libsamba-errors0-32bit-4.13.4+git.187.5ad4708741a-1.34 >  A `>p9|LE%xYzFP%-fp1$ueFc>Ǫ;,2 cWEam (Tcˠ {V wQ `{6-.05/*&/ wD9>پi!Yݚ,sxl9®ڕѵ!p##0d1 26 {̨p9| S1q]m&Av~S =y ?OX )*j;1-o<#WE拓X}!IUd{uB83X!񧥷Hf(v3:펫X81 H2Ih5 }n r9 p =N{Z>%0 p>l?\d4 9 W &=CJ\` b d h  \   (89,:>ΊGΔHΘIΜXΠYΰ\]^ bcd,e1f4l6uHvLwxy  XClibsamba-errors0-32bit4.13.4+git.187.5ad4708741a1.34Samba errors handling libraryThis subpackage contains libraries to handle and translate NT error codes.`sheep22SUSE Linux Enterprise 15SUSE LLC GPL-3.0-or-laterhttps://www.suse.com/System/Librarieshttps://www.samba.org/linuxx86_64/sbin/ldconfig`7e302c62921a2dd3bfeb470aa9feb78a3e4c7afa87f4e899007b8531c9e94e15rootrootsamba-4.13.4+git.187.5ad4708741a-1.34.src.rpmlibsamba-errors.so.1libsamba-errors.so.1(SAMBA_ERRORS_1)libsamba-errors0-32bitlibsamba-errors0-32bit(x86-32)@@@@@@@    /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1`@___i_@_|\@_{ _l@_i@_d@__ @^@^^2^2^^1^^Y^J@^2@^&^&]]]])]@]@]]@]nU]nU]i]e@]_@]J@]B@] #]:\ڭ\\@\@\ \N\e\e\}@\o@\\\\\4\ @[[@[[%@[@[ @[[t[#@[[Q@[Q@[\[[[{[z@[r@[ @[WZZZZZZ`@Z@Z@ZZ@ZZ}@Z'Z@ZOZ@Z ,@Z@YY@Yo@Yo@Yo@Y@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USascabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.denopower@suse.comscabrero@suse.deddiss@suse.comddiss@suse.comddiss@suse.comscabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.dedmulder@suse.comscabrero@suse.descabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comdmulder@suse.comscabrero@suse.denopower@suse.comddiss@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comddiss@suse.comddiss@suse.comnopower@suse.comnopower@suse.comddiss@suse.comnopower@suse.comdmulder@suse.comdmulder@suse.comddiss@suse.comscabrero@suse.dedmulder@suse.comddiss@suse.comnopower@suse.comjengelh@inai.dedmulder@suse.comscabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comscabrero@suse.dedmulder@suse.comscabrero@suse.dedmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- Update to 4.13.4 * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * lib: Avoid declaring zero-length VLAs in various messaging functions; (bso#14605); * Do not create an empty DB when accessing a sam.ldb; (bso#14579); * vfs_fruit may close wrong backend fd; (bso#14596); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606); * vfs_fruit may close wrong backend fd; (bso#14596); * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * The cache directory for the user gencache should be created recursively; (bso#14601); * Be more flexible with repository names in CentOS 8 test environments; (bso#14594);- Uninstalling samba-client: Failed to disable unit, cifs.service does not exists; (bsc#1180388);- Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514);- Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471);- Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469).- Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355);- Fix vfs_ceph query_directory regression; (bso#14519) - Drop liburing-devel for SLE15-SP2; (bsc#1177245)- Register CTDB recovery lock holder with ceph-mgr - Add liburing-devel dependency- Update to samba 4.13.0 + Require Python 3.6 + Move wide links functionality into VFS module + Deprecate NT4-like 'classic' Samba domain controllers + Deprecate SMBv1 only protocol options + Remove deprecated "ldap ssl ads" option + Unify asynchronous DCE-RPC server; (jsc#SES-645) + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655) + Drop internal byteorder.h header from util-devel package + Remove final code for the AD DC LDAP backend + Add AD DC Group Policy Scripts + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399) + Fix %U substitutions if it contains a domain name; (bso#14467) + Fix krb5.conf creation for 'net ads join'; (bso#14479) + Fix build problem if libbsd-dev is not installed; (bso#14482) + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437) + Fix idmap_ad RFC4511 response handling; (bso#14465) + Fix panic in get_lease_type(); (bso#14428)- Update to samba 4.11.13 + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no"; (bsc#1176579); (bso#14497); - Update to samba 4.11.12 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install "test_util_paths"; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425);- Add obsoletes to libsmbldap2 package to fix upgrades from previous versions; (bsc#1172810);- Fix net command unable to negotiate SMB2; (bsc#1174120);- Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227).- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);- Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437);- Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521);- Require libldb2 >= 2.0.10 after security release.- CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850);- Fix smbclient crash with double free (with unresolved krb5 credential cache); (bso#14344); (bsc#1169095).- Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680).- CTDB doesn't retry outgoing connections on bind (and some other) failures; (bso#14274); (bsc#1162680).- Revert: Allow idmap_rid to have primary group other than "Domain Users"; (bsc#1087931).- Fix nmbstatus not reporting detailed information about workgroups; (bsc#1159464); - Fix querying all names registered within broadcast area; (bso#8927);- Update to samab 4.11.5 + CVE-2019-14902: Replication of ACLs down subtree on AD Directory is not automatic; (bso#12497); (bsc#1160850). + CVE-2019-19344: Fix server crash with dns zone scavenging = yes; (bso#14050); (bsc#1160852). + CVE-2019-14907: server-side crash after charset conversion failure (eg during NTLMSSP processing); (bso#14208); (bsc#1160888). - Update to samba 4.11.4 + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number; (bso#14161). + Ensure we don't call cli_RNetShareEnum() on an SMB1 connection; (bso#14174). + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx; (bso#14176). + SMB2 - Ensure we use the correct session_id if encrypting an interim response; (bso#14189). + Prevent smbd crash after invalid SMB1 negprot; (bso#14205). + printing: Fix %J substition; (bso#13745). + Remove now unneeded call to cmdline_messaging_context(); (bso#13925). + Fix incomplete conversion of former parametric options; (bso#14069). + Fix sync dosmode fallback in async dosmode codepath; (bso#14070). + vfs_fruit returns capped resource fork length; (bso#14171). + libnet_join: Add SPNs for additional-dns-hostnames entries; (bso#14116). + smbd: Increase a debug level; (bso#14211). + Prevent azure ad connect from reporting discovery errors reference-value-not-ldap-conformant; (bso#14153). + krb5_plugin: Fix developer build with newer heimdal system library; (bso#14179). + replace: Only link libnsl and libsocket if required; (bso#14168); + ctdb: Incoming queue can be orphaned causing communication; breakdown; (bso#14175). + ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute; (bso#13846). + heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code; (bso#13856).- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).- Update to samba 4.11.3 + CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). + CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). - CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- Update to samba 4.11.2 + CVE-2019-10218: Client code can return filenames containing path separators; (bsc#1144902); (bso#14071). + CVE-2019-14833: Samba AD DC check password script does not receive the full password; (bso#12438). + CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040). - Fixes from 4.11.1 + Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140); + kpasswd fails when built with MIT Kerberos; (bso#14155); + Fix spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106); + Stale file handle error when using mkstemp on a share; (bso#14137); + non-AES schannel broken; (bso#14134); + Joining Active Directory should not use SAMR to set the password; (bso#13884); + smbclient can blunder into the SMB1 specific cli_RNetShareEnum() call on an SMB2 connection; (bso#14152); + Deleted records can be resurrected during recovery; (bso#14147); + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group; (bso#14141); + winbind does not list forest trusts with additional trust attributes; (bso#14130); + fault report points to outdated documentation; (bso#14139); + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of trusted domains/forests; (bso#14124); + classicupgrade results in uncaught exception - a bytes-like object is required, not 'str'; (bso#14136); + pod2man is not longer required, stop checking at build time; (bso#14131); + Exit code of ctdb nodestatus should not be influenced by deleted nodes; (bso#14129); + username/password authentication doesn't work with CUPS and smbspool; (bso#14128); + smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(); (bso#14094);- CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598); - CVE-2019-10218: Client code can return filenames containing path separators; (bso#14071); (bsc#1144902);- CVE-2019-14833: samba: Accent with "check script password" Samba AD DC check password script does not receive the full password; (bso#12438); (bsc#1154289).- Update to samba 4.11.0 + For details on all items see WHATSNEW.txt in samba-doc package + Python2 runtime support removed; python 3.4 or later required + Security improvements: - SMB1 disabled by default - lanman and plaintext authentication deprecated - winbind: PAM_AUTH and NTLM_AUTH events logged - GnuTLS 3.2 required; system FIPS mode setting honored + CephFS Snapshot integration, exposed as previous file versions + ctdb changes: - onnode -o option removed - ctdbd logs when using more than 90% of a CPU thread - CTDB_MONITOR_SWAP_USAGE variable removed + AD Domain controller improvements: - Upgrade AD databse format - BIND9_FLATFILE deprecated - default process model chagned to prefork - bind9 dns operation duration logging - Default schema updated to 2012_R2; function level is unchanged - many performance improvements + Configuration webserver support removed- Fix broken username/password authentication with CUPS and smbspool; (bsc#1152143); (bso#14128).- Fix auth problems when printing via smbspool backend with kerberos; (bnc#1148539); (bso#13832).- Update to samba 4.10.8 + CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267);- Fix build on newer systems by modifying samba.spec to use consistent non-relative paths for pammodules in configure line and specification of pam_winbind.so library to package.- Update to samba 4.10.7 + Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module; (bso#14010). + build: Allow build when '--disable-gnutls' is set; (bso#13844) + samba-tool: Add 'import samba.drs_utils' to fsmo.py; (bso#13973). + Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade; (bso#14008). + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021) + join: Use a specific attribute order for the DsAddEntry nTDSDSA object; (bso#14046). + vfs_catia: Pass stat info to synthetic_smb_fname(); (bso#14015). + lookup_name: Allow own domain lookup when flags == 0; (bso#14091). + s4 librpc rpc pyrpc: Ensure tevent_context deleted last; (bso#13932). + DEBUGC and DEBUGADDC doesn't print into a class specific log file; (bso#13915). + Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto"; (bso#13949). + dbcheck: Fallback to the default tombstoneLifetime of 180 days; (bso#13967). + dnsProperty fails to decode values from older Windows versions; (bso#13969). + samba-tool: Use only one LDAP modify for dns partition fsmo role transfer; (bso#13973). + third_party: Update waf to version 2.0.17; (bso#13960). + netcmd: Allow 'drs replicate --local' to create partitions; (bso#14051). + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).- CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267).- Prepare for use future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).- Update samba-winbind script to work with systemd; (bsc#1132739); - Drop samba dhcpcd hook scripts - Update to samba 4.10.6 + s3: winbind: Fix crash when invoking winbind idmap scripts; (bso#13956). + smbd does not correctly parse arguments passed to dfree and quota scripts; (bso#13964). + samba-tool dns: use bytes for inet_ntop; (bso#13965). + samba-tool domain provision: Fix --interactive module in python3; (bso#13828). + ldb_kv: Skip @ records early in a search full scan; (bso#13893). + docs: Improve documentation of "lanman auth" and "ntlm auth" connection; (bso#13981). + python/ntacls: Use correct "state directory" smb.conf option instead of "state dir"; (bso#14002). + registry: Add a missing include; (bso#13840). + Fix SMB guest authentication; (bso#13944). + AppleDouble conversion breaks Resourceforks; (bso#13958). + vfs_fruit makes direct use of syscalls like mmap() and pread(); (bso#13968). + s3:mdssvc: Fix flex compilation error; (bso#13987). + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872). + dsdb:samdb: schemainfo update with relax control; (bso#13799). + s3:util: Move static file_pload() function to lib/util; (bso#13964). + smbd: Fix a panic; (bso#13957). + ldap server: Generate correct referral schemes; (bso#12478). + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value; (bso#13941). + s4 dsdb: Fix use after free in samldb_rename_search_base_callback; (bso#13942). + dsdb/repl: we need to replicate the whole schema before we can apply it; (bso#12204). + ldb: Release ldb 1.5.5; (bso#12478). + Schema replication fails if link crosses chunk boundary backwards; (bso#13713). + 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision; (bso#13799). + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."; (bso#13916). + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL; (bso#13917). + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary; (bso#13947). + Using Kerberos credentials to print using spoolss doesn't work; (bso#13939). + wafsamba: Use native waf timer; (bso#13998). + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3) + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found in DnssrvOperation2; (bso#13922); (bsc#1137815). + CVE-2019-12436 dsdb/paged_results: Ignore successful results without messages; (bso#13951); (bsc#1137816). - Update to samba-4.10.4 + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938). + py/provision: Fix for Python 2.6; (bso#13882). + netcmd: Fix 'passwordsettings --max-pwd-age' command; (bso#13873). + s3-libnet_join: 'net ads join' to child domain fails when using "-U admin@forestroot"; (bso#13861). + vfs_ceph: Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). + vfs_ceph: Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). + ctdb-common: Avoid race between fd and signal events; (bso#13895). + ctdb-common: Fix memory leak in run_proc; (bso#13943). + lib: Initialize getline() arguments; (bso#13892). + winbind: Fix overlapping id ranges; (bco#13903). + lib util debug: Increase format buffer to 4KiB; (bso#13902). + nsswitch pam_winbind: Fix Asan use after free; (bso#13927). + s4 lib socket: Ensure address string owned by parent struct; (bso#13929). + s3 rpc_client: Fix Asan stack use after scope; (bso#13936). + s3:smbd: Handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#12845). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#13796). + dbcheck: Fix the err_empty_attribute() check; (bso#13843). + vfs_snapper: Drop unneeded fstat handler; (bso#13858). + vfs_default: Fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862). + smb2_server: Grant all 8192 credits to clients; (bso#13863). + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling; (bso#13919). + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872). + s3: modules: ceph: Use current working directory instead of share path; (bso#13918); (bsc#1134452). + winbind: Use domain name from lsa query for sid_to_name cache entry; (bso#13831). + memcache: Increase size of default memcache to 512k; (bso#13865). + docs: Update smbclient manpage for "--max-protocol"; (bso#13857). + s3:utils: If share is NULL in smbcacls, don't print it; (bso#13937). + s3:smbspool: Fix regression printing with Kerberos credentials; (bso#13939). + ctdb-scripts: CTDB restarts failed NFS RPC services by hand, which is incompatible with systemd; (bso#13860). + ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"; (bso#13888). + ctdb-daemon: Never use 0 as a client ID; (bso#13930). + ctdb-common: Fix memory leak; (bso#13943). + s3:debug: Enable logging for early startup failures; (bso#13904) - Update to samba-4.10.3 + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum; (bso#13685); (bsc#1134024).- CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815).- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183).- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).- Update to samba-4.10.2: + CVE-2019-3870 (World writable files in Samba AD DC private/ dir); (bso#13834). + CVE-2019-3880 (Save registry file outside share as unprivileged user); (bso#13851). + py/kcc_utils: py2.6 compatibility; (bso#13837). + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869). + regfio: Improve handling of malformed registry hive files; (bso#13840). + ctdb-version: Simplify version string usage; (bso#13789). + lib: Make fd_load work for non-regular files; (bso#13859). + dbcheck: in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816). + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818). + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854). + acl_read: Fix regression for empty lists; (bso#13836). + s4:dlz make b9_has_soa check dc=@ node; (bso#13841). + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832). + s4:librpc: Fix installation of Samba; (bso#13847). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853). * ctdb-build: Drop creation of .distversion in tarball; (bso#13789). * ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838). - Update to samba-4.10.1: + py/kcc_utils: py2.6 compatibility; (bso#13837); + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869); + regfio: Improve handling of malformed registry hive files; (bso#13840); + ctdb-version: Simplify version string usage; (bso#13789); + lib: Make fd_load work for non-regular files; (bso#13859); + dbcheck in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816); + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818); + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854); + acl_read: Fix regression for empty lists; (bso#13836); + s4:dlz make b9_has_soa check dc=@ node; (bso#13841); + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832); + s4:librpc: Fix installation of Samba; (bso#13847); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853); + ctdb-build: Drop creation of .distversion in tarball; (bso#13789); + ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838); - Update to samba-4.10.0: + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s4/scripting/bin: Open unicode files with utf8 encoding and write + unicode string. + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813); + passdb: Update ABI to 0.27.2. + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813); + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);- MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698)- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2./bin/sh4.13.4+git.187.5ad4708741a-1.344.13.4+git.187.5ad4708741a-1.34libsamba-errors.so.1/usr/lib/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:SLE-15-SP3:GA/standard/b5c3032238a4e7a6b51699004483c0c4-sambacpioxz5x86_64-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=0934232d1fb183d64c4e16140aab2f095344c162, stripped PPRRRRRRRutf-87c1050a30e6aea20d6b9c445010e32b93043ddf76576757865ee5a6db750e0c9? 7zXZ !t/`@] crv9w J `q&OYK5JwPM܂}g.DS3`+<}~n%eqR 5.NDJE `х [SˣMmwѥzW1S+a&bՕ,ߊ I$-$;~j=EUt%˘fyQti{ #xdǗYs6k7e͞q_9sNGMk7+!mU9s{.SRfc# ڻ&< K,1Ppx 50C&7_4Rxq'z/*+U;.a䁝7 u 9p8Y:e, d#$Ӎw:$śBNv[@Bc5ЁDҒsaܶh .-$ (BGj+7#$|QuU0B]S p湸$& /z_-T0d.cN <}s܆%ɥs҂?$ cjPlM:QGo@@ж>ICۻug)amCbi=nA:Uy>b@#ʭDIQ}xkyzչ%>+ϡU vBLC҄lyI'>÷F;_s:HqyS&+t 1Q-Q`m%ԍ§ֆ@3}^Qz?E\x![П b<3>R៸-W )sg>D̆ O6*M#pxђ3bBOE 9>y6,F7İ,wt2Ijz͔B =wɩokQ'(e]l] ‰gs oQ]5JA^]ܐev ,st8w2 ^ iOPxgQ~Y +E1|yKwqڪeLG%]jA TV>Nd+|WSV㽳i XB?w@ - /4Bocj.\5>F5A$03W˻4=R@)]jf FL7j,p1s􊰪˜ _ZH˞3fNwҭPČ% ˳fx_K}nI&:wЄw 75XY,ʖF VFk 'kȏs\ S"ɦU [bU|NHF7\t/!lpvPE Of[q:4 *lK1nM3pZF4]ONS8nu'D/v g\ MjLˉQFNZ MN9nh.ܬ#zj`u ̬J [Qzw]#g3f#\.Dd[pOJ ] k5ozSV r"/B0cCk\^qˋrF/.^d ^ҨEs) 73hSPW}ZZ@d =2=yf!k&.u$IpGzьxQQ@$St֓G=eIOgJ81yw`WӴX K9`Eʪ7J/=ۆd10'=^ a:ZØ#¬R=Y5<iinq{! XҤ$,ڣ) KSVr'ƣw77k+Ent +6~;)jyK~ٰ舀 ""D<ٰǂf 4 ʦؐW+ X5PRL{ $9jmiL8U^g^JUjH"Ũbǒ/35kJZ 7(mU$]C.%1L.{u.ѻ&iUP)9 ٪i+KY)2||yˌsŇ^*z\Y3E#r;^kOdqQ.OT NTm?ԚHI5]Ɗ$jkBt.hI!vm vLRoA؁bw8x' 5Jz@<:.7;3Ά\rp;!` 슞3_>/_eҳ+ #65VM.u `V'C3Coh1@Jm^mLA (\:5-?:ӟI9_kٛ[-,bM5 qA¤X!N,Įc`GVP5H=9A@kQtIU8Z`܌',LQ]!C;e觌F,]TxuL~vCup7~%&B+ϓDAm~TD|u| dupǫUeߪ %tEYZC D@jio=Ӣ)RҀ}=X}A;]A qE4%hIӲlG1| 3",~',P3쎼w3sȍS,x 5p.V_bW3){~"r1mzQNPSt*Ms-͌xf JBdA|t17bŽu5ooMk[ʏV+:;b<891xӈT('M]`̏qU\ktpͽM柜*cD*yoYy}K]ɫ}:n&l%hZ6Eƛd[u_b,O U^6Bm7CXA>]Qgjf7 sk?X$ ;0$svRcosC+ lk\45v!ׄ?k9`_wn4d40py'!\# ۭ8c墳OT6 <x{!^!Ns &J^.]"k'D }jϭkv=K>.Kf=T@3E-G=y'Y 5Q8TXgqL(BNpِ` ]tĻޢ@plTW.ctA ])5mľ!u-G)X(9] OMAorJ&h|hu* X26 ṵF>-4ojms4'Wxe+LthfP4ZX84/t=b3FvL3(Jǘ.X\z#/*iK& m(a<Ɉg*|h %8BޱT&~<}J`/Qe_zHޝ*`77 Cj8] :GY9ev);nB,K).T:GcRC;!dU'qxaA^.[gohMu.?k< 7Ev2MB杷qAx 8'4?`3fxӐA)|_im87 w!gr'@Y%ڼ25YE+jFA_1#'CzNf7aDԫl<7u8OKVJ%~xk;`RFhȍ)w7 )LώA~;9*9X5GN5mhc"Xx57ō'*jͨ/7^;VZ8Awݾ *_{q3\C:À4\_vY~_nዎbQ7^`g@kp; -YR=zo.L@e[Ō V%hAS Hn%r{M +8 )&Chux/&|OφJ 8l *zy2rX*`4NMRoK=I-KTIgu{| \:` UY@cʄSlY@;%BՕM_}ȃTFr0m2!f4[ YԈwQ> @M+CR:C\nl".[S}R *iK a]_+}-WiY3aσyalQ*jΟsOJ["#1-=aPjCM4QǸvlTrku|:\M < zHo@oA׃g 6eUܼi]2lrߴٍh:C%,|-gףH)]EId+wnSG·ŠrtYClRJ[n(RW]`8Q91m݆6 WU=pbcd{`czl#^ՁXZwע /P<߻a^0 ulTdZT [Jp >n6owɱE |7U(Sl.vr':&p޳h_妙fƇOL(P5 3r#Q`YJri4ֿck ;'_}@)8D`"IN2 ,$b/%KT^,T %%Uڮ]!k rY⒟5ZeꓽAsLhdhӗ#χR0MT#N&Z&5 +'`SGC^bI^<&w~c-͓(ӌRl2N/ua֙D ښ:NHfD&G;3Fgȹ+zT=ceғ< Xf3Ti#Wa&~ Gsi`~О _H=㱈&ҪB"L1t*QBY5n fN\ oP5xǎF!1|Aܣ猣gwASL^ 󜹲(E"0!C k Hwg;+֮5ȢY. #bX[}YA ߡu%DɈnƨ,Fif àVJ4=AUtTXDOut)@7#} QaMOJmKL(dk `1#ݯC-NNYw{umjˋz+kzf(]9/o=]Agf2'ݘ 8v> Yڻp+)b0,gaZ4J$;LAsOQ␱M;`o`,@JE+r쬕`$Diu&5QН:n{Z ]2?iۺ< h\2/( - ypג3A.?*({,p!|7v)%s(?yI;pbFaÂvQ̿25;dfҴEI+b[@0+~L[rxNMWyX58R9$1"blN1ꦨ}Q%OՂQ0D%vIin.CТe1 kQ((Vqkx !@F{=3 ƛ4b1{EWMn͇/r.$~LY޴ޮ}f`uWsBEk: NML(aE-MR_~NPɠ\v9jG%pT?ujFgdqUB ~.EgF8dN8N̦tڗ"\jؽ)6{؆g U⎍TP]0aU( 65Hc@MRN'^!TEM_G޹sӡEMJ֖FV~S7R*gSKƛݥג%eIι 5"mq/X :\_%TΞb :'xp퀷tc$NL sK]@Hohls*}i/;D3?s)DPW$#hĊklGd,`P}&٢YWv-ǃ6`)lփɬM3i0:I麐"5U*"r_ALtop2ybc9:KF2:} X">XFjZ023=T86w$RpNV *Ɛfо&Eh4ڋQ\K2~w(<u8ڈ":ꚨ'ܔfv)[Z-jUSb`^aB@N0Ki3ѼHp?-UGkI[EB[:{1[ϐ5^ǁYpzV2㜐; h3l'`IMRx A!K*] 0MvWk\ ~4B{> -[ p`͍H?*3~%~읡1PMߓ?c2+ ` },H& UòXJEoi3lβ9r+bFNj?|vbz[R1딴J^l)wX5v WYPΐq}쉤b7ѱ6`ă|܁kϹ)DTRIzR>XnL}BRJÈ@ Hh8F)fp*o4~ropHe@SoN/Fxr%6&@v6ȇq ad+Y1g@hC9GiTZi{9Rqo AN9Ⱦ*cP@KP\sBZUspHo%(4{9rRܗ7%~|\fc=clgoQ|"t4!?"Hh=?|EtKXNL2 Q}W%c@,adrGťļք. mxS)x" _c ZwS;adl*YW48 sM-t3MT`cx ^d*1&ɬɽLj UyN){υ*R WeuJ$$3a+d,F0E}*1+(m<& bm22QڐQ5!q/Nb3_'QJ ѿ}ECaC[Ⱦ?HGe驍7:oԶ֓ #7V?cvWXI"IUxV2}њ0S+k1]œj;]/7͌78F+ 9Q2o8RlŖT"pT3{Ɏ`v?Dp|ɘp_P<cN]Qo~,m lBfhϽm zt*3(l\7󷳟qX9n1+"bYLZ媄n*aWٗ_Qf$^ɏ\ 103 9Pou; iy:'\oPi8uv@QĸNu6|C{R0W 7 :Z 658L<@^ˉqtyV=äCxߜBjNLl(djg Ġ/WXO `N7i˙$S]$n;nn :>i 9_;D>TD7GUM18q@K ەbBΛ TѴu 'yk&I ._DBA%jÝ ࣞƀ2kfp*3Lg1=As=C9P'' Bl3*)6}8TcFJf]/=z4Z[R*23PymEAη̡1Ktʟ:%S #`ݡ_k16f8AׯE`er&<>YN\5E{Rwd,=DZWEX^;iC\-S0lTNz}zdphCjt2^(Ȱg&@L`"/J=yblaCsk͠;0b3J/e\8 ǖ dU=mh-m/dWzl^ԮzZ]»\m87*\罋B?+R*t|OW XRuޣy? L!w.nѶns~[e(!tvc6J?uyXQ<3HZ(r(4Q W[dr}?뺉N](V^/mK OY HTk1_xIh)`@ߝ3"fgn Ӹf"z[gv VJQ%^?#͝Ox¼qfGY4@NDࣱ&{.KE Knďl (YPӧVRQC'"4[uumf@h,K.m0ve W}R&.ɿvqFDĜ֛Ž)"ҫn>^mFщ^y1]Do`R n^šq«, !l6uMϿay Z y>e8?qz 9z+$JļirX➴a]"<zVvzLס,-}qغQ x%w&@Ӆ_oޓ {qp%`;e]3ݜDA.֊>3`ݎ#XV (Hѡyup^|İ {'`*hEU+mJqx">O -'&T>7{MW!6EЊ}f P4xP'VvYܼftPM;u괁>l;YSo8Jv(fJӑT&m 2['t.%vW}/J cbnڰ/mbU;7mGuRTRSKuw s\=ζJ {335g{?fg6i#e͚G)Nb<Dz~-ۮYے)z"Np #]HjJ2! \&y0.MV1z0RSCJ|E  Ob@D_u^=3Hʡ7(|)㶧*Q(Q̼,l>m#6=bzr'?`_. )ř0M-=-a ^ вl`mǦ̯O7 .0VcI.qw0?>t-!G_J,݀ b@a_ ?xt/| nx咶` @_)(sSV5ڷֿtQ}n%.v QhwI|*Jc6iofa4 0`%[}NkL)̌Uiu]U].*d|fp :i[Wl͗\l쮑~ɮEހ'^ҙ` xvnE31hR9Y(]({uK 2 )q/!k)ήk<¥CB{.eKW8<,4P3Ub9q2 ) p 7Q"Нz "wA A:1i U26 rVC89 aC80jARR8z,V,˹2;i҂0vTTSF>M,PtpE# +0',W|MJӼq `BS#X&7"A:r]"}J[Tfr$#,9.oO_vp{Nvwrv؆ҍJǀu/q6^$++/G@Hzl=M>ĒœhY!^@G'{Fs/ I5yd;b& ^Jx?cfQB/qKѹiRhGTݽ K4;wԱCfϛ? c Us5?#Jz,kQ`Y>O|:LtTΧDJ:b]"5k(hk,7N "%&8%;;UT8e$ƿl`zs~D5/;@%GsFx53HOA01!2>oa".jmֹ>ùuTȖ-Лh]M4?mK5Wg5%Uh:>faXZ zx/DEAii-: Ǜ> Bƀ/I%9Z0sF^.3(~cy^$xphvS]:1*) BD!7ϭt,c٪[iDXP O9TX?MMN6qmY{KoGx඿f2"E8$,μ,]PʼؾsκB?1q>jsnOɤ?7vXy 27%>&cSF5e̪}؎*ᰖiOߊj/zGD7Wgt 9`PQRY4u}&H*)/U& R`UP1BV*˝% +;y䜊>7ِ=գ'#[jSri cre]"QUbM"0l#?}m:MΞ)tR㜢ZK=xg2^\Œ\D&@ ܎7!+hZ>[M D#P bn8jP7fژ1+.w 8s/oX]^\{h.,TjFZI+"JO_G-Ð!w8 .;i|S7ySt'㔆 |I]MRE l*ջb)Y;RٱIDƹ 8~惮*ƛKv6 AZF#EeP |>{FklZi f'!Bm7o-1lA ˞8˻9zXՅqDAVf0ήp$) +QJCH(rqդrjrOAjr_{_7)LHץFN;׻#![gMhLQu9^`.Qʨ4eD`QH*hVDG>ţeפOgо`un-^`aa{t[} B!ցrو(K=#t=̩zl.:>f)v'[|h:[>FU!*.ⲕ#D-]yvIޡbV8Fc⭱[,s2(Q2_CZs RdAvE|Wkb 1,s.J^㞬Yk7՛;-`c>:dj~C^PgT$)-^ (I9Fd8߬8g A7ĦML "S7hD@?i7:BungX58pF)0#&;, bbyZHz!G*K"lpt$ LV,RJsOX l1.(Jby' 5 3VzޤcTho.K_ㇿI3øT=re>NRMN0;Vw2Ƙ^妃*.KFG{X6_U4  ߺ0JDUǬS4zPrFPlvLOpٷe,(ۣ0\|SjnKyH¦3V8bXjdZe( E` I0uhx21 o0<~ڂ\wk` W >vk@lD|#UD@~Yԏf|Or>.y:Լ!u-)~ Tfz`J͑/ܰ}<ͫLALX cT c Gf6!@[GzeGD=ῗB;@꣤.8370,vжs']BD=^w)P;];Vᮨv½c~8vfs\|/6 j[дCnyI5$yQGcChsaUPJ>&wлlx+?]o`ҷG/dNﻹӀݠyfj#Fۦ+֚έl4!]EOj7W$om~aR,p:`bzsCHU; WbЄ|֒(ӛ\[au ]WHY -a& v \q޵);Kav?=3^ᔼ?8DiAڢ4Y=\HK(m>vHhEXyǠ|0q˯_F .Ӧ 0nK0ШgTB ̶RnpqG0ց ~c 5]4|s!5onŰ",ۏ BMIxGR lǒ؏PDk:Cc}_}1bHϨcMYY$$soPljK4'=R"(˳s~ $^Qzhp;1Ӆ@E%k&غ4Xǖ;2U ,Dq []N`=t5ruM4XY#0/X6&]Q|xėPॢ: p;Ce_RIo#9e <Ahk& Y&l$TUt%,xypimA"_y3QoX9r}E)&1xص_v~jP@ PԅԘM!ǕppwissyHKj_65vA&]dgpR@o:ۺѻdl3\>>Z5?pDO03;ժsi.o]4OK_4 }#x-J[~6U4ʅP@PN.]qQrkpxJP<'@U.~l#Ѐդ=&^x|TC&>'be^O;cLHd]1Hq$(^p1QݫM `d<\?̎mم6@thuxia<$M.,j_7tŜ 6c%,sm_#,?8 ؈mӴuv_=tJNB~}b^Ω<¿4Tx5t3HT x ZHߴNi=b n4gb:BF#q#:z<?nZU@`IpkV GuEJQMI'ӿ}~-IkOY0-f&U |v7 88P]>z-Z`, tu߻I/y{2!_2aW<1 sL 9gN6^{dŪr:ZT%'n='fq$>iX8@0ّ5d s:a]}f~ض"z7ɚq^W/O-eA)t#ۜܕ^ V|-4DtDH]C ӛCrcÑ*Mf:3׳U2= .~x!$ |XT?\YKu3mT 4h\P6* x/mG{VNN1=2*~W8{ѱT bh0KϪ_'\ kZXȞQymYɬ1.~=g6d5Vq{jf?ш#rVkLdg*SoAhpLohBv(izh,wcZp_7|}0rv&0  0?kbgq ,< '=y퓞:7#V3Ї2, f5\Zp%oFSBelQmx\d$`v ~ݣ3 X 6 ,HM7R:PfČ=ʗD'v( oaH1ĝEt,XCs)̀Vq_o21s=TIӥ..*q!s Ue>!ʴ82 kyb7Kmਞukxݯ *:GVb<`ȮhPXGiԔ&Zmf3Έ<1{w hQ ]x# "Rp9PqOB3OPH|_N4zQc@vuh LΓDR} ΑȅC/%xb=ÑNP_S$0S9]?nAqs"9-c2 ojUhXB"'t’` FnԘC˒ LЃl=1FJ:seykG_zbygAJ ,hr:nď<紴F/~M"0_7rA`u.(]X[&V4/Y6q1wKAi~:=י׳.V^ @1X^$]|vqxApʢ A^{@| i ~]0ϿP$U O;D&='We(TE2p BD:F%r!q"So?¸S,.tr/.N_'h~'a !, n٠Lۘ,>gh1?!dH%eq ՙbTvEBqhZ6VT Fh_rG-7KgζCz/q+q`K:'觜'[ s1;aˉ5k{y(ҾZg$.r #l}R#%@$i"9Tٕ !>Pk6ݨh fۥUùc?cRZ>Yx0a6Al~!6b~դ0UT"ܣE&+-s'BA~=7!]9z}hM)X+  %ezjK:3Fm9 f7 oLGFdblh<,6!z<w= BZX8sVvqfV 7zBDa;)Ζ|r3Q}'jKErD59R %ĭp춪YlW3]c<3rn 6sD* Of4f#,r[U{W2[%*nM vH;2AtQ*ܳ lZU*3FG:?%yq"cDPW3#2mg%;-\ތQ[SzFd,gL[~]h9K]{b}}\Uo}H GpB[ =?Rs9AGZ*+]@ȥv 83MX0u ~cYҞ瀁D/| 4Bo{/$dI<)/̸M^^`΀ lvH`+đ^1h&@fɀ)([gHdggkЛ)GhAglMf]ڹEEދtъAm5T b{[M []hn$MqsO@wftԌB)}!'3!\82af9R22|[l%-1œ#ٜd>7G ßYi[?4F&v=2` )=wB@n?)2LyPZV(cq+6@&e- C*[C$5&k嗧àLBޤQ8WL[$ϘԚ^J'1PuA8<C4Fܲ,pZLFV ~)%sM-pV袢P2zg}~(圖QbCR5-}*r'yI4xҪAܵwFfyMCVoY5<_[KCJ{@sYq4#:'Ԗf(#-#OOFKңZ.W䵕w[ew{m5H_}̉mKHCd!~7v}B[mZM+& p? /bKR/$,*a&WO~]taxGCL8X)_kJkEl-* i z^+/y2ZdD-o , it 'do>=l6 }Wre@R'q {Tٷ$W7Y>\vX8"#rܾYM'uA.H@'|+`~,!èɭY#bӥ۫8@<4D&5YqGH0$ Iljg °6;;& T:i\ K!8ni)!Ȇ!z@b>Jmg$ L{3[2/2YTbZN=I ⹖:ucݪrwF̖ 藅I|Xu}ԔW<,G>1q TCI Ie }J_2Ύ P~쾼Fȿز`?Vmhah}٥t92y݅]ΈxJ@.+P.nG90O=,D誉kDc8.o'A=,RWF6:tbqYca'{\b\ӚW/aJrh0XηDde_" OVϴppEf] WZݟT\>GgZqR6j#7.#zs46<^;g|wdb<x1\SڬNR%#9a" h>m+W򊠠Q{"N* AҔbycAQi4y.K>6w^j"F&q>4]1ql@w@1ߣƟaY z>N4KD8Y^Q[6iRqkZ.O'Aob<41}oB0ջbz?^B.1\1Aw߆k?@*1CvH2%E qg'6(L~|g3"cEjlfc*om0RTUL4j2%쀝oZA,Zh)>c֤J?94Y݋ !ZX^(2TERشPd-ZF dw+׶7ʥ] Ub͇K p)S[jsfbT 5Rv<ˏsKLTɳ2IP,o?Ȗj*7\qw=Ar7C(h:Hqzk.޿W=ዙոCЬi'kVM0p^tr Fk|'<2CډF|ɸ{:!WL݋XL2_ܤed:Z/r bz {WccעT_9|M 0[sNS:SM9+:2/w̄ˡQ=HOr,(ʄ yYg DX 5!ޖ_lqviː!}y^ؖae" 9 V@1۞xxƭ*s) _Od_--|I^F[kIEm3Az^}KK&kWnMt/bVo<E$u"v=ٮp vaRv{F)JyVf}L\K8ÓL m=uM M[1ͳk d2e#<3Q;nl )>Sz/wIpAUk7<FQ6g8XVsqi0cL?ıSoB,s>}iYW ak 4i=oGD??X>vknGDB߿O'v&1\DU՞] |.{ԓ'w,o 5a:/opKi>4gm-OW䜶m,dI4 /JrN nj11h C?![81hN I?seczSar ?1]OXk~sF^}z\Y(Թ?Iw֒itfJƈu]"!LB:M|j^MWbK4Χ_:.z,mLEF]^@K'uRp#* $ԇuQ圎g$ VIǒkz'.yCn8 qؗ.`$ LMi(kz⼑O>>'Ԕn㰈mĥ+{*Y_ ZՎb,*V#[c_1T5nȤiZN8Bo:ƸtS\7'ܼIPيAh OkY?Ú="\]QiGn{lom% qƘϸ,@ b73þqt;y24BNҝ^1i » I,d5&a@;0B`Tͨ$R`>Sdϝao\fCT<u jpQT@"9T]jh6M 1.1V&_nfظ'װ ̿2;hѴ :#C➨QC>.~j9ܼ`A!w|$W8: 7|~n(J_eK!p8Q'XϢ2?g#Σ<8(NؼOl5H)!"Z7d@ӄP-1P~ӹ@è 7_ ?2@aʋ7fkq&޵٫~\1 &X?#"/" (s k YA@e1ԀOmP u<5P2;O჋sOC^.yF I=tAsL݁e{5L| X+afL605m`e}Qz"90#'W]P@ N2m $>d8$o 0Kkvt RxA4QaHbdn]f` >?ں=* 92ʣ:Ăt=hc3L{[\Ҩ̜WJӄ]!-c{q0z4lT7( 7@=,&X%"TF1i/ɗ65:Wh[-74F8tö9sI-i0U9gfc({ ~DcohQ)l[l]@H`2kWNMY ZLev ?h'EMi0ձiQ44b?-傻j`.no@GWdoC eLS"n@b:<7GZux0{6O$][Q3e#<]\[pakScbTdGJUS T/g~ڽCT՗cHN i#IH*z3/D8}^gxxε.ײUA+CXDtcauX[b9㣑sX*53U!( RL/@cX|Q>~>!ۇ#{5e"\9:x dɉlj}]78|9yK'Wu#AdƋޫ6AGFzjT/$7-jֱQҲZ5d< lޗ@>NOwPn;p]17U &ntp=AYzGRʷf< hܠOou`uYtK||+eёJ#.ҳ2A}&2Ζsu˜.2O׉Nːe=bI=¯ .~*P t6Z"UU2䳪NA1ZFPg?>\~|IŞYXtE/wR \?|jUA>y,e͏H9p/;#[;1rQ߮_:I76p{㩞!PeED]8S#eDWHk½Nj3Lj7{ǎdZ-u6eiV O0=r j-w=|S՟9ǭk :M]$!Zz(e4$}v 3!Dwg85 cC'+͈= X2=y GYu?~T"CT:,Ylh I(N0Ґ{wR\[+1;` B-۱*>`}*%TK~8puފ:%яh1rԹj%K]^!t{&A{b&B7]&@QzYEiq8Xox'xk`m 8%S]An{^'7F^C*ړg6-jF6h>0m{4 d-bBb>x|@T@Wjb‚ OQRc4nǦtmiӎ:*jm"G r賁eM+ؙb%ڸMMT~lP`odq7G4lUw($DZhA1F*UOPN;&XV%f?Lżդ2ʻ3$ǮI!mߕt.% x|}QpRob/;N˓ &Rkx4>}mMN)̙q"Z8̀fF4,Aid )y[$8R,$X@RR"5w[nDd[zi H,|󪝬C@9]0z_D;v~*/X{y}|s.$CrDTL@xFXW/5Yr@req %c<$g%צOG/HljMϭ_n(YUy<ڛtOj r7}^n>gchS(P1F ܵgQlͼZv,D6t$ՑbDCp/>gb;S}D-~Ƥ I-XYނ^$>`@uBܕaċl0Icc޶q[ $1Jؕ%"?]<;Vc*J's`^tXEj P}m#&;+ƗTtO,HsdTԞ+n6GxUh;R{ً45ʹDʀqܘ9ئ=Rd_xo>]ñca84L* 6d(=l'Ϗd$٬w+υድ-3&/%"l/"VZJ_WDcӖtN6_V$ܱ ^m351),zKNaE.O,ܘ6B3;z[+FfbAѠXĭ7ym+1vy#ǁ\#V?=%Wkh왡^M5}q=tz.̥ frQ$uon^q嫪sBj3~OF$\ɤ""eو%8J?살uIp,-Q?|" kC~ *sb!:$0^{oX@܃>4!lDNj=U #\/ndRqF 7r^\䳮+Gf-L4BgvDf OAٔQ(O;YZ(IS0#־lxwڵ Pf4OԡOG $;<-Q< CC=K hēS4i}~n69wÂaIC #*,? 9@{P`喳}.A@">c繹V+,d2+@P>̈́n^?Ǒ~.(%|뀱(Uߝ9%f;[m H W9hKD2Hlq\~7fuf͚)[Cx4X"}62:(oE qFcNc &͐S>+*M=w2 5v04$Q&{H _܄uV:'C'  עr3ʻ|tkLjY R3 k@੺GstYd:?&Q.Ho`Vl vݢ(hӑ-HĈA[ ze0@#ER o\")W3ޝFBjSx,]a ǚ(SRdm?vJg] Ak+Q4c0S.G;\[pp|NSk%YB kEqGA؋][Y+ 67$AGY%?y9/P]ΥqPXbZ$zZEwE[jČ X7,AѕIBƫ-e93SX I.ԪvUB.J(wU&P- #?*&qۍCxn< 58p͹Qi;̅=m*Uc  i~:35 {梱<'0ϛM:O: K7z7ƽ)TA&yeQ+k!'9k!Jw+L;1sWMNS45B572(e~[ƿVT keEtm'0SVB3_r-ivncWSiKN+zqS4DqJ~`Kh"Z BK@ ~ˆt PE'ToМ.ؐFC;# fe|]}qFFgwBFm;@@Vgm/'eP{A`nN݆u$زy )SqrV"n[3ϸj~$@EQ!JҗX[\"jƱ~_Cj133i55 ɥ$A)!}, @Y]YrPOjV08 ˔KݘAV! EzCZZ/f$ V;JfU^uT\9*XrHDf?oL[! z1C,]E%4kP)Zw)QhipZ6f)縼5WKzfC a_$,"ZĔX"cJ7K7/q~  Ө~j*_ܱ)\Vp7_+> R^SQ4jnI:aqҲ8BPjc@P֠9섹$39<C$?Ǯ|cEu''E/ U#YQ{M;nVlkGx!W=U2x?Տ2z+D=MkK-" N'8r)R|ΦI hbfp*Ҿ~9ӸG'^ K}^~ fmxG6JBn<EE4to=,?<%H?zpݢ/v@7pJ_ٻSxسL)FlCIGWi~Bb_,8]Aļ-XµJ*'(Ა5%{`E-0//nj.XZH!]\I*+k{`.4 w)|:L&DcpfɊ/Ml3˾G̽ TW\ot6 D}AL;0C1 iL{R8 ynoFxT#7uOU"+ Qx峚Dԋ}kY9/{R #R?C =-R@8$T%6d@FĔG-+ddn+.VZdkor1Sr!4}Y az;Z)BrY~o k3]a F/l - Jb[qRGwf5=?Xdͪ ]bM 3Af )@׫/g=w9uc0ʟڳkW6 df"f)z2[\ws 掝hܴSpQY!KW( \ ڝ •mSUvr=G&AZ0ps0ޘ #3sU>SM > #|NKn}}!p:.(دEFFxP\KzˡR#9HdGXw_eA0'n0T%ǀ4*9%p?eRk N|KL]M@p4 `=KaJ.I1.+\bT'6M,#4tZ8R\TQa|g.pdW_KWqhקkߌitT0y˜# H=_9v5_J;#_G kM-H\6,exepC.r`Eˉ(d$ďcz4T_ vKb=P~оLF`ǽOCG-pIx bo Hn!9:šЛW[J=w 8ݿ#zOHT.{^i<.y*%\ rrL(W$I#x, E~+\DNU*Fpȩ':䃾N b]j:O@ָ1+&Ytgaf F9{=PgApg,"L< >T?x/<֊\8i!P%=Ɬh!\wC*HhX`'|h:V1(wF}K4J:>Zi) E}T 9x猄/z\OI2{ʚO1Kϵ&]Oj0h1-6.nHz{LY W*9GpZW(TibҨY_>4Y{ğhtVx|&_>ƩRߝ'$&2;s`e|xCqGkGU9/'(ԘB7tGtTrSÄ0|\RV#Sdl%kMjxZnkU販:a̋aL̤=ɗ(IA[}q/4hd jSVZ!rP=!E[ގtM h;"e_)>g_*ށ(gBӟ#Gn\sRLâby/T9)2<vQ9gpy~B5272dtL75ĵz^E&m#d!7Qaxw64Xv %CZx.mup0A J8xQw} m=YBwTo\ #85^Wz‗eB&.M9uyC#m4`5rbqS@vUSmq~mݼnZE%4k@5$wyfhTQwd1SC՟C1Bv^ΣxLUĿ?{Kz8WhLO ϪTWg鉵߶ * ݛilF|+$cy\˘{4iW#[SCL@d wJ*see{(Q1Sw|~9IYoa +{#*4\]icI9Q1H紙`tpk&%&f% m%EZ? !6Kf2w 3ol[`XnZ"c=/mT彦?`d Q`!X^ZWu\"g՞vG'z|ߞ:)|ӯ>/=xn=ezo#rWOĻ K&0ftci^MD:6ʄ4 5S٧c9֘*xK J`Q7V$٥1K'e})?$FOd&*xdFІd\F;06X7fF99"΂hRQIYc:Rv)[X\?_Ěb(#OPiRƝأ)$ćϰ(!Rev@{ù0,Ϟ :*3 A قXdݑq}ۂhG*V %"Aа%͠}%~0Z'2j9 +#Q츒ҚK&'u㒄!xa Wd{ekAh]EdCg落ft>q][鱟O8Q뒎tuBVl)fHr0 W`-qж"`{K: -J(*]1`;jp/j?J3=wr8 -0' N.PB$c~ゃ[Vռ"L}\AIXx«ee3Jiry-'ňj}-P-Ʋ| @w'pY:vJ +CGfms@lytt:97ARu֠D1=s_Wu|4OXȯ`E>ٶsmP  %B/XºhHU62HŒւ#YqOizSMM.ν}:"PUe}ID=a`Bp"<l@c !^XgBi_B\~ AD ^(^;0YML7~Z!9l)c'Ԇ+`2x 庥0l0V:%#ܱzve=eŧ3@͈~t/{S4V;)|5!2X$?w3#_ Pu'Y‚lH΂5B&iYVp˰\dSc2omH twvDv: aּ*!KR'fWU (3 !H@mjxe=ص =K.mt>ӊWuҭ]ahBמҚ!b%:b\Ad5z(d s)rCdT FNDSٕj [ n!>i r# *#!*nj2$i#蘺5`YiY*|4mj'iI[@Vg|2JbQ'*>יHEÃkZa۪+_ylzsCK 'ʜKkBk'j^6d[R(WL<Gþ&F.Bb<%@3'pH?P.C*Fй@aſ/9J-i }Xhϻ9HDG@.&,\Mc'gR|?.<;A$K;[?XH3Yeb;sHڕ6BbDqu}UFo=0K4Wdc3NҀZB !HhS&ƭW*TLI8P|o)&FMyRE?{Z>Bfe"hO܃˥Z|}HRjb!&I=o1?}QU輕,y2ͼRL)ՕFq{CEqJܬ|2ף-+'|%ѵOz[(v>'U%䘠_+>k+8\eљ|?RFyx9>pPţnxr1P/_) ZbT\heҠa.+m8R;,l*Y<}DW4E]r /;s̮t nIn`ntpXn~vΗ:$L縈:0H GV_lioH'$s8qQۿz3(~jŔ%Zm=%CďeI5VljTxcUPtӹP}pR;Wd#x ,~oHBUtNCn\{(ýVz|g1gg?Y-BMy0coV8~D4P¿(&"μ񍨈w]9ͻr . VgqO$[;oȴ K08> wiwOv9w&( W!ϩ%h)!Ņ4 2^s8qk (cX3|#%pI~298wRyyKi}KH cQm)09}\!%`C4}*GCĨ3kLy%C =úgVA70c,'WM=|5Se$Lu"$gӋټw5cM|;_ %"T evr4JQGٵdNF: 24EA}JHUL8:o][QέLY6[ލpitn`8 hO:y͖}r'n°vP'@hhүRڹVe­jb6,Z% 8p^{hz0i )F@C:%qtا,WFq.X:w2nEZMTprTzoa %ر-wYqliG{ƬT HqPrS*[Rq, E?nEIәrl%׻87nJSDy̆tJiLQϹpE$xvmq-id6RLkR9_ 4CC N u4n^%nv49?eYXlAq)^5 4'TQJX%ڍKK(2€\^ADž%GH[r_ 'CcɊYg@lS}"Gd1SU"w02^Q<7s-Չ<ק: \CNee|17@ w zvH*׋g3W*YQr _Z#Sf4C_G3bԆyJ 8ۘ19Ԟ7kp^W5/ ^V'n#)PgBK7AdKl_~L/ /e) \10B#ǻ1P\ٹE:M!p[F?fu̕9/?]xoi ;I2h"5v<7Aij+rD(.;@d!3,t1V@9K VjڲO/0ɽ"ޜ- e7 CTk.@>a@^HZylȕ͸/pGHY!5b\V&Fq_f ?=(LO.5,=`ja6o 3.Yvbfօlhu#jB,SuO\ؕ{žars Pn;TD\gŏ+>`3;Y28nt/&⌎ 'jȸl?eR׻T Up+l_07sokWKG-҂5 5_޸^2ˌ/&Mu \3{rxQ 3xV%2{3UKD[OReayڲ߻Ą7,#BBXQڃG ܝ,B=D@5r~\ :)dw_mq=\{F@\.]?./f113S]"N+('[|_1ԸD;YV0kDFNr#?#yYi|qhF>"IE7,Anj *a*q~Hʢ@d`KlkbˎWmBxiW]Ɍލ nK 8H[ٟBhѲ}Xqb@f"C7D |m 'Օ9n+x9:uR{&hZ1\kWJTuRrY%q]6P(ݱxGa$u KL';Y>/kHU|ATeKDx3eH `R]2=t+2'8'`EV/S;'F{kWq!"Rh͆O*a=Zdځ2D.> яZۘd-E/bGz `d~m|؇ I xCLFwNh"Hg[d,/j3@u \@ ld󈚊׹mhO{ Q>ƨZb8pƧΦٶb6)&T.r3aЙ&_ڹ8 \tFoQy Ο{̤hne}͓T5vwc&_WZ`'tf%s] 2dD%9ӤWd0Aq[1 ŰRgAYe~=I^(rY+ bgt >eKz/V޾C%UG"nox\EPk"0!x.ko Z W|Yc^O?RƘ`5$IF[?@s|Ϭ %E 4LK!|G]R ;55ʟh+w^[CMiQz6b}\@1?$Ieۛ-h[!&B&`Z+FZmdTu1toK׀I2 [ǰ݌DvԯdIjJ(K`o:S B3 , j #}*zrRE:3oI$WZUAe9Il0~JɕFSڂM/Kp:Ȍ%PiZ^Qr2֘{tBf1ˊXCuury%^OTaAzK4̐E.\̄4:0Ʉn昝Ũ|T;ũ׺n6502 [Z}ڎL(]NQz!M@ieK"HB?,u1"g=K^S32w2::_Amtym孫}Q2skQx<OiR)şʁгkKLJ'h9?ٵ Nuk0jޜl牌.#&|}vB:hȁt8*'(,3OU,A:=8nyub-cG d*6zpo!N}q?sZI t9_obrԟi9\;Bo٭|VɯUK*O:3G}Ra;@hsm1BJgH~pV;'*O0 v1fxT`苯~d"%b:!Eتa0p`x081 l!0pD+ 7o4@H ] IAk 81e?spȡmC\ !>ӧ4$I?pJ_-T=~ eN"W?F L/x=,o{ Y&zD񫅂{Cw lb7gp1S3h=#nU^hڔukVd^BT== &K͛+H,@(uWWř5@Y\Hٵ]DcC粂p7H3O4k /X`(?".v\Yʠߡ; ܬ>zd UԯhJ"^̌^Jj "Ig&VOhZ j4뭋3g0ϵuJ a'i꟎ {;Q<[}&1@6muNeD,S'l?fӞ*ezUl0H0dB_Uqs) d\gT,_p}?YfЌty8n˹[Yb4V9"N@~lsmP%4x8?f)oW E/ ƅ* וo҂{b]oQϽvςU6T")sK N 熴U  ΕL2UI)=709HO㋉Q5/OiW }$ :*r6Fᒋ-fOPI㱆qq,BGt^t$۾)l -9³@hḝ' ňMbmD67mhew%4Gd?{6Wn2;y94!!Q[j4^Li߄mzޕ˟ȅ KCIO!.IUd\zla0HhUpw]r75+,ohkݏ*io`YS){D/~|5Wzyu 'ϴΦXߐ4qJZ9.}s_Ӂz))D ݺ1Ynt -NW֍iOVCDko(}̗ ?9׋A|f{ uVQ/䧏jg>7F]XƩ>m47}%ːg/oDKn6Q“wk%.  E#f27AxNs fGqN3;Xp1^LBQm;*aSUTOf՚rDHw*FH/)9Ir>-LO<;-m[댦Եֿܶ5s$R<(ͫQy奌#Q:Axdp#YR(&_5)'N!~_#[;;6`VySW.DGra4T`lE< G;I4c2O)N(&J,-G >>EUOT]aĂ3$m_VİBU+ w\<@j;C.*hT$_bˋ{ [\hI\DZfeT]?Θ]LX\J \"N;η7"wsjk/.Cn,KJ![ƑzhA\oRZ}hºRF1h',fѧK!cI7ى}ebk]ӳWY4Yಷ!;馮勳ӌ)/2[4G\Hҧ]&$ vWN)qC B&2\ompP`ES4ikܽ-B~̉.0E&傈/RiX}I,O"T:؜WN݇){FŸ:ŖVjI/[ځ:L"W¤+e~"qTūMDO. a͏jĴо*x͂̾7Z@awBm_R0ZO[#obڽ3=Pr:mDrJHtboAW;  4/LN ^[NϾf7fV-*d\teMr$D|9F4JO'&T#6BRbЏ&Rx-Lq *]TjUI"(3iQʐOcd8s@R  ]K*1AY:ӏ ['5&wccghB Rz0Yj\Q'qa<_TbiYHH.'j.ΒSwgg)ԗg59n^l .[b[yr $vF|'Zg qՆJ ]>JBevfCgՂЃi;ޖftnE70qmxՠ4փo,h~yRh5_;|!dif #3:M6*?qN^.F-I ٘z/6XTj~Huj,n-։UdaJQtla+nmIZi|82/ CD_*>GVgYp.蹞XP?Jg/T1b'<0lVB`Gn 8= оE`_FD׶W(D3$$x0_76̀Li#]WYGCy򰹫g g&?`SF9zUgFNi?t/=2՗uRo'mCYfӑKI?^~Q;gUAL;t@%>vߤ/t8D?0ӘU&-WSAyR6"* ݇nUM>0[c;H`aAcMaiKiς}ExI*/qBrERJxyҧbFW:ԣVY%^ '|\J㖞TOwTEL6#qnJRgW̫{|ݻHy3w@B=o̬2 c*2W767膋OM%_7$מ=|'ޡl}F\7V$D5$ū#e lEJgN`ƶ?L\t^)f8943@?uRl 5׽bɮS0eU6q3ip;N-:9!V}AVY2֖RɫH{&Vzo3,Bz)µezz 5UOu,2a:NSvMAz@4=t ɘS? **ÿ#CʹFS 0|vKvp-ԛ0o&Zy r.Z78!`aH1]KNKUaZذtu)εX*^mxWH*sLC9A1)qy1 Ȃ . =Ф\)E5-h71i.*tX)/jzfz#ңe̓1DN&YSL MNƲGcc[r+G.V*>'-_}+lm0 ?rpԢtM].u+0w?@'E_)s~Aki'REI(~PacuiY$?n?Su }^]v֣.1XBp.-V@^o|#㑀].%v잲 mfL6Loc)vOwLGS 𰜩·.M|)kݱh[;Dh̍xX sI/22۴?RBV?7nK:0-T_]\ _zuW9ypԜNSS͕.'8"ɡx%υT6~b^`&z|N*בTjWd͒TГf^jղ9"'!9J?l )"Jb= ᝲ2Pθfld SԏPKP\&Gy Fײ|aσooB|s?u6?76_(SF(4rlUc?'e ,!Vx%OǨ'bm8D[qWd9sa^>؇Hiytۣvn$*v.#e P%D $oh݇epk ϗ*ǂ1J94T/uԭ8]䯭G;to'G7*2C5f&/~J}'d*N룭I?>xJa,7FwTjRWq3{w'i86Ե:^ &U׎ 3Eo'i#| 2a9r5(Ds#P]'s= >wR~>EaZFu{kj7Po%ϷlIy{&p8K.HxL*= to;vb)44\F6(6-SROIF PS07Y81znR+.f8%O]~Oằsрby^+QGyكGiDOkjLp,atO3Jz1pUY!1]"I6g˖,{i:|΢,Y/}&Mu@VqYɰ7Q:Ak%" UY$C-㪝qd{g=82PqU AͤSnkuTg9]S*J^98h6DazMkV A`R HpLpoyw+tte,"Bu RTgS>,Iu. Z%jKN2u}kw'pk.pΊ- 뽓qĢf\|Y!䜠cWpS!HUO ʐws ]Q8EwFSiBgF26*!2xK&2.skh ~#4Ё'Bt`AYF \oE^\En6 F|Ȁ݌>7Yhm0sNM^޹̘/5+D},'bRZX]8iT m# &y|չeA@eeܔ{Ԋk=nWcSJfG,+:2csZfEL['$?c2es~gX20ѐ zϚm`l4F笻.)]=/(HK8 Q{ ,AHW4ZHvCQVNNB@Ha\>. ߂$x4[EnW z{2Cz,g{&^J5r|dt\6jFޙhg9V(y_+ҕ-W@4]Z?{gWL7>ḁY:b8wiΨ𹻗&x<`2=W*yG~:N啿)sjA5J=Н|x7nӰE;"!b;Y uKOH> u$gPql(R=8pl:IzƑ'`>݌lU~0 ${88i #IKy)8$3[YH0,rGjuE'|X+zO9({pdlwEZ\3-SGp:g#pg$MO[bV"ϝ Qv1EeG@=7J㚈i0E\2Rp+#؏ 3}ɻW, ~tf$^ B,>>@ 5^Q$UItV*ո,{6?&FI`&&I{)f.,{̦P]1~LŚC9c*bRxB؋\"4+]eG\t̲}J+CQ?TH dt= kև/lk^* >s|<#׬GtC2 0vzBE$#}v8/RuA5M5 dx0LGξ*Л_C=6^yݜ6h );iW/D^:YJuT\Rq nl5ݲc?r(exNquJl2}i S'IZ;I"84:QG#AVqG~]Ñ'o&E$ NE.˱&p y`@5(Qˬ0gk}{Y!͜㡇>CxiK~%:(Oh*sa"P%X @FOKz `/ 4ӭ"dWP<ܭ *)Au 隶}3H}joB OP j5p7ˬ<:·C[VSUy9՗`#)f)9<KKAlx'/I&,U!;iA@DNeD~2a(eTI_әwȸ ›q ēe{RmF */P/۠(`]>|/tO;_SB0]D,0\aL<؟]\*I?BWc-g M>L30DNt~LzY5R*s#U|,dP\ ^XL(>=6Ut]}`嚟U;;7'ڂL&Y[B-$dzþ2}K$KH$Y=_8ţca{O|{֒bmAK8U0Ybf$C 'ȓ{[xbw%s~\{y85ـΒ覬!x+1 U@bwYhA&$s]LJA#arO~AK`݀$ sMp-c(A&l.QTO>IWWx¯U'=F Ao_W¶ |P1׮a.bcX^Mdک͆Wv6='R٨`G%U ZjӅ1ej@hlѤlTb40 `VS+hZJ:0p{{{be K;M؃laUo:DUtʌP]ҐKL˫ '$qa`wU$3E9Gֳ1KN`Ny,}% =:KX.SFU P.OL#HL2wR329lXGTSݘ]̒ eH8AC1|3N.R2wbk}ώG(րGsBbo`# 3@.4ӎ 3][r$=}|K-k$3ܸSIJ}$#dk8ۅ$ ITWaF ytvyqp8򤖜MvP}C=%ߙ"P+]9$o)&mZd#Fc#v {p'+vegaS)yU_usо`k.l0D)xhe rjtש˳'5a^i3ӓ+ &DyI DM) F5`*x͡&B=*qj/pߐkhuyV} gKR7Mc]};{@i.UTLzR"xS,bW]dtosL`1hcJ"WX[Sr u߄p:Nօ Bp}uU *5BA[BF`8,D)4xY/޵^a. ]HP4y_]?S* ݁'Td`ȈDp'>IKx?"G}W&$Wu"7 YJ psi)HN<VJhd'Fe_fJP T& /&9IT38z+q<,Copud? F`8De2#%%#tP(n?s3͏qp:[Ԙ;^G&"]~$i'|93Y &]9PV"T6lZ|o!۠=Dpœ !B 8h۷HjTGw8./轫4L"I{bV ),L~D]N6d5#s˲#Q1>fyDeE yl'ptÜ'?[b7pWKQzv:9v9;Tj4J*$HPk4v΃B>W_ڐE*U̻E->.[@u\,sY:6Wx bzp-TgvJ"Ūʼn7?Ǟ܅ <)%+s2?(=`JR3_Emzkpz?mSP)k!ލ8{ZS' J>rEe&r_!;'*F~&"J3! H{mvq iP_!vӹ"+@tv>`4Tpu{YL%prniZPC퐥qPw6^@@ F[ NdY?b|󍐱BT/(Vvv~g񚄾5A>z:v`S#Mv@=͞h1dhJY0trTf%A v]&,eu4{~0-\;0b#5}QԭXʕd/. ɛls8)68o9ƥt#t2J'ڕ{<} r1&H'CK~b @!aqxxH6=т? "GڛsFtvr0n:,iT]zcTkJSEH,J=`w4`O3! C1&~$^)RN/`tfOwvn(83#1j|̫q}An<؊&ksJ (T 0FTT;Sy.m/\^Ϋ #o HKbQ|DoYpѦJ ixJur"co;V@KE40x 27nSe'w'(>ogvƏzI5iRGpB?󟌽%>6k3X}G'[1I*]&PU=pzY&;D|J<ܾ^D&)/3HF3Rqd{Ь6DQnh"0uWHtNHe%uY=rŀrPFNx^YNNK&Y*{/hPե;dV̄Oi1v!8%+L(Vݤx}{һTƑG>0L됧kYXL߽[:~;y!ą>S){X+mQ2~yf/cmH"ͥѩ写7@srL#I~d9%:[Q:p 6%їJm@vn^p1ZAQt0qoMz~}~1A?Q%Y-wvCF;rvkYer]TPϑ@{JC'͘YӾ ]oA8uڨH2O+\FӦ7DQ~rUnT80Z QOZ2O;I.ӠlP%0 &Fx엋MNGֵJBT3?BݸnȾa+rd ]詪8vi+Edm/59QC:F=bˠ [M\u~ʈUM&J(S$`7TI~JI*pG=!\E&d:{'ܛO@UI+̥z)ȵ?#GgןRBN-\X2r ϰʇ~䆄-<%Bh}qi[}KC6Vt+uӋ8b@F_U׍צ|F'Wo$F3m<0QP&CJnڞQĒ'q>+O>ᒑ7qFgM3'g?]tͩ]͗3LUWz/*0Z´汔#ub!X1L3>pO!'t7ÌAo|EB߫u3 u<HlLƯۺh=@NODdQ7% )55ifx;8`[S+,}|dU^7ܶV̋s9Cf35*< 3bD< D=8d#4;" |]C-`eF.ԎFJR\p[QE%㦸!/x4.FBa/rQ.] 332UG4T?,%ff=QÇwѳQN^Y2h3moG"ؔ烁iT7 ྊ]q- 3D&;jHD@ڶi) 2 ;bڔXUB@1Wϫ{_0LEuCP  pE'3)?C,Ў#!|_!#BY7Eb_Uuf"h7 } Xg 5m '1H8aiԙ ^:;Dڗ@ݻ-\ڟ[0m]]mhˎ}6oNYO,a2O ~=~M>ktiR2܇n1* .|L i1=P)8rjK0Lu)6?*-MRtArjLS*bٹxޫ Kٺ&A~Ld#wݲd<%mŎEQU ÈdxXץD?oRj V$2,k9SX:Ⱦٴ1b.AQISz1v[7Kق'AV S~%XԓdSfDPcS8}'ܹj&ys_󉡵O=``]K2jf!md܇ѨAA:k\04_OU ؚ_j**"q$=dDBÝX$gM0F x* _Jߢ 2 3t`hTpۚㆠ1HkH#i"n1gP"]->~l3'[ *a,yi  i}>Y/Z6N8e1k*~ qPHiڽk3E%F"tK( Ӡ`}ŠC)@[׀kv6e^ɥ '1a{GeDE 94(l,:`XZL4PDh\E [js2)K [ǭubb;lO>cp(d:h2n&mU_lvZ.谖L3p2qR]swtqcKx"3[﹌#N+ G$ۉs٣e[GY9a<)B|Tm> 6h2FdQQJjg=k OO@Xx,  g:h穏Mg ,'bG 00[X0Xt4h-G2_ذ& b+h:%)5,bt0c; A21Q&]cFDLlmxI9TXtea]Zoޓ +NI?p9׽FzeRNd~سHJYrx+'!!ISx&–s #4 u22 j(QKq/F@FobW)9j?16ˮ5g0^'G;IqV;9ZYCGX,0}љz{W3ˁS\LCNζ+nR7jوG XaMeKnIQ^H B``o 0rJة/bq12i+{-;Dn)& Z8BMW+5o `4/V]gKts2Tcmuf%R"?&[N]hۓy[g`|N1֋Ӯ @WNǚ2rc3ҍVfTHHK |)DLL#Gg|?vQlږ'PmJZr\IQ}?>~XV֜];8k\4QQvGd`tA{ ZSQFK=A,Ng·`q2nH6<RB CUf/g _A͠my4x~\aʈ]e*lj>pAC|5zwEO==zvߊ4˜6G){7ΏݼeΧs?5bb|Vf[ ,}理[,]֤=%l§R=,'qI'`kg]'F <ߠqɕh!Z@=4)iM":7YH_ r0 fNE\u !x&`_xHbr_#lIՐ%}G2`yzpwS BN4_\SW܅ BCk$IEt"*55p# +sǟUJx#-#dCKv0CTB&6Fpp(:2O`ަN4wG9NxgŬUmn`^,OJfRox"VUYųJP3*Ifì\]&JV G[Hr}t;ʂX1f'kl\MG<l9O@匿n7Em/7i\ْ &lPف`jugx@'\rӬ|R!#8S)Q]0Qa N'z|#>BZ@aPn}2W Bh\ n*G iүf01|0et [C}Y/3o8PI=F{Bc1SG]5}z46͂ci GĜujBA9fe&`(h$ZEDn͸otӿ!Wy]1W(˭܁_fr2Nz!4H_ɤj H}\H)ͷ2-4q@,9ƹ6* R1ؗ6C<>65 tLa%vrNg /P]L&\lV. {dG݂gT2eJ%!dif,!Lٵ!$+#v?w4L{Q2-'lCM@?H{(Fr;u I.R񶱎Sd}9¤$zB5!˻~_6>ÒY+R偯& 6ۢB-v<3 [czZJ+36s+prb[O5U9x`A{1 PdIL_jZ!Y"W \v/_\x'`[.S_Pxd}6gx 3:}c"t6~E>y/Tq245z![iKXI0iIs 3 <ۆ!~g⵨:ez.w94Ay "=ƒFE}R:[ӓ:(CR+E|(i"X*^Nx9NRk ˓)'rH5X!(r3W#rlPEk efC>}(~y 򁵋~IzFH)8HZtEe%M1уFgL#Xs`V%\Bl9;6#baM+y ck8- [co:0UF˫5O$Aҁ t7r${u;2MogmW!yLQ!,G㭖)Siai?AG5ّǥT{߸i=7ݷ>ܝ[WQ_]oo[ ?{8 eG:vW,'/W@kw  #O~ؚh13)+^-ٽߞ0F#)CJm\" ڎ}B8yQO vt+×:Aٲњ!v]V 6O]M$a$ʩ]X ~dQc;2;hSw#2e J4V(wU^va w6[嵗 Y $6N55⼽Yy`KtBXa6#@FBmM AWZuM,`XZvXʽ /M˛г ~/TBAW+D۴!E%' _hJgw}$╊D*#"a!Q ?;{8#mc]&8a}JA Ǻ(a]aFj(itVb=3Z4 [v%3o|W<;![Y&(8WB#x3bY$du#==ې)`VD!O?hi -S+uUE}*Q﾿G4D-: uAkTʐ"߶ȂB)ۡ:gȤض݇z5۬K:%?xHFv$p殺9t5LqCAnϺN։>ա6pF}ÜLa *! pC+ {.БM^̒QC8`&z6Lhb: wԵ pHj/ճWȉ_"`2)M_qxdo釴)Mh~} o~]u:Ƿݭ$&tfW @iVsCAQMVR$h Px0Љ飆DJ[uU-hhPR\'6;QUաLQ"[V2BEpAct^2gQebIF#MnHK:W m5l+5CV$e Qΐ.L3"JGjrcRƮ- QnD&7< ^ܹ" )ھ`#yxT0`3է+px)նH6_J <>;r#0dZ3嘮f+>I^讀lk_8J2ﲑlrt$"lS q 1P'#2?`mib)_C!7)L<$w )c沁)vE?Ֆ>WOsԡ #(Ӳ/`j+XKS|rF5j(2d8I~Rr3}q8 uE&0 v@{2 uR+1h|J;QJr^('˧~I/Rޛ65]ӍϓD F7rhB܃ETq"m,[G;]]TRtZ>$(D*A6lڎSP#KcF+4:P|luIm[i6E R-i1G.BM[UF2v/q_).@3Jŭt {&?V%cLR. :H:)'lsȫ%F@U_~'sX3jZ[Y`jv+1k哔ƐZl?[ 'qI0:R+|V5wKNH1(25?)_mMlHÃ3v E:uM!S.ai~U\y?rg13ok%VPӇV*ԝ+ciQiyrߑ78$ *G?EbAG O>_n \pH%C jǹMJ96Q.cRy]|j}Z{wX֌~c_|$wF ss^s֯ԘfђU&I~Po:fq[DC!DDMz f$S1QZق&Vh"bZL.` gzQrAfj?[hIps@LZ7붭j!e LWھKW5TE'0dB!"[q7k]dҎ8$r̙j6"Y%%mzCMB/ Q$v!՘k˙0`4~aJN,'y[ݎbn4a:F? #J<>J[?8cOh.wh谿Ecm.DLd@H>Rgj{B J[}욫G;mp(8jЕe=wG1NJS5oY{y^\-jO"xPo)J"!0mkʧo5`״i0 q}_Jm;qϽna\A|Ed,eQZi G__iGT+w;}F]c3tMp0 \cN-@ E& 8ivPL/А(fKv0Vz[Wry FɄ"_ۛ&VQւbSЕ VS@DF3QGՎFd36=Q{u5_}ju~`\H1597>:AtX4_`5=XsΈ$1lP H9As9]X<p@`h4Vf9Fg>Z?QvG|R46+Y,5N0$P[A1&g5 ?\losA'mEx("t$KfhʈbIZe3ɸb#-*> r"^ْT[ޥbM!r,GD',(SćƯ2,M ӟUU@>«ɽ\`tV&/댯| t=$Ui%ltQqߍ%ܓxj 򫁱#A Y,ﺇ^^:h]M4+26]T(WvNqsƮfނ'' \kvJ*k݁ 暄5 OPcM~]sTt?mf'JyRT-?]UD_%l Oi`GTqdc̣Wh#%ר?x級tnTQQ[~Ew7J}nٕGͱ^]_ډ:צtG`zDөm\\o)"R:Q!ԘI)72h-{,/r/"UG qFKuR ]7<t](Veq r>DvVgH5jdLcƸ=Jab.ejYڱGnוCo]G7q<'چy= PAe&Ϸm4)`S21+h(Zh{/s~*ٸW>ezɆRzB "tqU yJ!㹣L@}67X 5I0Qf|$=Et?%+BBpk2*_Krxn^(VO z~v!% aT3}\~4Z/46~w_!O;t t?x)jdb{ llܨϺ<ݖ,6ҿ&_صǏ)|19DWg ߷3lȴA*;H'+ߚ˭Y; m94YN%' "/۴Ǵjy Ď6O穓Y<+Ox;h7aqE-#,mᤜiI>zY,N4Q(\b/Ab3o)0QViŘ.blZ(z.k¬nQq-%P!}ioc#{є&@J똁bm?tq 'D4M?"Eڽө! O])ܗ X.)B(9!m]^: "-טR7ddJE;.C߶>Z zSSzݿߊAd&R(6g7mM$MXx1y3@<.hsT>)%E4@(sagb==oE:D1|ybP+1ّD]K`giF }Uj)SachHոUT%X$4($ɤ27@_( f?0LhkꭩqWdD؜xfo ]S@$hTPm9a~R"`u*q`VcPo/eK*xL>U%(|UN[$$jưZ$_;(?jM>-GQErQr ±2θ}ʇ ^-Wj d x :8Y0Npf1s=s`(dEm&49IT ͷj!5V%"y"!dJ-ԒQq恝0n MQ5[Qr=5ܮx^3?ű Xȫe%@nK8zPb8 (")gX[P둄|s׃-T=(Y UÎO@^bayz};B%.'Ç/dA΢PϻgݵpZJON ^:S(\iВ)aq4$Xշ{+*1#@17U)S="魬BBHxqXC-6)BI]agkKقY0i,B=S%O$0Q#eFUO`A|>(&eVxU:-?QTxH?&IIsQZ4\`Eam3Xp^UqY@+70YUg =X`wwF7{'w_ eqP$@QZo]BU߆[ffN+6;En[xM8 .L;|NrL tӈʺ]CbfIʆ=,^W.r}ǩ@! ӻwF:`z\;{K>?Ol&|kЦj-\ J tZ %ƀ}JؗIK촵ܭ Yhµ5|#Y@}[Z'8̳ȩi[}r0Ɋ^p2>xz"}Fhk=I`& 1*_w`_C;(ı>$z٧XwId)|ÎU8֒z5Rh78뢎>|0PLYTD5^qB?ݫRWO ZG jꆫ5b+,т:u&{)!s콥\7f TUsjr[x@OJz T&aAxy߀?B}4ǧ侇t]ZT] !溱ף^՘v7b[T #HN2,-fđ_Pwr|j/s5~ 'ktYQ a/Z 9=Ӳ! LX%-١JWMu =tUd.=)J?_FP S{\#)ldFpq-4[BB:4Tgɲ _RZHHE9oΰn|>:**/mO=0Go  & !Xι '%l8TLս ڣōxc#p|@2R%_=週Q,K&,r΢{i`/Jkc5Amchv(Oe;9pvs4Z6q;mA mq^.?NR9ahW0"kW%i޸ҲtTN;퐅&L)Y a@CTCo-ֲ&(XN(=,`$n m>jˮnFu9 RSI7Sh6M'$Q)}z=x% [24-!"(cY˯}{n\J泷rkbq+qZm.xT`ͳV1ۑy<ף!ta%y~]!C[ K- dGx>*lŌ{h89J\D;;v_zXu^ ϣexZJEv$}x#$[ɌA[U>xgk_EF]jCQ&M@޼{`[*ٜC_K{^=_8$_8/DeFXEt$)T見"{|ye0Q=d/VQwh5*)MGcuIFHk ?jb69;L[=9uEqRӌ,򼫐Y]a~.U܏9_ε&L M4 tmYwTj({&ل=wˬ%, ڀ.O.)_yU2Yi( /ӷjiJ1d轤0]snބwZjpfa܌#3j₏l NW{ʹimNf껥 z%4MZb{J' w+[0n 7IU76Ţscl`!gm1\S~}8[ …rh|Oxn j'YHM^glhk}(/I/oy-QbfD}uK8Pddu[hB)0g>psmmTjd;|1[Tk ҶUp Q ׈aF ŞЇ=՛V_J]^Fs: Qljǃ3hރ2cwt#w;ԸINn(;j !*δxlkiO9F UFx9lc#IYvMikq6TR* pc"?@Z7?:фY#ĴIn(Fy~kL[bJ>3iu0');upc=qJi|ړ!+O 7bQU+8ik`i[<.eSu鮇[fzs=zѬ{_'][6Du c؎A+{Љ~ D6?0e~$E{_?${pJB*IʌnEh*"*9_;- &Yt7k.i' IUhݹYb7m?7٭:;󵄄0 WBt|τ -/dCPz{Üõ~U, r熕4F ~~>&9ăw5ѭhN#WtO ~tޥ750 F:xm!mY/$ EId"#{ZJ^ͻ4ۓ.T-co: ©p6m?UvM_O@;ݔ?=R}H|*i+g !TPw|&YŴ#E 3eO}@*_:ӟS۠xVfL9Eܹ׶|ZЗ_Y=\o׉G9ĥcyl]m HU=RWcZYʨ ՠ@v%M+?wװM}# )x`J޷ ڻZ|VJ8X!뛈KQs.*ͬ2.`)w< G[?Q`^ZA_ew~ӽc"_1kY+ ~H1内F9V(BYSq_|.ebP"+V?szT,u?JGN dk8_*ϋj,+z(!1>~-juH+~Jaꊞcdŷd>|xCi4~~9bq30 =sk~'aL,/7*xCt-?\xJT }M0zM;bRa|Ǘ?r%sի[XlUofSGмg2B8*I"]_8f@@o캆i{* VkqiOzqT?" ffvI&JFݳ}O-4yֳugbJf˹☁ nY"KB?}~I=.2vTv~;&UE̠( ^T'ѹŐv.oUXc(%c<:| _2UԘس=,ݚ2@v+&V/u.y~gt@X,u_KX6oqlJwtsz]:pU=xoF 8ʐAn؃.E͍Dssӊp˳TLZ=3,N%"ƒWrƚzm\oŔHq$p7YU*(jsɶvpY#ag ߾_~l:Wѿ8FxTrOM9ʖ[Cj"cQdi{SPR}Yx,p־L-0w/wܚ~X 쎑ɭ\5gdjTMaIJ{d%A})mw aG4=ڕR&sö,L9J$\b T6yj aHۜc| IzE.֖ZALF+0sSO˾'WqTJN5ɕ +L(BH;F~؝/96>Bo]j3M$Pd!z b_tKCPQ:<Ub?+^ \<y<h'c.ƒb1yF$Z05#TZݰ[]19jKb,Ξn-f ޽641my_%0I#.OkI}pvSJP>V" 7*|/ 5؉,n`L%}.cyhZ8L^ɰ ]~g^!}7K<8") dWʼYr.,2^1x<+dwv*.IO.5b)y4Wly4ӝ̖826u+{|-+V](|†C=qo\Ǵt N, x";^usѨP:"+8[b#SQl~#s`u)~T&Pb4B['xjoޛkᄗ7EyxчA *BTj 8[*WMHJ]>:2KO<`ۻu6KC,UM]6Ff KE&q Qd{6U { AX $*(Og)O x "<{1jhFưynvNZͯ>ʣgNk M D E d{X?`Il.s藡/ɓIxVg\` &/qi}#%Myw_HqxKc.u[:A`2m{Vpư"ѲӄYx.CeDŽwĤrNw 縿DN μƹB@F `H mf&a)W*hYqI2A # W[^kU撾* ;sp9W]wuAASV)ی!Xך$FfX{sHnSf#,j<\e$< B v/^`U||lFE ,ݖ!)Oi{h*8:̇yaDWA#q{[nڐd/)'\E鰫oA}!0Dk{-Ue\)Yu( <0תG."lӤ#MQ]#[ia#iǩ= s>)׍JL]Ghmb2ż͖%^ X Ϡ8{WY*jB=;N) 4h#3z5}.@]}. e|MI $,[ I7#_0̉W UITڇ%פN0Aom[_\R*߫ĵFRJ#Kb0^4%NQ >d`cL(:BO,JNb(|:1jD`qD}~E߯^晗$ʢ j30qɻNu4W :_S.\Ezi~iY $wO5L܎unA-E%1EP^_ Rhc+q}|Uoau6^r1cI2.+gqTt(x&}L!4_;]Αȁˍv/(-.{_I'H2 tn\cȯw: J"l %dž>\arhƶl'cǎ7:#, 7JB @>vTzkzmh0G!R ߂< .;L ^:sL?@X tf܏''R:wgȣ.𜭟xGb pM,*C2Vyf, nB 9ͯٽ5!cZE'U}'1K>YU2 q߯3@|e^v3>] K=WXQ+zΤ:?i|v 6}C.D YǏIA5gҚ/-{I*oUEuu=3$lYGjbK ,CDș_na-a[fw``ddHv*]?.QR7ևS W ϳy(Lأr䦀OI2h(З$voPS\.vz?4We޹uՎX\l:EI64HŽI= Ag۳*S,4Gj\ۺqiBb#&:g6B_A2C1b#E*< v@m P̗%k#}]O=ٽqvwd`7"0$ m,6 9{|Jڌmh(=#/?(ȒGȡ([Gz'(osL;<Л]]_=A6f;z㈦ kV$ ?|5USWMrUq{<\;#2#_wA>zSJ砼CEMEh~,f \PTUWk⛠7 (;U-0;a+u̼r I\΅ࡹ{qghtwi{-maRL ԟLȋ31=yKaꭾzi,{M&W'cלq$JT"լ̈j:$2ꡇ4-E 2 fG(F=YL>s΄eϼG\0| TDJ aiǎ]@Hk[QAɃ!:̤fͬ=fl1BoRĩq9dz ,t}`c5ѭt/!` تbʝ&jbxg92ϙ(%#J=L+z$ߊ W(S?(C(N!?U箭Rrd r:mks`f6:\[}KF'x3Ua QmwﻶjM 0I#y,ށ;R&=l!P;4tEDu`-=1 {[ zAg^ݤ!Ҽ nM6 dN+s 3EtY[&ֆ3&}=m|yPO8˟|@1]br3bX7m7ZN)n *&u1 +ȺrB* V>7 4oJ54"Uܧ4Pg#1auq pBfM /N Zɱ}ETЙ}_ WrͫI/EݣV75nw#[(D :C'c>z Nץݵ '-=!?*g)ͨiǞX0tꠑŊ妮(-3Í .='5s-N)~:B^rvWglOR FsY)𴜕ٖy |deqPx*>$Z D" ;Kc..>1H#5I1cpV̌4u_CŸwU5+.W3x C%{觎 xS3; ƫ[m dy38{c! IxҦ.<$a䮙 Ō5_b"~v\(9ڸf_f)K {aS0܁(Mo*0dz H3of"r&RdF\`%8p!Rk/qB0Mm*ݰ%9Oz "xV`nԮ$dw-H8PIЏ0~ـWD<֚%ܘ?ۭQQj5`3NS U\a@M@QqYҾh!e$@xU$J}`߅V_Qxۡ<M ^όk_aOUhFⵣ#fUI`+rofJ3h_r!U#</X'kl76όAY:d)1d=l-ONh;Y-+רYƖph%ÕE,u]T/ȅ=,D3xdx9^9 $Il4g#yA}kwXf  P(QW?b$Pzc6 l\ǰa Sd4^#?[pn=MI gBkiW)U!;|uahDq2! 3x%>E\x8.Mue|J A>~BYD;T#WZhdDɩS(칢͘RL K6]Vz|<9^VW҆^Y{c6dl{8h"t0ka~8gwdً7q~9𺅐u<rAE-0H  vu6F f=/,l_ؑ*_]kJ]fb1OaQa2ܷx(?vob9O YT~iUyx~"/a+PsNKI7˜/J/l%n0a#25HI={~߮<,l]S|èD'ɡʅH-T $ DτȥK =pTeRVM Fˁ4kС1'mMt87 ͅ*0}^nl{˕yU,ON _t۸#k u=t-\YUЯOWgwn\;Zz!Vۊ bډ0Иx?x EF`/ɸ#W@or + )犗$>$_¤P-lW>2zGQ3n] W{*܁Pd, mEbt M?nms۝84kNyZ_DU3 6wE|?mO`uU+"T{;׫Jv,ܢ0$ !@Xzˇ<$N\Ջ:%zud({RsZTknTN]doюˢ|VRk4eV+iAQq@ $nwX/Eߟө A5!)o_qd3!G5Iqt']F1cl*'Trm|P=WxWᅠm3IJ1|ڮҺ1~ڃ]Oa`"L3Tc"FMu,@oꄯ %T>Iv4y`:;ӳs;禵( 묀Zؐ6|6İc2ILByVK(:kL֙x+RiĊ|uqCB*HR,g RV[G _4 _U`sNiB@+ҌӓvvKu'FZVpntc8G~4&y ڻDpީX@3<(nf[w(4I3 c\PQI6]d|t=Ip~ @:"3!}fCyfÇbV¸<ጣuGܩz/iWwCR{X3&cmBvFK1anRBgl  >ؚiNlY%i=Ѩqj$z\1u };^Jlĸjb}T%l=H*[mE _rQ$10MWkbg Q)<`1z'ꯥǤy['#GZsr|5ҩli$Ӽg]4ų|g$N,fpl{eOپ,YMRY-ʀm v,r0HSj['̽Ϡb)dDٿxEj}^- ++ج}@Ji_,9gwjh$n4BGYua?l96xDAK-ɧaլ IWպ%^w/s1'{&_̂)us5VՁv2O*=)XL#b /y;3twx !G r,UR% g6~wL8x@fM6ʺ` c"s;3b9 ? (GC6-w~_9j4< ϓoP jd(kƎkӬNԼIzzq-9hjIe֖++čEƐ&jyMrp5qOxeu-q?2XAjsBϭ'&nNYy5HekNP?Mq>1"@ 7N~IiaF *̷?-SJU( l-:+X5+;j_6t,4p]UX3JR%2ap,};]9ښ=f/akn2<1 ",ZWAv>-q*y+qESE@gR E$kz0D$e'Ƌu[7a`OX^o~#0vY7\ɳI \\'m70W%ZBjyL": ĿU=ĭ}^`p΢"݄W=96n `1퍺UKlE{Y6P`q¶ 6h(˜zϛ|f26׸!A XB!U3#R3[PQ-Hy3y#[Ŧ2xN4+ a7Nl>QG%-?*3!3c=!|k<ǵB:oV[m픜+c ROǵh,4VMfzܱE_SAj|+9q5o7NC[\.~5\$UK 0d?l0hxOEւ$~jo}/ig(]9 V`SjZ%" sνd vX͸"xjmMw'N!{I]pT 2e֟092o_|@Q-O&=\S q87F5ЯY(d#kI{#]{Ҷ5me6b 4a|ʽXCB7Ⱥ'Lg, hgUZR:kOs PAp98 9pfF2 CSJ@Zk,\HO&"N^4K1g~B/zG;t~#^ԣwT-䂬x1> zSi~Q~U.8 ^&Mq&Y@r: ^nFPQ~-yo!lt텛i竧L,@^:) ҅'>f!R!l%clUcɗVW!DDMDpX=5cjSdn±bƆ lE&Q]o!0_6Xk %Y,6D`> q@cyy/􉃈36؇=2;"p6zJ@0-/vV<Ek3(+1I_ō"hU?oH|}JD&LSb"QI٥}˴W{Sqf3i"vo!33F1P-];_ȁ|_\Oh=Q!~_%y+>@v4 ѿ'y2xksv?SSP/lX&yh02&'cO;|[&xR=J~XVȝKa9Xn6X? R)oaZ.[g-Ჺql)x40 3KDƓdCʦt@LK8Pk:F 2K>C[ >Kj?Tmx[kcc}fgY+z>??Z:b-Ү\JWq @$Oa6|kHʄThb[n(- fԮLLtAli+ЩpNLNރEOKhA}_$U7ml,gg A*lbk2)-Z:OqY֏āCIav{8-QDŦEUŲ(xX7+3A"H{)a; ^UͰ) }y=B:bB̗I[5lZŧk:y}kDM>H k=3W*MA"wO΁ dLĠba )[lLfOVZ_L ru]U+E\u=V=ఔxO(@~Oޗn#7{H*9]G8mnB'@C&]0s1uy =TʲTX6GA2#R{3)eβe0KBl-4/.Sc&F]yɑ }d ]6ۻHYT8@˸wVE#9&}Κ.z ;IkAk& DFTP+M& [o?$蒼;Y A]~-qg,Kܒ' JSĉ ,xZ[8{S3OŬ58F'>hIj1\%zBRiW$igbSD1LHm:'Zgk=&!Shjpz葐@4e7ђ łH}_L E 7ŗ&dūˢOU'g..d@TchwA~4Q4k$5Kn:dg8yRCdϼQ]h0҄kV@[%Q{N$-? F OV5>ğ}СKzkf5ٛRT(:{3@M"8.ɹ=a.wW;ߵ@PEVQ|qVGvx@yU~C~Yu$lQa55q1H~r |esoDc*rE%껱T}w V+xDJR2D'xyAYU uԲhx#F=)p\^?KD0?';?q..g>еtbk:qȋsHѨΨJ;{SRzXpT-FM ׉Ef:IFI ߿E5\QD /z~a]+݇V@f/jۇj/%۾>.[Tx.DAgy@#Q FSl)XԹ9^#)Gn&". _mT]킼LThS4Ox8###;hQP턽@;k %b*$5mlK!{;կ¼؊ZmJ8.0Kķmn&":9Ŵ{StbTg!# ]߿3n313"7o6\]3L`ygj0V[BlKޱ4ReTdK5tZc^,Z$v'Q'μhvõdL6zjie k5WAZ̰V3 1o1fsaB!R >[͑j{C]kj5m8&kde{=x*->ё=, 'WDwf'@CY~[4h~`F]92u˪?*ɥ0! (ۄUQ岤(̹m)Rc'zs<znJu,}cS)<tDz]S `}Wqe;QhWP!WcQamg]jnKbHrk̠z~w#s?MB(ȸWXmJpfvp0=}O)V5{aȉ ]w&YzVu$ڤG׹R&5~ЃTnQlplF_EL_i}+,"O\B᥹ Tp4]/AHY0<}1&"diL`B$'.Jbq~V7n|ԄSf/\1BX/ YܟJ?g<]!=)G.!+&t8.8UO?jwv~ ž@װrof=Hp&h{L~G:z|,b#Jѝ :lrա#~^)ߑMC*橗2R.ؘ}Q< C2YxGW R.JP&-dꭖ;zĝ+Bd3<c7 !o4\DE_9 g !Š3Sv8t-=Fh-h?q_DXXs H.2v{8&|T*N ":n,x:l !A}jcgd\!$D}T:Iفp_l?is | 2\\nUv91{)Aݾ_=<wՎU<ղyo +!~`=H t{ը?XsO7&O sͭ)Nx}e% N{ صYow@?-eE <򴀍b٦WIkND la$ăwSl̉GbyjG}ۡONlL e+;ϰ&\6qǟK1jLQ#G1B-J58z-B( `v"&߅Z (=e~Q5ُz0C5tV 3 =j0Tj$#5QT2 +xC,o 0KE@Лr39D))'z3^Szg>F9tKw8|=?Q |d/2O m l`yp2$+s[[L"g)f.f}`<±tT˔D;YOrMy߭ӝFIOs؃Q9;Ե(e]M12\CN)2&_A +V t!xijU,y,x/}kAtH/72d.XJm{"fw" >Koc,!f{(lϳdd@vD3A@ǼK AZA`zbzsŒA`=H);4-KĹx+{%z$ Lmo{slt CQ!8`|/9qHV,*!U s ^kU+ret!c D3 NQyܙg+] 4$#ڬtonŻpN8MS VgM`%ze׺+G9>gN$9e1PZ_t=3nI9"M0@wZz Rv29(a<}XÔ#zIjy{6q5}UDk]u~ܱc fȐTD}zҗwӱUk?.8 Hfe4|1c#v?; bkkBb?Q/PҏiR}Q|0msH=~B,4Y%5͒Dm,tf>T4'U 0Xᦚ [ȭ18' DF3|)Oz[b8LjPRٚ[J|Ɨ^+gPHαIt8Vhm  v)?D :_8U$-٠efq#QӞ@Ꜻ3dE0d#chN-_wHh+܇vv(0_fdHTauZCBYҭ9;(3G>ݶ Q6-v\4hDyijgil$W;s5o1KRWG[ֹʤ1ݜgͿ{j\dcB!ĉ2dgqf|ohFQxL5I@St(E{!a)w?OkR[*'6ZG&,ZHAz~Oп0)0m^ 嫩=jbUey7R+kQj )K$BT@HG F!(#ӕ0h ֓B zwč0Òdd̶g9ź\u8քS7yRJ˺`y5Ӛb9SQv_%eU9675d632>7=fyY@o2<ߞj (!m~ܨQ?[V3Xtta/AB/v?2ESiZȿ19/\&idjR~)^ւl?%.a-3¶]g4;w1bbOatSrضvڏ )MTZSSlR] 4F |VQsUC{EbDE̕Ԇ@%szc8!5S*H@;aLD␄'xu! wMֱi\64 opM3_ nxxޝ"VG'vu.t'@~'%45x\8m+VXM&0QpJ+b~vV7[RN,Si@ǚ=^LN o:^tI>jh>"e($.,K0=q)/,_ֈ#J'gNhbjmׇ'Mwcp_=Mwe3ijj52kW᭣aIx + wjUm%t9fP EֳnHb ]g"q=HYپ$jc~oDۍ;*Ѽj-z\z3jwL -"8 - UX٪hn ˳u]ۡҵT=y-^#dC*ț]+:%d=Vbﶜp9L"ZDb5WJD@XQZ BUTx[R# 5il$XM_+PCfjxnWc;?-Kw XVCdU!?!'Np*߬Xv/Gw}:[lL:pF%N~qq%ͫsQ nݷ%(<4f8+4\6o@pkĎmMV ^=C15zcyx|IPPGҴ\ /R,u{{ͬFk oV 1%ȼnD-cL%7$P/:FAҎRTVA̳_"Ti$%gl]r>OYH̰Y aj}HUB@}r(,N5nyϬLF?#Rlo54GD!~\Wx,Co;@0Mdl#@朇heaLbIa*Fm:ka2Tz dpT%s1cvrPc]>9ǃ @I߼F_r$C?Ki)<(˖w^+᭼PO=8 %pG'~OSZK /a6U:ps5!j"JIn}=;!?g {jMaWȫtE]zP-?)gLt9.WQ8hnqj1Auc,6.ߥOd1. GiQ P#-D^)H^>l$#yL ƦO/~/멦HlVox/>5P}{p/lO\)ΚHVr&? /-Z8NxIOѴ+g#JUSCQ H>^3uc;^cmZW0Hk<1jr 6uobp_0P{۲mR9Kxkdr7z=`45m=e4CHn*h9@+w5O5-gfU'bP7rAMBc-cA3A"YB*O [io(m]fKDgn? j&,H3"Ή0" Tֆ-\#h҇>jL+#FSCL- ۪[&n^&Nd)mDͱ}Gc& tZT5d#V8 Gt@[au"@܃fHn`ݾQDBRΕ7X!FCN21 o*ɮ;<z>'/Ai'gC$Q#8󀖚{^_$IsET^+.aP2lyS J@Ƣp^ Tev)幟1DJԮ@L*wK9hٶvd a8m*rLܲ="ޛ-](ែrҝi!Yֳdp)qjF>_Ӫ[G3wpg.aÉB\#1_qF5[{Qp_{i {OTS`(sbFan"zST#t9^)}J3^} 2k)*8JqKxKe Oѱ9 !֘ Hf*|EDz`fua$0kG\h-=AS 5xd Ίc0,5T3~V:ȸ胭XR_1GA,}DgoK4T}W-iHCWU C*{1g^ H-AJ .6w-Y+93d쯃Qz)iu 6Is-$ QH.Q8 {G@^s#5*J])nOg4,_E닖<(r lD{7Him0[5M$h ÁճEB5Vw:!"UZPMkŻZ`ՒRdO:K^~kD 3@:$#z4&濗s,>C8t;$rmRm缤od[Wc")`zz%[ͼ:}T +Դ-@I/&nY֖̅zg xP#+7I25rNh='.[d@|FNT:&k块ƷXTI&CEg&kM tM;>ga<S\L t #6vg X!p)i1 P~ǀ̍BtPsͨUb48)`Jm5}/JwٹEO]y7B4?KXj0*ehgZ h62 (7Jrr6u-Y*NMQ:GuV"gv:Q:ִ"G|RaH6D%4=֩K*~tpWdXSHތEַbj9;>x:i.5\<5qly< H-LGv#suxR-1VH +BrdG_n9q٧H35=Qu4vmGۏ^w nsW/EPȰ(^ Pa=!SԦAT8߀R:]XYZ6 seM ,ڈw&Hk}Ye3{Kd.^>R Zj1tZA} 2} E =[%#Q6.\JWH: _p(v >(dDiL DӰhE/-qi\kfBh|J@+?(#hwg!p0l~*uWgqBθxa*?tdD ݩTuöᙉlq(N¥@ "+ߝ/<ߡvnaJ̎:*YZ֮Ie?\Tq "qaE7t[\)Ğ㫪a? (^X^K'$&(#Fy )iQ\&9 [ A8sεLUZ0虻rv.{X/6Ū$y] e&`FP_-V\S@D[!FVk*kT :;&Y>ssyIi:a$I?u&5u&fSۙN/e;cEXq kG$çVR7 =4z3TKNRQx/ko0j9M׼h= 7ӌĔ$KqKLҺ[7W}c" lUiARQ]Sm3yg>GSpdО†l#™z)b%.LL*:zIZ)hs3lʫ!z_ r-!5:޷J2fLgGyn3f*GtOmIT*X;hͳxvpplXlpk2f ]5\q2BURg⬦LQ@[ ٳS GǐV)9oPk/PtxlXk2{)~v6MT*WÀj)m揾):r41Mϛ^LX+>iÖ0ʎ#5?'@(dR}f;SȅkΙ u匱+s0%UYy*ۢ-Af/~^>I:,Ƙ]b.@B3*wֲ-BAU=?bR2 obzC %ӳ~"NsBu*)1ړtjt.{ן v4Uu`>fHZz~u-uQF34L=GO*)E?J\2v{˴%4W+SD _տ| V[UmfZ#杤v=/Ab5igy &`[vTE"MZ P%6HǠdFM4B~E&c髂 l E9_]rU\ PKpkL.O2 )%%s +Hn&]3XTOIvv &&D?o1٨FrGFz_rZP;ýW+X`s:1Oru鮩 E!*!5/n$^-ƌ W[vn>XnVvCYYGzr] Jrkli#1 pVYu `*ѪZ !iXLxOyz~ owImt2߻xʘs )ÄId)ᔅq +HR|RJVw~Ցك3jz ޣX1,@?3' ?dvH'E  Pʕ v,*}|IGNHZgq+C'(|7*BOG٨!y1Tm`b Bp&n2&H,Q2ke#UX],ԚL_lgq:P'?x f@|IufEu7 {˺ {jA,K9߷4%so4Oƌ]s:x4Z^L4?Jè9yf2tQ %+}2w𽯲ClFeŐ9ƕJg+R`ʀI-'G熾Qd3BfL*N=։fIrzhіԞSY!h"t%RMScpLKdt6U1fc(g) 4#׹B^Zx}|ҙc+V-!݂TS0s~}u+" ߵ-)%-:1ჿ)n2-_.h'€p#8|[C@.7;˘.CZ^UPBTU,/lS#| FsE6`~@NzFG hFReb72θR!m35V/Tf 7:c%jYJ<& wu&vs mFkEroGXu_Km'q YM*4)6u8Uxk 7,EW g1,m[4bL/jV܈dP|ut'AjB\Q[䇤TDZ?/Gs4:x1:fp$ϋ]h?u"T/x_jy6J0(Y?_ӖC(Uk28&FGH[K?ȯXx?|sR9oؙSq  .ϯ8ǬҮR`“lus{tfᇂJ6ZW(OM Ys`+a!0Aw=8ZD|ND+/:ԷP0M_{taUT񰅿 "w6hD[Ri7'p?\A;r^03A~x>/=NP}/V9벎t'f_5}wB-k6&^q;oV׌֜p,6Pm@X ~%>EbC3iOVO/+/;Y^F#*MPd4rV,p\Ag0/hmSͦ% .ڳ :jxչ9npr۱8wV'%FNK$bF-91ɿ#ee+гRW"KMJ>X,hVlB݂MiJ qӍ1_~ae%3{6N@|~ ct9xC5XfʗGp=,%<3k#I@v*MŰИ_' |KHi :8"{B(c&m#5u fm_ʘ\F(WZeH< #$:Į ". zgyfgv[Wd>o(J[T]_.y~2Vߚ :L9-NxzYpD^?3S!9`J0h%b L,>Յ桽-j}.n|'ni)#^F#i2YUGyBjy Sѥ7(uMt͏)M<Ћn /Gkl _9n:Qւq&ZmQtw2CJs*،FD8Lil z[ZZC5А^%$}sH2 22vuE{EQm̓  _ԩ~rԁcl̸EWyt%?VBuOH,%Ic}F2~E%ԱtJV.0%s쎆?ݟ H)R#H$ժcQ uA tR=Ufթ>IeߦWԍo=d+hgxW5xwSoO㽞G d|!N"EpQlqX$ۼ6錙ܾn`1tRc)6:b*_d#J =lt-W).5*agF*o"""Gj-;js-0,{ޛafUfﲠǡӽ0s yZd2и')گ 3exAFoFsmI~X< lźkBPQ׌`2\fl/WsU)GȌddsN!!y%C.dQy`f U:vO`1x2.qm^Ҝ|-f8g` syU:ܑRd RLR95[zz\BJ64wwn$Fbzh\D#ХQ M6{mhܗ*38"GӶ==C?j<.z02+1C<߯2|4U3YXM70_IPj"MoYLqECUZ_RE% Ҥs ڡe6#rb،Tܐhc4+'^T_|uTeEr<)5><9/L̆Y-}9lР7\^$G#ׄ2楆+tٰӂ%×W~ؐ2T1r],&GO\4eP€9%q$m؉f%5/0Īmh8aOgK}R["H?BlYMRo_Kr[6l\'ьn@mHJGbL<^!<<,孁V{T(9w_Hsaќ7ͩFWN8fT?^$R4A' .<&7wn8ig&Y<ߛO]9ۂ(z%z #uU  ڙ.[Hg\d@LW .K$)uBpD!a]; lVAC,d! p̉sĢFPhչS0nBYCGgjHM8"ư>ۄp:`6MhB) ےޣP:HvpˆIȁxPx F[cu-J~@'`Tp绯IAw^A ǰbZҩ`P>Qǚdl.=xd>v0SU/[PICD\EWvZ/-Y5Ms:W1,Bq~eǷwh Q^*\'N4O愪p WZM8~EF}}&[u!e.".սgfjR c1y;f:IW74Bu&ZsPGO%{PR R2 ͪ8 XVjĈ*`0gHmfspE3.KjPeZmK"%pMU}[U8;$OEP+X1w0#A=tp\.Lݝ]>l#=6xǏ#Ѝ@Z٬> +4 t##k v'|XzrɭϿ6uXRշ$/ gp:tBb9vH. h撾aQOUe$NyxTQT@j.tSW;S ƪT#Ҳ}ͥj#H)Q@(9hu OpY7lB5}mvvY9\&k۵fYڛsst TW.>1.,.#iZSUJVz_ M>|đx8<3SM;d_`8߸O zꏸB4G ¹/;fN :jɹnC}+)ԗ6\ 0FJ}slq ![ޑ/Zė`C*2!+B]aԳ,XyʑGα]lߛK5k hfτ᪤O]ڀ;%SUk\j#[&!55>D4- ~#l@QeK\琧2H%Xf!z<0m=(^^6O6>6H%dcMhOHpm/i+2&llNJƩI x=n x`IC8 ׮H_x;. Il0Hn_]T={>||њ}61QRy_ɀp]SRz rH6['/~91(XSEn,:p]oD6!ԁPE%6 8GC.Ul+ Zt6.ֈ ۠} zg3>%]Z2Ek_6lt6RDr7UcGq0a$Lg.y[05gm,!l!՞ʒ,L0!yҴce"-S [Gh둦bSKS~zYt"`2ׇ@F36y(7DyK,^Jq1Ԉ[7{KmNK(8P#cc /2C:_ w%Q{*QȳA'_|T^7e-܌qC쾛db_|?Ίǯ/]C&aP\О2[$a3>r˦/~in@m2f^اYLKۇ )0 cti]×N;sdeCL0olnuz>@e;cw߰ZK^oTJi[*Piڜ|.-.DrImbY{LQI^^A!u]E.rTn1#˟zJAy!VtY]_zΌ6Nꒁ!^ cyX:[UYRzvKMŒExHnpHLd5`0 0YQ@y1H}4 ?j2:g;Wb~FS@<-jo喑J%fQɏB^o#erW_"`Ӌ'8wi{Fhws{+!1(lS4ט9@ y֞]@q! !wrI;&2 ^BLIع* +}>Z3pT\nt1fPwR]z([qdؼ@05!`| } 4fo^o(0\@ &.=ڸC8w9bH|% D>^qe`GSGu+&DK׿8Tě8?g\GWJCҘt`w5{+/$QU`3چ8_ d/)Xm4%1wl'ʀSi !7ƨ-7jB 4\ jgRT[X#e,lt@l ^^$nk]/#굨Ll*l#"D ^bv gyGaݩ?GGW9! 6l%~2Zf-vNz6vſܐPH.]`j.|וr_ʵu,DcKd]h}#]sɏ8z,8)5Sl#>6}1|̐/f^\KZ7DS ,?п-֪+}pd]r% "B枤нyG;8)ٚd/XR6vR]*=ܲ<]>Vҧ9 ҃H޸cx:<f` GXIRکsVv=P-<60u t\8Gŝ AZOȁ7M&4RTw_ih ֙Ξo{ J|8_9%FvNvu)ݹx+ZUiC_ߺe]P a;Qm)g80pJeTYEՊ-ढ@d8lҸu Ǔ$+cQp?ڢlr% ٫^#c)Qaw\ \A'T[.xͧ\%7A i:0 mjQ9hHm@k Go%N)$vJ #e, kЮ~ϨRs׶J,wAwJIirЀ=B.:zee趗OF\zSs A[6 nDN x1<mO`22Ya].+!1Qh5܉k/K?\bNAn[@'wv!ٷqk)Zd cҨ>Q"GV1 H94%*oy\c -SH]6Ύ}4e$Η*l?{ 0unhWSm?j ֣bYoSzcXd;%Wa7кȷ_Q\#W?Z.TkY!ctFlCv5Caw_2.D,ؕ>R8S_P@L8ToeǝQ xȥ$%tPY_^Jrŵ6xKRtCהFlﵪ-{KAwIcT&pR/~IVe>Q(RRR7|_1rHn?PCnϳg>{#!UX!Pd9,0^ KĀ+;ţ,dNQF@u>1Tp0.z*Sf$$(aɄPU4p{&hH^=(BksRC>2 ;?=xFm83X)mW&i=wQ٦j'q[Bo?*R IZl\qbexhذy~䰾ᆬǕ Jי,n٣PP_?ⷼKE_e<3덦 Be8CG*2~Snб Iqlw*HD #@~%4 巭LjԱ[i䲯(/vV-7ZphCB]u=it&9#C _8Ju7-GlG.Ѵo\ι#[Gxh03x|à Y5BzR5W蔡#>t3#PPH01]+8cI6yV9˟nRQDvgS<؍DjI<1sz>;ոÜ*:1L8>䝃d$<}BքDPwH|2F zBܳnKE[ 1[ho-pB?0 :q:":Z[96_&gdV2Ҡ%Sd}Ł/0*[08WkPjO@%XcC'`z8cvoc. g*PcjaQjqf$l*o^,uu匄dnq244}'i"fhvu/".EE@)6@h1XOCYRpeChz7S4UCet{fϡPVA3>cI|/DڗId)&jK|9`dνo﬒o>DW~gX-^o^ۖ N?liHZ'-O2c'=.KlH}4͝\J2 ^mUHW=H=٣د^'.p& zP].?ʥ*ÎWj<(pfG1jТF;+IR?Ț&y0^7ᾍ*ր8_PJ`{Wa |"c&6_"o!lLWN1 D GXWלjc\R]AvUFϊq]֋8yje乮r j/Yn=kF(0"+u>1W^*ǫ-U$b$glFrGd{&iT^QGҥphUׅ<)kGU[jT:wA|v_Btw=-9M$8%Ÿsc:oجlLm޸U!X/53g,Y3ar@i=钉Hho:fcAQ\g| 7߆gtOpNdck^1u#$£տLhbYiqo.D/.`ZkjZ [1oibR'ۺFSPnd?V>܎; P JP+~k* ƝߍE0N'@a5h-$wѓSdlӍwvE7:spsG%P ݂J(Va.*䆘Nl._Qh$Air7%N_+Uꑂ1y=OXMFX\EfHݞ7JO5xOsZOrnW‡(ɵEέ/ <}.r}eݸ|RBk j0=/}\G ,jt!TIJ9hLґ N tf,! aL~ |-#W>$ɈU7k=7P ЂbvL Xi^6ǘ" *wFuBiK3%Cj>U'(pf޽};q8[Z?R-=hآ9RnriF$w-c)PeYo˝ϣ \ILOL=gٕ:줯];gvj'^Eڮhu` cblרqf"F. >raXAo8*]KPv'PA~) yFn<Ng陴&׎xj{7ΠrXxx:fW^9|(h4?DHT!aUHجoŤ&KۤE2.:qC$ɹB^]ْPp--³DCA,@̀ pq}`2mSaj=~+ &oNiTWމ~xCރZڍӒ0F^EYV%>궼 N@9{ G)11gˎcff_8*Vݗn`m,xg"*&NCr]ocŏdL r<[%囤<) u)EjUz^ޢeһdwW ިwF9ZeWUldVѶ n/K=% &uw)nWy4؇44t쒥k;(a@ɬAb.RPIyjWf5ugokm=B݂zl!!Ob3U[AO&ǂE=D|D#*Tby,='S Mm%xwtyI# \Ɗ;fn:rekCFֽP+ڻ4rGy3:{5w<EB*|kyhp64Ora;݅R?nt‡9m$8&PBkC#C`p[ҵy9, ^l-?, MIg?<(k!Eg ~}Gԝvy]$y o o] 0c1zQ~ᦶU\ 꼾Iٝ%KQ; GW$KuIf~l]Cc1 V Iu"O(Rl u6CP̒f_~8r7]+(}u8Isë*X+O1Nr߯Zvbw̦ m?)!ean ,\l ܀`~%Nڊ)ƽd7}q5 s儙v+;bVt,&i'Nv0v48sD"/8GX v"jEjD=t9#6s]\䰦y%ʋoO&.'Qy_t/V?V-Pk>~5Ɠ?Ciu6VSD#(K܀ك~>dŭyɄ p0α ֦8̯B17cR>:.|ו+'w@<=2_4N9)_*蘁z% M8+5-v6]hpq ĵ :?[2#nR[ 갘VcQ<>_ԨirD0a&W8{/ePC}ӑ5VۂhּQ~a*SrX PoZFc$v5֘ !ѴcBR3@KV \%tyI숑s-QBb\,r:q O& >yUdK>_5yHvG0){ZrE:qSnA *TzH4AZ[gw:h vGQ"K:4M%mlu݅AK%v 9N)?tގ&kKٷJEќ,0G)s&J4xXڜ'y6Zuh~zH 9cy%!xq. kiû, !%Δqh.;N9+XӲq\9 Ѫ 㽋pxZct(v 6YJJ%,_!* <kjkD3DTv?SCh@Z 1jY10y<&%"jOn] #f0ES;6nebkk=c^ŋP"hw$A W`ĐZ-k,w鑺9jv=r~yqyxABbXK20b[(Ca5Dv FbMZ4*^°SI . F%]D SZ:+ *iZHQD؀G61Qp; Opf GdwiohC$OK ~`q 3aE'"l [y f0 E'g֡ɞɁیz1_PIJ^2#NڣQ5.[HƞA#.3R?caS)۰|FQWf+]˗9ҡҐ'ݲv1N<"I1e/vG0@'8mz&%>C#Q[˶>W1Kb@Xrtq]pf+C =5˩h~ x̂hJMabT~PgcKC Oˋ#Djnګ//@,1δb,"t$n?W'f&r*oMrd>T"Xi~E6vc=wOؓk$WΫ>~0hߞF$5Ĥ =L> [y%U@<ǔUL\x@[ 9 oKŭ$ve?c%(4]?$HlܨtobA1 BbofK@s9Yguy0{9st\i[L}T@2S!-J@<~'eB|u FLdzPpoBd0YA?B%_K|m)OkLɚD_Cݑ ^FC< g{L\y\>^ b-MRHUF;a t$1$ZwAԛq W:]( i]iKS ~dz[͋ϔ}+a(bpgu|oizԗJݕ?FUKD3vt@Fê G5/ۼ67lo g񥤥)(ZQωernԏ"U@ƞE'u_IWwE3fF4cyaqհwAOm;< |t7@ BgvWbsါ'AetJY"9 _{K)KJEI.>p~H`}jROZ/tߧ#s"tU^F* 2 _5ފ7ǩ,V-cNB a9GjPQ<,ɾ|1C2RIK%' 9Y杳^a* !}=MV^ b`o\,"@hiRxUj LزѝL۪~a1#&Ks,ok soN9TXS[JvpEXJ%ݭg12Iv62tԞ4D^PI?79Pv3M5s:㍋. gVJ@! B*<;}K/ &ϕtn{-kʄf;cA '"6&QVZgSeLʾ}=X2JH$خ `4wut`Ql &쎲 跦Ux k= . "];:Zpkd,uHylB(DcPc챌:ߟq,QdE&LiIdݎ9201 -&mdfFLv2橮u]lް*A E~wPXhj1E ^:cn,=VOh='5& 0xoU3j!^J ir\7y(&O0%GH/1~Vs6V%}>Q,J?EoʟnJJWf=k7qWUJː^e!/:oQoqCd#5ΆDj;V:]vۢЗ1LBTcu5߲2iT.72vl2Anx>RoOO#Րr."](w ;.#fle:h/!22-}cv}D=Z=j|nk6Qjƥd4ÿۏ3 ȯp_z1Fj{z)A:li]&ܜnv~kNCc[h&䳽n7N[ع u`T~]n8i)aVo!r]EU"eVjxHH[[zzU(  VOܰӀ_-rkO2Kl^ "*Hv RX/iGEpSF\9VƄ䫙yA 2 cP܂Uq M0g[XPerlS[+ɱe\g\dTd kbn߬si]=@<dbGmhAn0+|`NZst{Đ޳DYJ6ش ^ap1?Іj_mq!<= GOP3j4pˀJ'^^[?ݷGe d߮ ]->7Cx!Gt+\}j,"=Fa&Y RmpHiް=\Fzq?Moj#&<@|H^@x :єAZ 2rc\jeCRԚW q3eF9^UX Ln'Nl'd:g}6]'zW/6Dƚo|r"(WwNX '{ɯ<'U ߡwQmw'F-B \R*_K" *h?U%*Ɔ=yVgWŭ/EѮw _t/)*K5Bs3&zF32a?9]rm%W(gh&xkEϲKJo4_>Y xdy6qL F j<+zГontXa".„a4ō ~CoEk/[q侯 >6E]G0GL[|0CO*hPC/jt:!|y@4%X lX%o㠖Mx/7%ޫBc`DɄ  hb7v83_Oe`)눱b#DUX^ }rO@DY2ĠMÆ;z-UU"n8W7[xވFاc(Xx@=5+]4sHWoypf7<(OaŲ<9RWM`]$tl&5SB;ԕ߮-=} ރ~MG4@+IšɶfPz1D SyU^8m,0b6&)r'Srj#s80!4)1";'$Ϡ|&Ub=rEZnX*}>mg7kj͑ҷ$A" mT {D P;sl?0B2uX?z;H!o7]![>CLU-6S. 2-:z }t..'tZ(bInsf =az6`JMd6*Cou `7%1Z5Mn(!(і XGuJY\Cɱ{L8!څvsx #n,-S(ՍDEc>po;NϜ|K2HUm8u? IZZfҵg SpAIsPUD+wC6}n_Q&5Î#@V7У'sD43TI}y"@R!DO )ח>ڎ='}Hx /}PB܂X?:N!twH~Iv:GMq_oIjRAiE 2@+ٴհGAICpA]foɭj%^r"hu@SƳ Iؒf Vܥ)6 s9\rPiS_h rI}SYmސ`oz67X 6hl}pQ2=rVdDlcH]ȇ )O 1te$S\2>K*=Ma\S=4^`('AѬO""k;cMZ˟koܦ>v%K3c k:kۏ A=:@qxc}&mVh^DwqjjR ~,`ӁeKn5?0& f< o${uNIK6Ҟ|h6~F_je[Oy$%4gTdtD='a{?ZFsݮ8wucyS2ϭ\Gh'=? ދ8{n IgOzPrU8u=4̆()cE#OyN&Q2  QO0j[-hr{܌`T|7pJ>\u@{<5چ̞LJ.ap,ur!-ʹ;X+)!+B,\ %顂 mD"(-FiSY0{*ЧSDWަ .# P 7uy5SJ ̿%Xc_&BRc?%]xZ%_ UaK2 *nY_~o<: S{`y"U N%pe{rU8Kxn#4i=|ybKa",ħ3|Q9U6ߚU}6pkD^ޠ^<>$^d[ƾjSarU馲"<%Em|i{^qL@ޞ>s}Dn8ZCڰ酥p#+c@4S>h_$Xy>Ź>L CS$'fU=)+6ɒ}y] ?sf+ cteJ~J)FЀ7ݔ|.m䲹+0@3hݕY6'>$3(C(fe_f@ί^GnCHm|Y2])9,e,s7Α7iǖ24ڮ30xk&ugTQE\Y9X.3L0'*8xEHޅ\ c[?ѵV 5oD}R&ipG \Drv5w47ޮ WjvVt0ʆBeQWYՌ$N}.q4u3؈FcFVuJc葉ARfY\,Gmm;JPx6/xՕH ßti,Nkv5`4%Njb_IȞ .8j N nQ$]f-'sIx"b+TWߜ9CtT1';k'(N5j$>})I򐜹K(;¸_ eRVg a͌!"7RmjlTmK=BGG!֋qRJIѐ4:߷,eq6f9`,)_P +A\a4! ΅u>CâBjp8ۺv=g3m2gŘ1&ه} ..ʎPI͓ΪG]E -Ӳn궍t3(-^ SMXW5IKD&puP& I2U,5JosYюr_lo\⦔*YF'(z RZlH g{y>]fjV2wt$H8dQG,CY,A~CGQkmPXVJ){wWc)X5W cǚ궼9ЪyYbͭ+,ghsbosC, %MZ8怷MDKtPF(H(hAKx)|] 0z[b g)ŒUzhѰI.MOyEH28gpnxĨdn. FQ?;[^Իg%1xˬRc%=ph5޲|\12wC(+mw <l' X%0PĚiA(B@a1"NsF:O04s7-8^YL8G s |4`_q{0"- Cȝ)V3;Z]>ɔ)/pa 9<$ZJ[,*($%mdYLZS䅧)eqf;'{֗5W~j]ɘU(fxfNCܤ:0jdV1͑趔~es8ӋAUv3NA B,1CQ9JrJcSWSei#l'G *18AGeGM_x(]x&/MucG#pvճ*{̈́&D/0NQ\g-v4xW.JxtdX:e7锋8C 7#XxxA BCK6$ûW?& RAIgX쾨!sӶ:Y1oVZMl Bi2Ǥ4гXǵ;ʗ.@h)`A^x{UOtn@LfCIq!7Co2Ta4y=(c#swXZ㯆^EQ~]iȌXdQRKeRg[=J-Ȝ3ajy\D?by}?z"7efq|aFΙӀZ7T]5b`rwZ\νN"ؑf{8ϑr7!8x6ԤEpB'TyU(TWF[ǎYPv 9l"DNARu)vL)-Qb+|7t8H9}9bc8Zô{y6_f& (ǻhGQf[$R60}&2a﶐IwOc55ףf?=6HC!'gg@[e&~B#9/N˜*p}f^xܥ5ʹ*P~Q!|j3̡*lpXٱr6kr\D%瑻قs?- $ _qC^'x՛~fuҜd ]~y)~˙tlC 9)w@ݕ&сv0U+ +!|)g༤`dMG['JlИBUY:#Иݎ6.)'fZi)ڠytxJ;zLYR앟]*!4|b% K426Q B=\y+н\UXצ/GIee,@զ>١꼔 ;^wHFK.]G?yXlAWÌY7P|_P-tU쪾 q~y x:P@;9ĬnGD(NWlΚΉ˼qΜ)ヰQk kr@׭y֦5e vJii`/? }ZQ\=p0g,* v|"63#lS=}3DqoN.. Q0vSxn'٣3M]h/crSˬ@}h|wn#yAb}# 6S\ H(3v^ChYC5imgRfkH.Rd@C0y<-E510`Q) ^~8< ˜{GtG㹽cQ@_uP. h6"Zmv G%(0R~xx$DJ9  *lmgÌ!>P;HWOhƅ '\w-EAU-xYiFӔvG{cszl̓fi#'M{㛨q">gƮy*/ b@d2bw7c>휪ŝzl+EN:α~Rޞ%1"xx ??{Rlk9]$z?wur@k6[二||ׅо TyaE0Vg `մyz͂n,J1y 5r+va8~EM65n^QǗ9=a-T˟;4a bv5`Ce<}btҏ`g F̢$L oHEGV[ř(D嶎 -ٳ<ЋZJwdaW0K!Kc ջG` r8\vvbփ(Dqv4m"߁rb'ofZ68.pȘH ᝄ,3c0=xȠK+WmtЛ,49ŵJH *M%mӵ*}d([ygֺ 2SfM9'`&TCt4|Ҝ=`K:V;r6|NoN QąJ>fb+}ÿfõ uq8Yq/m2wG->TwB{=}46tsPl=Uf[5`!uSL-,V4\<9H܃=8`􊂲TKW*J2EP.riʽjUp' o±ulw?8lz?qŮS.>4d ܓC V>ŪTTOdbCc+Q'o3v2LЀi>+@`O%u*ǯ}c/ O^$1k ;ȯG3)OVŬ&̊l^jCp[ SiFǠ`ܽFПU N?%C&i=9{-r(a@,ݳ篱F>w^=~@"C(12-癍A?ª>" Fʝ-# r6.U${_:Ŗ;6|+l .U<J{R00fRDf{z cbG]Wnqʢ<Y IX^d|1܌,g#<Ga<_@U+)& S?_O,Hw?n'\~2& .R݂qtT]&]MC *ݢQ5uS.yy{F[V GRuI.$x0׿l_^t6@VHRyS D$ja\}+!\ DG,ȏHWmg yCwc{c׷ڸƍc'(`;HwGB-1I1`C'Bh')5zc%ߗ{J>QFp0NkQYVZ'ޛ7qfZ4c+}mQ3SYm?i<"~6t4.$zW:~ CYMox~TSCnyOO#w,gu\$A< PqKpx?s qYڃK.2)L/qAdRӵ(U͚X[$HEI4[,ܤCm cc=gZEkzE;5|О)_yorR_Πbq,=#C֒yE lְ<Œ9pbZ4sDxt.D≖/`v 6Dၹ yղT 8{=߳IXBnEE*@Yȍ߸qSC"ih'PPNͱK p+ E鋷H 8Q*rJ̤Ռ t4ؾ=0G(p*鼹d}YJ?YDZDv}'57˔ InCKV1裥_ ulߚolSN|ُr:a#+d4s|rnqeF쑋?2rh O)[Wɪ|Z6y~{rf;[H=t ,oAJCӧm{hߕG-\k?Mdf \1mM:;n{"{pP"Nj,CH=&2mPMJH (7jG~G"?=_6fʔ=aw|*d++tADEۘ< iI|aU%RM*>U}!v2B{"jSPZ(DZ1jVÛ5xHY~rk١D"/qW;,/U㲰$V(>U~}k֞E,N$v8.,n* b&0>VoK"BSs7vpߘ^?bJtB]9C.+9bF5-'0?sfg9GGRd},6 ƶLSFJpcT{V9ܘ+0 _L9`.rV%i|yƕW UhYVt\m|~'>m^Eb{t;ʛj1(Az[ ¾_ú͞fyBЅt,[DaݣT}\s2x|Zt3 #Xu ]u$exg:Y+4qalP3\MaBj{Kna\3 5VTrHP/X\:*6=y|a>~ޘJ%?TzgP :aSVƲ=4,*}Vℙ(^젰Oh9f4ie)$^SC1{Yu|g gEEX}f dxs[g=bo"&9J2gɝ3_Q7p-%̋. 8bX>?#]6Y"ec@YP8aWD8^&=p;%SrU9V^mz[XI&SP&?ȭ:J^f/kN"תzAȟW|Ŧ؂ǒv[tH*V"GHܥ̛q@\@V͉Dm{rB3nG}Dr @[+w#3u4#Bw6nUB߼/Z ^J)(E_8P}y )Bq ~+讀2Wy20 T716]]l7 <4"JH&YR}Mwvuz1>nԤJY4p|ދЕ彉k@7.KKF7ce勉DAsCÔ ]UMv}4A,18$ P[ax|oj"&Sm]gCq/`zFy,Xx}UPz)c83hYP!## .ؿgJ#߸]2Z |,M}wd5 '>[6_CO}zXAE w~O9,Jѡ)ܦ?n6C?}?@Q@" GF)~5[.glWkC)խoJ\}(15J#b`6,⥦Ϻ?u_'E//< @d2ɵɉp:#ȔffhgzU1_Mt{9sG ĹWG7MM~ϧ,l϶3 ,'$R_@k`XdG~ Zfmȅcq2<)KD\M]Uemy8k#'(TDs]}0h+- I/*9]YK8YX[D=mPCHڨQU혴Ξ̮XZ R3Yn/\O\{daMS"pڡ,:EDm om1Rh3)/]{?h}g8crJ / fvv%On-X5فUU087jRO^b-`oMLF@woJ/P`:@'i;oG'{͉Oʘ,}ton CX%Hƭ׳ϐnow? 1Ut?{w!'9X@^RCd ޳nh+/u`+qmj1!7%&Hݐ.ͧH+;z`DD*2d&Ti  Q7AM#WLkm)qR!b&G)߄d#0rf"37c?ou-;ot?Ż3LoD*66p_p]$j N+Tydυ, Z`P<{rm`(t޲oa/)~ 2-kk*?dהOeW l^ *Bd;: *#_ޏ$'$W : {J/ME i>?}`0" MJygUV-ͿpYRZ \<Ҡt)\vqL$vqi1>Z[tdji97谖c*BstH:q_/Uyͧp6Ng'/yH7EkTUWi_1R&KiP H poPT91[w/+f׼~G'SGe}Q]P ~sh[߸R:Inwsc0';oqvsjtQ, xCK߮|ͩX(}xu-lWZm I U2~p@e;$k*qIo!ͥL(<9Bƅƹy_C< * W!wQɛ;L+ECY Pym t^ 3+9X a[$^hTY h@(Sk\%;/PژWA?J ϒZsvx6&lW["LHFO6lQtVcm3.Q+JTe͵]Vxm:s&K*(QYJѻG^cֽ7їNLGS>Z. 2XogSR'8D/eKwZV8vtI.96.&m2#CcNr4,\4Ho `9tFϠ^o  A!qy~}H۵σt(4Rũy*PAOK$En;c3=f\"ĞWOK$O?z8ES1r,D=:GH:¥u<dfVU_9vԠTA oI:\ucS1nJWQ=g?UCvd>Hxns,=M(4'_% : TC7T}voH_] HYXځQ=.' 'f}p2VNr]#?0Lܵ9YK%HWZ6X Fԙ33!*w^!{!ڬmYB@XcH$Qv-?Үhpgщ| ؀~cd\gekӛ(byL Lf?72J}Ie&95DtIHUj0:`sV{ n?`Cm&rà &VΑ;Y`cLUC@F~ՖEKwѺ) UfzS[&?ueߜއUZFK[k(BӉ:&U@jf]B #'ыol-WoPn#\70tŒ& -JN~0M rU@OE$A$D+11R!ߵ#q"|BNǥˈJ0/:oCZ3Q kZ^2+rk z 5=ך hC0IͭF^q7pE#i c>q2&lP&Bp=ڄ+ /}G/pGko.wO Z5(3{ 7Fe0XV%:b+4TfbM7dl00>$vE֎+fcLeþ Vi!1kWDUr:h߯&{n}_M+X8'.]6a;L}oƲP3^# =_esLɖ9)l WЧ~[M^jdzTC/ T.=YV2`*Sȯ 6ɘ #3K*7at 7#h8 6= eEލ r9R@$-OVDry`w'Lȕ{Qۋp!;[\Ec$uA޼JҊ?`;hIU/c`{f3VJV9t8:hsFdHZLkq֐}ߨQu@8)Q`MJ 8 8RsUM udL-FRn,=sesH%xhgczT{-D#Q?N`bϳrW: śHx^уXq(t|.;_qQ 1Q挒|yiI.7kD'%.sЀm?FKPS/F: |UX409f[Yc9l*5 PgЈJYXB/9 vt% 9.Xa"SۼcG2Xyw6'Ea"}MVo!öXuNc\{.Pp\+PXQN `dlQfat85c>Uܤ=!탄ς:,iJ9 :hVc%ޖK~G^rˎ6ɢږEՔM qM3tijUfȇ'B7%JN蜡89c QҲ0/\5T!zx^GcwKlOͼx- @*%oQfz&n,Ecݘw [GlB~3,qxC)o(sTB ZTZ},nP;J5GZCNS\3qoJBQR&%rV}KMpzfk x".+ǿHTt@{F#KeFpPH0؂|v^Jlw6wU5Ң@@8 ܩLÃؾ F.o&>ݪ_bhYC0Ø?f"O̯Nbst(- &o ĤcPq#jS1+F([2rA4%~/zTFȽTpI_"; OJ9S`T3ꮎ`Q|hR`jBmc=d4ozn֛Z o)DqG |)v\'BNN;hA6^¿v ;6=8l0hɁWYm`0pBg|(pӕW)%aApǠS҈Փ p*Q6xp|JFd/fg:[MD Pz:{"x @_!jE M],都(cXuzOHҋ:`tjјN]I=ɁCS[̳<0≷RwT4̖= unA9BU}"U.;*~v"[NF/{# WuF>2(+&-<׵WįHy^P[Dy­D|9x۽'[{5EAba!J(ZhàP„ƃCIlaN]<Ǚg%V?`]7wpCq}; 0ĠX1~Vh*kLO1GKtD{QP>%[侙u 4\=愿! $:vkյ oBb~' 6^ѬwJ܀LPn<Ë7:䒹@MZ >eO6xR?ǭ:͔KuR\?Lb.: !]Pޭr:ORˆ. n~ M°OԠ!待9iX_P@=yl)݁)Jj2`D1A'z&9Wlk\lʢxi4/5t#~g YuLYPȲF`H0ު'/it1tu܆QJ~4UB|-29Q1MDHlJvhn?RAMOݔh֋ 7$&2!@vя#H,; ?{9,Wc = Z(RCdln t̥;mTڣs v`l;}~XqlID*9ș>vZф`v%t&'&@*˶_$ ~?D6)/5PYѩ㴍ۤ_j$#S_q|E&:p%Bor{ƍܐZT!xfk[$CWoѓo8%VżΛpSvNfP_!8.vNDBt60%ܗ¶k SzEpOpr s7;7Knwcg [=]j.:XgS2r~Vp9 Z맦Iu,>P!2EC5*6FǾZ Y0 =Y(D(JiqX6r"{E+*'rK,Ptvd_8dzVzWY}ME'38ur04hD"#J&-G9^B=] ya|Z* IY;''Ɯ-ˑaރK0_;Lj%vW1sp -D"F&6*' "D2&vvo4eshOq}P}fTd7 8 lFp9=Hj𚣪wN*(zU:֍z^mt⑈aT0*n(cוO#˯}$"R-/wdJS&+%H20BCh$eN7(8H]*}A9~y"xV7sD"+]-;*Uk6UIS?w7y^?j] 2܌b\{{tSgk{"*Ec,?|hfAjgxUivΜ6fRO{+QkPVQ, x=(rk:i 3WzjDo/+hڰn6_:clfQrrڲ~xF}/%%@]@&?@N0 ~en?]:DV)F/+$!c9ĶB5G|F05+&h|]Q_}?KRb t`ED˵[ HZOdf&7ŃqSt!#פ2;hR˪Dn*/ ՊWMӏ1ת :I4LmpN`/2P}Sw\mzP@԰i {Mu$3' zҶ4x{;iWpXFǥP Daڊrߛ\ϟAծ{-Dۤ],p풭$g¼YP&N<(qU_kݍ9nQH ?L($ Y*ZI. D$$o)4+V1.;6qEr8Wo};j˚kC4Z[^ȺkO Iܺ/W'V/24Rxg.'y`P,7mAJʈ/!m{zڕQ? ײb#&wr7<~WcvC\ dAޡuHK56߻]ͻR7 Rj6YYJzx񂖃mt5ZsJ+1G=_R'|^ :0Ţp+)M-/'ӖJq{r0׭3:*S}B.\yhJTu :(gpZv0Yo"$ v Sέ=ER 9 =)0XIxʨBwlSCl46e|9cQCN5)dP%vC4Mի +%VsGۂ]N3ng!IGMK6 9OX^-M.thco Ӥ|qMQ,4Rg2+HCl1? EB697MeP5L/XJ-:&QGT^|'f f|l$5`} PCdd׷ vH'` 'SrC0ިKҠ4_*dFMцUAj\] F߉*עrS`A<ӿ Hlkir-.1jqs'$xER=uy#[rq>K.K y|5*AqԺ<u snY #u7jn|S )Ya&ećjR۽7Ҙ@33 hvJ,K#I1CEo9D>$'Z[ER1[{n0KLhH[ׄN=ˆ?0dI/w:,ljי9R*ApLy><£AT;'2n9h\nup}YCu%#W pj$Z2u"'IXX]ۨM1-(|J,kŁMxtqƌ̳qqѾ+y<̃rA:Ekflc$T̑X羷v\$-Ke2`U}@ZxKK <㢃CSYq$m٭B_Ͽacc7ȰT{Hr^x{ ]Ҕp+\3?Ȯ>AEUdF>W޾.jD4,W8DZjVMV:$2~.|Gx,BE\4qJͲZxWTXvs`nV6n7~ʖ;X͎NJ*Ѷ^Na拜菡{i`BRS=xɨ`yS6u`Coѵ]o籛œsp'>ng&ФD?Оcs}T% ޕde61!!',T,i a=CL=,y5m(>WD{+0K (Jܜ:[jJL5J pSc'XH*\NFq-\?FB {m~>X܎Fil GP",#B’u02|4ȓ{GwwYѿj{ UnD鈄7s>u=}y4VKlcQ^?ZOVGGP#Ffg(~9Υ xiwh-֪&?leqW(+N1g X-4,YEe5jbkZЕPn-'Rv2Q1ރ)Es|,pO] 0ϳd#d_ΘÒ)$nܵrzhnuFu#G Һroor9I/^3v$gM i oE{ 5űY HҼbD0A\na9auJ! Q)#Y1:Xg%ʱ:!S?>3Xn>e"pGJ9lM=],a/+K|vcj2Hߗp5_$'6QTV׫gɝ K%78hHTwI,$h7V+J[LZ +NG%=+"޶0%1A w4D L0~1w`oxC9n7wᵘb. CPlf.b3opS& ſĤRղ,5}١_׉szU60&hKuU pKZ~uӅ'Adu4n!91T &jqc9Ҍ2xhRwW(罅oyU8qm:Q= ܬ0Gɖ97بE@QЕKXI-,#vMlY uڼ9_3wmS:-T)=h?{p ƍ_ޓ;צ5T-t C6@N ͫ$Bi6?nVJ%! u Q' QӀg;)2a#(  T-kBS+a%ILwxaRٜ &HŤmȢ =.,FOʺE..'N`'ߧ&#r;<  ^ZHFժD8&u=l4E`tTQ`"=%_~Ay}+~2:}Ϩ:,йhhr$9'D^:5Gbޏ|Ӝ6X2"J0`M+t9H&sFΦti3WdƆ,fD'jd ?QT|1Д>Q>pXX9R HRaiFS)I`uCte1aN_wC=HLh<[N]y -= m<\ZMZS.&q?nN *)mTfl3o&ߣ\ {@,@"jk-Un2{V2C*"S"!Pnr10:܂OjE޼71 ҃ȼQ|-x2Af0ԋڍYc~̊%^d"WaT$J P2M~BrwD<ư3-${L8(M5g&&vDU_.l97_) 4#꠯Ѝ&ù/꼻5e t"GVFnSf꓏P&pXgSiW/{V[v; 0geR,]BedaWK23:Xc^IcnM?X ̶8"WgI)-kLB9 ^0NϘ}_Kt3bH< b`N'+k >2O\Jp2l# %g8ҧ^VIդ`Cp׶یEMSmiCn iuhNYa )b ŝ7gEtKZk9K yE|ڗ^Bo6(@+g%H-0 }ۡhf2 ԏ W{;a3:R2D 9$+j(Kƴg?yE|mYafQn=5aaa r`p ]sg3^ÑQF>mz;9qTeU.޸Uڡo)-MG&6H#h?!#{~U=(AML=l|n]WfK#$FQ9irʾ3\MCe[sVN - /I7K2_*NmL0 Y^v{[Z'0-0>>Ll6ΪDƓC7fI-"V:6VJx A ;2 %iik3"O 4TfW%BU2 mVtO`-w` /)LA/RA.Xz0ϟq3k=FArSUλ DR 4ɸ1EY1e OP^Kkf_*Zx^M!C[ mDD39̰`Wx<<1Y$DW ȿ (hnOzzFz4oU\ r@DcX)TtҡqhK j/Ack9ET;C;Fҏ{Iy3/=]I'^awO="qM3|IŒ$ s@ƭTA?Mz9b> Q"؂nw;F`'C%:2EZߐ5. )J9q.!I}lBR=.|V׺z%hݕ}ou%ػ%Է'FAvFcKCDȠ6{DWcULI[}L7? 2څtCZZ2KLn*pOA#sx?#jNt\O h[)n'icL04D0gzZ5g­r&kcwW_*kQB`< =as9 lg3x kk畦DHgNd$Ck_MqFdhDfWh"kkݾ,<#nzHEr,(w@>ў6ˀ\JICw*Nk\@ao؝9x.h9b5'=$NE1Qo+_RYc'丸)!//*<4]l3JFTY1tsH3"dPbJct [6Iȑ,©h)&쫉ki C8LjDFg+)V'N{> ;l N}ʠ$%S9LY4hPWnB |_h$qWtM3u'q͝S(&CgWƕc$|"r `o]KNI r, .*ERa wr \c*eִ@D z  4C;|.T.gD5\(6t(}8 cUh4oЦ_KSq\-<܈03eIjQM{@a6S$}GѹK seƒ/+^lV@ <it2m !&V.DRpy:/m_œ&URJ/T0XM~(ѰW"2C'|Q9_*v@xb/x7qܫja,sD8/s]/W[\3lbD ;e3-ޤ!ais<"cͭ BГ%7obPۏ9_4I6EB4̎Kinz֢&Cwp;!hd/\ Ɗ $2P`|J^g1GM$$yXTJ3 X˱ҹ'4 9yP"Ů r+.Xbw0@a]|T;Wajޢ27gu_?n|e6a0FYK .{3 u1L ʔlC|{*O (bg\5pI+@bÁj2ց⋽4xNN >,Mxj;0\2w2T"JMIND>7 )Օ3Q%n0`q)xEL b/EyMDr  Kv ˘_{`e#~ P&_}s7U܏OHeY9z t1 YsY7a5:mJ Nq`*ѹ`uO"17C7gsѨ,x3 LuR(mܯ8~e*ucuBO|xQ B3(% n,ٚJ2+x'd;Iag'mރ(Kd 6[BpOڴ_n^3?-q)k%E}e"\ OGMLB%s]Zujf-G=6b)4w ԴjRiGÑ/`͂-nzs[WB!OU )ɿ><'A&Nρi3] v37G< MXjzCSNdh4syNcшusV6F0~7׌Վ"FE$)pҕ#?]YY!!n ɘy[U2>q!%ohHSC5 ͍m,(cmm6QFo'2g\e9\}?R+5tDnv;0hLbS(""rP[3Kzwtt`TEw"4 |jpd& oЕ) ,ir0u8~bg{OsLGO]mgJNAk1fֲg!\ >3G'q"A9Р3$bpUOq*@?rV&S2Rz\Z#iiye2^@=i{O^UQU4Z:Eno=ED=Z{DJvs0Ɲ)lUŶUn,O7zg&mOxI WC"6cnT^8R`¡ɿ(-v`똰 g5)Y .=X]-ƂZKHF-A7vsԽBԬ%), 9}hPnt=hIDk^KmMEv[5-ƂHޅbhWSqfd[Q]9M! h>⨀鵝ƪ!fs8+Ӯ-)}AY \ f <r CKз wjzsGJkrBp){$5@ (. T|\1'3famg"Bv9ta}xBX x~p-iSELc~K]a4-HcA[O`S:bgkd:A9^(m9W0c %1RDǗk܇V&v€ڻD%j$Œ0.t-DFS& ۚnX |p 204oj(Q,22^zE* !훼L3*h/΃Ϙ!zrBKAj6GIճ-60 I vZrziaN YA ؀vӤld~3J&ʤ8uQ"UJyEarPQtOq,Q/$W !UzRL=,Bmd63=/!uO 3ᘁ-^{h8Jn*-2lzWXkz$؛ͯ5x(aqW)5w̓ݿufFDSnS9Fx(2aJ _#hkdBC1Q'K` G!hCwax }m,OhQm`oKTnٓe,PE s]1mOl&ܔ͢_I?v! 4,dv&lLR8 LA*";>etHZptg ^ӣ27)IJJuzyn\+5$1pG/(/zc:8Z4nGm HܜHU# e"q;rCݢۋfPE2UYR ̾}GQ%Ƞz5N^v[w\su|wadx)'~$ysސDS"\|H] f>`esĢ5 ؋b@3sO7> .4;SٗwWp#->luCIBԫΨş†SxjV VpN+EcwN-wT,h B8iǯ73 K-A\`jOQ5` c9s0xo1Q?c -?V|i$`q*TÕc.i@(3:GPR"n Lf`뱰kK@&ɑ"w=~9P>VĆɅQ=zlSԑwz  OϸM9qN;Rx8@ 77{m s`;#.\*$xqS>,MގmZ?Hkyg6\+z+7{^.BhХµ~|F[D/Sb׷4q_ _<SnAUZHXv85>a>x3- ` ~vPFgLĒvZ;*(5cyA_mʹx/ja5&_g ρ'Χ(=9 @c|P}g;~+Ò*)1pj0@/epB[YrP !׋C!ʼnkZj`d+j2S+FNW&YS??&` W?iOF왎 TU ϰ!)^؈Z.+cnJWE #߲ bqpnrQ熲cE!]jSALc^Lɿrܰ|9w4ɎĸXfE-n*E–%[݋FG ҳ9vUoOa dT(YGLY2ĽvF6Т$77 XTHqҬL0x/ @M0''mfɝK^g%PMKCkF'o@l]/bZsЬ)Mn;ҢcTB ~ 2[6őSO{Qы|#|3, &c.Pq\_ !S12ᎮEd"U3П8,G:aJ/ RnpnBN}g:P[yQؙ Ssᖂ>aRn#d2 DL9|@Yƈ6t~2)E|>,g:rJECy3\k:Q,-@H2ǀ飵~KJ˾ /f' XT.o2 aG48e  jċ:+E9tnmK ȯ3Nx_BoD"4 cLt_ny*50aTMtLG& B!q\H}S-+,h[#NxL bIݓݷCPjb]1?}dfeC~$w{uJp<î\݀ڲLd3j6옃{Ek(9Q/ NuƕBOAoJ9՝zLcL9Pjy`JeM+ebw)Ģ҆}>nEk~tA1AKR=Sy4-7 2kb= MnUVm2mG55KSj(or}rhO[9;L.=ۍ' RUNmłGC-E # \X $Bu;b\IXYHP1qڼk/%Y01D;: E hio]jg3{$2$[;z+_ ࡺz0tW80s%u$e6A,2+^!@Cvp}( jTp֪ X 9y"ut?[DڍJuA9xmnT;C@{MNcGQNoJhz \#O:XigE3}jRp {B?1pp&u22=΋2k# aok`Oy .6`ȞDF͢+|C{)!6uܐ|f,Eqs4R,Ogଔ*r?iqrbt7#;0)<".5?)qj2̈́q t6!5PR/) Gt?7cëcl.$U/UR=cG?T]Ysq}~Z*Iō b.\%Y"$ޒJKxB27op[<~@wj"AQ$@*7lLŘn0F?Ʌ@:DyE l{y\vUT g?4G C #ftBV3҉ hl;BҟV`"۩/`+W d꧐w(lU2k~6 u~k "A(b6csgvŮᾖga7hlOnh!щÄm;z8pBҊ4lNKצe;A=XюOPЬ}PQ66~P'Maq #V1K\ r$(E\wwe5Z+Wm{ȃ``@K- MGxqs|iOcP:Q.$| LL ~-l5r98aQh1hSlLNEn?0W~Tt֍y6jf>"|x?lZNGpc2 vA mFR,Mc"s , lWAԕ }V)FH X 2Bd0 :uN]}^*,#}FeW4 bik+iRBNKonwŘuMݡ4ΣD oOqೌ(=RJ9WxMJ&ʔjF֜CW|zIrWc 6~DVG3őf2Dz>pq*?3q ?#F<RT l?ZүYU&-%]"FZ)iTN(ɘ́xBbYr,7bk6VQv2+S`>0T{,mXVc7YA$נ 'v0F64ʍ<{ZuTZTI{ GFu-Snď8Ə\U +]oHsڑwwlҊ! w*KhCrZXW,~x>SkhO.a9zG0Pm&[*cBc=W>Ь3wٛ U61$!Ge2k..nwxeV?w%_XAK> @Ӷa4:J.9tI  py"DNZG;E_/c}z|c^|v7ݘkflB9WWGB@3A_(fFG ֝3ʧx# uQJ; ZKsU[LOB߶I|!ǹfTsӽx̏m\tUNT@w },dB'>wZ-58qi%PLm0>AU" U(ڿ!Ц"'[Mb1$B~Y9O{7|̯2m(q;l\ck5 Uޭy8E, 'h:@K@yzhQY 4ai4\nu1`~P؇G8HD_;CP1t.s![] XBjPpaRqZ,&$I~ntr؅|"Ȉ\V<ՠZQoIGqPidO)Bnp>4?烥=@~?@يI8\Ȝ>24drOPy^8C^MHfa;؋.O"/@S>"eH:/h2Ԏ yZANoߊ$[yB14j7|Έ զC 5PrB3$z. H(Mv#Vcf(9`5u i57@:wq`Rd_e{K1sj'묃UK]g+XE<mY)iBYϠ;1xcD& ao Qf[5\8jdx)쳙*2dݎhs̞C w33 >r-i}mpq)~L[e:(-[jHSg *0'0w=LwуQ%P2ZdÅ<%BT iDɗ,Im1cyBQ9'R(d7qg.P`rF\Q~ŧ<\ǵP4eBhYrN 'V\NCfLP`G2l<}ʞw[dSZU(u jwijhgD_FHAp)\WǕ1~V:%]lVc/ <\)}kCN"JD%^o❏߉G:qTj§yoSd!eAև{l!Xc9 DddG]?.㮩{Wox-DAozBБh t>tGFɞeVsF岨FPx*jNBZ,fUʏqHQbezw/̍`2qK BAJGN//w%|샄2-ʛWo fSKqU*HM_4=km)OŶ,e,ů;(htL?ܺyRҢ8pC4ڈjfF8c`O*PI3aM\pBrߣ&?ܔ͛!'x  b1@2ԧ^( VWh u3{5ȥ ZXe24 9G螀\x'KGEp^6ܧQfnGXW3%@1ѕgv2&T%Fщ aYPĭ {%{aeSpo:R慎J<dzC 2tV2ਈ/޹POX: 2ęf"p(${!B3` Uqu]lӓlIsϣB-UP*uz|v|r>yR_dU_KslQ YdeHpsuP1}~|H7gIc3bшѿ7ּl-A3I6?[NXMdxGU]BXk7RMӢ p)\n_{b{5_IRypu̺0-}dRfosAh6QW Cl9y)/@aAnUVTdҐ;@:,|z2RKB `lh-D7S|?Fn! e\|Ip!+uF Sp״;dz@.Bbq3dO60v<6Ӎ'1Jf/O$8tFt~w8R8%o6= E~n} !e~Q[J=yw8+}Ip@8{:kcZ'veL(Q Y C 5Lb )jߒpC僅S*|LݷAF? &`GLܬL,p\]ƀ\\:gi|S~a=*D我P2%:CUe4²м0 [J0؍=,ØݾF)h@zdclsS-E?fI᝿t"W݋ec$_@h۝Gprf=KC0i=>2L!VNndfbN vN`R줏Z-j nω2.*wU/:Hitp̧JH ưP?StxZT_?)ϛ?"InAӶ{.^FVy|+\,>lΤ&i3V\p@$} (Kwi w>wc1&[Ou`H|(9QuJ`ZZ- s>k7=γWI?#,J.d˯2xLW)_-9:iv4QW2R4;P Nh1|!Bf0w<9fPHJ%,#$@<ϯ̤ X+$Akw&V~#StrġhfHu:hI_r]{{K,i>!#yllQG&}QmU#_HG38p|v ʜY,&ܘ̩خ!:h)JcD*_(=a8{rq`iQX ,nVq2v5 D4I ӀԒ0Q (MzQ\.SFXQ:T0+UBJO 5:%dҿ۔8 Pһ0DvD4 MCqcXM K|f*x; )݅1[JZam>Gцz;}],i2QISTjD Z vb4- bH{}mcpM˼ c5_RJ yndFMg{8͂y<YL>*"K,p4Ūd?z6#;mDls\eAĉ4Лa8byӭ-p463"Slj*gH.vM,"%7˞W(DDlK7ZG ^@z)|@5t*R]f l@b_4Y?d:wLcmc3}FQ鿭MU~y!LѝU&V^ݝX1L i<հ=ssFT?+lcsC7;f%bϜ\ < "]QC1FqZ )җ:N@?]Bm nLQ#haU>AqNTt|&=@F?EϾ|_/a1 #s9z)󭋦64UR1 X˭:e3ASŞ`~ μdqK:p{ĥoyZ)FpO?4J8[U MkF7Sv;|'itoDV^ؕ-*C=uG41?}1I_!fcbHyO!"]XBt\ud_oZݠ;A%`\ s̲%]Bܬ6q5q;JxsQGCT7މGX&aYa=LMz$ey ?EiÑk&&5/sm#,p;:#Cs"GlPL<;t%\ٌtj[\xDr 8G'o}IWu~/a{9OA|rјoQ~ H?G.+|qִRNwWS79>ejZO$WwǜWAvux ޟ-nt͜L{z1 ~4ʶD~Z2YHz-[ *]]=IyI=Ha1> K?j** gy))d y@CbշżLD8ιYc EkHv*:AGAgIQA3jFoL m:F__9Xjؐ7uܬJ=VWq~T=qMwX*c(k6TFNv~Bb]U0.QPAGQ7Tp,b~7gnyƬ\;rEHrLW9Ň %iaOPGc$˙2Z+f됅:CadBr0^Qʙ!A$u tqRۨE5z+Im9S 7tkbUl+7KR1;$\"n3aKmizLӻh tRVm'Q}[[[~ET#pMX7dO?-+1 .Ll"׼Y>'{&`xǵͩSiFm ;7s99C(tଙ) AԵ!N۔I,BJ+Ek(,"C>RaǓ6m &E ƖS<A,SE[z 6j'nZ naZ56sXA30t٨x 7 sñ#n,:wQ1e?{굜ACFj R/<Ń!=_Qc!Uarg-,O{aץ17tel+8? \/7L<рY:_lN̝}Gy.g ? cIoߪ<ҒΝ'n"Yk @E )EP^~jؒup+S#-DI~FCZleA CTXC7E0O0$#Kux $ dx, [g+=%spSϜ?T2\5 9\1ER/^ps ,ܲ=[koGh|D ?,$68 5ʡI?Kry+<'HxPm3͝A~Ty_F-d:,$FC?/φ9?eįqR=,$21#Ojcܰ'b{7[CPDX5y ZcA5#wi*E=Ҥ8^Q-Hqq^\ig0svQc;? t?`G mĬ%{[0b|԰xc"vW]C+Zɠ69-i~'R|zw:R"R^3k8S\ ;u~L"_}/BZUuQBaH4~8N^݌Μ܂s}s`W4/Qg]k4liN{ a͡Z0 Qɛhb'g9S;ql/_d_+QDÍ6`z珅¦ =_n@Q& DŽr%ua /Ğw&;+SɔB'Rts3 PgȈO%<0߄6]{Eo.|@t3D tÖkB5clWCK`H3=ӑ%K '(ꃂJ&oS%C8?g A:=֗G ֔(P6̯BU4\BbR@G3|4s86+N\yl]ZիүQ:(B <f2mfGI7ELRe%ABG6m>odaynD&ި쫏Mc$#CLSYA5 ׍Gj'1|78,-u~k: άe:7&Y}CS,` PXdRbeY쌍{IL) naO?$A9'z~;˞l΋cL,?ϲpk5ԙ˧ؾ0UPoK}_SI S j}HIqNg[jp[Iͻ @gA4EAHQÝbj!|?eYT[lkzr&y.c -G=cH@``$ b]єwnS=?R'>j Fᦸy=C,Htv%w!"YK9oqlYvE}Rz q>ԬЙ4> v݀6([c& fu›^ΌÀV^5NQt,nu:H%`a;[5&L=[HEֽp QCͶKL@=x2MhtmfڎL r1;@ϠQR[!R0i(TY 0Z ժXq0|5r q6zQ*f/iL{9hs~f@m]wB ۬cGitߵtEjF4QЛU4@`i 4Q8Kzu&vS^\żm^dLtDl$snE_7~M빂Ʈ{Ӑx?-'/QA'vEiIefLg&[A9*tAٰנO;-/y5^h>]WrW3\X既H|%lo bbb`GA̠*rZgpT#X:H9L%P3yG$gvN?,Fϻ!YuC#:OƾYuN<}iNP~w#@ bIBH9dWQZ #mf^ҝ{YBl"Wn#!عV}yN&T(hBw qSM}AjXIJ<ЧQK۳5r̼w辱"#dFΤ{EH^k@5׀zְs=Hc2]K<($~ Cnkpl.lTҚ#FR$v{2ere'0m),ԁebUިR8er{(%=٪@iMu@ʓӉ/bg\y::6H®,h![|Zogwh^dT6/Q^?G)lF16 lE6:M(S&n^XLⱶk`}i\햨Sy-F; 6?/cn~bWD zO .=8`E%䱘-#t0V| WTQwKw77n -m :*$ ^d|;`f;S"dqw-((k Xh '2)=njL鳢΋%,풨&HnRN^:WN8%}cLi 'm!Xv|m -kMΌί*r~RlafV+$D@ȅZr$VѠ˙,Ա@\c5dW9(:} (Fy(A+C?|9n+j(쿛qB)%šjhБC'1n6pl +{,k(S2.2oǮ 6"uFa!񘳤Qk.py 9! Pb,"pI咋=C { )]E#s;d\iQjFϳ:DF= cu1%zT[*Lkﵤq3/m Oį6[ֵ$%Qhąb@s|+gGMLj/ӭC~rOX!X%F3"~L,_bҎQlA6zKA nw>yaE\&-ͣ͋No7vUkjG@;KKՒ_3p뻽8݌y)ah" G ` Z xMa%ΡD Fl<2@ s̩BZʩE"5o# H"Idr^4UfpKt)`8c ~p.*cLVv[%rOvF"Z,E bƅ#B%?|Cy I5FlT/ :0S xɛ-<"CuuҎS9ou5u*G9bRt2"M_ur ! imfawA@8+YpMLYD9cqhe \k$~"JQ´I 9 uɚ,B lRe@ڗYz9 p6$ pO-I zpx`ݮ*Yƛ苵gG h6+EZOyn S: Jg"m.:LJu=hX.2rk &Xa%U 0~,vTi()C`_]jJ!Š}a\J/Z\*%7pNC#ZkM0B**;vv֠;Z,hG`|Ѿ!R\-7i cr> : =pTq3O7鍂9󆉳׆1XƑ>H٦֧{UQA=ZQ4q!;g2 !QouO 0*BB5G-fY4?w re+xI0Їf=ZcZI0Uw^?P,kJ#fN^G[(aƝۄq쓸m6h֭le|Y>V$n  -uQbCݱ*Е~n*iK$WtzRtLJlG(olԭ<xW?5D[SwJzHn(Ppm}(Cy4֕UkAX-&x(%ZP$lt] !DTk3~ iDM)~1UA3 $G.#T/wM˲d{@.c!q]e Wb&.쁞‚&_a0⑷#|Utt# 05QgeFr4yZ0kQmgh,ם^`=EY-30y⪸2V˫9OY8ZHAze&晾'ݒH.Ttt 1th琘j#sY08nD23kO iē_]s5nx.:A)6ɒGob~($QAބQx 7M&FWLp:eFܵ>~>1SKN,קYJȵ ~|;?NDJV d2Λ,ɞ6!@o1c {(C\jeIX>ΰ@6|H&82Yړǧ/ڗr)gWSr,1eV­[#Tt~U77-Ne*Jڵ{a=Q*:v҈v:Ѫ\ڄqEt]SQBNr ZJ.dQr 5(}˶p_8`e>9"15wCDBp2F!;A֬ su:CEn_8{$#X$w4 XbQ]ٜK*ا#7FqI U["xXG 81X_Ąv!-W.^|d{msgV*;`  28<5 Ra[ c jV7eau{z=)ϧzjxG;M_f(oJ{X1#3::_UĵVq+?~QuڋIXáen;vbݑyGD# !FN{/n8|ΤJcsknijܽCZKtnTd$8m"fwYhҧMaR95`+"+IA:r| b.7 AmnX asUmN;)zHH h v|؁GkXr}H%c: la/(h!..EC hfIJ6OqCHf6 F3 T?|.&.e׳<7O [+Z(5і"W> 7lߚD'׏oo)MʼnM qT[37nJnG,>"TyqucgWAS"+xWD)\]9ݎI(X}H'V!`SF"q+ +e>?HBDEIϑA!-L?KZ qш-6@ָY"agw?cѽ"o9audm~oUS=x-`+HsWőR.hA|pwW؋^1 C 7M7e!SO x}Pa&t),8L1dՖH|X I0-"B,VEi'D+ Db _Df: zׄ"(b ^j]_4%Zp?~1&oWGeC/ xjOHqgaCƢꪪv4j3>b' ceMrY).кNmJr*U$j / ag2od `{kOāADM5+$eXRȒjR,x`jDb=w~ Z xIy*9;<Qbo(blk YRNG7˜AzT3vjIBe!v7]ZambYsTd# X e]/ CQٜ`"wn4C"yDFoixUʀ>АB)c;~ #_s>n~#C)eM6cUWj%YED }?`zA-B,M#Azdl! ȼ+^+R_z 1WW.{6*G18mK]q(ZNNUV 䫎$"!  8B(6@TM"Be}xŏr+fOv=;6Vgv 7g- g>+/\ASe K\+Xg9|Z VP ^'CO蟞pz|3+@&0v4e i>9g ?p~ԐmFP l,ʐjsԄ8 _rGipR6XabJA&PkrH?'ag1"*-HVȯVw|ݎTkNhdfҡ$MqI;4WMwy4?P C%m9\|͕9>Oo(0%w67Y}"hIAF%ݜ b÷8cLŁ.B/l*I%xY"`%aBb tuIQF&j*gO$H 8a=;$4Y/-.@ DoP<?%.>ymLebBqޱ2r?[n,*i#{cn4mpɂjN쇂V/#j`8N,myw",TJSnĮՌ)"|{їu5cQ5bυOYSnhcwlaZ69MALuo"} J/;^%!oQ;L;V| L, NĥhA hsG3v{Tcfm_]339QcjmF\,.恻.\f ͧ"u?gjV<5{*~VC#O⣨6w9CfԌa@8 h:3u~ښv{'hw5K4"{fǴ55",@v1zAP`G!D㐐u x# `~2$$X\ 2z6ЭVLJ'D^f1[(xY3$ȅSL2aQ#lUWmQ-Ō@?ѡGBpYg\PV.jHԆg@5NI0w{\ġ2ZY=) 23XZ _Xc-R j5ÿ:UZ6om.83״6un@˶5e3xOC`wl @xw 8gWEG;mJwnh.qƻqz sbRg[iоǓ't!z̈́]ZEW`kp`[l }jq  v?T5 [@m+YW]8=Zqmkr 2Frb0mbCc .3Ɵ%5XɄCy'whVO#|m0J. Xݜ'+4S  p-TŁ;hg a)\vI]/$lBUl^?b/0g[-Mu*VZInuħ)0axI. dI<_IԽ;sgûQ֡Y\]V5Ri"bgg# g\NáW˧92Lѝ;G'⻑"8Y XE07 =-?#](4vֿi#4y pijb4P9F~+bgs隩9a{-wpJ)W;Rs=(Qe{HYqHINmY"Ouj LC0~87؏Ep;1)_ʏt%B4s4~O-@u ~ -5~. e \rW)^DUaeOcTW`=D%Nl5BeIhYE4 ҊuY9H5/AӱOЈWYFhV?ZJTLYo wM;bu f#@v`&aivnVa<+Lb^p.)@ls9n'DeqPbbǮےPeV'SO"'ҺM>o@l1.Ԙ)",4,k#8/ś pwmq.e‹*U^սZa2dnܤwa\bty2cэ>oZ \u_R*131sȲ,*Զu23H\Q~:ubL$e~((ҥ)͎ Ec$jTϏQG#c\ 0*R$:aHYtnTvy *ۘћ2DCؕup*xǝ cs:@*W2}:$A<+E@iNdcQ4PPJǤb$QS{;v^Po\/C'@6'"ҕjWVcrF|yPSpv7s:ʺUrY ˊB{n 17:]_߭V+rd-{[_R;2R]~>8V+8Ye5 Ck, ds20(o"{C/E4QbB(d7F._$lD}s^9U&]eHp/AxE !'jBQ7šXNb{Ǜj=e߼vɬ/[|-#97IcKQY]LĶhp 3olePE(V }] ZdΚ8bhUꩠ~N!p&B㹸 :09j;9nq${)'/og}m*  5QZlÉE +uQKG<5=;^wIl]H]"rL)DBS_yo1}k۲0~X? k̩!DPl2M"8(ju2:] I d*VzkhrBNzOxI=ߵs{r$W!(.Xޝ]d\i=(G)Ռ[szZPRFсkF3k;?rD07?Δ_BE%=UL6/iujdU"д2bX5H ;`O\?p,[.)|8MK G" NoL,J:Hk;<ыn(-?%SW&̩i %2Ĉ HAUD9=6~_!|aλbqZE$>1ğ>Xpּ.*TH>H Y/EޒR'.FsUe ɹWeO%Vl;xrC V+͟'yJ;c:e%=ev(,][a|BߢrQw}v{rR^@a`rր\Ο'~٦hK𾔑d^RwBy)@W4.ȳH;LZ}lo,>h9I`coLhGP=ؽWrprC1Em)͚K8M,wZRTuomAf)שr2ohd3F9#,n|5Je^b$Kd.ޱbӆ_ූu 1ɡxMbilej%&4NWF]&'8 L1r3^ե7Uz.YIE 2&r$yIP? S$=A˨-|ݱ0->,? Z65 @((] ]3_ޠDP=I #|x.*yj_*(HMYDTQHcu@c=j@<Mob4[ec$'SSaHȾ9S45^G{ƌ9-ˊ؆L.cfEwE*,NcB::-G THKQv +Fi[T՝_Bmg5ߢpC"xA`HH|m7}Ht_/;9sJr{oGGLs*Qi`FnݨMPhg5n֔SR_`K(ZXO̔;!\MUJ8Ck[ۇj?Z}?]GK<7 %K<+zio=h4Q?Eҧһ>.~4e@ܝØBuϓ_[4AFD4Qn$Cҙ}.> ^$U_jrxlQg?Rz.HQY[6g` ƶb/߈Zix\92ѱ@%1$-*8m>0qqa&e֠Չo h|qj#4-lfv,{lyA __l߇z{pJؕg᪐@Am~V)-@Wk_)L|CHRʯC&, H^QB4JDW:XśX#i1ˁyN ɫf|vPO_0/Rܝg$P078AtG NX_:{%<^1aGt ߾<1ahɱi2/Uh9q0Md0rP}uXӷqEJTJi2.L{Sr @%F<|S_x/լWH60;`3pkt,<1ʨyd-uϙLn= qf˔Em)A?_F֍胅7 PU :_l\'Gx-"9WSL۳d׋Ia 0+"`6}P -c%}φKNNjݲM3ywm3StJ«zK &s~YY*JP*kCO_I٪瀮z6/`32Q&К8'Ɲmq~;eňyD.be, 7-\oM68+TQ תrk@H|-^F~9O9]Ӊɋ°}ѽ4|~PM$gD&0U^7L^%-Ľ@Lp;Q.c# M#/ lTl ='iQ{W:Rl@CF/R>xJ 6@r 뺿ٌ;8Z OQK`=vkM"T0PO/sWl̜%]S2`Fü:.ay_AeM[)א#\8؄f!х :H0$:&rY]IWI(ؠF$ ;| YZ