>凸[\}:2.଼"Boc낰6/1XJeyuȒ|D = 1I_{%t5d8͑B>E C {gA/6RW}K[^*F6kaRюr(9 Js h wdCGZ^!K^r԰-]O "3:7!HuQI\ezs^h* Qc57~U"`Tx2 V2"sp:T{[ݛX2Z)Cj +,14;1ʎKgI7Nnt1!Hvo{/NxyvaFoEg-5E6za,g2ɧYG=!JƟ~c$5@) :T#EILp y$] B&xd7a7V{ϵ5" g\@^evV 5+TRV;}<[91sw^˚c0PymՌ"^T-:~b =ٺ-{J(W tpH Pg64 s^Q9ۿʄGjw̶֗] 7}xge9F$7+Q!_=KaXON< 8j| P[!"()N9)8K"ψ+@GoD=g\(GH%ǚKՀAȚo'-"װ\$dI<"Ic|3oRo;ꝧX٤}j+(=@~tWrxYڂL MvL>SW!6{c|D:_v_m}U U b{Ҁc+SSr >M)8vWҨ3=LgYЊV2: e&cF۞ ?G {4qԑFK=N{M!3˩fd50gjɾjHXqh)\s}p;KuxZUIU EWY!$~J$w>/fA 3V"`yzwpέP%eVܝX'Uy^ߘ VZV eytv]H D?(d3?dc1&QKI-H2Q#ôz|1!3 l]3DLE( ws+'#?jd!94"R$\~:| VʒeT1h阺]6(QIG!N:,UzC;Jf7WJ0F.S=h_13rw0Ɣj (AhN ke-!D~^bj*;,+E@@a${Mz \3d5Q/$Cr26eDB+eϨ%ϫ+ID'ԱU$P/-.Ȕǜ:W7ދ)BN[@OD!*r<|}I5jO U2~ 5Z(Z<,>[ʶY12qdx` TXP%^ CL{X܀<:.\$9Мɯ- VjglR nN@3wO)ӭlL:9T(5Jh:el惼I?6p}OVZ#a ĦSI@vyLsB @{YTvx0NeCKݨ*슓"dfZ .}^BtOp]'uʷ"gmP}GgҶ^ft{fb}<0aSS?DSL&ijk<>-@Qη^[jZ%s^Nn*a) ,:eZq6p%Tc?gaOL hQ JwD@vмEN//<7sY7{iՄXV91ăjPs?Kc ǵd'13찃 s}8U:} o> ^0s5XL'-8p@(9h"qh:,SH]IZ(; *"B &9,xu"ADTzs&rʹCAD*DK7v)]Cě]7*q!)ZbC Lrۿd&f)L/hqq+U?g'4QcZb%SeL8 Uױ6Kpm!gzNyfd$(>{}Mh%aӧ}!ƬwU; yyr0H::+NvX\֑ q?k|} wi 9@rה@? Ӽޮ4\2h#t/8 lZZ nV@(suL6Gm%G$Du\őu6XV8xLQi\B%9(ĄO[Tdߨ[f&ځ6= _(%f:FÂQ+iH ژOG-l!ف"(Ift6<'@KI+,쨻";"; fj}fMĀY% I,ŗ A/.IzҥdQ7:Vd,T wd2> ŶH&{Si[hơ\,rOCLI5i^& \`D@-AhLf83Ppn@Z] Yӄ/x&zDP!Қj{n}Q %l/n C$Ҹnnn&'TSڈMVē|4ZeioZ m+aD7O 2:2\M@u M(Ȟ»_E~9vp4mpZIQ㺘`ۏ6 .NO|YHMД7hCG@aRW/pV(nL%e+hdGot Uг92)9b%Rm*62SĘs5 55.b1~鮌u|ygA01q\Ñ7Ǧ(Kg_P>kܿZEd@a=N%q$qڔOlo6Xg,ěbr1iu;q߀ z.0sq*6[T Fe̊ $?~V}Ijns]0}h>eIT",=cmQU:d%.O?bE,$rx=xtY>6dמ.=S-a@)& p;=st]4; |<i.2䲫`CMl 8 8|^)тKKAe}bdyV?v&TjlݙqT']OV6oiy鼥9- k+!6M[ mZp]A:5jȀH!JD&aEťqL,* }kDUNw'z,LYb݇I32fCN]mWzGG1E)o~x,B*>WVɜ5b_Q9 C&8tZVh 02n<( CwS*,~`򓵠7D_ۥ1Z;#؄ضNTIo-yax#%* ܡR $œNZ%ٿ0qb,x.#<,)_($DMaAbۚQ"ʶ,yMV3ܼBA1UmVjM7Cd'P4&`UktiT0"ǭVY4$o6@3 H}yFEaz ,;APeԎ8 WcDEgmCO+ "5x"%}fYn@ưiD#%k~" gIWT@rB nDO~K<{#RfXC 3k& 巴cO> 8:y1 taZOZnp㼬Nt(q]S"y44ad/d[rk0>>PB6zm7ƞe|,a>x%tG͖v{#YZb2k@Us6$*j2X*wHI.ۈsӜS4iV{Ww O ߵ] F ptkJEG(jOKd4cKlDbvOpuT?"`ZKIӶU:?.nrjsƜ; B0)qL%T3{uܢQ/jf{lԄ=:##/N]Pdz]Zҩ!n΀ROXƿ-b0l 8oiIi>}ifzY5$MjD]ߔ,ھ>rwqGK\YUuP* cVh5JXi5V{f!j'^ :;Q:d!ΕΑ՜=*8%L#uЃ*k)Fl9>i[rf ?^GE^zU4z=&CBE]Ew$KR}iQ 0A'C1t3)*e˾c/_b&>Os>Y MzWЅ˽(_Y˔.ώ:i^LFpr۴CBюn> _Sw  qqd,=LZSPx|4<)2a6.>+ BU&"o >|s[wA9]4|wB4$~i+Po5l3aQc'`;妽KUK) u w0hRn,DU$͛7-RVC>9(q920brCB:F=^| >ru39$T؅nTu"cUqU(l^Wc.'t@b10]!Gdگoӽ"8h=cTc9`pPUb$m0߉nF`ZV sT l0rՑ>+Smg֡8!&Y݌]?n QVKctRA۝>3P-+f{l ݝt n|6j#N[>@n%mgH;pЦOQ I8SjpCa5PPR;6yA"{z=f vMBqJ'k}ߒfA,3oJE~VfpOfnlg ~e(dV/Ou;:w>ɱulǹ Ÿ ')Wy].zyrޣw\[W7"{8]"H  = gv-Z+ZQqq,ވjү/hAZD8oD|}{ث8ZvRaci)ef}9_@z&Dn>H{+?݊DYϒKa3K(#t\+MO B})ʞcykb5jvZ&d54FjEZ#nܺ{$gx>ڞ(M<P2[ySSO^ !e>{dNN3hwizbbzhN^_#X^aG+(̙I=\9f٧-5|umvBp%х+!@#RqZ.U_K-9\)^oSvJ!Q3rIQD{ړ̅P.ПV.<vv2N:vf^=O8 33yt:ᇘB\sb5GR6 ;*(6tōMeq рz"A/@ FҕF?~gUe2.j95N|pTi4:GzS0^ ݝS *H?j{Ug!tH>n[oZw˵ fg&[!|_ VROƁz[IF}HVqX zx!Uqya 5YIé7ЈQɇM4sӎQrR~gsr3̱UBLA=X6!ց."IDޏy粩* ΰzV9u%)>@E6jxˌʙ[A67L4Ar9#֝xR&XNBP\@0RC_}IeUكaD3Kh7V' O`[Dw:,.MTktY5=L#3̜F kGLR/e(b'IT5q+롥Gp}~'WfJYԺOTxoS4[Yi2>^K#Wݧ&hv_ p,|"+y#j&w]Z:g/v_4)2v!8|G On` END~yӨ33I0Cf}3,|4`}$_,K{.*%Ɯf^*{$C, A ɖa'"h5(u?Kӹ~2$G1LHCRdP54޴]Ez3?+Z8)e8^|%dzm@ =:@5tso2RԢoZzѵXC5r:śh3r~.< URAΊ:NyMYFQgW֧RK13KGMw!Mt0ћpSXv;Wi9Qam%Ga;%}tL%zN*<:WG8"~-;#8dE3u1'؟n?5y݈rV֮z…Ru<, lktpXjR@oa?饮 7T#ǎ:iR9Bm4񫱣ʃx.={D4۵wTyU'_P,Vs%[t"tfZ=bxa]hW'ąQ{U`VSb.~SeVѽ͡~#Vx8J*#!oJC0\l)zL!%2 7pN@j{Pw2nD'mzx`PU;V^Wylpũ뼘Fήȅ#`i wWV7=3梠k΍PGuVXK{+AUo+x=ڬ.+T ٙ\uU>`B5EZ#512 uFMB|yUPZ<8ODv;sV2N:#DS~4o#eC([ "n((9ܯ[S.Ŀ3 f U$IVt,GYftTo&|=o1h^Mxl3ax9%}4nleS*\=8W N[ЫY)eDU}[I QjiE Fܹ %Xhz5ۼg]~ie7u@ec 9 UO<mtD`0 }6.n'X0@/Y sxȉX,;)KrLq N2o.kW)""P͆МW &BL+[s?JC7dnEb?y XJLTZ;9ly"%fԍ[HMP8+A~he(.m~=3Alh[;X~P TZ4-qԼ5X$sJ:IM,H/+V->,\5EDU=k@_e!" ֓Pp[ނ}#>=N+j4&ZO8**]υo+Mp3@v[Iȥ)C ށpokO6c. `N<T$c3&Q pt[O oH(̰y>?;>P}WxI8L 0 TR%G}<%sclMJ˕,ZZHoX-}!(!$ymfrWIf!L\&,|Sx ݷ@ 6&m"Xd.1,/J7izY_KG$ + ѓ]Oև4+e}LY4=T4qmr 0d7EVYY77hb//'b{'lC"/Q cӃMB!l1*5)B3gM $P 4c|3<5o~]>Y%4^©e }s6L~_ XljO7 yg_9@c?kYSSgDPAOq5׺?ڼDن_Fb9ΊF4Pv{ߦ{s~hcL~W oNT*Y Uܫ۶$'p 6V1[|1 T"!5wֻK33 ׼}EjsjbhߑxEhgܾ Rxo^%B|z/rE;hl}qL]Vj$y!)90ġAkP96~'i>7P|V})B IlT|H_5*||վ9i WdV gд OŸ@{rK /v(]?1oV[欇ErUlҥua#Mf[)]ܻ"yV&|A4Vp8;qoPm԰4R9]NB :+ (xQc -aR3v=L!iD1I:Mk*nX?pqDk R)TeJe|1"[7?WjPEIcqD}tʏ6 2DvNUʾq ۔ ]s|;˻%'o5=O"_V/x@;pUSRr1kF6$8 ?(u ^j80BX2O)Aýsdkni|_._]-jLcNr)#F snbo3?d=+Er>OHwp$2G/+G8qwv\( mcMLI(}M݀Bx euj6axr}h2o![8P8 f:]%( ]A+OasgӚ_;%,Zbކރ![V,5!ͤ{[Z 62Zn*G<)3$6mQTJrB r%o@%yk7q5.g۴EM ~b562Bj k,$r> \J֖xj ͆ᄿX;\d2h82yBA;Xbmvڅo$X{Ūe 6Sqj!Sf\ Q<sJo_ Rz+ny GʯṱKZF !עxilWh 1~f:ၼG J =']5!~)P?kk|pbFȟDfq8+Q>;..tdpUT_/D/& 5S৯)*CgFiJE3}mm<ɋeg2GOȞWQ?q;;TYnUf玧 'd3"(D@"=O12P5q6@2q^X>%mA_yxI,^M+7}iPs%۲-pB |e 3W/Ix'Q"М ; ǢrJd_NU[Q(4RV g%WLa|CL9GXUQN4%:A{{iMA47C]Д ]$Ċ{zK;VHhٛ̽317X vg1frM qM͗"UJ(^4 9"0uŇt aL6ɋOq|k [ᯆ:d*&|$[qKł[|;q>*_$:*Jbp2 8Yyb= xXKӸO;!NtVTbK>=DX g34_#mkFmzyumD~GPTH)8e`}R)VnYUK#F>V)5e SlJAs2#+SX]3HյAR~;O@by*K-AH|=\{]COm*`WCҠ;329Đz%ei颙3#b,܅7U9uDW5m]3:.T=u;lMKP6pa#k{U~SL X`)гJ }~r^JN eB5%]h}[M`JxKDL0f=Axoe0F8^!C$6BQriǎFA+> 0jRm=e& Pc8$R,СoKR?ggbyj]Pv}J=`r (z?/kB= 齼t,9dئ2{Ila1gz4*,(Ibѽ-,#0wy>wzd`\'9HW]i2~8PC`6^25mlyCR+uSX`|s-ޭc|8<$X YŴsSqY"YR[ ,+揆>}w;ٱMVQk(97l$vI_ʰcz'#-s{TUsZ׌k|  e *ztt+ÔlPX6 G S]EZF",q{2=U |1J2݋O2pMS=obA=;(EA\x,O?d}7X!V<͏0$xte  -x*>7) Ƀ)hT́eF &w͋v\q9Q"X[-~ !Wđ4o^ h,O?Ty\'mo=ml4 mٻɰ 6nIf%+ܗ>ofzPC}~ń^9+1k_g<z `x<bض}惹7feL'$2])(1^ȳh`0Qj !zW<039;ؽGę%#Xѿթwݑ$!ǰh5͡)aͼX` J*ǑhW;UC|XlZ<:u5;/e+`< &i7%q=0>vEĐ=:F}VJ 1 03U_Z.z bGYXr;b7l93~ĩoP\B{ ld*@(w@]7ZrvDE-{U[Drx!_t4ql6 }r$,416y4iq$ u+/0 .yaB(Sf'$C'26U;Gk^,go RoݩQFc,,@8! ٰ9ڤQݜ:""\k];fNّR,\:r=cvŅ4N''yէHcgrK!gF!)cb+ͷlOLPlĘ%hBAᕡiF.uc%y%փ7H(1f aL,}e-&q{ã$9x3NS`SSzw}@:Y,r1 &ߐkZ zI@06bRM;D;ù4)G̺ƚK{[Z"Ÿfb0t2vҊ&:͑źUD?lXHU+9ʧ#?[XW? )Jsn$s0Q%"Qs7 xwnvDr-fg+]4ZֶPOTc{Nx '4M9?[%j32-ÛqY˹?'R!ad&*}|gw㇝z@6^%˧߅XV xGqQŠlqn$&g/<%Ot$юS"[ d/f"5YKu,M8|b!^:2(beYlaT'p>]r :16[< <8Msy..yN)F게nr\7]vɌ(Eh_6x0RdW"n]oSJoA>=oz=w#/MV1eOWMEqK2kpϴ'KW \B[Iꦧʭ<+z%Vy}GK~_oEkll9.AUQRzfXpfm?åBNjT>/G;qȭ4T ş’mi$>,5ߴ>/9-h$Fi8E/o&z;i2%aV"}Ur>дsa\_〵s+b%W"ݡ;rGt^`f9$CBSn*]KZ@ҰH:GJ;.z{(tP9), }=C`D9߹ \aH"tkoop8mС&M눥>X 8:*8VedWK\5KkBr3XR`X/j/ؙ@AL;SEcAZ[s96Ze00 ?ٱJ9cvhU~\d@kH X0M[MH7 ̛>8Ro}d@o/P;ɖR!v?dA=(z飋lcлfڲ[xk-%RYS&X!d#& ._TvzKb~y8qNQ)J &E0մխ\ՃPI+v5䎺0@͍2̼2ٕp,14$#N"~Σ8f뛄9I3BrgQ" 1:=;GE\3ؚ?K@+.PN|G10*qXq= pN*\ϡ_r.@hb]Z–v>f;j ˌޚ[5t[ c7w3`5X@-6qT;U(?. LcL%}Yi=p8küՑ 'xm ?7WՎ9TDD3a=a͡^Im!эڃ'=E֋9lpEM[%?vA" #/u\]n>AWWb,k#v MuPlm0Cޜ,X[^~][ ŮOq% J -KtM-@7aʼUdR{)?_ i?{?^@.UUɶC'f|6k!f8+$ۇV!HKB/E1C0m\Sg\"5| 3- R9ii%R%s.B*<\Xఏβy# e1#ԠXodBZz򪟙5*C#i}*" `qaQlS [Cy_{[{}&Iq[6'D<,ٿ{Z:7@f* oXeaa_ -d{2|>k;0|3ʏFmzNE .tYɦG֦X/ep;ʘ_զSc9.r/khvt6 (Җ9thY@Дso.bB!SVkUN$B+(AcTe,b7F othC9&JY78Yty<!AMlDE*SO@al1V )h/!fDWVU8+)1Ϡ{3}*((_=j6 I.m6+i*PYhM&4#OۡV;hZMA+- .Rh4~GbP䕜c>@˟8<#`(# IƠءHbdzX="V ^'SUNH?ظ0;(Lt+N\! )]Ѳ l4l/^!3i!} ~mpz!C;1@(AZ,]sz)(ު=OՖn)aG7]7&f!p,ODvA9Rj L ᄔ=58)rq,B6I ^oCfg|"(o NhDrJ8R9yVbS"+:v'^eAGݚiْХazdJ.Ea_,&VHktUlG&W@~ {W$FWo{}G֙]wT_=1qfTw"nZ/1I1y# MV])ҋ^Y&oH``7eť+Hcwߖm=pmθ3y<++Y`v([Ns4mOq=C*IpT n9΃@N.E #V-69 RХj%~X"N 8Q$kiLlTnK@kcZ=+\XZ~}fBP_CԵ(}h]m/mnyN8,Ek#f*b1?12n=ZX;=[z26" EW\΀Ś=u˜j"pnOႳssy%tK,8>(2 2hlm5DG$ΞQm]B컀܃ ЫS3d.d KoT1gFl_ŪM9Ac7lCPR3U!)Mly$Vb ;9xΤ0evq Ri&jN % nf{׎$9v4Cu-"s1fGBc3?f-F>zi4#Og5NY< +]0ri5C*<9fۿ(5 u%L8JR>aXAP-+ jK%c#3I((-.xGS˜ mL1X~BWM 3I0K{jA&yD8%L \(a{p:UǛ{ 4@As0*O03rfXz~ k~zF-KSg}aѯK c  lRj|X =%^(m;aڈEfI['dL 椑ھJXccLFo2C$B|nٙ;7OW"25RI],g&Fs[Ir7ly [ȑ|]?ًtk7ɰ05Ï^Ta ȷ`'Vo+LûIK$3$9wٗ+jy.S ѰŎ+Itp)en7|vaLAS(t7"}6]z0s*eGBTV%72 :w"oyPҽa,LГ"#Qc?fD^TIzphq+lsa/h m: P}gE8 z{ÇAcJ[?5zʎ;϶fr& qOS i( J澗"LZrS1мgZoJԠբ9`SbgbMB%>^ϤwԉP[@\!B﫱Q _?X>? qQI3 rg ǂ& 1loZ*?QqL D.}y"rRdK]N='qɕ7e+ms|\Sǫj!v]̲}3H8޿I|R?17)nҷQiYZ:M1,ƦBŝntA嗷n3\<eg"RNC{*.W䎍|?/Sdq( qH=s~],i IFFlZ^p75#A8WI_-a]:ChoaiǠy @إ++&6^ңh!bRGhW3 L{M89vVuC3hM&y0gGwzTAiә`QNf`7鞰]2E> b|׼|RP2"˄ҘmuZ*&E~y35t[YB [&ڜHKm \^'wFAh$! kQ,SГ/<9vh}n\#·['Z,$t7}tuC+wIVp#| $M#!Ϸ-QAs1Q 75T m 띄oT0*#t,?PBMt}^w˺}Ꝋr]/b>t|Oc`?.暦>4R , ଓPvbk2r`Mv <ʿD~;VZP_N:\:;IBPnک6ˌ62Lb?"!wg K{NR2K=(g304z׻iU¢cFr&ewlOqN_׮|ݔ;e_vG,Y4Ax\v+gfdW>I&`aM0 C&>[-?aPeC3z87Oy}MFAo NHuyoXK<xE2r ?yu)eHio֣"4>W Ŀ_),&FpQ"C}rteK~1W h3l]y&=W]Ժ{SsTC5 P؞|4)W -.t H˽u {}ۮm_m`p3zs^J_iAgJ,Bs}Fbhva/4Y.Hgap>QKJUAnz >Ht*K ma #E~"5`i.TMC#Ei 0\ ?gZY-H"&tۭ `u4g(y'l/+ sl-(i-\`v>X  Z1ڹ@зG+ބd m]9Rt4 =]2᝞h7DŽ7ja[|ɵQĕ0,V {a8PeC$[&bZ}(@ԙ.y~fp]| ^MsKۀsn|΄{pDG=!at|[ރ 6$OyMVϴ-<n7el뿎;6NH Jٯ @|e  `&ЛxRtu4K >1D \hFk)1gf1aP C5rZ'p)UT p%6+\ Mjf֛}2zXEB[!ΞtҐOv`5\ WRE.5# 3Qm$B\ 8Q㶞NTbl(jo+!vK?>ΐ<9IAuGenem#o Zz=sƋ2uGEoEO-F|XŤӼ(˚Α!*;5lf3n{4簄 IbKdRdo]=!tJ*i /03 H.&p3ǔКS_NY%\E6t]}K=9nBN-I'!> ~2 _< 5sY5_G RA露o~+5 :+ڤՊo?׍q\R#5wݼ6>/_g֯^WړJ!Ϧ&f1oZhW%/_W1-HLX}VjW"# ad8*B*L)("AXAZL{t//LLxM? DRyj7Y H«VFHbZ~8u( .'K4bPmRUݓ4"rj Up3+Hns/G{J.uWut .)[}V߬+@YwGy9jZRLm+87Dބ}ק :xD RåyC#)Q':^%D24msYw݉s'gI[xid6rR/?4(# t:]$9-1\LN(oa|T]MA˿l>xS/JyY#0L`7)bE:eCak$N;Q| v6;ɘhRK)KO҆HH Jg-Zm ZT-l €ܻTiFdД6{X9.pVҪSTE ?n3@DyM}]Fނ b Ӊl ]"ٱA]'-_jK'"q :ֲu;wNr%(z rJdG'(e\Z TR0|{>3a4xFӢfʁw5.,z}eE~܆okt5͖GUkx XaZRZQ)Ai,;smT++7ҷ^6qT}t,O:LKA{TFYdsJC 7\ *ҨpA7娪?\ }G9Vf ]pU\핖rx6p??#l2'bR{"ɷJEfRњ+m ݾ|LS0ȍ;Dh ̦~ʞ[UU#7VТfDtˁʼzp<|KΰZXt4qLh4gS' 0VAmDa t-Cٹr53⑭rrK6\3?;cb4HjY2>4x\*̞m7B)['zCFIT2jjf9^ sНޡSMp$u1ۊlk<}ZHo0y(]pEXR:NX[/:9r\㭲WKVۯ~Tr?sp"h%rmOZ.BiMuyx1Y¹{){(m +O,W_UB+\"|5KȘ=Db2]!77&*YppN+JML WyszԒVۣOM4馕r:Z0de*1qGKht GO4lc+2|'͕mh`T@mKݶ/Z/w yHk]]##GJrjILT%2Wz$!(@ٌoKC.\BVzct."4<~'%;ygI-X/Uab70/U-@= v %LM--mIw[4!#k0 :4GwAqF!A p2|SS;syd )l2/p/a=-Fm's3eWIMs#+%*Ū虽+RS$wg+UnFݭCnZ3`XQ4gx ס1b (qC,tGZeISEawpKv QaTJ?-6ZfAvAٜ+.2,HI)[Jϣ.Pڪq2>:A-8T !Ӳ٨KZgV]51TM8[237q÷lJ,k֗j'lV[t{[D{k#2"]mbRSH_XEz]zgoL[=nʟz6lF P)cv\JU;ױcVGUٓ-wȻZ#yp]9\CD SLZ'uWfDP!Ĵ:T/M[c6=FYYbzqCy'/Ò򓀥EًΗ[\ eȇwNYbr yvb̭'/[ 1MhOQvC,ߕR9ZE XϬ:&WC/2R7'2Q.'{S~-cn"P?&|j-P{g 9', +͜UwCަy#To{j b99S|V5`lҲ`M?Vn}K:hY \AnVܻi'WمD55 /ݬȜ@ $.gn; T,?؉՛rKF9B6GQ%0'P 36B9^^ДJ ?ZBK̰ ^S 6 zavrj"r4t;RZ'>Y men/gB en1,gZ|~[cQ G[s׺gR$JQi(1DgIwUB2mTu4mwBa AW[xt9iaҷcvwOmnIJL*?og~ߩF$ )"׭YytOӾjs'BM%tȶE{!RoV*!d84GgOIKiP&,1<Ā?ƵI4Yt"& B3r!}c1QH5*.y1˯J1شX%[&\WYKQl[oa(V"bu7IO*Q!:*HGA[&|>SA8s"+ɖ$<ʬS$ :ׯ.QHy7;H7x:3~z]_Әģ(}0V]4!5hi93iԇݡ3X6fL){)cџlSPa?!t=0kF hPᄍz.r/& aNg`D1ce_oBGG }ǡ( )5Auo=waH` ͐*d-21Wh'B  g\B }D-l9"&LOD :NR $ܼ7.68%=P+q(xwh_39ZWv0BXTg#MĂTw f*k< 4NC(iʆYH})H d]6Z||X7p͂6EfXj P/Gߐ)\0a/W9Ny\Zo*ߔ-2 1|jQ2_QPņ8C8e:﯃lF~c'JPNtw5B0Y5Oi!P_Zap6_Bc^&uO:Xs^N2HJ)9^}s CF䛼L0Ң ?S*H *J@`:|Bj_yI.b\t1E`RW թوKh l)F)=jUޗǽT:Kƅo@[nMz*Vg.l"]Imz.z-KG#*ܦ,=Aˏw-˨ϗ@X猣RoD>KU4yCί |e(Zͤjfd.&#,  2>:pnGFU,+ˆo JE^$<ΩVqڔ|)zɒܙC@|(<&#RZʐRۀM`kgKx*C \^OwsF!O3.g'U<\Z >mKpT2 QK=Kh-U>:%W/q혳}<@`/*MЉ]w܅>\M}@9Rաo?-JQj%t&><ےs鬷."Fͯ:̋^w vBsl~omixnк@XN>JX}3,.(R; 7/KmxaWsrcCec/V54%f o `VXwTqq =6_#Nw1揆,afcr[g ̯/5?\K>r+(S,T.VNl Fos53,x#'+c~L&VwݺshIqb[veKRziKp0r>eHs<k)ܗmL>;7+[# dsA׆_%e6[iƮ_ 3X&{rYٔ<Af] ;Ti|>C^oSᕎy&=Hxg 5PJ+ ;jpv*[>;ES9Źhax{ubrھ98T?7kZ%5ԝ @ :kB[UR>i+."Wlؠi[5{^8{ Cl*.@\>obqh-Xؿb@LCx9C5x {ȤBSЫhBu~,g Dl+H~[V_g.,O@Pffy(XmaC E +NĽD&Zpt^DѰBӠvnhY1?vJ c_:Zӧzlԏtyv 2BVT9xR#C~I7$#UEMh_Y"edY9zf,t]Z2oYzܪfEU>#uў.#T7^k5VH N?_&2?~vi O`_%:MY`Vf-ts=[B#>MzdfYTL$OU_?{(cx-@e0&~p.ozDBG:q #P~Y( ȃ$/*qWܿνD+\?9zĸDGG2:IO;kṲy0fÙ*he7]+!T=T jza]_;Bv 򭊿'ZYduv2GDںn%FAY~$l,mpءzmwS Uw82@-1o '&,u:4{`0¨:!݉ iԫz}^ZxgޒrJQ~{Y;jc }"딆K.DAi}:HH}?Ғ=>6h~eޡN ;=gЂ#=(UDCǷy2 ՒWXob[jy[}TjS~aJWxrҙUA6r]avg[nb`xٓ'Ϟyz ʡ`ɴ2󉱆[[cu {g "Hcժ,"# #k7uvZ<. SGpv)۷/\]UĘC(4\x9 !!Kz^8$%mG:O`"gc__~H}/yQ9%m ӹ $~LT @Su@C9MB: ],C\- 3?xaSdo%` |58:C0yp4B̯^p%w\'U̹|_V"৲9$1rSG` \hĖg4)6nI q2a2<5xDz&W['M6uK{D}Bi2ysU-gA߹P/nc&h0waSL0hw*ϟ"eNFSbPgh4_0) ybSN #Y老5u a ѡ(Ϻp&.{Vud IKfP/\uoP}HYs +vcMEXg,BjC~)T3ԾQ]gIdOafA^ƤDsoΝйb 1wM 0<U6o1'|K%?ZAk#\[Ulky-Q82Sd*vD`*&RozL98A,Ř/RD_n9A41J$׭d&9h>4bWpkV|L Ffʶ˻$]nY ص&LFPD][HE X678pJp!64'g5%#f`nҌ=0Jx A;#=-ylNZ.R6x@&A7P>DۮغJȦ;|_CnmN~/c0Z)"p{>4t-HK,\=W$ߟv];`.҅!&JnXPf ^]D᳀OV+m%$tG>9$1 NVҝ财 ;|[;=ngӫ|[TsQDlH13bM\g4pEB ul-3}tfCحQFв|vaLZVx` ga( >Ǥ\s<6q$@'Q;؊ 7ePCr9 "ɛ۝A*8g>HS H]9O P!Wuf]d16䥬+eFq%Ď,+a;z>z zbGl86 ϏUh>B> R 3%3}g.,cU}cUWҕfՑ^n,2*~'?9|dFNpǮF ~'!rkTYWtV:+rQ΢Qϫr*"tDbD APP4 ㆙OhjJBX4HԿ?o*$u?͡x֚ " P(' ߥ'bE'xV~CYq!g9F/Zy5\=K*f1BEP–,805yO,+CdE}"2N|kaY\'ucJ:R\#_[XU. P1Զ|+s0CGjSԢl }Sb`e:Qcabi7}V,>wPcvB5 :H6CmOlڣ.;o6V?֮Bu06 ^|՚A#Wq5G4fm6K#iuѺI+Y+hr\z`Am~{lA-۪!=Byxa?' C8eoMH;dD!dhgmm+oU_Bl*LI)ddum&FDwaJ]6ua:D ("[Sbe|&s(]p)S%+cAΗ/ǃ}g/f,g"+"X&;dQ ^$?\fTgVh|{I4\=^!/R<&Ar_4tXE`bWʵO!+ɖKYxuDDˀ3YE|/wkz+^iXJ\{oE=E6N^Xn o }ZΚ~V{ r8%>z%wBw_R$P<נa *>Iob(ZObEFZt˕ՄN@sjE?{st#9xBd+lvaՊo :(r.v*jAH2!ßjJD i:~.l.>0M+ CY.F7mE^3bYx [2m@EuPG-<-CQn+t_8JRmqX_hh*>2ϿO|,_Ͱtɖ'(Zq#S(I ñCWlt5r˛Vf걲qNo]_VQuȼ-#SM$4'6BO7el͕dsB;ϠM> ik1hȘDFSl8h~cB[-wz7ּ`{i϶sÒ}ĩ :+Xf#TÅ.|B"3՞gA6UYC` Pa f0] '90zѮ XRQ. _mLmBhqvYx+̰ۜ_պ lնQ֛sߌ}RlhJE/zv>#~`pF̀_w[%)>Bq}{v0>3w=huCNw` s QxI5kDU@3w9TH\ oz}P`]*dVvx^=\32YzuXg%Q8Mmpeݱ4" %QlHũ!KmcitKmv{ԲRHy,wYD'3"6mz"nkFQ8WC,z]s!N(5yDc`aU*xX}N-+­6R9 4Guȳ0YlY^,ŠzNtH2"Œ'%$')39/+PCcN̗fL|0jBiuuSWwxnCMXͮrZq9;@*W v!6PpΙ<jMDPt~[H' ?Q葑a7a@-w71_W9UCCHV hMN{}^I#%-]cޙ~?ꄮM^cבMT^8*&\  nr1A窄i;F,c?3U2#`M_TCi ]K^CVIQجҜ:1 ͎I8E{~3Q,Qll=M ܑ( yK3UG' 8PR)6Ac¤>S#M}5VNն+>Wطm\Ԍ1zOyg1ښUu"JT\dxP%d#6\vphb_{²v!C;K7 NFgŶd g [XbSI9oCA>EmtTUnЙd(D}nғ=N$ʫ^R=E9-=t 6(og SNaj@ձ)r_x l4&=ь;]HHjdFYpxV!4LV:>=;e׳1(gsS&Q ׌]QG`Bĉ 8}Fqg4fC]qyAx>TKF+na9j<|.cO2az)d_\aMmxgغJqASQzs1Pvc3aJbrxMod$B6rI;{H\y|-[K[|B Gd TȠ-aFs$BMzL@!(Xkþ M*vb ]5 r"p8o>++{x*l5C.n'SŜ5;*nL7Ą77Z.WOd>36WJ..}#I: ퟿9$ 3(m; ͎~0-|!m2X0f:X!)wk=$"Kح |0ߍ}jm>|pW(#ODSeƁWޑ<D`r~T@Q 8;j%h#UHA )Y! 0GK~nnd{R,:HG`Y7Qm/M>%!_4n%wZ*.P6k&JcXk+^͈g'D3(y1#\␺,qZHqRz?4PI .r;" DXZ5Ab^N朄CYTF%LX) IPЁ&m&-,ShYgBF3ӟԆ"uKVĹ\bg ŕcݱv\Ꮶ>X;Kӿ!Mϳx8hDk.]gѣp? ׷nt+5! \ g^DwoV>ؑabAOݪpV=6unL*̛mmδ6'U.56G="6nͳX؜u S&&(ʌLۣh\E[ԿxĚʑR;]Q60͇{+UQK25r): *B Ilhpې" :6H>}Ү rt3O},]@ LBوCˢǤK!25Y2bw;5{J߼\<)W8YZX}o-\#S==7v )nQk5v>YfL_FOFj;O~)w־-re 46x,LQxIj G c31f(bq2*n>9PnXgEY%~fLI=fs飔=\݅M'IQUN`վjzNkO8,2t{ԭZ@hDžYn%B/c1\t:HS";)qShYԸEdLmAxÕ5*G-Jt ;s^sMG] ݳ1 i5[sT`y1I^↓)uD $UˢU=ѣ㾕.'28Rױ{|ea/Sijf4HZ3wǕ_7OYƪ2F5W׳dX_r^n:; >o.b8>nEV,Ͽ4u~t\ NPI;VNZ4ߊJio]dɽvVHt g #]Ir).e V{WiƅU>:ְM w7SzcZVes~_7l^֘ @a,GK.]sdBLF5XY$FMr\eXǑ0/ ccs&856ύ%7(T )~QXdnzׁzešj<-*<4bWŮ'?4⌎8LkF¶|`HD+HcHqLlB^ $P$ȶA:c7昤AC-wR&r$  E~v^[w0 Q举us`{݀]bE l9WtV<g]w#{B~olcضBr]Nx#Qi,/#.БȐJҶ a1];\bl)2+7{*<ߋ,`{]I'fL^=*vNGtq)?S[}#vBYUEn.ki<6X4fE,*- c̴zGk-ȴywͪoL:JR|Tg6ľaڷcs'6D)-o+gDpm_(у f, t'?c-y0P4Ė7B]m>#\vzC9xnr:Jb1rt9HZ e*.Ud-;5lWkvݕd.Helmkb_5[pHoQ  H£ۿX$%*5|0f} +5^0]= -Z> \Fw΁o?qvаoJc* =ib :zC;VS+sR4~Үg p^DHҼ9#뜏7Zht%GRAd+h/AAoMV{Ld3vqyky O[grzjICJf+[`@3;=U6XXLm &o˛tM4cCM$~ Hl{,DW7DjԜpMn2\V:&kDHN]A,| i]SJ0叝yOdո1?Uj9DЏ}T7_#ݪ1"qĜ*:(h,A-c?Zbs<+_dlWm)e<j6qP.R&@SKݺ% n"hHzE_l`oSRb'&ĺxY'$|tIvس8s(FG!PlDIDZN|8ks)gs*mI|-pU\.,N.O/Oֵ䜉Ҿ3 ]ʵH*ܾMQ|_qρ h۽Ax؜,#QC& ߲S]1zRF53bumuQř$,&(߇̝Qb7Z|H'wOP{*za$r $wT K['M뱞j;6|ώCI7z'%JZ4ܐ q }zн4lUs#w:2?t>Ev`􆍋ڜ3V?^T3̜,_VbXG1 '=W0L3J[ 6Kt\tdv1v}/ /IO~m| -Nfxt]O~fpvGM,ށi9<+A{h=bq[el0X,kZU7gpm䮹T7yK >jv,E+g?& ٵW8Qx![2){<2tYI-qg 2k_9¶+'13BY@2OQL.OoC[VfwV?1>#hٞ2Q6fɞ-=;1?l!X2ozNFؑB)/ ($ _2p3TϪ@{@i(Uݦf-a&=ryG3||4fH IP5a߅hN>DO?~,c2lM:ڪ!b<pL}Pzb1Vˉ]E밦nTԖܟy[jF/kdў|d4Txg 3BHG '"g+~Pf&vlWLX&9FJc*{,\ z͊Saz FU]E663ݱfTg$pcޔW fAĻm\G%Pyn"Bߦ7N&',cI W #hy3+><#4s4m((Oӳp _ڑ7R?45 ;mmlFkFHi% g3CԥKsֺ,;{E>Ԧvj$k`=xꢦh/ιR<1sM&5|.+kymA97! $c~E4yuK4u7|hGй[u̯ 0\/Ǒ^T8=)""9Qj:!zQ>VikZ[ADFםQ=  bv*҃^(:wD6/0<^XJD}\Top3lu*26)8"Gɾ7EQTM 6&ɚ@ }P}*q'Z偅3MIsOe&8~0ANOg1iqlJ.AƬn:vq`DY0װjYpp4)+ōr6|a&(qcUB$+S(jRǕ`W\EXs3-5勢#! gݟR( zSh;$ޟ`- jL۞!szgG42;WaI52?,'U;(XZ)DՄ9}SXh\g΁˘%6qęjI}!PG]|UCz<{Ʊ8M_咹mRplv+s WnVsp6,|/K[ {ʓdH"IVF^=qon`ȷmhӋLÅ,V;(z58ҽMRvcYēLR2G&Sf#z& o>1Y Uч‚ee`7b&bZ={rvX=%S,Y?md2r #~6'3|B8fuDby|̖k0Ì-c#b#ㄴWҮURh<9jH#kv wPHu-ba\x Y(#u g*~yYęiOvyTi&ɇөZBbvb%/EzJKt!Wj;/P5fZóMd`2G+cA i 3ҟ;NLtj D$c3;Um*fЧB2 CJ))P:kfP./\avUgsOઃ j*A V/BE]( g6Nn= މ4&LUg$⇅_K)*QkP'65ylr @0.>6K![i?| L@Hyi9$6c:mX(;[#+]i%g\EJ/&#˥8? #X M;`|/uӰZѴ ?9rE_s͆R8c|d.(.)8:,)(YQ*8Qy=7bZ4,V..3A)9DBi1yd/8*d\jh찆}ZX{ubɲC ޶EhF6Sz<~x=G s|D}OD$5h4rj *KSV|B!.rC݀%}:e4d*m1U*2\$~-&˛/ހ@M$o:`kţ)V"2ta 2ryrrh骫 ܒD)3R7%k"JA4\IA=n6n&6$MrEtc~x׍|Pԭ8€ōD=WoX=wtM1$^tZ02r9EHDP%a9ʫ>JD $u&݌XN¨'cpfU l mMQS7VÌ?`o`̫|\w.MBS+w:1YN" $$0Q|Ot="XNw b^: 0.t@ΊxZ&}ϰFyЂ勇& a؋iPnô4mI8 pyy_#1 B:BdȤ_i$gA|K9 ڨf2q98HmmFF{v7{@0/vSi"fSАf_(䁅Djwbo(3?6e:?i$M~.xbVSQ +3P7/a__I\$}ھ=x=Mslf_/'2p'I029йuF] 2닚8\kov ̇ߛڟvgǓ-w&nuC*eoDcXW7A7RkbX8| ô:mS,xm˂T#njJƝs;>|EːP7C;4{byNuzQqr#HH8xNB<> H@W UQJhh kZ{}%Uz2pߗz ƀ҉7//ɗݟp`-gaeaM'mH=-OqsQ$II.`4 "5HӌqA# Ts oklv.% b.Uhښg!U9=/H6e u=驼Vy20 R5 aN ɡTDЌGJA3 TfRjY\ N`0R)ۧޝP`3o?uE׋<\6#6wxAUuIҏJb2vhS۞h` F}!A;AqOGФ$tz ~`% c Sgǿg?JF0a c Ke."Wgl" !tY!`/-B2teh' &dS+r*gE0䅁i3ZF~G=>؝hs'|'Rpymp`w(7{Z@-lkb| Dvo»m쵛r)u?w(HkВ{5"&/z5 *%͹dث?.b̻B J8't2 WX`,V䛼1!H]D9BF&Dvi˅/vtضZ*Ζ=*tУuxxa!V+x),Ir,+_\Urؤ@e[:Q w Wo0bf6t:;̾j]2 '㹦Ŧ7#RoRyĝDz7M8llz XEĜ][u:7Dq4{ge !%Η 2ɡ3sb"AЈQfMZ~l%>B+CVNa`-rN 6 ngjuYƋkn'E:Qd9: 8^6L!:?'wYQ!7N OU\uJJw"z{P΅xcQqn P< n\#;"}W*U0 )V!/xp:wУi0T{\ۑz[)sHܞ?ʛDks x%Jh^x2T}&0g[Hʊ8f >$8q-1\I1v-#8F@9g[3D5+ ZŻ~>狇X}ʆ23{/>FtfU\N8P% <$j$kE &+ҤџtX<:a힑LS7MXKޮt0-җ ﲲn9ޠwAR_!wXGT#5A:y@UZ=; d|rO-  HѰRy^MToKUg{R;E4m 3, u*Sa'nZU ?Pq4(n|j7zlĶ4)g,\胬I7uh.\ƲЇ<Q#[Ys.'<Tnrnl)뻣?Ts$r NGm7':tƫD2g^桵VhWQ}$0D-U-`jF$הMJ={6X; XgwܞUc%QmEB\aGmRw0zYw%K<Ǒ@ T1ۙlx]2<{o!3V ()5m39PNѯ9,4v[&N6`1"*]Ƴ鲹t@"eTRӀK 6P&=#Ub䕍xv!5̷$^"F%opO+CJW%'y h̄w)#'T\R,$1ZoNd*v* u/_TCqmoڄ#9 `jQm?TJ7DZ'$ߔ Ugz>Kz`l$Sy[5x;B` H):o&txc[FƔ+(jo<o  "ȠVֻ㈘ Yv֓sEXsݚL+)<sON3< `?pdpR<;o+VxuՊ}sU5dyZ2i29+ ٷ=Ļ*.v9"}KKH*lx?C_'fdҡrHXIV-Jnm֘! R['-HuL'%QT 9NAݷxu>ԿUP`@~`nRKh5"@bE;!+}`>^j\L"bQ֩ =]Rԯ2 lNayd ̿u Kq漜]Qktb&xR.%T.)qi'_i|E $G7E3+:;e-o6`p|#ead!硓"-ff&cB"DZ2y['؅:7y2mC;42P}tN5H:ԲU$QDp:C7fߒ4wK "yp^gF7%P7q'$ZG5y+|\}ҲĞO ż#_[EsʨHF s5͡%M`^uD+pKf,0xh[ূb}vSs1Gy \PAsF/8[C YD2#']rT澲} K2@Xl Gb/ "~ \ٝs!!CO:jr|V<r~/!,5W*b IC>Q{Ϸ"uGv%veѯ7ک4l4yA>roGYfEǽ`fEX[  mGCqd,P,Tij݁{0aT{fza6:"V_˝%kz +On FHBBr%n;b岆E7H0)lO3V<~wV ~ J g¤L~\ӳ{n713 }j*:|X=!{ө ll(sV,86f!GҕK G2tAFBh'}@{aQ3j[4MX'3\X%Hm7 &u"F56|m~%чE00iNa6HG[ۭ )Ia}1(Gv F zY4IOٳ7a]B`@\^?7>v]g^?Ka6@:%$=ْNvk˞eǏ//4KI^ˎϓ:v8O`h(@Qo#vw9?]F/S=F82ɧrMbj #8N(Nml屈!ݪ@OGUz{U$L)}pN,p eB-1Q!_hi0q&@>ɬ 'f!Lꔠ\R,3h;t4eݵINLPVbe7 W2eB\nء䥠8*'BW6 j[,u`5S.l@ ae#@D ͝`;]}XL뢣o%pZ5sD~ V/@mtʶ!Aԭ̣*V{²eUЍRiU0`AjfK1;Op@+56ݗbO]1%`Q`RBhjTϨ/} ӞiO^nb0껬+91zcQ`8w2Ʋ,7q|uqSe]y\AH$qL^֬hf4Hw sS?Bvˍv^<9W4Ur&3APy%=‘~8;2Z=yleCRBO =;js2.Atz^^Ap-ҏbTA^3=`z'S%#U7FS8{`sߌ+"֭Wms>2}"߄fׂۖ0ĩ'`hFi K#yhSgiq!D7:sDҨ{4pdhsPO{;vAqlu)wdttGDo,O1}f.j*pAS3;% ^K*7=-# Cwd! >Jn;U3ƈt2d1:v|NB4JmR~כֿLEG[GI+345dDp7r͵*^ V~1#Wl¾ ȝecL K ST^#Mə/ȼܼ|syg4ZI!ٸo˪juLn+Ԉ]<%~'C!7peBˈRr0M^_ ~M_,Pkf~Z@F0@Ȱ xԧNTq$ (2yxr-e4t؋ƻȊ# fvLA悕朿d}; ܽ@|75vdbj3c_4%x8Ao$T{zrc;+P؈0Z͇ѭm{?d ~.DF|K^K2/MY#X-Mg|M^{*FqX˜ƝseD.Y;q 5$u$n`Ϛ'?Je; $B gCmv.L=[F7%-O[-V)H=})WL-.XOo໙P7ӵv9ZB,|SK2vu(<4M®27Ii`.R'R.K?KaѐHo|T_hnf߫OK taQJXLT}!a|_/6KJJk]'z( h£\Ğov)t AXkYߜ*d!]SMSN5GV$,_`u!zar;e !(0KHu$0:7uf(U?U6DߡwoyBS d, #J) `@=*APծvKT(Iw=3g fM|~spBTygFV1?(`6{ݡ,"9bkYބ[Y-.>FPV@]uFNO}/~ lmO ކ<@%\ġ8)iD =I2JlDc")"o& ÅLʀ|B^5C0ȴZ4G+y' pdx3]$R6=Qn_(h3wԑ4`:_f;̃Po}۪{$*;4oB3(m a+VN2TMQ,\ cQWjdU!}\;r"FUU)u2P\ x&X<-YBJl#&|A /5yf4WA;1|/u~Ǣ"}S!H*Fd𶝐SNw_iKu &s\(UఫO(<2#0ٶ': ю[Yݷ* 5M̻_ ME[Џ+*bK#qmb8m/MG=Amr=*םMvMnx}±c--om"CĎͧ2TT͡2U Yc:Ҡ%,+JLe2x{=΋6h3-t󎣙"?|+⢬фQc-Ѿ#I{8QQϰMZ5rǜ0ЇL:o,O&$1;\d*ΥGoyr rQ8Ջn#h#.|R%؆G|l5wz;.ȏ>m]B O2JP7+50 nc@$+B+B&E,qr#t7sUGhz1Q"bpT8iA<|E*TwH 6/Pw Ȭ=(gcˌYUzs/ܜ?&`K3^d \-[2 U ,frW?X,LϑBT(GW%vڏ*~'iK(4 tNߴ4:z@C߀ Znϧ'%"dUkwY*|uo UK"CMnhlNg`߼疩@ F+/8Yex. _ӬvP_OyRь%#$#S8s1:U"l7ؐqLJ<s[CW _yq354rPJ&Sge൫~rdQH.qg1+XPjHk$d輥z !'ϮurC KEm{$|~ޔ#)z~3 *m'|ai`Tf'JtPYV Ň |2[ 6Cߦ2zto|<%֯,-BemC?m% [pKe42yRt/aWGuNfX;!FLZ`5M~'vǽ*>= vZ{ RAyfQUx;MV&  1K7 'M:7Ke@XG}5K|n{\>}. ׅM{n Y~IeDCJ|u>rZ$H*oN / VoMR+dϩ҅YF;`S`?!Zȫ%Hl?x5CxDIh\NG~q0*/iYDcURSyk\*H%^uX^sGkc ҁ% 0Y ߟ8Q":&8}}ïgQͭFmԑ콤PK~jgih?H] ZjÆJswܦ76z&2Mh]<_Z!ZuWnn5bJx^Y]'y/mLOw.#r竧2{$G&L e J1g"VVd"LhbRr3m2R~_)9 !(H/8qMQu5Cg{Ƭ Yx>!ξ(.`&0!°:\DwX[㤺`/7JUs(@#!cfK)J{a&L.őySvhލA܄}29[<#j=? 8//ԲuSiRow*xf8E SQá}3"H7E_ jUQ-(ο ^a3ifOQ'QHjMBC)%]WQFOdn &WŔx@К#|f /*JknR6c55P܄HˣFaic3(ƥGJ<޵*)K7,UXcv$SM 3Kח\ՒIrux <%Bq^3k] MD JFȰ3:nS[JHXS<ŌHX@+'6Ҡ2czUH 1AD\HQ.oi>D^[}Se'? bIux٨(֤7+ԛZ[WBtE a`BӸ(Ҳ-y? І1NWuTKw_bR1 $ b(݅od*Hv:6zz,2|/eiJrq_Zz#t ,5+LcP O׉TswC#ӳ;tךnC.%h׸iP2=%]ksgp$}xYrbA-dl4~m) ӻYZ9&}#a9]9Z8 Oq_ ޏg&QX㾕Cٙ֐ ꠡ?RY7Ilځ-=e2|eox:Bʴ- oyH&P$0˂~̣69]O7Sq ȖrVw$J#UfM"*]Qbih=t-ji>{^̠`4j:aLY%:' C&$w?O5we< ~{# /m(:f{V͝,y+MThu|qU!GBL{LSt[R? W pg-55 MaE9QOtJl<[)c~74l~kZTo%:? 47Um)qͪ)q%GVd u<~{ȹ5  JvG>^h{'of0D~ИO*ZsMUp#'8r(1u\WvSHjVP/B$P6iХ<'X0^Q^ geXsCn1iϤ3eS"􇺼K}uxKuoy˷/`,t8Qp{DuK"ݸsZ;`yoS@S*7 ~TLBD]0&HChknyH9(3aExD@ 1Hi1v)1mkvq.pYcTDZY=JXOdǿ _T5<(er_y>7@lG/c׭[5U.,rAQdDm8!s.Zoc:0W 7.*!IQ<0vL!GE]p# '!'݂Q?MQ(iRi{%wk߇~ŋEXm4ُ;ͫߦ'GtDi_xwo !L'iG<* wkXc6Bn/04 lfpx'e^hƦ)͐~ 7\k:G;­gpuUUXryI#$ KT`e1hw~P{.c -y/(^[q~&( ^u}50 |$%@ܩnS;y^Xs| [p 'zẸ@ BwـeX$3vW> =I?$sVɪ%R`Lû$6NǤ,>I,ǖIKP>fLaI 'Q>b $T3sn9 5T}|4/MCxh <8꨹)簌GbPDjD).F U)HͿKy+sbuG?M*2" GaF;I䔼Ii'] "_%M]yx`9/6xE+kDN|{u :g*Ndws eL ЃT}柄&P_k7I$!$õYh &tێ̥^)TA!"}t`N?]] NV #m(ZG.ԏ0#ӨXuҦÉb+6eRh~hSZKL}&_{.FL᠈ȓ0Ћt /mgclD,S/mZK*̜=y=5C '3Պ!)5(߬o&[a9q~Jو;3t a<S$arp \tŘJK 8@~ L\ bw>{V+h>}Eu'*)Z?Я)$s_qo2˫coe}H7@qXJ6ěTszʗ[o@ 7wi̫!2<1s6q)#WPv: Z-pĿri?fU?y @H*Jaxr ;[c <{iSU"e[c6+96jjn3BjLy3 ]8bۻX6$#"嫿a~]kņDf/Df;96n/uv?qTMB}_nw< Tk.j0{Ymp*yk#(6XȎ5NS rt~^@.ݟ'Q'NYֺ08V43J! bP>/C>vv}%d[937%! [2xGw.ch[)&61r@<'w9i 'sf[*na1:b;2?[%| A(T]KZ@j{@_ZQY w\y¯xVm:=R[Uh$`p%AP>Ζ-=1V0b~"G4I{2V͸+q͆cM^!CL\Kg^Ji+.~@څucDgnb*Nl!ס[*bM+(>s|| NM!ᷢ !dbkW^IshK\&B_ w/aϣ6#+S)3Fɴǎp .>hD537裑Can 촛Jd٣#v~+ ;H)1N=V՚"2e@x%6 o烌1;#&mr<|cw&ȅn Rk~~-y\{fΖm= +zs\oѦ Atx$ܑVQ 1m0BN0]ObṫyP@y !5A('<Fa} SLI!ќʙ(A_icŐ%l;poZ*>w〇Vՠ_),Q(>E13UFDy^2Eٓe%Ů}*p`f"yp7E8&vIǙf^cCG?>rܱ:LT6uj[[|9RuS?bU9ګulHt}\ J4)o,vfx8D< O_Cݬc9YRRgdo\qz Dck1.<ƁgC5[#{VJ8\s7)Qqc",\/'TaxҚ _nsP-:7/0dMK*agi6")(ӛtSָ(lxrʼm=oIMXP) lvbQc-љsồ-2p^Z{DsJٗu#("u{yƒB,ɐq+yx%-3F#Ea4W8:8#50B!Av eݕ5ņϮA ű"4ͷ-)CNUfGNܶKH }bfDa\\pW8aW`j;۸4u&, [ ŋW'ӔgM/V2 ) YȴuGopKG_ Zϯ=#"[W`޹OЏ zU f+sOYȳLLD# ,s;G>u8Jl7u0M_rDb. 9) Po!\!4cɬ'H)baOd#bcT# a~@1Wѣ$72M'k4L {{[+6ʧ?NyiC14KVvdǝ+6K|3*>MgBg̦#'Օ@hv_CW z *o,j!5rDᑣ2fg]W'6PCpyt"ZZwY'i-icĻE"l! 'zYvDv4QM0u^/.'#&6!}&8h2!ۙS |ÍQ=gp˟F.ߪ6ʼb| qڼG͐VG1o1I!O#a{(DpB?1gm^1=O2iɖۜ'6!.juaV4Z4w;ȡ}u_PB@D~Sx0u= kXQ;Po^ڞFpO Loޡjf-(h : ta7zW:h l ,N݇܊ 9a-M& c`U0PV2ߢ,OKͯ>r޼:B'tj: IKʫ f]~ԱK1Dƴ[4))DfprD4N̈́Ȟx|h"[Vsfme6 S⊚%kԱ W7ʦ߲"Z"Vۗ +ij|ZG/$:oZ4cȎ~U&1ʤod("As[@_$Sɵs;[N*uid@]xwIԠ̰"Q;Y󤔤0hܣ~ړu1䒧՜Q] k yO2 ~-_ZOkfU lx{|# zr3~1%(aGeioOМCIg-NDDa#s^f-+]h Qx:YڙٗB^f3SHxY}\`:LTx>iE_HMUEy8)$V1fS7F"q*\>x+Ƣ#X|l͛ɡ)YL6GM#_Ź7@:ȕ?:6Хa' T^\~\WIv_~0f90>^o|x*I3G(%m{E(fJ6ĢVlMwVd\IG$yS9% /aRVO߫ս뵸Wtvї4AJIvE.ƿ);rNuEBoYV&p8("v0nwAFDA`'q$ bK8q/-veH۬On~3{#k}bк7pd۸ܽ4|UsQ!U@#O'b]< ̜ Ӥɷ m;5fȜl?^:IEqo#l)iS-D́<>YTdz=򪌴1>>f+KzMP^=l&B):PONxϣ;Rk=4K<'UOBG,;p8\V,^%8ϙh'!$扪]m}ăVt,F"pв]`,0\DEHex>+p;B% $u|71'$Qj+־؞*N8FX>I-"CzTىiԃ)‹@4 E ^(PU8#c:Qu+,<}GPԺaS^.De?%lrLuDFBbs>rCꈍY mGwG7tY?]pV$noGNW'b7:ݱ  EƷ$QIoFVtj"v;BMODU(7D3%09/N\qNQ 䊳2gjs ǥ6Pl58ޫG,j~?GfaoVG{^|hH"b>d\l~|H2T(yWώ!Kp[ld?i?Tr P|A㘫eK!@*Rk 㗧hp o%ۯX>ÙHSlc}i0S!3l{y\T_;qU񗼆E(UĄTA;EmADɚh#IqZ̝h{x25h2 ^R4Z)}R##ҼZ82c>ɬ9ҮX k1B\п7{J :lOK%dyGe(\'Wf|?>'.ۅ P%2.>RL#qdrrg vz^Qlj;Iܢ!~Qw`'xKc'$4!9\AQ0 '#˗SF!:G?+mUbw6'k8zntD+%_;$C_#M!wq$HN2!zRd ( k-ڐCB=} g]$g^"vݪ7 2k̋xlKyfY샎یG9qqzHfE.RUĆDD_4)-hӍtZS{~~- xt(P6>#F.R 8nl\x9 FGq ڣ'*DRzU(;>/2#iڨc'.$#`q%dFmJFo4ڲMP~ Î|+rt(WPY wߪ sz9ÓG 07,$5#llE1#_[,^U{tc(rڊ8sPKE|Üsp\/W1徥W0>f5罒,SA{CIɫhq2bUoj<<zW̞+é/ɖh!LmX}*dgt0]ȂܩTlu$^ wVc*&S:-C{[s̍]If ^'s\m$g[6+⎳\3 /+)rI%L\ _E,{gv2hV~]^>U TylHyR ۊ0 ƭA|+7bF(uklUϿHt\GĺR'"{2˳"X 9[ YPFg^q y';9ĵ %2ΥzW 2Q*O# N7^$ӋUBXHkN3{q(ls.Q0Wq TlkD`{d8}K->w喟']mI  g~}"W$ȐU҆KWxhYVrKڀi-м|8[莂x~= [g$ރBjV2{e(<BwwRHgm'=[N|{QS-+RyCG& z 9]lTLqx%b2Z|$cٖ?j?/EE~8J A!v^X٪-q6>"q Y'ݦ2ۙ(x2yxvH?TeG;Kf_\ŗWPRYcɲמ;w1X{ pfv|IFD${Hc\}ZK> \1Jh$JABI9Cvm y{qWT G6u⹩p(?T;fKF/> \;V}Y eۦbWi\>،DIIȚPcR2u1pEA}Hy43-ǎvڰMUKi}Zp_7aec2YdwWWd*RKl_Iu8H<8ց(QwP pHҹQ8-ty7\I"t P 0l=RRMu([;NAFzV׭MsdsWU=ʢÝe (Ⅺ-D 7p,qN&KČng}ET۬GA,r"ʭ Fe%'K%=FXA! t8(ZƎ#ʳ oJġ@~$ Iffܴ>~iHYl ҍB߭T{u7KF҉#YJ?Eh81a0 nhO{]vQ*bZO:nr531 Ǻ^JO{a+6v̗{ZRf nIi?+WѠ ҐKbj zO@sرd:Χ? ֳ.ظʞNAM!-XXЀ2_Ԣ\&&S[RQ QG[:g*c.ISN983sSl1kW:`y1XjYpOp>'"u#hB8}zև~k_UH'O{HG7W؉-!gR~=IMkXE(qqw4G-˒* JK~t fV*ş8%JPhY&l(Бv^NR=zI?"TYgFHLKИz`^>Dd;0m=BM^?/H/`SRV8 <%p vW?Y"Sn@ktGz0y"Oth}=\|y}hmd ,tKVF1D_P&id0\u0fE"ۈwtA0r!h}'Ҡ%c] aw5&2:TU9T;oWoM Εyf-@.+$S :|38ZV" 4[dF؍L`0ߥQ(С, W>=(n R J2ԯZ0UGa*|ʔVL?XmE }]dl "1y d{K]INp Of 5_Α&ROC`%IT{p۴.?=e'M!]Bp3 B@o`Ҵ6Zk]iJMXmuXnh-zMo:DkFmJI5Ci_ {@&{7mKus s?GΕmf\\cu̖2CQI#JL8bs~ p7a fy喛PxP㻉íIq4߇c92;2/QA Upq%%rVe*MBvRRW,5veoi,.iYpkzW|ĠBAQ݌hUᠥ94qbN͙R׆ :$ʿ7pYq^VL X%mNEyִIGLCIP`"e~P'%8`0Em@ @a.W$w lz\Gϊo~&y~_rmz/ :%w6{ьCi)*3XԌ}poiXcz.QV*eގP:waX׻xqkK #ŤTe`eI^RM 0_c ޠ]+y~5dqR lgIԔhg͎CP0K2/zD+@,KI#Gg_0!cV{\ptaoBq>omBeRѝ\ÍsW5Leq.~2cQ6hE5cGzP\T'3_Mױ$JnIbVdٛB.WNeiSe#9?Kѳհ8}Nkrz ܸ SSi@R\snUe Es(]P M~Q{Zs p8ˌ0m-\hj6(dGjM}W7'3AQ'UAmv﷐! οՊ1<杬( poIB>LlfSIteX LVĿOL-7}l wKRBe}CՂSy V*<- /RcFߑa !9HxSȉ8׭PNLl`] cR^npmXQqMY#g#K,/LՁ Y!Ul'2+|n0#,2#źDumH}f¿ `KH@4ܳ1VۈzV ]e6[m|Ivac 8ՎN"?]C4V^5ԍ2k~E>nE˓ܖ`Š͆+p]4^,TM? edVdf>S.9^С,UzڨQu]Q rrvƌf+r؁hn%;l顊] D@NǪo% 9c ~ڨب{ ᫉m8Ͼ00.L]@ k_; Y|wmTF)ZO(cY?|NXWA~k@i**+c.R 74i%Ơ6oS*GX1r#Q~VG  -U_̀u &)#b5x^ d c7ex-Of1BO)J9% }fQhD=]m&,*?h^([6o 8,{Gj*ÒVIƊQS&>|%"cbRou[?AЬc( y;jAokIg1X7"1n:n#v{m7"AWuj9ә3$1WJ3sZh~(iBS`Ĥs['k*hm"#_oRBP >lX{Tb(_o\|_dy,xDm3cp0NRmh8|#DR$D)kca3<' +pfh@~7F 4QsC5jJR. 0U@K!QըL:{P+_#|'̗d?_6q SH?2gYɒ,Lj2G4dZ8NqIWr J<1H-٘fzmB/Br .K1uN^,(t M<8~7n6m]qZX m'aތ> [!&!ܮa:`)pyr6UI%pUZڨ`zvsg,l4: L|b]m\xl0qtrYgc2gKcld4Ů{$c_/3TuܗT{"G'u0-ywr #e @NwسthզqRzc $ _֕?+|2km̜X[EdE%6>HUԪs9B[P(Ѡ1͑B1V*)V`<8Íc_5LUʝqI ѐjiC6.Mz7^ vIٞζI~u,eeSq~4*,«bد4Jʁ=) \=gbw`!ѱ'BO*0a8-k2™{ ڑ0ʃ^aqqB-]`%O#=a ֛tb-DC.9'džd,&m!ܖ9h'<9oڜv|޺/74uF҅Kj9}(y) : t%  =#\HD&K RSLK]*qs BsE_E}.%k+u4^AKC& S 4ߕvQX{% NG6)m}!4f(W'ЙQU~ Kr Hrՙ4[e grL7SL7lrQܲ #@cQ-O3{tޟGUSBg #$v*){#wo4썤C|Ϛ~`P}Lv'} 'le S笖eH<ǛpHW<.ݭlXmidv^{VQ3cbnSۡ~ycnULEe8o F)ҤcMqkr6 CԾA@ vߺ8ov"`-"=,q]JjZ.[~6Hהk$Hw`^mcR?gry D[M7 Ḧ́] JF!):3ȇfXxBMP,#ojr!<~etN.sQIXJ> YZ