libsamba-errors0-4.7.10+git.124.8d97fe90926-lp150.3.9.1 4>$  Ap[/=„AP7u4-ir;/V\&4f$Ne4?*>EG[x1LuRhK"6XxiLSeru=f;MWX^SB}5( 5?^XI߸{S-y qx걛!!zRV&;㶵[ނq aEw1wmZuS-LP|u딍EQTE~lS>> Fe152bf70a98f5ce565b3312a6e6c3990f2c095a9e90280b504ce6e3f2f55559c7df8b1f2ac43906ebb846547e75ea1a0487a2b24[/=„[\y8L3:8gn( {=҈~®TZ!RoJf(Ra_A< Ѕ3<0\p;(+4f-!I^Jw1"S5b߽)ɫ4 af?6ju$Z?Q|\ ft.ώYMa^cj̋(`O@k5+K+\,IZj%{|, ]L@rYwg:CgR%c5 n{d>p@$?d. : X  (, . 0 4 u x|4 ` l (89:;>@FGHI X$Y4\]^bcRdefluvwxyzClibsamba-errors04.7.10+git.124.8d97fe90926lp150.3.9.1Samba errors handling libraryThis subpackage contains libraries to handle and translate NT error codes.[flamb03XopenSUSE Leap 15.0openSUSEGPL-3.0+http://bugs.opensuse.orgSystem/Librarieshttps://www.samba.org/linuxx86_64X[bdbd566b5f423ec6713e12cf9ff921575e560b9cb6356afbdb991c66c2a3602crootrootsamba-4.7.10+git.124.8d97fe90926-lp150.3.9.1.src.rpmlibsamba-errors.so.1()(64bit)libsamba-errors.so.1(SAMBA_ERRORS_1)(64bit)libsamba-errors0libsamba-errors0(x86-64)@@@@@    /sbin/ldconfig/sbin/ldconfiglibc.so.6()(64bit)libc.so.6(GLIBC_2.2.5)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1[;@[i[6@[5@[ @Z@Z@ZZ@ZZ}@Z'Z@ZOZ@Z ,@Z@YY@Yo@Yo@Yo@Y@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USaT5'@T5'@T3T12T->@T->@T%U@T$T!`T!`T@T@TSS<@SS@S@Sہ@Sہ@Sہ@S@S;@S.S@SSSS@S@SS8@S}SxSg}@ScSZN@SXSO@SM@SM@SG@SG@SG@SG@S:@S:@S5d@S2@S,)S L@SSSS@S@S(S @S S 4@S?S?S?SK@R@Rb@R@RRR@R@RRRRRURURURRR&R@RR=R=RʚRʚRʚRʚRʚRʚRSRR@RjRjRv@RG@RG@RRRRR RiRu@RpRW@RUE@RUE@REs@R:@R6R4OR2@R(r@R%@R!R7R@R@QQQ@QQQQޞ@Qޞ@Qޞ@Qֵ@QQo@QzQQɆ@Q@Q(@Q@Qzl@QdQAQ,Q+R@Q@QQQ@Q@QEQ@Q \Q \PP-P-P9@PPDP[P@PѬ@P @P @PPP}@P+P@PP@PBPBPPP@P@P*P6@Pd@PoPoPoPoP{@Pb@Pb@PWPWPQP,PPP H@P H@PP@OjOjOORORO Ọ@OȮOȮO]@O]@O OE@O!O@OOO@O OoOc+@OaO`@OKp@OB5O>A@Ovuid is invalid after a SMB session reauth; (bso#13351); + Durable Handles reconnect fails in a cluster when the cluster fs uses different device ids; (bso#13318); + cli_splice() doesn't correctly return written bytes as it's uninitialized in libsmbclient code; (bso#13511); + Threading support in talloc_tos() crashes when enabled; (bso#13505); + Incorrect talloc_stackframe handling in python ACL test code (make_simple_acl); (bso#13474); + Fail renaming file if that file has open streams; (bso#13451); + vfs_fruit: delete 0 byte size streams if AAPL is enabled; (bso#13441); + Creating missing remote databases during recovery can fail; (bso#13500); + CTDB_BROADCAST_VNNMAP should not be used; (bso#13499); + Fix building Samba with gcc 8.1; (bso#13437); + Uncaught exception at ldb_modules/password_hash.c:2241 during new domain provision; (bso#11573); + "net ads keytab add nfs" writes only one enctype with older kerberos libraries; (bso#13478); + VFS modules that implement pread/pwrite must also implement pread_send/pwrite_send; (bso#13425); + vfs_ceph is missing async fsync implementations; (bso#13412); + net ads keytab list fails with (smb_krb5_kt_open failed (Key table name malformed); (bso#13166); + s390 and s390 needs to run with 'use mmap = no' by default; (bso#10765);- Disable NTLMv1 auth if smb.conf doesn't allow it; (bsc#1095048); (bso#13360); (CVE-2018-1139); - ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes; (bsc#1095056); (bso#13374); (CVE-2018-1140); - Confidential attribute disclosure via substring search; (bsc#1095057); (bso#13434); (CVE-2018-10919); - smbc_urlencode helper function is a subject to buffer overflow; (bsc#1103411); (bso#13453); (CVE-2018-10858); - Fix NULL ptr dereference in DsCrackNames on a user without a SPN; (bsc#1103414); (bso#13552); (CVE-2018-10918);- Update to 4.7.8; (bsc#1099702); + s3: smbd: Generic fix for incorrect reporting of stream dos attributes on a directory; (bso#13380); + ceph: VFS: Add asynchronous fsync to ceph module, fake using synchronous call; (bso#13412); + s3: libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457); + python: Fix talloc frame use in make_simple_acl(); (bso#13474); + winbindd on the AD DC is slow for passdb queries; (bso#13430); + No Backtrace given by Samba's AD DC by default; (bso#13454); + winbindd doesn't recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Fix interaction between chown and SD flags; (bso#13432); + s4-heimdal: Fix the format-truncation errors; (bso#13437); + vfs_ceph: Add fake async pwrite/pread send/recv hooks; (bso#13425); + printing: Return the same error code as Windows does on upload failures; (bso#13395); + winbind: Improve child selection; (bso#13290); + winbind: Maintain a binding handle per domain and always go via wb_domain_request_send(); (bso#13292); + winbindd doesn't recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + Looking up the user using the UPN results in user name with the REALM instead of the DOMAIN; (bso#13369); + rpc_server: Init local_server_* in make_internal_rpc_pipe_socketpair; (bso#13370); + smbclient: Fix broken notify; (bso#13382); + libads: Fix the build --without-ads; (bso#13273); + winbindd: Don't split the rid for SID_NAME_DOMAIN sids in wb_lookupsids; (bso#13279); + winbindd: initialize type = SID_NAME_UNKNOWN in wb_lookupsids_single_done(); (bso#13280); + s4:rpc_server: Fix call_id truncation in dcesrv_find_fragmented_call(); (bso#13289); + A disconnecting winbind client can cause a problem in the winbind parent child communication; (bso#13290); + winbind: Use one queue for all domain children; (bso#13292); + Minimize the lifetime of winbindd_cli_state->{pw,gr}ent_state; (bso#13293); + winbind should avoid using fstrcpy(domain->dcname,...) on a char *; (bso#13294); + The winbind parent should find the dc of a foreign domain via the primary domain; (bso#13295); + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400); + Fix broken server side GENSEC_FEATURE_LDAP_STYLE handling (NTLMSSP NTLM2 packet check failed due to invalid signature!); (bso#13427); + s3: VFS: Fix memory leak in vfs_ceph; (bso#13424); + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407); + dfree cache returning incorrect data for sub directory mounts; (bso#13446); + Looking up the user using the UPN results in user name with the REALM instead of the DOMAIN; (bso#13369); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + s4:auth_sam: Allow logons with an empty domain name; (bso#13206); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + build: Fix libceph-common detection; (bso#13277); + build: Fix ceph_statx check when configured with libcephfs_dir; (bso#13250); + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297); + ctdb-scripts: Drop 'net serverid wipe' from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + smbd can panic if the client-supplied channel sequence number wraps; (bso#13215); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + s3:libsmb: Allow -U"\\administrator" to work; (bso#13206); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + smbc_opendir should not return EEXIST with invalid login credentials; (bso#13050); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310); + subnet: Avoid a segfault when renaming subnet objects; (bso#13031); + 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:smbd: Do not crash if we fail to init the session table; (bso#13315); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Bump vendor-files - Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); (bsc#1094881);- Add missing package descriptions; (bsc#1093864);- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2.- Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346).- Backport upstream master fixes for samba-regedit; (bnc#896536).- BuildRequire python-xml on SUSE systems only.- BuildRequire python-xml. - Exclude unwanted texpect binary and libhttp, libsamba-cluster-support, libsamba-debug, and libsocket-blocking shared libs. - Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct, tstream_smbXcli_np, idtree, and idtree_random header files. - Remove nmblookup and smbclient4 binary and nmblookup4 man page.- Update to 4.2.0rc1.- Fix small memory-leak in the background print process; (bnc#899558).- Modify samba-regedit so it displays correctly (related to ncurses). Changed code to use menu sub windows, seems to fix problems with display not refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536).- Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and the man page of the unused findsmb script.- Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969).- Update to 4.1.12. + s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout". Add new parameter "winbind request timeout". Please see smb.conf man page for details; (bso#3204); (bnc#872912). + Fix smbd crashes when filename contains non-ascii character; (bso#10716). + s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects; (bso#10749). + passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570). + s4:setup/dns_update_list: make use of the new substitution variables; (bso#9831). + build: Fix configure to honour '--without-dmapi'; (bso#10369). + provision: Correctly provision the SOA record minimum TTL; (bso#10466). + s3: Enforce a positive allocation_file_size for non-empty files; (bso#10543). + lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640). + Make "case sensitive = True" option working with "max protocol = SMB2" or higher in large directories; (bso#10650). + Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652). + lib: strings: Simplify strcasecmp; (bso#10716). + Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections; (bso#10723). + 'net time': Fix usage and core dump; (bso#10728). + sys_poll_intr: Fix timeout arithmetic; (bso#10731). + s3:idmap: Don't log missing range config if range checking not requested; (bso#10737). + Fix flapping VFS gpfs offline bit; (bso#10741). + s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742). + s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for; (bso#10751). + samba: Retain case sensitivity of cifs client; (bso#10755). + lib: Remove unused nstrcpy; (bso#10758). + Fix a memory leak in cli_set_mntpoint(); (bso#10759). + docs: Fix typos in smb.conf (inherit acls); (bso#10761). + libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info(); (bso#10773). + s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(); (bso#10773). + Don't discard result of checking grouptype; (bso#10777). + s3:libsmb: Set a max charge for SMB2 connections; (bso#10778). + smbd: Properly initialize mangle_hash; (bso#10782). + dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787). + vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory read; (bso#10794).- Wait for network-online.target to prevent caching of pre-network failures; (bnc#889175).- Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend; (bnc#773464).- Prune idle or hung connections older than "winbind request timeout"; (bso#3204); (bnc#872912).- fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774).- Remove pre-11.2 patch which by default uses the smbpasswd passdb backend.- build: disable mmap on s390 systems; (bso#10765); (bnc#886193); (bnc#882356).- Create the cups smb backend as sym link pointing to smbspool; (bnc#891220).- Fix winbind service parameter usage; (bnc#890005).- lib/param: change the default for "winbind expand groups" to "0"; (bnc#890008).- Update to 4.1.11. + A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).- Fix "net time" segfault; (bso#10728); (bnc#889539).- Update to 4.1.10. + net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263). + dbcheck: Add check and test for various invalid userParameters values; (bso#8077). + s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for now; (bso#8077). + Simple use case results in "no talloc stackframe around, leaking memory" error; (bso#8449). + s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763). + dsdb: Always store and return the userParameters as a array of LE 16-bit values; (bso#10130). + s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute(); (bso#10294). + ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory(); (bso#10469). + dbchecker: Verify and fix broken dn values; (bso#10536). + dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582). + s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers; (bso#10587). + Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret"; (bso#10593). + rid_array used before status checked - segmentation fault due to null pointer dereference; (bso#10627). + Samba won't start on a machine configured with only IPv4; (bso#10653). + msg_channel: Fix a 100% CPU loop; (bso#10663). + s3: smbd: Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056). + s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673). + samba-tool: Add --site parameter to provision command; (bso#10674). + smbstatus: Fix an uninitialized variable; (bso#10680). + SMB1 blocking locks can fail notification on unlock, causing client timeout; (bso#10684). + s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(); (bso#10685). + 'RW2' smbtorture test fails when -N is set to 2 due to the invalid status check in the second client; (bso#10687). + wbcCredentialCache fails if challenge_blob is not first; (bso#10692). + Backport ldb-1.1.17 + changes from master; (bso#10693). + Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693). + ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693). + ldb: Do not build libldb-cmdline when using system ldb; (bso#10693). + ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910); (bso#10693). + ldb: make the successful ldb_transaction_start() message clearer; (bso#10693). + ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693). + ldb: Use of NULL pointer bugfix; (bso#10693). + lib/ldb: Fix compiler warnings; (bso#10693). + pyldb: Decrement ref counters on py_results and quiet warnings; (bso#10693). + s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c; (bso#10693). + dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694). + s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694). + Backport autobuild/selftest fixes from master; (bso#10696). + Backport drs-crackname fixes from master; (bso#10698). + smbd: Avoid double-free in get_print_db_byname; (bso#10699). + Backport access check related fixes from master; (bso#10700). + Backport provision fixes from master; (bso#10703). + s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX(); (bso#10706). + s3: Fix missing braces in nfs4_acls.c.- Reduce printer_list.tdb lock contention during printcap update; (bso#10652); (bnc#883870). + Only update the printer share inventory when needed.- Add missing newline to debug message in daemon_ready(); (bnc#865627).- BuildRequire systemd-devel, configure --with-systemd, and modify the service files accordingly on post-12.2 systems; (bso#10517); (bnc#865627).- Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056).- Update to 4.1.9. + Fix nmbd denial of service; CVE-2014-0244; (bnc#880962). + Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler; CVE-2014-3493; (bnc#883758).- BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case.- BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent on CentOS, Fedora, and RHEL systems.- Update to 4.1.8. + dns: Don't reply to replies; CVE-2014-0239; (bso#10609). + Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549). + s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124). + Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command; (bso#10151). + s3: nmbd: Reset debug settings after reading config file; (bso#10239). + Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348). + script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'; (bso#10472). + wafsamba: Fix the installation on FreeBSD; (bso#10472). + Use exit_daemon() to communicate status of startup to systemd; (bso#10517). + Fix adding NetApps; (bso#10524). + s3: lib/util: Fix logic inside set_namearray loops; (bso#10544). + s3: lib/util: set_namearray reads across end of namelist; (bso#10544). + idmap_autorid: Fix failure in reverse lookup if ID is from domain range index #0; (bso#10547). + build: Fix ordering problems with lib-provided and internal RPATHs; (bso#10548). + Fix read of deleted memory in reply_writeclose()'; (bso#10554). + lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556). + Fix lock order violation and file lost; (bso#10564). + dsdb: Do checks for invalid renames in samldb, before repl_meta_data; (bso#10569). + Fix wildcard unlink to fail if we get an error rather than trying to continue; (bso#10577). + byteorder: Do not assume PowerPC is big-endian; (bso#10590). + printing: Fix purge of all print jobs; (bso#10612).- examples/libsmbclient: avoid some compiler warnings; (bso#10624).- Fix printer job purging; (bso#10612); (bnc#879390).- Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17.- Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701).- Pass through vfs_btrfs snapshot manipulation requests when "btrfs: manipulate snapshots = no" is configured; (bnc#874180).- Clone the base share security descriptor when exposing a snapshot share; (bnc#874656).- Use appropriate HRESULT return codes; (bnc#875046).- Update to 4.1.7. + Make "force user" work as expected; (bso#9878). + Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911). + Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942). + s3-printing: Fix obvious memory leak in printer_list_get_printer(); (bso#9993). + doc: Add "spoolss: architecture" parameter usage; (bso#10188). + Make 'smbclient' support DFS shares with SMB2/3; (bso#10200). + Make (lib)smbclient work with NetApp; (bso#10230). + SessionLogoff on a signed connection with an outstanding notify request crashes smbd; (bso#10344). + dfs: Always call create_conn_struct with root privileges; (bso#10378). + 'net ads search' on high latency networks can return a partial list with no error indication; (bso#10387). + max xmit > 64kb leads to segmentation fault; (bso#10422). + Fix STATUS_NO_MEMORY response from Query File Posix Lock request; (bso#10431). + Increase max netbios name components; (bso#10439). + smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from within ctdbd_migrate() with invalid lock_order; (bso#10444). + Fix 'wbinfo -i' with one-way trust; (bso#10458). + samba4 services not binding on IPv6 addresses causing connection delays; (bso#10464). + s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467). + Don't respond with NXDOMAIN to records that exist with another type; (bso#10471). + pidl: waf should have an option for the dir to install perl files and do not glob; (bso#10472). + s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474). + s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481). + Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE; (bso#10484). + lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs; (bso#10504). + Make 'smbreadline' build with readline 6.3; (bso#10506). + smbd: Correctly add remote users into local groups; (bso#10508). + rpcclient FSRVP request UNCs should include a trailing backslash; (bso#10521). + Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534). + s3:rpc_server: Minor refactoring of process_request_pdu().- Create a new DBus connection for every vfs_snapper request, to ensure correct snapper UID detection; (bnc#866354).- Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658).- Fix minor compiler warnings in snapshot code-path; (bnc#873177).- Remove references to the obsolete samba-krb-printing package and get_printing_ticket binary.- Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549); (bnc#872396).- User error strings instead of hex codes where possible for FSRVP errors; (bnc#866927).- Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957).- Add krb5rcache directory to the winbind package; (bnc#870607). - Cleanup and consolidate the sysconfig and systemd service files.- Extend vfs_snapper man page to cover permissions; (bnc#870570).- Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707).- Default with the cache and lock directory to the same path to have both non-persistent and persistent data at one location; (bnc#846586).- Depend only on %version with all manual Provides and Requires; (bnc#844307).- Update to 4.1.6. + Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224). + smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; (bnc#855866).- Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224).- Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665).- samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442; (bnc#855866).- Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484); (bnc#865095).- Propagate snapshot enumeration permissions errors to SMB clients; (bnc#865641).- Properly handle empty 'requires_membership_of' entries in /etc/security/pam_winbind.conf; (bnc#865771).- Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).- Use libarchive to provide improved smbclient tarmode functionality; (bso#9667); (bnc#861135).- Depend on %version-%release with all manual Provides and Requires; (bnc#844307).- Update to 4.1.5. + Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork; (bso#10358); (bnc#786677). + smbd: Fix memory overwrites; (bso#10415). + s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(); (bso#2191). + ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind; (bso#10087). + s3: smbpasswd: Fix crashes on invalid input; (bso#10320). + s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous directories are open; (bso#10406). + Add support for Heimdal's unified krb5 and hdb plugin system, cope with first element in hdb_method having a different name in different heimdal versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418). + vfs_btrfs: Fix incorrect zero length server-side copy request handling; (bso#10424). + s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429). + smbd: Fix an ancient oplock bug; (bso#10436). + Fix crash bug in smb2_notify code; (bso#10442).- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).- Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079). + Improve vfs_snapper documentation.- Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677).- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415); (bnc#862370).- Streamline the vendor suffix handling and add support for SLE 12.- Fix zero length server-side copy request handling; (bso#10424); (bnc#862558).- Set the PID directory to /run/samba on post-12.2 systems.- Make use of the tmpfilesdir macro while calling systemd-tmpfiles.- Make winbindd print the interface version when it gets an INTERFACE_VERSION request; (bnc#726937).- Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH definitions; (bnc#860832).- Check for NULL gensec_security in gensec_security_by_auth_type(); (bnc#860809).- Ensure ndr table initialization; (bnc#860648).- Add File Server Remote VSS Protocol (FSRVP) server for SMB share shadow-copies; (fate#313346).- s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662). - shadow_copy2: module "Previous Version" not working in Windows 7; (bso#10259). - s3-passdb: Fix string duplication to pointers; (bso#10367). - vfs/glusterfs: in case atime is not passed, set it to the current atime; (bso#10384)- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain(); (bso#10358); (bnc#786677).- Default sysconfig daemon options to -D; (bso#10388); (bnc#857454).- Add /var/cache/samba to the client file list; (bnc#846586).- Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454).- Correct sysconfig variable names by adding the missing D char; (bnc#857454).- Update to 4.1.4. + Fix segfault in smbd; (bso#10284). + Fix SMB2 server panic when a smb2 brlock times out; (bso#10311).- Call stop_on_removal from preun and restart_on_update and insserv_cleanup from postun on pre-12.3 systems only; (bnc#857454).- BuildRequire gamin-devel instead of unmaintained fam-devel package on post-12.1 systems.- smbd: allow updates on directory write times on open handles; (bso#9870). - lib/util: use proper include for struct stat; (bso#10276). - s3:winbindd fix use of uninitialized variables; (bso#10280). - s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285). - s3-lib: Fix %G substitution for domain users in smbd; (bso#10286). - smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open; (bso#10297). - smb2_server processing overhead; (bso#10298). - ldb: bad if test in ldb_comparison_fold(); (bso#10305). - Fix AIO with SMB2 and locks; (bso#10310). - smbd: Fix a panic when a smb2 brlock times out; (bso#10311). - vfs_glusterfs: Enable per client log file; (bso#10337).- Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454).- Create /var/run/samba with systemd-tmpfiles on post-12.2 systems; (bnc#856759).- Fix broken rc{nmb,smb,winbind} sym links which should point to the service binary on post-12.2 systems; (bnc#856759).- Add Snapper VFS module for snapshot manipulation; (fate#313347). + dbus-1-devel required at build time.- Add File Server Remote VSS Protocol (FSRVP) client for SMB share shadow-copies; (fate#313345).- Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part of the minimum build environment.- Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; (bnc#844720). + pam_winbind login without require_membership_of restrictions; CVE-2012-6150; (bnc#853347).- Make use of the full gpg pub key file name including the key ID.- Add transparent file compression support; (fate#316266). + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers. + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support. + Extend vfs_btrfs VFS module to utilize get/set compression hooks.- Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).- Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021).- BuildRequire systemd on post-12.2 systems.- Update to 4.1.2. + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091). + dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors; (bso#10052). + Missing talloc_free can leak stackframe in error path; (bso#10187). + Fix memset used with constant zero length parameter; (bso#10190). + s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'; (bso#10193). + Make offline logon cache updating for cross child domain group membership; (bso#10194). + nsswitch: Fix short writes in winbind_write_sock; (bso#10195). + RW Deny for a specific user is not overriding RW Allow for a group; (bso#10196). + vfs_glusterfs: Fix excessive debug output from vfs_gluster_open(); (bso#10224). + vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs; (bso#10224). + VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity; (bso#10224). + libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232). + xattr: Fix listing EAs on *BSD for non-root users; (bso#10247). + Fix the build of vfs_glusterfs; (bso#10253). + s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries; (bso#10264). + util: Remove 32bit macros breaking strict aliasing; (bso#10269).- Let gpg verify execution condition not fail on non SUSE systems.- Add systemd support for post-12.2 systems.- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474).- Unconditionally create the CUPS smb backend sym link pointing to smbspool; (bnc#850656).- Update to 4.1.1. + ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101). + Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).- Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).- ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101).- Update to 4.1.0. + pam_winbindd: Support the KEYRING ccache type; (bso#10132). + Fix PAC parsing failure; (bso#10178).- Unify the defattr lines in the pidl, python, test and test-devel files section by removing the optional directory mode.- Verify source tar ball gpg signature.- Update to 4.1.0rc4. + dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs; (bso#8077). + python-samba-tool fsmo: Do not give an error on a successful role transfer; (bso#9461). + dbwrap_ctdb: Treat empty records as non-existing; (bso#10008). + Raise the level of a debug when unable to open a printer; (bso#10118). + Add "acl allow execute always" parameter; (bso#10134). + vfs_shadow_copy2: Display previous versions correctly over SMB2; (bso#10137). + smbd: Always clean up share modes after hard crash; (bso#10138). + Valid utf8 filenames cause "invalid conversion error" messages; (bso#10139). + libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144). + Samba SMB2 client code reads the wrong short name length in a directory listing reply; (bso#10145). + libcli/smb: Only check the SMB2 session setup signature if required and valid; (bso#10146). + Better document potential implications of a globally used "valid users"; (bso#10147). + cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149). + Not all OEM servers support the ALTNAME info level; (bso#10150). + Regression causes replication failure with Windows 2008R2 and deletes Deleted Objects; (bso#10157). + Netbios related samba process consumes 100% CPU; (bso#10158). + Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162).- Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel.- Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0, libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0, libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0, libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0, libsmbldap0, and libtevent-util0 to baselibs.conf.- Add or polish the shared library package summaries and descriptions.- Update to 4.1.0rc3. + Fix working on site with Read Only Domain Controller; (bso#5917). + Add man page for vfs_syncops; (bso#7364). + Add man page for vfs_linux_xfs_sgid; (bso#7490). + When replicating DNS for bind9_dlz we need to create the server-DNS account remotely; (bso#9091). + Winbind unable to retrieve user information from AD; (bso#9615). + winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO; (bso#9899). + Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911). + Add SMB2 and SMB3 support for smbclient; (bso#9974). + Add man pages for ntdb tools; (bso#10000). + Add man page for samba-regedit tool; (bso#10001). + ::1 added to nameserver on join; (bso#10030). + Fix memory leak in source3/lib/util.c:1493; (bso#10063). + Fix segmentation fault in 'net ads join'; (bso#10073). + Fix variable list in vfs_crossrename man page; (bso#10076). + s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082). + smbd: Fix async echo handler forking; (bso#10086). + MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba; (bso#10097). + Honour output buffer length set by the client for SMB2 GetInfo requests; (bso#10106). + Fix Winbind crashes on DC with trusted AD domains; (bso#10107). + Handle Dropbox (write-only-directory) case correctly in pathname lookup; (bso#10114). + Masks incorrectly applied to UNIX extension permission changes; (bso#10121).- Implement shared library packaging guidelines. - Correct interpackage dependencies; (bso#10129).- Define the source URL differently in the case of a release candidate.- Update to 4.1.0rc2. + Add vfs_btrfs module. + Add support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. + Fix replication with --domain-crictical-only to fill in backlinks; (bso#9029). + Windows 8 Roaming profiles fail; (bso#9678). + Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + Do not delete an existing valid credential cache (s3-winbind); (bso#9994). + Fix segfault while reading incomplete session info; (bso#10003). + Missing integer wrap protection in EA list reading can cause server to loop with DOS (CVE-2013-4124); (bso#10010). + Fix a 100% loop at shutdown time (smbd); (bso#10013). + Fix/improve debug options; (bso#10015). + Rename regedit to samba-regedit; (bso#10040). + Remove obsolete swat manpage and references; (bso#10041). + Fix crashes in socket_get_local_addr(); (bso#10042). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Remove a redundant inlined substitution of ACLs; (bso#10045). + nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048). + dsdb improvements; (bso#10056). + Linux kernel oplock breaks can miss signals; (bso#10064).- BuildRequire pyldb-devel.- Add libnetapi0 and samba-libs to baselibs.conf.- Update to 4.0.9. + Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + s3-lib: Fix segmentation fault while reading incomplete session info; (bso#10003). + smbd: Fix a 100% loop at shutdown time; (bso#10013). + Windows 8 Roaming profiles fail; (bso#9678). + Add UPN enumeration to passdb internal API; (bso#9779). + smbd: Cleanup disonnected durable handles; (bso#9930). + vfs_streams_xattr: Do not attempt to write empty attribute twice; (bso#9970). + Fix Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + s3-winbind: Do not delete an existing valid credential cache; (bso#9994). + Fix excessive RID allocation; (bso#10014). + Add debugclass for DNS server; (bso#10015). + Fix/improve debug options; (bso#10015). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Linux kernel oplock breaks can miss signals; (bso#10064). + net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain; (bso#10073).- Update to 4.0.8. + Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124; (bnc#829969).- Require krb5 and not the non existing krb5-libs package.- Update to 4.1.0rc1. + Directory database replication (AD DC mode) + Server-Side Copy Support + Btrfs Filesystem Integration- BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp. - BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version. - Require perl-base on SUSE systems only.- Adjust group setting of the test-devel subpackage. - Require perl-base from the pidl subpackage.- Remove libdir/samba/ldb after install if we're building Samba without Active Directory Domain Controller support.- Remove unused ccache switch from the spec file.- BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the man pages and add them to the package again.- Build from the package from the top level directory; (bnc#794744). - BuildRequire pytalloc-devel, python-tdb, and python-tevent. - Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1 SUSE systems.- Remove the empty data dir from the doc package filelist. - Explicitly use samba instead of the name macro to define the docbook dir.- Update to 4.0.7. + Fix a core dump with invalid lock order while opening/editing or copying MS files; (bso#9794). + Fix crash bug from search of mail=; (bso#9967). + s3-rpc_server: Ensure we are root when starting and using gensec; (bso#9465). + Add support for MX queries; (bso#9485). + dns: Delete dnsNode objects when they are empty; (bso#9559). + dns: Support larger queries when asking forwarder; (bso#9632). + s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805). + Use of wrong RFC2307 primary group field; (bso#9880). + Check for system libtevent; (bso#9881). + is_printer_published GUID retrieval; (bso#9900). + Doc fixes for 4.0; (bso#9906). + Build fixes for 4.0 found during autoconf or debian packaging work; (bso#9907). + build: Add missing new line to replaced python shebang line; (bso#9909). + PIE builds not supported; (bso#9910). + s4:winbind: Don't leak libnet_context into the main event context; (bso#9929). + Fix a bug of drvupgrade of smbcontrol; (bso#9941). + Check for netbios aliases in ad_get_referrals; (bso#9947). + Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953). + docs: Avoid mentioning a possibly misleading option; (bso#9964). + Fix build with system Heimdal of samba4kgetcred; (bso#9968).- Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and OBS for any other operating system to define the vendor string while build.- Remove ldapsmb from the main spec file.- Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man.- Don't bzip2 the main tar ball, use the upstream gziped one instead.- Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and libopenssl-devel.- Fix libreplace license ambiguity; (bso#8997); (bnc#765270).- Update to 4.0.6. + Fix crash during Win8 sync; (bso#9822). + Fix segfault when loging in with wrong password from w2k8r2; (bso#9834). + Fix the username map optimization; (bso#9139). + Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382). + SMB2 server doesn't support recvfile; (bso#9412). + Fix the build of vfs_notify_fam; (bso#9545). + Fix adding case sensitive spn; (bso#9699). + Properly handle oplock breaks in compound requests; (bso#9722). + Properly handle oplock breaks in compound requests; (bso#9722). + Cache name_to_sid/sid_to_name correctly; (bso#9766). + Fix 'net ads join' when called via stdin; (bso#9767). + Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775). + vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading; (bso#9777). + Fix panic when running 'smbtorture smb.base'; (bso#9782). + Use specified python for runtime installation of Samba; (bso#9785). + Change '--with-dmapi' to 'default=auto' to match the autoconf build; (bso#9803). + wafsamba: Display the default value in help for SAMBA3_ADD_OPTION; (bso#9804). + wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807). + Package new dbwrap_tool man page; (bso#9809). + Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem; (bso#9811). + Fix 'map untrusted to domain' with NTLMv2; (bso#9817). + SMB signing and the async echo responder don't work together; (bso#9824). + Fix panic in nt_printer_publish_ads; (bso#9830). + talloc use after free in winbind4; (bso#9832). + Function called in unix_convert() path can overwrite errno; (bso#9833). + Fix NULL pointer dereference in Winbind; (bso#9854). + Fix making LIBNDR_PREG_OBJ; (bso#9868).- Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches.- Update to 4.0.5. + Fix large reads/writes from some Linux clients; (bso#9706). + Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740). + Can't delegate adding computers to domain; (bso#9267). + Fix GNU ld version detection with old gcc releases; (bso#7825). + Never try to map global SAM name; (bso#9039). + Certain xattrs cause Windows error 0x800700FF; (bso#9130). + Samba returns unexpected error on SMB posix open; (bso#9519). + Fix build on AIX; (bso#9557). + libnss-winbindd does not provide pass struct for groups mapped with ID_TYPE_BOTH and vice versa; (bso#9617). + Reauth-capable client fails to access shares on Windows member; (bso#9625). + PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636). + Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639). + Fix the build of vfs_afsacl; (bso#9642). + Fix the build with --fake-kaserver; (bso#9643). + Fix compile of source3/lib/afs.c; (bso#9644). + Make SMB2_GETINFO multi-volume aware; (bso#9646). + idmap_autorid: Fix freeing of non-talloced memory; (bso#9653). + Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656). + 'make test' hangs; (bso#9663). + Fix correct linking of libreplace with cmdline-credentials; (bso#9664). + Fix filtering of link-local addresses; (bso#9666). + Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669). + Samba denies owner Read Control when there is a DENY entry while W2K08 does not; (bso#9674). + Fix several resource (fd) leaks; (bso#9683). + Fix a memory leak in spoolss rpc server; (bso#9685). + Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686). + Fix several possible null pointer dereferences; (bso#9687). + Make sure that domain joins work correctly when the DC disallows NTLM auth; (bso#9689). + Backport tevent changes to bring library to version 0.9.18; (bso#9695). + Remove incomplete samba_dnsupdate IPv6 link-local address check; (bso#9696). + DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX domain socket; (bso#9697). + Fix vfs_catia and update documentation; (bso#9701); (bnc#824833). + Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703). + Fix nss_winbind name on FreeBSD; (bso#9704). + s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and getgrgid calls; (bso#9711). + Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717). + s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307; (bso#9718). + Allow forcing an override of an old @MODULES record; (bso#9719). + Do not print the admin password during 'samba-tool classicupgrade'; (bso#9720). + Make samba_upgradedns more robust (do not guess addresses when just changing roles); (bso#9721). + Add a tool to migrate latin1 printing tdbs to registry; (bso#9723). + is_encrypted_packet() function incorrectly used inside server; (bso#9724). + upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725). + Fix NULL pointer dereference; (bso#9727). + DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728). + Fix 'smbcontrol close-share'; (bso#9733). + Fix Winbind separator in upn to username conversion; (bso#9735). + Change to smbd/dir.c code gives significant performance increases on large directory listings; (bso#9736). + PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739). + Make sure that we only propogate the INHERITED flag when we are allowed to; (bso#9747). + Remove unneeded fstat system call from hot read path; (bso#9748). + Don't leak the epm_Map policy handle; (bso#9758). + Fix incorrect parsing of SMB2 command codes; (bso#9760). - Update to 4.0.4. + Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624).- Fix periodic printcap cache reloads; (bso#9650); (bnc#807334).- No longer use the cifs- or smbfstab named configuration file on post-12.2 systems; (bnc#804822); (bnc#821889).- Shift the smbfs init script nfs dependency from Required to Should.- Fix SMB1 Session Setup AndX handling with a large krb PAC; (bso#9658); (bnc#802031).- Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to generate the default share snippets on pre-12.2 systems.- Explicitly configure --with-ads.- Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350).- Remove superfluous quotation marks while setting the SAMBA_VERSION_VENDOR_SUFFIX string.- Do not restart the smbfs service on pre-11.3 systems during dhcp lease renewal when the IP address remains the same; (bnc#800782).- Update to 4.0.3. + Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface; add documentation; (bso##8909). + check_password_quality: Handle non-ASCII characters properly; (bso##9105). + Fix 'smbd' panic triggered by unlink after open; (bso##9571). + smbd: Fix memleak in the async echo handler; (bso##9549). + defer_open is triggered multiple times on the same request; (bso#9196). + Add extra attributes for AD printer publishing; (bso#9378). + FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461). + Downgrade v4 printer driver requests to v3; (bso#9474). + samba_upgradeprovision: fix the nTSecurityDescriptor on more containers; (bso#9481). + s3:smb2_negprot: set the 'remote_proto' value; (bso#9499). + waf assumes that pythonX.Y-config is a Python script; (bso#9503). + s4:drsuapi: Make sure we report the meta data from the cycle start; (bso#9508). + wafsamba: Use additional xml catalog file; (bso#9512). + samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517). + conn->share_access appears not be be reset between users; (bso#9518). + Remove superfluous bracket in samba.8.xml; (bso#9528). + Fix typo in vfs_tsmsm.8.xml; (bso#9530). + terminate the irpc_servers_byname() result with server_id_set_disconnected(); (bso#9540). + Make use of posix_openpt; (bso#9541). + Fix build of vfs_commit and plug in async pwrite support; (bso#9544). + Fix aio_suspend detection on FreeBSD; (bso#9546). + Correctly detect O_DIRECT; (bso#9548). + sigprocmask does not work on FreeBSD to stop further signals in a signal handler; (bso#9550). + smb.conf(5): Update list of available protocols; (bso#9552). + s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555). + Fix compilation of Solaris ACL module; (bso#9564). + Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional level) produces dbcheck errors; (bso#9565). + Add dbwrap_tool.1 manual page; (bso#9568). + Document the command line options in dbwrap_tool(1); (bso#9568). + ntlm_auth(1): Fix format and make examples visible; (bso#9569). + Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients; (bso#9572). + Fix a possible null pointer dereference in spoolss; (bso#9574). + Duplicate flags defined in the winbindd protocol; (bso#9575). + gensec: Allow login without a PAC by default; (bso#9581). + smbd: disk_free: sys_popen() failed" message logged in /var/log/message many times; (bso#9586). + Archive flag is always set on directories; (bso#9587). + ACLs are not inherited to directories for DFS shares; (bso#9588). + Correct meta data in ldb manpages; (bso#9591). + s3-winbind: Fix the build of idmap_ldap; (bso#9595). + Linked attribute handling should be by GUID; (bso#9596). + Fix timeouts of some IRPC calls; (bso#9598). + Use pid,task_id as cluster_id in process_single just like process_prefork; (bso#9598). + Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609). + dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610).- Update to 4.0.2. + Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both don't apply to any SUSE Samba post-3.6.10 as it isn't longer built. + Don't build and package static libraries.- Drop separate build-source-timestamp file as it led to a second, incorrect Source Timestamp line.- Add server-side copy support; (fate#314770). + Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers. + Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage.- Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2.- Disable SWAT during configure and don't package it any longer.- Remove dangling references to Heimdal from the spec file.- Remove /lib/samba prefix from the localstatedir configure option.- Update to 4.0.1. + Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects; CVE-2013-0172; (bnc#798364).- Add the missing get_printing_ticket binary path while calling the set_permissions macro; (bnc#783375).- Use the version macro while definition of the branch macro.- Remove references to no longer used devel macros.- Update to 4.0.0. + Honor password complexity settings; (bso#9414). + Install SWAT *.msg files with waf; (bso#9415). + Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES; (bso#9438). + developer-build: Fix panic when acl_xattr fails with access denied; (bso#9456). + Fix "map username script" with "security=ads" and Winbind; (bso#9457). + Install manpages only if we install the target; (bso#9459). + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Users can not be given write permissions any more by default; (bso#9462). + Fix MMC crashes; (bso#9470). + Fix SEGV when using second vfs module; (bso#9471). + Support FIPS mode when building Samba; (bso#9479). + Fix ACL on "cn=partitions,cn=configuration"; (bso#9481).- netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken; (bso#9438). - s3:auth: fix create_token_from_sid() to not fail in the winbindd case; (bso#9457). - s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given; (bso#9470). - Support FIPS mode when building Samba; (bso#9479). - s4:provision: set the correct nTSecurityDescriptor; (bso#9481).- SEGV when using second vfs module; (bso#9471).- Update to 3.6.10. + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Fix segfault when "default devmode" is disabled; (bso#9433). + Fix segfaults in "log level = 10" on Solaris; (bso#9390).- s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED; (bso#9456). - Install manpages only if we install the target; (bso#9459). - Users can not be given write permissions any more by default; (bso#9462).- Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094); (bso#9418). - Use work around for 'winbind use default domain' only if it is set; (bso#9367). - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend; (bso#9374). - large read requests cause server to issue malformed reply; (bso#9422). - s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426). - Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439). - Allow to force DNS updates using net; (bso#9451). - Respond correctly to FILE_STREAM_INFO requests; (bso#9460).- Update to 4.0.0rc6. See WHATSNEW.txt from the samba-doc package.- On uninstall remove winbind from the pam configuration, invalidate the nscd passwd and group cache and only recommend the install of nscd; (bnc#792340).- BuildRequire libnscd-devel once.- Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294). - Add SUSE version depending pkg-config requires macro; (bnc#792294).- Define library names and use it instead of libldb1, libnetapi0, libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and libwbclient0; (bnc#792294). - Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems.- Don't clutter the spec file diff view; (bnc#783384).- Fix fd leak causing 100% CPU in winbind on certain dc connection failures; (bso#9436); (bnc#786677).- Fix spoolss segfault when default devmode is disabled; (bso#9433); (bnc#791183).- Update to 4.0.0rc5. See WHATSNEW.txt from the samba-doc package.- ACL masks incorrectly applied when setting ACLs; (bso#9236). - s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272). - lib/replace: replace all *printf function if we replace snprintf; (bso#9390). - lib/addns: don't depend on the order in resp->answers[]; (bso#9402).- s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209). - lib/krb5_wrap: request enc_types in the correct order; (bso#9272). - Fix net ads join message for the dns domain; (bso#9326). - docs-xml: fix use of tag; (bso#9345). - s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359). - s3:winbind: Failover if netlogon pipe is not available; (bso#9386).- Execute the run_permissions macro on pre-11.4 systems and else the set_permission one if available.- Ensure adding the winbind group never can fail.- Create ntadmin group only if it doesn't yet exist.- Update to 3.6.9. + When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). + Winbind can't fetch user or group info from AD via LDAP; (bso#9147). + Fix segfault in smbd if user specified ports out for range; (bso#9218).- quota: Don't force the block size to 512; (bso#3272). - Fix poll replacement to become a msleep replacement; (bso#8107). - Fix wrong test == syntax in configure; (bso#8146). - Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344). - Fix builtin forms order to match Windows again; (bso#8632). - Fix RAW printing for normal users; (bso#8769); (bnc#790741). - Initialise ticket to ensure we do not invalid memory; (bso#8788). - Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966). - Fix crash on null pam change pw response; (bso#9013). - Connection to outbound trusted domain goes offline; (bso#9016). - Increase debug level for info that the db is empty; (bso#9112). - 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117). - Winbind can't fetch user or group info from AD via LDAP; (bso#9147). - Open printers with the right access mask; (bso#9154). - Fix makerpms.sh on RHEL; (bso#9165). - Remove non-existent option '-Y' from winbindd manpage; (bso#9171). - Add quota support for gfs2; (bso#9172). - Make SMB2 compound request create/delete_on_close/close work as Windows; (bso#9173). - Empty SPNEGO packet can cause smbd to crash; (bso#9174). - pam_winbind: Match more return codes when wbcGetPwnam has failed; (bso#9177). - Fix crash bug in idmap_hash; (bso#9188); (bnc#788159). - SMB2 Create doesn't return correct MAX ACCESS access mask in blob; (bso#9189). - Fix service control for non-internal services; (bso#9192). - Don't take 'state->te' as indication for "was_deferred"; (bso#9196). - Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209). - Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213). - Fix segfault in smbd if user specified ports out for range; (bso#9218). - Signing cannot be disabled for SMB2 by design, so fix the documentation instead; (bso#9222). - Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry; (bso#9231). - When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). - lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259). - Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart; (bso#9268). - Add support for reloading systemd services; (bso#9280).- Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719).- Do not write the build date into the header of the default smb.conf as this causses superfluous rebuilds of packages depending on samba; (bnc#781601).- Do not prerequire SuSEconfig.permissions as it's already enough and more generic to depend on the permissions package; (bnc#782293).- Update to 3.6.8. + Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). + Fix Winbind panic if we couldn't find the domain; (bso#9135).- Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058). - Fix bad call to memcpy source3/registry/regfio.c; (bso#9065). - "Domain Users" incorrectly added as additional group on domain members; (bso#9066). - Use correct RID for "Domain Guests" primary group; (bso#9067). - Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). - Fix smbclient/tarmode panic when connecting to Windows 2000 clients; (bso#9088). - Fix refreshing of Kerberos tickets in Winbind; (bso#9098). - Fix identification of idle clients in Winbind to avoid crashes and NDR parsing errors; (bso#9104). - Fix compilation with newer MIT Kerberos which hides internal symbols; (bso#9111). - Fix flooding the logs with records we don't find in pcap; (bso#9112). - Initialize the print backend after we setup winreg; (bso#9122). - Fix lprng job tracking errors; (bso#9123). - Fix setting of "inherited" bit on inherited ACE's; (bso#9124). - Fix Winbind panic if we couldn't find the domain; (bso#9135). - Make 'smbclient allinfo' show the snapshot list; (bso#9137). - Fix nfs quota support with Linux nfs4 mounts; (bso#9144). - Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests; (bso#9150).- NMB registration for a duplicate workstation fails with registration refuse; (bso#9085); (bnc#770056).- Remove backup files caused by running configure in examples/VFS.- Update to 3.6.7. + Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). + Fix migrating printers while upgrading from 3.5.x; (bso#9026).- Correct documentation of "case sensitive"; (bso#8552). - Printing fails in function cups_job_submit; (bso#8719). - Fix kernel oplocks when uid(file) != uid(process); (bso#8974). - Send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls are set; (bso#8989). - Fix build without ads support; (bso#8996). - Don't turn negative cache entries into valid idmappings; (bso#9002). - Fix posix acl on gpfs; (bso#9003). - Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022). - Fix migrating printers while upgrading from 3.5.x; (bso#9026). - Fix typo in set_re_uid() call when USE_SETRESUID selected in configure; (bso#9034). - Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040). - Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). - Fix build against CUPS 1.6; (bso#9055). - Fix bugs in SMB2 credit handling code; (bso#9057). - rpcclient: Fix bad call to data_blob_const; (bso#9062).- Create missing doc directories while install. - Remove no longer existing Manifest file from install. - Don't creat a link to non existend html man pages for swat. - Don't call the no longer existing libsmbclient testsuit while build.- Configure with option --mandir instead --with-mandir. - Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and - -with-swatdir configure options.- Update to 4.0.0beta4. See WHATSNEW.txt from the samba-doc package.- BuildRequire gcc, make, and patch; (bnc#771516).- ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262).- Fix shell syntax in dhcpcd hook script; (bnc#769957).- Add missing int declaration to the net kdc lookup patch.- Update to 4.0.0beta2. See WHATSNEW.txt from the samba-doc package.- Update to 3.6.6. + Fix possible memory leaks in the Samba master process; (bso#8970). + Fix uninitialized memory read in talloc_free(); (bnc#764577). + Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983).- resolve_ads() code can return zero addresses and miss valid DC IP addresses; (bso#8910). - Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983). - winbind can hang as nbt_getdc() has no timeout; (bso#8953). - Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627) - s3-pid: Catch with pid filename's change when config file is not smb.conf; (bso#8714). - Possible memory leaks in the main Samba process; (bso#8970). - s3: Fix uninitialized memory read in talloc_free(); (bnc#764577). - Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971). - Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988). - Winzip occasionally can not read files out of an open winzip dialog; (bso#8311). - s3-winbindd: call dump_core_setup after command line option has been parsed; (bso#8975). - Directory group write permission bit is set if unix extensions are enabled; (bso#8972). - s3: remove dependency on automake for "make everything"; (bso#8978). - sd_has_inheritable_components segfaults on an SD that se_access_check accepts; (bso#8811). - smbclient's tarmode insists on listing excluded directories; (bso#8922). - Notify code can miss a ChDir; (bso#8998). - s3:smbd: add a fsp_persistent_id() function; (bso#8995).- Call autogen.sh even on post-12.1 SUSE systems.- Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems. - Recompile all IDL in any case.- BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora systems.- Install talloc.pc only on pre-12.2 and non SUSE systems.- BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and libtevent-devel on post-12.1 systems.- s3: Fix a segfault with debug level 3 on Solaris; (bso#8861). - s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904). - smbd crashes when deleting directory and veto files are enabled; (bso#8837). - winbind_krb5_locator only returns one IP address; (bso#8897). - Wrong assertion/comparison: Compare value not pointer; (bso#8859). - Inconsistent (with manpage) command-line switch for "help" in smbtree; (bso#8831). - Fix incorrect debug statement. - Setting traverse rights fails to enable directory traversal when acl_xattr in use; (bso#8857). - Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877). - s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869). - s3-docs: fixes several typos; (bso#7938). - s3-VFS: Fix building out-of-tree modules; (bso#8822). - s3-docs: Add hint that setting "profile acls = yes" on normal shares can cause trouble; (bso#7930). - s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915). - Avoid null dereference in initialize_password_db(); (bso#8920). - s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend. - s3:registry:reg_api: fix reg_queryvalue to not fail when values are modified while it runs. - s4:torture:rpc:spoolss: also initialize driverName before checking it in test_PrinterData_DsSpooler(). - s3:registry: multiple cleanups, fixes, and optimisations. - s3:auth/server_info: the primary rid should be in the groups rid array; (bso#8798). - s3-printing: Add new printers to registry; (bso#8554); (bso#8612); (bso#8748). - Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it; (bso#8945). - s3-auth: Don't lookup the system user in pdb; (bso#8944). - s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952). - Fix typo in pam_winbindd code; (bso#8957). - Fix remove_duplicate_addrs2 previously it could leave zero addresses in the list; (bso#8910). - Slow but responsive DC can lock up winbindd; (bso#8943). - Broken processing of %U with vfs_full_audit when force user is set; (bso#8882).- Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems. - BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and libtevent0-devel on post-12.1 systems.- Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731).- docs-xml: fix default name resolve order; (bso#7564). - s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836). - docs: remove whitespace in example samba.ldif; (bso#8789). - s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845); (bnc#730769). - s3-docs: Prepend '/' to filename argument; (bso#8826).- Update to 3.6.5. - Restrict self granting privileges where security=ads for Samba post-3.3.16; CVE-2012-2111; (bnc#757576).- Remove all precompiled idl output to ensure any pidl changes take effect; (bnc#757080).- Update to 3.6.4. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797).- s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784).- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454).- Remove obsoleted Authors lines from spec file for post-11.2 systems.- Make ldapsmb build with Fedora 15 and 16; (bso#8783). - BuildRequire libuuid-devel for post-11.0 and other systems. - Define missing python macros for non SUSE systems. - PreReq to fillup_prereq and insserv_prereq only on SUSE systems. - Always use cifstab instead of smbfstab on non SUSE systems.- Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870; (bnc#747934).- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854).- s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825).- s3:winbindd fix a return code check; (bso#8406).- s3: Add rmdir operation to streams_depot; (bso#8733).- s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738); CVE-2013-0454; (bnc#811975).- s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).- s3:client: ignore SMBecho errors (the server may not support it); (bso#8139).- Be more strict when using PAM_AUTH API from winbind if Kerberos auth is enabled and don't unintentionally use a bogus domain name; (bso#8734).- smbclient fails with posix large reads; (bso#8727).- Use the smbfs init script on versions pre-11.3, or cifs in later versions; (bnc#744614).- s3: Compile IDL files in autogen, some configure tests need this.- Fixes various deadlocks in if-up.d / if-down.d when running under systemd; (bnc#732395).- Update to 3.6.3. + Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724); (bnc#743986).- Use spdx.org compliant license names for all packages.- Update to 3.6.2. + Make Winbind receive user/group information (bug #8371). + Several SMB2 fixes. + Fix a crash bug in the spoolss code. + Add new contributing FAQ announcing acceptance of corporate (C). + DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504). + Fix cli_write_and_x() against OS/2 print shares; (bso#5326). + Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563); (bnc#726145). + Remove pointless use_memory_krb5_ccache; (bso#7465). + Fix perl path; (bso#8176). + Grant credits in async interim responses (SMB2); (bso#8357). + Make Winbind receive user/group information; (bso#8371). + Fix Windows XP clients crashing smbd process every once in a while; (bso#8384); (bnc#731571). + Make VFS op "streaminfo" stackable; (bso#8419). + Add an allocation pool to idmap_autorid; (bso#8444). + Fix SEGFAULT from net registry export on not zero terminated REG_SZ values; (bso#8528). + Make DSO_EXPORTS_CMD more portable; (bso#8531). + readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). + smbclient posix_open command fails to return correct info on open file; (bso#8542). + winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548). + Fix setting the machine account password; (bso#8550). + Make SMB2 handle compound request headers in the same way as Windows; (bso#8560). + Password change settings not fully observed; (bso#8561). + Fix double free error in talloc; (bso#8562). + Fix alignment in the non-extended-security negprot; (bso#8573). + Add systemd service files; (bso#8575). + Add systemd service files; (bso#8575). + smb2_flush: Don't send uninitialized memory; (bso#8579). + Enable inotify if sys or kernel inotify is available; (bso#8580). + Increase a debug level; (bso#8585). + libsmb: Only align unicode pipe_name; (bso#8586). + Fix marshalling of samr_ChangePasswordUser3; (bso#8591). + Don't limit the number of open dptrs for SMB2; (bso#8592). + Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). + Make cldap work over IPv6; (bso#8600). + Fix intermittent print job failures caused by character conversion errors; (bso#8606). + Improve configure.in so it can be used outside the Samba source tree; (bso#8607). + Winbind: Don't fail on users without a uid; (bso#8608). + Ensure we correctly calculate reply credits over all returned SMB2 replies; (bso#8614). + Fix migrate printer code; (bso#8618). + Fix crash bug when trying to browse Samba printers; (bso#8623). + libsmb: Don't duplicate Kerberos service tickets; (bso#8628). + POSIX ACE x permission becomes rx following mapping to and from a DACL; (bso#8631). + When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). + Fix the vfs_commit module; (bso#8639). + Add an update function for Winbind cache; (bso#8643). + vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). + Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb vfs modules; (bso#8652). + Fix deleting a symlink if the symlink target is outside of the share; (bso#8663). + Fix renaming a symlink if the symlink target is outside of the share; (bso#8664). + Fix NT ACL issue; (bso#8673). + Fix buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). + Fix Winbind segfault if we can't map the last user; (bso#8678). + recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). + Try ctdbd_init_connection() as root; (bso#8684). + Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). + Fix typo in 'net memberships' usage; (bso#8687). + libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(); (bso#8692). + Make DeletePrinterDriverEx remove printer driver files; (bso#8697) (bnc#740810). + Fix major leak with SMB2 in connections.tdb; (bso#8710).- s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504).- Use correct license, LGPLv3+ for libwbclient packages.- When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636).- Fix incorrect types in the full_audit VFS module. Add null terminators to audit log enums; (bnc#742885).- Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810). - Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504).- Buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). - NT ACL issue; (bso#8673). - Deleting a symlink fails if the symlink target is outside of the share; (bso#8663). - connections.tdb - major leak with SMB2; (bso#8710).- Renaming a symlink fails if the symlink target is outside of the share; (bso#8664).- Intermittent print job failures caused by character conversion errors; (bso#8606). - ads_keytab_verify_ticket mixes talloc allocation with malloc free; (bso#8692). - libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). - s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684). - s3-printing: fix migrate printer code; (bso#8618). - Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686).- net memberships usage info was wrong; (bso#8687). - s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628). - Recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). - s3-winbind: Fix segfault if we can't map the last user; (bso#8678). - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). - s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb; (bso#8652). - Winbind can't receive any user/group information; (bso#8371). - s3-winbind: Add an update function for winbind cache; (bso#8643). - s3: Attempt to fix the vfs_commit module. - POSIX ACE x permission becomes rx following mapping to and from a DACL; (#bso#8631). - s3:libsmb: only align unicode pipe_name; (bso#8586). - s3-winbind: Don't fail on users without a uid; (bso#8608). - Crash when trying to browse samba printers; (bso#8623). - talloc: double free error; (bso#8562). - cldap doesn't work over ipv6; (bso#8600). - s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326). - SMB2: not granting credits for all requests in a compound request; (bso#8614). - smb2_flush sends uninitialized memory; (bso#8579). - Password change settings not fully observed; (bso#8561). - s3:smb2_server: grant credits in async interim responses; (bso#8357). - s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592). - samr_ChangePasswordUser3 IDL incorrect; (bso#8591). - idmap_autorid does not have allocation pool; (bso#8444). - Add systemd service files. - s3:libsmb: the workgroup in the non-extended-security negprot is not aligned; (bso#8573). - s3-build: Fix inotify detection; (bso#8580). - SMB2 doesn't handle compound request headers in the same way as Windows; (#bso8560). - Disconnecting clients swamp the logs; (bso#8585). - s3-netlogon: Fix setting the machinge account password; (bso#8550). - winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548). - smbclient posix_open command fails to return correct info on open file; (bso#8542). - readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). - s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465). - s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531). - s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string; (bso#8528). - Make VFS op "streaminfo" stackable; (bso#8419).- Fix incorrect perfcount array length calculations; (bnc#739258).- BuildRequire autoconf to avoid implicit dependency for post-11.4 systems.- Remove call to suse_update_config macro for post-11.4 systems.- Use samba.org for the ldapsmb source location.- Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile; (bnc #729516).- Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572).- Add ldap to Should-Start and Stop of the smb init script; (bnc#730046).- Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571).- Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564).- Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145).- Fix typo in net ads join output; (bnc#713135).- Ignore a potentially missing AppArmor snippet helper script; (bnc#725256).- Update to 3.6.1. + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Several SMB2 fixes. + The VFS ACL modules are no longer experimental but production-ready. + Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465). + smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509). + Return error of cli_push when 'put - /some/file' is used; (bso#7551). + Fix usage of cli_errstr(); (bso#7864). + Fix 'widelinks' regression; (bso#8229). + Empty notify servername; (bso#8236). + Add man vfs_aio_fork; (bso#8256). + smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes; (bso#8334). + Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338). + While migrating forms, don't fail if the form already exists; (bso#8351). + OS/2 sends an unexpected write&x/read&x chain; (bso#8360). + Fix build of vfs_prealloc on SLES8; (bso#8363). + Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364). + Fix the fallback to the deprecated spelling idmap:script; (bso#8368). + Fix vfs_chown_fsp; (bso#8370). + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix smbclient access to NT4 shares; (bso#8385). + Optimize serverid_exists() for Solaris; (bso#8395). + registry/reg_format.c must include includes.h; (bso#8401). + SMB2 server can return requests out-of-order when processing a compound request; (bso#8407). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with SMB2; (bso#8412). + Fix 'getent group' if trusted domains are not reachable; (bso#8420). + Fix infinite loop in ACL module code; (bso#8422). + Fix wrong reply to DHnC (durable handle reconnect); (bso#8428). + Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429). + Fix segfault in iconv.c; (bso#8433). + NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442). + Be smarter about setting default permissions when a ACL_USER_OBJ isn't given; (bso#8443). + Check the wct of the incoming SMBnegprot responses; (bso#8452). + Fix smbclient segfaults when dialect option -m is used for legacy dialects; (bso#8453). + Fix uninitialized memory problem in group_sids_to_info3; (bso#8455). + Samba PDC is looking up only primary user group; (bso#8455). + IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458). + smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473). + SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474). + Don't call smbd_terminate_connection in smb2_validate_message_id(); (bso#8476). + Samba asserts when SMB2 client breaks the crediting rules; (bso#8476). + Map to guest can return uninitialized blob of data; (bso#8477). + acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480). + DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493). + Remove "experimental" label on VFS ACL modules; (bso#8494). + SMB2_OP_CANCEL requests don't have to be signed; (bso#8503). + smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507). + Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509). + Disallow "." in can_set_delete_on_close(); (bso#8515). + SMB2 create call returns incorrect file allocation size; (bso#8518). + Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520). + Winbind cache timeout expiry test was reversed; (bso#8521).- s3/doc: add man page for aio_fork vfs module.- Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).- s3: Samba PDC is looking up only primary user group; (bso#8455).- Add script to create or update an AppArmor sniplet with permissions for all Samba shares; (bnc#688040).- Add "ldapsam:login cache" parameter to allow explicit disabling of the login cache; (bnc#723261).- Retain the smbd startproc return value for correct startup status reporting. unset was incorrectly being called prior to rc_status; (bnc#723724).- Prevent deadlock in systemd triggered by if-down.d handler on shutdown; (bnc#721598).- smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; changed defaults and documentation (bso8473).- Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client); (bso#8515).- winbindd cache timeout expiry test was reversed; (bso#8521).- Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520).- s3:smb2_create: fix allocation size return value when opening existing files; (bso#8518).- SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474).- NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442).- s3-docs: Fix bug (bso#7908) and typo.- Return error of cli_push when 'put - /some/file' is used; (bso#7551).- Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509).- smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507).- Default user entry is set to minimal permissions on incoming ACL change with no user specified; (bso#8443).- smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).- Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft Internet Explorer 9 on Windows 7 to download files; (bso#8458).- DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493).- s3-docs: Fix typos.- s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).- Remove "experimental" label on VFS ACL modules; (bso#8494).- acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).- s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476).- s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin; (bso#7465).- smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473).- s3-netapi: allow to use default krb5 credential cache for libnetapi users.- s3-docs: document -k switch in net manpage.- Map to guest can return uninitialized blob of data; (bso#8477).- s3-registry: registry/reg_format.c must include includes.h; (bso#8401).- smbclient segfaults when option -m is used for legacy dialects; (bso#8453).- Fix 'widelinks' regression intro'd in 3.2; (bso#8229).- Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429).- s3-spoolss: Fix bug forms migration; (bso#8351).- s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452).- s3: Do not fork the echo handler for smb2; (bso#8334).- s3-spoolss: Fix bug empty notify servername; (bso#8236).- SMB2 server can return requests out-of-order when processing a compound request; (bso#8407).- Remove smb child crash fix. The issue had been fixed upstream differently.- BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems.- Fix samba duplicates file content on appending. Move posix case semantics out from under the VFS; (bso#6898); (bnc#681208).- Make winbind child reconnect when remote end has closed, fix failing sudo; (bso#7295); (bnc#569721).- Spec file cleanup as suggested by the spec-cleaner tool. + Make all BuildRequires, PreReq, and Provides a separate line. + Use %{buildroot} instead of ${RPM_BUILD_ROOT}. + Use straight commands instead of macros (make, install). + Use -p in post and postun if we only call one command. + Use %{_localstatedir} instead of %{_var} in the filelist. + Remove superfluous AutoReqProv on lines.- Remove %release from all Provides.- Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433).- Use /var/run for the cifs state file in the init script too; (bnc#710304).- Microsoft Word from Microsoft Office 2007 fails to save as on a share with SMB2; (bso#8412).- Use sys_write and sys_read in fork_domain_child to fix a winbind race leading to 100% CPU usage; (bso#8409).- Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428).- Fix infinite loop in ACL module code; (bso#8422).- Fix getent group if trusted domains are not reachable; (bso#8420).- smbclient can't access a NT4 share since 3.6.0; (bso#8385).- Optimize serverid_exists() for Solaris; (bso#8395).- talloc: + check block count after references test. + added test suite for talloc_free_children(). + license info erratum in the manpage. + fix typos and better differentiation between versions 1 and 2. + preserve context name on talloc_free_children(). + ensure the sibling linked list remains valid during a free.- vfs_chown_fsp returned in the wrong directory; (bso#8370).- Remove irritating "." targets when recent system libs exist; (bso#8369).- Correctly initialize "idmap config * : script" with NULL; (bso#8368).- Add missing include to suppress compiler warnings; (bso#8365).- Point the chain offset beyond the current request; (bso#8360).- Fix gpfs vfs module build; (bso#8364).- Make vfs_prealloc even build on older systems; (bso#8363).- Do central cli_set_error and return the actual NTSTATUS; (bso#7864).- Add a fallback for missing open&x support in OS/X Lion; (bso#8338).- Update to 3.6.0. + BUG 7462: Make SA_RESETHAND conditional on its existance. + BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined. + BUG 8324: smbclient cannot list directories from a big-endian machine. + BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname. + BUG 8327: Fix the reload of the configuration, also reload activated registry shares. + BUG 8328: Cleanup of idmap_tdb2 code. + BUG 8330: Fix NFSv4 ACL merging logic. + BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id. + BUG 8341: Fix segfault in libsmbclient. + BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file. + BUG 8347: Fix regression for HP-UX, AIX and OSF. + BUG 8357: Make sure we grant credits on async read/write operations. + BUG 8358: Fix a bug in run_poll_events(). + BUG 8362: Fix build issue on old glibc systems.- Remove references to disabled vscan build.- Add missing define, includes, and initialization to get_printing_ticket.- Use /var/run for the cifs state file; (bnc#710304).- Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303).- File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335).- Fix reload of the configuration and also reload activated registry shares; (bso#8327).- WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326).- smbclient cannot list directories from a big-endian machine; (bso#8324).- Update to 3.6.0rc3. + BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). + BUG 7888: Deal with buggy 3.0 based PDCs. + BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb module. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8193: Add new command 'enumerate_recursive'. + BUG 8195: Make rpc client code working against NT4 servers. + BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is set. + BUG 8213: Fixes in idmap_autorid. + BUG 8214: Fix smbd crash on printer driver upgrade. + BUG 8215: Fix Winbind unix username lookup. + BUG 8216: Make Winbind returning correct results with 'sids2xids'. + BUG 8217: Do not stat-check the share path in 'net conf addshare'. + BUG 8219: Fix SMB Panic from Windows 7 client. + BUG 8224: Fix the build on FreeBSD. + BUG 8226: Use c99 initializers which are supported by old gcc 2.95 compilers. + BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd. + BUG 8231: Fix crash bug in 'net cache get'. + BUG 8235: Fix smbd crash on startup caused by migrate_printer(). + BUG 8240: Fix Valgrind warnings in winreg/spoolss code. + BUG 8244: Fix copying files larger than 2 GB to a Samba share. + BUG 8247: Fix Coverity ID 2582: FORWARD_NULL. + BUG 8253: Fix Winbind panic if verify_idpool() fails. + BUG 8254: Fix "acl check permissions = no". + BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes. + BUG 8262: Fix build of vfs_commit. + BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl. + BUG 8264: Fix Valgrind bugs in svcctl. + BUG 8276: Close all sockets attached to a subnet in close_subnet(). + BUG 8278: Fix smbd panic when CTDB is unhealthy. + BUG 8281: Fix build of examples/VFS/*. + BUG 8286: Fix smbd crash on premature end of smb2 conn. + BUG 8292: Fix a major architectural flaw in the SMB2 server code. + BUG 8293: Fix log file rotating in SMB2. + BUG 8304: Fix uninitialized variable in error path. + BUG 8305: Fix segfault in nmbd when using 'smbtree ...'.. + BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks. + BUG 8310: toupper_ascii() is broken on big-endian systems. + BUG 8314: Fix smbd crash with unknown user. + Mark 'time offset' parameter as deprecated.- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289); (bnc#708503).- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site request forgery; CVE-2011-2522; (bso#8290); (bnc#705241).- Fixed the DFS referral response for msdfs root; (bnc#703655).- Fix CUPS print job IDs; (bso#7288); (bnc#701257).- Make use of the actual library version as part of the package name on post-11.3 systems only.- Fix winbind internal error; (bso#7636); (bnc#659424).- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION; (bnc#705170).- Specify nmbdsocketdir at configure time; (bnc#700953).- Build the tdb, talloc, and tevent libraries ahead of anything else.- Update to 3.6.0rc2. + BUG 6911: Fix Kerberos authentication from Vista to Samba. + BUG 8166: Don't lockout users when offline. + BUG 8200: Add support for multiple writeable ldap idmap domains. + BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer. + BUG 7054: Fix X account flag when "pwdlastset" is "0". + BUG 8144: Fix setting timestamp when touching files with CIFS clients. + BUG 8153: Fix setting up getaddrinfo on IPv6-only machines. + BUG 8156: Fix 'net ads join' using the user's Kerberos ticket. + BUG 8157: Fix parsing a cups printcap file. + BUG 8175: Fix smbd deadlock. + BUG 8189: Support shadow copy display over SMB2. + BUG 8197: Winbind does not properly detect when a DC connection is dead. + BUG 8203: Winbind needs to reset the DC connection if an RPC times out.- Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209).- Add "winbind max clients" parameter to remove 200-client limit; (bnc#697461).- Disable logon cache for password lockout consistency when running in a cluster; (bnc#694836).- Fix logon of AD users with many group memberships; (bso#6911); (bnc#657026).- Don't lockout users while offline; (bso#8166); (bnc#692607).- Update to 3.6.0rc1. + BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open. + BUG 8112: POSIX extension opens of a directory are denied with EISDIR. + BUG 8132: Fix filling printers location field when using cups. + Remove fstrings from client struct. + BUGFIX when converting from safe_strcpy to strlcpy. + Fix off-by-one calculations with strlcpy. + Ensure we always write the correct incoming mid into the share mode table entries. + Fix the SMB2 oplock showstopper. + Convert user-specified domain to uppercase in libsmb. + Fix Coverity CID #2302: FORWARD_NULL. + Fix cups_pull_comment_location(). + Fix double free of cups request. + Make cups_pull_comment_location() work again. + Fix potential crash bug in display_print_driver3(). + Properly clean up in pthreadpool_init in case of failure. + Make plaintext session setup async. + Reduce fd load in Winbind children. + Avoid a potential 100% CPU loop in Winbind. + Tune broadcast namequeries for unique names. + Properly deal with exited winbind children. + Fix dup_smb2_vec3. + Fix return check in nss_wins.- Fix to renew the kerberos ticket in samba after expiry; (bnc#669949).- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945).- Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969).- Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946).- Package static libraries with 0644 permissions.- Add Requires libtalloc-devel to libldb-devel and libtevent-devel.- Rename libldb0 to libldb1 as 1 is the current major version of the library. - Add libldb1 and libtevent0 to baselibs.conf.- Don't call the suse_update_config macro before building lib ldb and tevent.- Update to 3.6.0pre3. + Listen on IPv6 addresses with IPV6_ONLY; (bso#7383). + Fix wrong output in 'smbget'; (bso#8066). + "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module; (bso#8083). + rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null; (bso#8088). + setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099). + Fix the build of 'smbget' on HP NonStop; (bso#8106). + Fix build of tdb2. + Correctly detect and deny symlinks anywhere in a path (not just the last component) if "follow symlinks = no". + Fix timeout in rpc_pipe_open_tcp_port(). + Fix the build of "--with-profiling-data". + Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470, 2471, 2478. + nsswitch: Add 'wbinfo --lookup-sids'. + nsswitch: Add 'wbinfo --sids-to-unix-ids'. + Fix smbd with the async echo responder. + Fix the build of vfs_gpfs.c. + Add a 10-second timeout for the 445 or netbios connection to a DC. + Many pthreadpool fixes. + Fix transaction recovery area for converted tdbs.- Add PreReq permissions to the krb-printing package.- Remove _libdir ldb and tevent from file list. - Explicitly state not to bundle talloc or tdb while ldb and tevent build.- Always use the actual library version as part of the package name. - Exclude shared python modules.- Fix printing from Windows 7 clients; (bso#7567); (bnc#687535).- Update pidl and always compile IDL at build time; (bnc#688810).- Update to 3.6.0pre2. + ID Mapping changes. + Implement SMB2 support. + Add an Endpoint Mapper daemon. + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Quota only shown when logged as root; (bso#7080). + Fix printing from Windows 7; (bso#7567). + Retry DNS updates when connection to one nameserver has failed; (bso#7690). + Unlink may unlink wrong file when hardlinks are involved; (bso#7863). + Fix 'nmbd --port'; (bso#7875). + cmd_spoolss_deletedriver() returned without checking all architectures; (bso#7880). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix cups pcap reload with no printers; (bso#7915). + Fix bug in chain_reply; (bso#7917). + Fix problems with "kernel oplocks" option set to "no"; (bso#7928). + Fall back for utimes calls; (bso#7940). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let winbind try to use samlogon validation level 6; (bso#7945). + Sgid bit lost on folder rename; (bso#7996). + Fix getting username in 'net rap session'; (bso#8009). + Fix inode generation so nautilus can count total dir size correctly; (bso#8010). + Use jenkins hash for str_checksum; (bso#8010). + Add explicit configure option whether or not to enable dmapi support; (bso#8033). + Fix smbclient segfault with Cyrillic netbios names; (bso#8040). + Fix file creation on OS/X; (bso#8042). + Add "--option" to 'testparm'. + Fix crash bug on smbd shutdown when using FOPENDIR(). + Ensure we don't return an incorrect access mask. + Fix bug against the new Mac client. + Fix leak in error path. + Fix error where Windows client spoolss returns WERR_INVALID_DATA. + Fix a segfault in the krb5 locator plugin. + Enable sharesec for registry shares. + Fix memory leak in "security=share" and "force user". + Add "net idmap check", a check and repair tool for the id mapping database. + Add new 'net idmap delete' command. + Fix segfault on missing input file in 'net idmap restore'. + Fix 'net usersidlist' not to skip every other user. + Fix potential crash bug in spoolss_PrinterEnumValues push path. + Internal restructuring. + Don't wipe out all printer drivers when only one should be deleted. + Fix winbindd_dual_pam_auth_samlogon() for NT4 domains. + Fix memory leak in print_cups.c. + Remove duplicate cups response processing code. + Follow force user/group for driver IO. + Initiate pcap reload from parent smbd. + Reload shares after pcap cache fill. + Fix numerous Coverity IDs (2041 and others). + Fix a memory leak in check_sam_security_info3. + Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable. + Make "net sam list [users|workstations]" list only the right things. + Fix a potential memleak in secrets_fetch_trusted_domain_password. + Use the right credentials in check_netlogond_security. + Add support for AF_NETLINK addr notifications. + Fork multiple Winbind children per domain. + Fix a deadlock between smbd and ctdbd. + Add 'wbinfo --dc-info'. + Make "nmbd socket dir" configurable. + Fixed valgrind errors. + Fix a memleak in receive_getdc_response. + Don't grant SEC_STD_DELETE always to the owner of a file. + Fix segfaults on addrchange errors in Winbind. + Allow machine accounts as members in groupdb. + Add IPv6 support for the endpoint mapper. + Free unused memory in the rpc server. + Fix possible segfaults in svcctl server. + Fix possible segfault with client_id in rpc server. + Add a 'svcctl shutdown' function to rpc server. + Fix a resource leak in net_afs. + Fix a resource leak in smbta-util. + Fix possible resource leak in net_usershare. + Fix possible resource leak in 'smbget'. + Fix possible resource leak in 'smbfilter'. + Fix a possible null pointer dereference in smbd. + Ensure we send the direct levelII oplock break to the correct fid. + Fix private libdir and codepages paths. - Add RFC 3454 to the vendor files.- Fix idmap_tdb for big-endian systems such as ppc and s390; (bso#6901); (bnc#675978).- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913).- Replace jobs by _smp_mflags macro while calling make on post-11.4 systems.- Don't crash when publishing a single printer; (bnc#643119).- Carry error status in printer list IPC message, do not refresh printers if cups is unavailable; (bso#7994); (bnc#675478).- Define the libwbclient packages ahead of packages with a different version.- Use %_smp_mflags for parallel building.- Update to 3.5.8. + Fix Winbind crash bug when no DC is available; (bso#7730). + Fix finding users on domain members; (bso#7743). + Fix memory leaks in Winbind; (bso#7879). + Fix printing with Windows 7 clients; (bso#7567). + Fix 'testparm' return code when EOF in encountered in param name; (bso#3185). + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Fix "Your Password expires today" message for users of trusted domains; (bso#7066). + Fix maintaining of users' groups via UsrMgr; (bso#7262). + Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356). + Raise debug level for "reduce_name: couldn't get realpath" messages; (bso#7409). + Fix updating the time on close in vfs_gpfs; (bso#7498). + Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594). + Handle Windows 9x adddriver calls without config file; (bso#7641). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix memory leak in the netapi routines; (bso#7665). + Store unmodified copies of security descriptors in acl_xattr and acl_tdb modules; (bso#7716). + Fix incorrect unix mode_t caused by invalid client DOS attributes on create; (bso#7733). + Apply appropriate create masks when creating files with "inherit ACLs" set to true; (bso#7734). + Fix "dfree cache time" parameter; (bso#7744). + Fix a getgrent crash with many groups; (bso#7774). + Fix requesting lookups for BUILTIN sids; (bso#7777). + Fix smbd crash caused by expand_msdfs; (bso#7779). + Fix atime limit; (bso#7785). + vfs_scannedonly: Switch from mtime to ctime which is more reliable; (bso#7789). + Fix copying files from a SMB share using Gnome vfs and SMB signing; (bso#7791). + Make Winbind recover from a signing error; (bso#7800). + ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb; (bso#7812). + Fix "force group" with ntlmssp guest session setup; (bso#7817). + vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835). + Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841). + Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842). + Expand the local SAMs aliases; (bso#7843). + ntlm_auth: Support clients which offer a spnego mechs we don't support; (bso#7855). + Fix 'net ads dns register' in cluster setups; (bso#7871). + Fix 'nmbd --port'; (bso#7875). + Make 'rpcclient deldriver' delete drivers for all architectures; (bso#7880). + Fix flaky Winbind against Windows 2008; (bso#7881). + Fix SMB session setups with Kerberos against some closed source SMB servers; (bso#7883). + Fix stale lock in open_file_fchmod(); (bso#7892). + Fix sporadic Winbind panic in rpc query_user_list; (bso#7894). + Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name; (bso#7896). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix connections from WinCE; (bso#7917). + Fix opening MS Powerpoint files; (bso#7940). + Fix endless loops caused by inotify; (bso#7942). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let Winbind try to use samlogon validation level 6; (bso#7945). + Revalidate the pathname once re-constructed from a root fsp; (bso#7950).- Require a particular library version even if the major version is part of the package name. Using the same major version does not guarantee forward compatibility.- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773).- Update to 3.5.7 + Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431).- Disable separate build of samba-doc for post-11.1 systems.- Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431).- Increase the log level for missing PIDs on SIGCHLD, printcap child processes are not added to the children PID list; (bnc#666460).- Do not require a particular library version if the major version is part of the package name.- Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries on post-11.3 systems.- Abide by print$ share 'force user' & 'force group' settings when handling AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353).- Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded() returns false if the pcap cache contains no printer entries. correct call ordering is already enforced. (bso#7836); (bnc#625936).- No longer force activation of the cifs service on post-11.3 systems. - Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4 systems. - Move the cifs init script nfs dependencies from Required to Should.- Recommend to install samba-krb-printing from samba-winbind on post-10.3 systems; (bnc#661845).- Fix error paths in cups_async_callback(), an empty cups printer list should not be treated as an error; (bnc#661842).- Abide by printcap cache time, reload parent smbd pcap cache on expiry; (bso#7836); (bnc#625936).- Fix race in cups async printer services reload; (bso#7836); (bnc#625936).- Don't tweak with baselibs.conf during %post if not present; (bnc#652620).- Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620).- Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux Enterprise 10; (bnc#652620).- vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835).- Replace Requires samba-client by samba-gplv3-client in the gplv3 packages; (bnc#652620).- Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112).- Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind, client-gplv2, and doc-gplv2 packages; (bnc#652620).- Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions; (bnc#652620).- Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620).- Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind package to avoide an accidental install trigger; (bnc#652620).- Add Provides samba-client to the samba-gplv3-client package; (bnc#652620).- Remove all Obsoletes from the samba-gplv3 packages and only keep the Provides samba; (bnc#652620).- Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620).- Reduce unnecessary ldap round trips and eliminate invalid DN messages; (bnc#654719).- Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux Enterprise 10 SP 3 and 4.- Add the _build_arch at the end of the vendor version suffix.- Provide and Obsolete samba-gplv3 to replace potentially installed packages.- Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4. - Do not package libsmbclient and libsmbsharemodes.- Update to 3.5.6 + Fix auto printers with registry config; (bso#7280); (bnc#617153). + Fix SPNEGO auth when contacting Win7 system using Microsoft Live Sign-in Assistant; (bso#7577). + Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578). + Fix "admin users" when using vfs_acl_xattr; (bso#7581). + Fix using cached credentials in ntlm_auth; (bso#7589). + Fix Winbind offline login; (bso#7590). + Fix Winbind internal error; (bso#7636). + Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651). + Fix smbd changing mode of files on rename; (bso#7693). + Fix crash bug with invalid SPNEGO token; (bso#7694). + Fix smbd panic on invalid NetBIOS session request; (bso#7698). + Fix smbd crash caused by "%D" in "printer admin"; (bso#7541). + Fix 'smbclient -M'; (bso#7635). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix crash bug in rpcclient; (bso#7688). + Fix file corruption when setting Samba "write wache wize"; (bso#7715).- Let startproc wait for nmb, smb and winbind pid files getting created on post-11.1 systems; (bnc#520036).- Include the reviewed french translation for pam_winbind; (bnc#499233).- Fix smbd crash with CUPS printers and no [printers] share defined; (bso#7297); (bnc#637755).- Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870).- Fix baselibs.conf for libtalloc.- Fix buffer overflow in sid_parse() to correctly check the input lengths when reading a binary representation of a Windows Security ID (SID); CVE-2010-3069; (bso#7669); (bnc#637218).- Use cached ntlm password in libsmbclient. Prevent lockouts when kerberos tickets are lost; (bnc#602418); (bnc#606304).- Add a dependency on nfs to the smbfs/ cifs init scripts as they require the en_US locale and /usr might be on NFS.- Complete fix for trusts with Windows 2008R2 DCs.- Fix authentication dialogs when connecting to older systems; (bnc#632055).- Adjust position of conditional ldapsmb %package and %files definition.- Create the /var/run/samba directory on the fly and package it as %ghost.- Fix preexec scripts; (bso#7104); (bnc#632852).- Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient pkgconfig files and BuildRequire pkgconfig; (bnc#632770).- BuildRequire python-devel for post-9.3 systems.- Only create precompiled headers for post-10.2 systems. - Remove mkinitrd scriptlets.- Add vfs_crossrename man page. - Call make basic and remove conditional proto target. - Increase libtevent version to 0.9.9. - Remove wbc_async header from the file list. - Remove remaining cifs-mount pieces from the spec file.- Fix printers not auto loading with registry config; (bso#7280); (bnc#617153).- Update to 3.6.0pre1. + SMB2 support is fully functional despite managing quota using the Microsoft management tools. + Internal Winbind passdb changes to use samr and lsa rpc pipe to get local user and group information. + The spoolss and the old RAP printing code have been completely overhauled and refactored. + The SMB Traffic Analyzer (SMBTA) VFS module got added.- Intilize workgroup of nmblookup as empty string.- Fix net ads join when using parent domain users; (bso#6364); (bnc#630812).- cifs: do not restart during dhcp lease renewal when IPaddress remains the same; (bnc#573246).- Fix "Too many open files" when trying to access large number of files; (bso#6837); (bnc#619787).- Update to 3.5.4. + Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing from ldap (bug #7448). + Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507). + Allow previous password to be stored and use it to check tickets; (bso#7099). + Make ea data checks identical for trans2open and trans2mkdir; (bso#7188). + Fix editing users' groups via UsrMgr; (bso#7262). + Fix Winbind over IPv6; (bso#7341). + Samba sends "raw" inode number as uniqueid with unix extensions; (bso#7410). + Fix printing large formats; (bso#7423). + Fix spnego returning incorrect mechListMIC string; (bso#7449). + Fix some crash bugs and missing error codes in AddDriver paths; (bso#7459). + Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479). + Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500). + Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503). + Fix numerous build issues; (bso#7504). + Fix session setup from linux kernel cifs clients with "sec=ntlmv2"; (bso#7517).- Remove all provides and obsoletes samba3 from the spec file. Packages with this base name have not been offered as part of a product.- Fix a NULL pointer dereference in smbd of the 3.4 code base; CVE-2010-1635; (bso#7229); (bnc#605935).- Address possible buffer overrun in chain_reply code of pre-3.4 versions; CVE-2010-2063; (bso#7494); (bnc#611927).- Update of the SMB Traffic Analyzer v2 VFS module- Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873); (bnc#592198); (bso#6697).- Update to 3.5.3. + Fix MS-DFS functionality; (bso#7339). + Fix a Winbind crash when scanning trusts; (bso#7389). + Fix problems with SIGCHLD handling in Winbind; (bso#7317). + Add replacement for IPV6_V6ONLY on linux systems with broken headers; (bso#7196). + Fix cups encryption setting; (bso#7263). + Fix exporting printers via 'cupsaddsmb' command; (bso#7277). + Fix SMB job IDs in CUPS job names; (bso#7288). + Fix segfault in mount.cifs; (bso#7315). + Make TIME_T_MAX defines consistent; (bso#7352). + Re-fix a bug with smbd serving a windows terminal server; (bso#7357). + Display an error on 'net conf import' failures; (bso#7378). + Fix bitmap leak in dptr_Close; (bso#7384). + Fix rename problems with full_audit VFS module; (bso#7398). + Fix setting of passwords via 'net rpc user password' command; (bso#7417). + Fix 'net rpc printer list' command; (bso#7418). + Rename mod_name to module_name; (bso#7421). - Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler. - Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423). - Winbind not working over IPv6; (bso#7341).- Honor "interfaces" list in net ad dns register; (bnc#606947).- Exclude the RPM release from the vendor tag for openSUSE Factory; (bnc#604049).- Enable the build of the idmap tdb2 module; (bnc#600822).- BuildRequire keyutils-libs-devel for Fedora and post-RHEL4.- BuildRequire pkg-config for post-10.2 systems and else pkgconfig.- Add "net conf import" error messages; (bso#7378, bnc#598189).- Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544).- Update to 3.5.2. + Fix smbd segfaults in _netr_SamLogon for clients sending null domain; (bso#7237). + Fix smbd segfaults in "waiting for connections" message; (bso#7251). + Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935); CVE-2010-1642. + Fix a memleak in Winbind; (bso#7278). + Fix Winbind reconnection to it's own domain; (bso#7295). + Fix segfault if hide files or veto files has no ".AppleDouble"; (bso#1206). + Fix parsing of the gecos field; (bso#5198). + Fix several printing issues; (bso#6727). + Fix valgrind warning; (bso#6814). + Fix race condition in mount.cifs that allows user to replace mountpoint with a symlink; (bso#6853). + Fix bug in vfs_scannedonly rmdir implementation; (bso#7075). + Fix handling of bad server data returns in client rpc_transport; (bso#7159). + Never mark external domains as internal in Winbind; (bso#7170). + Fix access by multi-threaded applications; (bso#7202). + Fix 'net share' command; (bso#7203). + Fix DN parsing name was always null; (bso#7204). + Signals are processed twice in child; (bso#7206). + Fix returning of group members with 'getent group'; (bso#7212). + Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216). + Make Winbind logs more verbose for troubleshooting; (bso#7225). + Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229); (bnc#605935). + Fix automatic building of vfs_tsmsm if gpfs and dmapi are present; (bso#7231). + Fix race conditions in CTDB persistent transactions; (bso#7232). + Symlink delete fails but incorrectly reports success to client; (bso#7234). + Fix "printer admin" functionality; (bso#7255). + Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256). + Fix _winreg_QueryValue crash bugs and implement Windows behavior; (bso#7258). + Fix job management commands for CUPS queues; (bso#7269). + Fix smbd segfault if using vfs_acl_tdb; (bso#7283). + Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290). + Fix smbd crashes with CUPS printers and no [printers] share defined; (bso#7297). + Fix DOS attribute inconsistency with MS Office; (bso#7310). + Many disconnecting clients render clustered Samba unusuable for some time; (bso#7312). + Make 'net conf addshare' atomic; (bso#7313). + Eliminate race condition in creating/scanning sorted subkeys in the registry backend; (bso#7314). + Winbind possibly segfaults when trying a trusted domain without inbound trust; (bso#7316).- Add SMB Traffic Analyzer v2 VFS module.- Document "wide links" defaults to "no" in the smb.conf man page for versions pre-3.4.6; (bnc#577868).- Fix workgroup enumeration, for client printer and file share selection; (bso#6880); (bnc#586215).- Fix tdb validation for offline auth; (bnc#587014).- Fix "printer admin" functionality; (bso#7255).- An uninitialized variable read could cause an smbd crash; (bso#7254); (bnc#605935); CVE-2010-1642.- Ensure to have a valid talloc stackframe; (bso#7251).- _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237).- Merge missing pam_winbind message translations; (bnc#499233).- Remove cifs-mount subpackage for post-11.2 systems as the tools are now part of the independent cifs-utils package.- Fix join of Windows 2008 domains; (bnc#567013).- Update to 3.5.1 and 3.4.7. + Fix security flaw on Linux platforms if built with libcap support allowing file system access even when permissions should have denied it; CVE-2010-0728; (bso#7222); (bnc#586683).- Fixed libldb.so link in libldb-devel.- Fix argc handling in net_share, making the command "net share" work again; (bso#7203); (bnc#584253).- Update to 3.5.0. + Fix duplicate sam and unix accounts; (bso#7145). + Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160). + Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166). + Fix 'net ads dns' usage calls; (bso#7181). + Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182).- Update to 3.4.6. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix printing with 64 bit clients (bso#6888). + Fix core dump on 64 bit Linux (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bso#7067). + Fix string buffer overflow causing heap corruption in smbd (bso#7096). + Fix bogus ip address in SWAT; (bso#5885). + Fix vfs_full_audit; (bso#6557). + Use the first "uid" value; (bso#6157). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix DFS on AIX (maybe others); (bso#7052). + Fix pdb_search crash as non-root user; (bso#7068). + Fix unlocking of accounts from ldap; (bso#7072). + Fix vfs_expand_msdfs; (bso#7081). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Fix reading of large browselist; (bso#7122). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix listing of printjobs in Windows 7; (bso#7130). + Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136). + Make idmap cache persistent for "ldapsam:trusted". + Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not only the persistent idmap cache. + Shortcut uid_to_sid when "ldapsam:trusted = yes". + Make pdb_copy_sam_account also copy the group sid. + Shortcut gid_to_sid when "ldapsam:trusted = yes". + Speed up pdb_get_group_sid(). + Try to build the full unix_pw structure with ldapsam:trusted support. + Optimize ldapsam_alias_memberships() and cache ldap searches.- Update to 3.5.0rc3. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix vfs_full_audit; (bso#6557). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Fix duplicate initializer in the rmdir module; (bso#6876). + Fix printing with 64 bit clients; (bso#6888). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix core dump on Ubuntu 8.04 64 bit; (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio); (bso#7067). + Fix 'smbget' error status; (bso#7069). + Fix build of 'smbfilter'; (bso#7071). + Fix unlocking of accounts from ldap; (bso#7072). + Cliconnect gets realm wrong with trusted domains; (bso#7079). + Fix vfs_expand_msdfs; (bso#7081). + Fix storing of create time on directories in an EA in new create time code; (bso#7084). + Fix an early release of the global lock that can cause data corruption in libtdb; (bso#7085). + Fix string buffer overflow causing heap corruption in smbd; (bso#7096). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Add pdb_ldap performance fixes; (bso#7116). + Change ldap filter to what really was intended; (bso#7116). + Add new "nmbd bind explicit broadcast" parameter; (bso#7118). + Fix nmbd problems with socket address; (bso#7118). + Support large browselist; (bso#7119). + Fix reading of large browselist; (bso#7122). + Fix listing of printjobs in Windows 7; (bso#7130). + Owner of file not available with Kerberos; (bso#7139). + Fix IPv4/IPv6 problems; (bso#7140). + Fix get_acl_blob in the acl_tdb VFS module; (bso#7148). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix some wrong newlines in de translation strings.- Take extra care that a mount point of mount.cifs isn't changed during mount and don't allow it to be run as setuid root program; CVE-2010-0787; (bso#6853); (bnc#550002).- Check in mount.cifs for invalid characters in device name and mountpoint; CVE-2010-0547; (brc#562156); (bnc#577925).- Don't invalidate cache for uninitialized domains; (bnc#538923).- Signals are processed twice in child; (bnc#538923).- Allow forced pw change even with min pw age; (bnc#561894).- Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868).- Fix enumerate domain local groups for primary domain; (bnc#573813).- Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106).- Normalize "Changing password for" msg IDs and STRs; (bnc#499233).- Build libtevent and libldb and put them into separate subpackages.- Update to 3.5.0rc2. + The Using Samba HTML book has been removed. + 'net', 'smbclient' and libsmbclient can use logon credentials cached by Winbind; (bso#7062). + New vfs_scannedonly module has been added; (bso#7028). + Check password history before increasing "badPasswordCount"; (bso#4347). + Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202). + Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap; (bso#6157). + Fix deletion of an object whose parent folder does not have delete rights fails even if the delete right is set on the object in vfs_acl_xattr and vfs_acl_tdb; (bso#6876). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027). + Disable sanity check in NetShareEnum for better compatibility with Windows; (bso#7029). + Fix SMBrmdir error message when deleting a directory fails; (bso#7033). + Fix segfault in vfs_cap; (bso#7034). + Fix 'net rpc getsid' in hardened Windows environments; (bso#7036). + Fix a Winbind segfault in "trusted_domains"; (bso#7037). + Complete and improve some German translation of 'net'; (bso#7039). + Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039). + Fix crash bug in libsmbclient; (bso#7043). + Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045). + Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046). + Lock down some srvsvc calls according to what w2k3 seems to do.- Update to 3.4.5. + Fix memory leak in smbd (bug #7020). + Fix changing of ACLs on writable files with "dos filemode=yes" (bug #5202). + BUG 6642: Fix opening the quota magic file. + BUG 6919: Fix remote quota management. + BUG 7034: Fix internal error caused by vfs_cap. + BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. + BUG 7043: Fix crash bug in "SMBC_parse_path". + BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. + BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS server.- Free unused memory after a packet got processed; (bso#7020).- Add timeout to rpc call to prevent infinite loop when network is down; (bnc#538923).- Update to 3.5.0rc1. + BUG 6837: Fix "Too many open files" when trying to access large number of files with Windows 7; (bnc#619787). + BUG 6939: Fix long filenames when "mangling method" is set to "hash". + BUG 6991: Create symbol links to shared libraries. + BUG 6992: make test for getgrouplist cacheable. + BUG 7014: Fix Winbind crash when retrieving empty group members. + BUG 7020: Fix smbd using 2G memory. + Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. + Vector correctly through reply_openerror() (which uses the same logic). + Fix bugs with the full Windows ACL support. + Add a few missing gettext calls to the 'net' command. + Fix up a share type translation and translate some more strings in 'net'. + Allow to call "pdbedit -N description -u user" without specifiyng "-r". + Add spoolss_DriverInfo7. + Fix rpcclient after setprinter IDL fixes. + Use generated krb5.conf in 'net ads testjoin'. + Add some German translations for the 'net' command. + Update mount.cifs man page with nounix option. + Fix _samr_GetAliasMembership for results with 0 rids. + Fix an error case in cli_negprot. + Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. + Restore correct timeouts for SMB requests. + Fix a 64-bit error in libsmb. + Replace IS_DOMAIN_OFFLINE by a function in Winbind. + Simplify/cleanup Winbind code. + Fix write behind memory block in libtalloc. + Fix result check for getaddrinfo(). + Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. + Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. + Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. + Fix standalone 'make installdocs'. + Output %p as unsigned in snprintf replacement. + New attempt at TDB transaction nesting allow/disallow. + Remove swig stuff from libtdb. + Reset tdb->fd to -1 in tdb_close() in libtdb. + Change the way mksysms work in libtalloc. + Also build and install tdb manpages from standalone tdb. + Fix infinite loop in NCACN_IP_TCP as there is no timeout. + Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. + List trusted domains from wcache when domain is offline.- Update to 3.4.4. + Fix interdomain trust relationships with Win2008R2 (bug #6697). + Fix Winbind crashes when queried from nss (bug #6889). + Fix Winbind crash when retrieving empty group members (bug #7014). + Fix "UID range full" error in Winbind (bug #6901). + Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910). + BUG 4832: Fix iconv checks. + BUG 6338: Do not always display "none" in 'net rpc trustdom list'. + BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time. + BUG 6828: Fix infinite timeout when byte lock held outside of samba. + BUG 6837: Fix "Too many open files" message when trying to access a large number of files with Windows 7; (bnc#619787). + BUG 6841: Fix "map acl inherit = yes". + BUG 6850: Fix shadow copy display on Windows 7. + BUG 6867: Fix listing of directories with a lot of files. + BUG 6868: Support building with Heimdal we well as with MIT. + BUG 6875: Fix DOS attributes on OS/2 clients. + BUG 6880: Fix listing of workgroup servers in libsmbclient. + BUG 6898: Samba duplicates file content on appending. + BUG 6918: Fix krb5 build problem on Ubuntu karmic. + BUG 6929: Fix build with recent heimdal. + BUG 6939: Fix long filenames with "mangling method = hash". + BUG 6967: Fix 'net ads join' with OU. + BUG 6981: Fix paged search with DirX LDAP server. + BUG 6982: Remove erroneous out of memory error path in lookup_sid. + BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids. + BUG 7005: Fix "mangle method = hash" truncates files with dot "." character. + Fix the build of the winbind krb5 locator plugin. + Fix enumprinter key client and server.- Readjust the _libdir/cups/backend/smb sym link only on uninstall of the samba-krb-printing package; (bnc#568603).- Add BuildRequires to fam-devel; (bnc#564260).- Prevent winbind crash; (bso#7014); (bnc#566119).- Fix processing of open modes in POSIX open; (bnc#530683).- Add baselibs.conf as a source.- Update to 3.5.0pre2. + BUG 2350: Add LDAP Alias Dereferencing support. + BUG 6288: SWAT adds a second share when changing parameters of an existing share. + BUG 6435: Fix minor memory corruption. + BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. + BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. + BUG 6837: "Too many open files" when trying to access large number of files from Windows 7; (bnc#619787). + BUG 6860: Fix shared library build on QNX. + BUG 6879: Fix crash in Winbind. + BUG 6929: Fix build with recent heimdal. + BUG 6938 : No hook exists to check creation rights when using acl_xattr module. + BUG 6967: Prevent glibc error on 'net ads join'. + Fix vfs_acl_xattr which was failing to call the NEXT connect function. + Restructure the ACL code. + Refactor reply_rmdir to use handle based code. + Fix the build when no external talloc and tdb are installed. + Fix detection of CTDB headers on systems without system-libtalloc. + Fix several printing issues. + Fix the build on Mac OS X 10.6.2. + Fix net and rpcclient after setprinterdataex changes. + Add full support for level 8 printer drivers. + Add more spoolss architectures to IDL. + Fix enumprinter key client and server. + Fix crash in EnumPrinterDataEx. + Prefer posix_fallocate for doing "strict allocate". + Restore "fake directory create times" as a share parameter. + Fix explicit stat64 support. + Add support for NetWkstaGetInfo 101 and 102. + Add rpcclient wkssvc_enumerateusers. + De-deprecate "write cache size" to prevent its removal without a proper alternative. + Allow more than 1000 users in BUILTIN\Users. + Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. + Fix the build of the example VFS modules. + Fix crash in free_file_list(). + Give the user a chance to change password when password will expire soon.- Store the smbfs service state if enabled and restore it for cifs while upgrade on post-11.2 systems.- Prevent cifstab from being overwritten while upgrade on post-11.2 systems.- Give the user a chance to change password when password will expire soon; (FATE#302414).- Rename smbfs init script to cifs for post-11.2 systems.- Allow Windows 7 to connection to samba domain controllers and member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680).- Error on joining windows domain (invalid pointer); (bso#6967); (bnc#553622).- Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165). - Simplify the winbind package %pre script and suppress stdout only.- Update to 3.5.0pre1 + Add support for full Windows timestamp resolution. + Experimental implementation of SMB2. + Add encryption support for connections to a CUPS server. + Major windbind asynchronous refactoring. - Remove using_samba from the doc package. - Increase major version of libtalloc to 2.- Fix kerberos refresh chain; (bnc#546162); (bso#6872).- Hardlink duplicate files on post-11.1 systems.- Add BuildArch noarch to samba-doc on post-11.1 systems.- Use full 16byte session key in make_user_info_netlogon_interactive(); (bnc#551811).- Update to 3.4.3. + Fix trust relationships to windows 2008 (2008 r2) (bug #6711). + Fix file corruption using smbclient with NT4 server (bug #6606). + Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). + BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a symbolic link. + BUG 6529: Offline files conflict with Vista and Office 2003. + BUG 6532: Fix domain enumeration if master browser has space in name. + BUG 6606: Fix file corruption using smbclient with NT4 server. + BUG 6690: Fix wrong error check in profile. + BUG 6703: Allow smbstatus as non-root. + BUG 6704: Fix syntax error in avahi configure test. + BUG 6707: Fix an occasional segfault in config file parsing. + BUG 6710: Adjust regex to match variable names including underscores. + BUG 6711: Fix trust relationships to windows 2008 (2008 r2). + BUG 6726: SIVAL should have been an SVAL. + BUG 6728: BSD needs sys/sysctl.h included to build properly. + BUG 6731: Fix reading beyond the end of a named stream in xattr_streams. + BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password. + BUG 6764: Fix timeval calculation. + BUG 6765: Add a "hidden" parameter "share:fake_fscaps". + BUG 6769: Fix symlink unlink. + BUG 6772: Allow outstanding_aio_calls to be decremented. + BUG 6774: smbd crashes if "aio write behind" is set. + BUG 6776: Fix core dump caused by running overlapping Byte Lock test. + BUG 6781: Fix renaming subfolders in Explorer view. + BUG 6791: Fix linking order in cifs.upcall. + BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6". + BUG 6793: Fix segfault in winbindd_pam_auth. + BUG 6796: Deleting an event context on shutdown can cause smbd to crash. + BUG 6797: Fix a memleak in libwbclient. + BUG 6804: Fix hpux compiler issue. + BUG 6805: Correctly handle aio_error() and errno. + BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names. + BUG 6810: Add support for finding alternate credcaches to cifs.upcall. + BUG 6811: Fix reference to freed memory in pam_winbind. + BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure. + BUG 6824: Fix avahi activation. + BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. + BUG 6828: Fix infinite timeout when byte lock held outside of Samba. + BUG 6829: Fix displaying of multibyte characters in smbclient. + BUG 6840: Fix crash in pam_winbind. + Fix an uninitialized variable. + Only ever handle one event after a select call. + Conditional install of the cifs.upcall man page. + Fix warning occuring when building the manpages.- Let smbclient show special characters properly; (bso#6829); (bnc#544204).- Don't fail authentication when one or some group of require-membership-of is invalid; (bnc#525123); (bso#6826).- Allow winbind to ignore certain domains; (bnc#539506).- Update to 3.4.2. + Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517). + Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115). + Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).- Fix potential denial of service; CVE-2009-2906; (bnc#543115).- Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).- Fix unresolved home path; CVE-2009-2813; (bnc#539517).- Don't overwrite password in pam_winbind; (bnc#515444).- mods for winbind (when used with squid - ntlm_auth) o winbind adds group 'winbind' o permission 0750,root,winbind LOCKDIR/winbindd_privileged- Merge two fixes from 3.2.8 and 3.3.1. + Adjust regex to match variable names including underscores. + Conditional install of the cifs.upcall man page.- Remove supplements from baselibs.conf while %clean for pre-11.1 systems; (bnc#520579).- Update to 3.4.1. + Fix authentication on member servers without Winbind (bug #6650). + Nautilus fails to copy files from an SMB share (bug #6649). + Fix connections of Win98 clients (bug #6551). + Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). + Fix Winbind authentication issue (bug #6646). + BUG 5879: Update LDAP schema for Netscape DS 5. + BUG 5886: Fix password change propagation with ldapsam. + BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe. + BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab. + BUG 6437: Make open_udp_socket() IPv6 clean. + BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient. + BUG 6506: Smbd server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE. + BUG 6532: Fix the build with external talloc. + BUG 6538: Cancel all locks that are made before the first failure. + BUG 6560: Fix lookupname. + BUG 6564: SetPrinter fails (panics) as non root. + BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation. + BUG 6585: Fix unqualified "net join". + BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. + BUG 6601: Avoid global fd limits. + BUG 6607: Fix crash bug in spoolss_addprinterex_level_2. + BUG 6611: Fix a valgrind error in chain_reply. + BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 6650: Fix authentication on member servers without Winbind. + BUG 6651: Fix smbd SIGSEGV when breaking oplocks. + BUG 6655: Fix 'smbcontrol smbd ping'. + BUG 6620: Fix a bug in renames of directories. + BUG 6664: Fix truncation of the session key. + BUG 6673: Fix 'smbpasswd' with "unix password sync = yes". + BUG 6680: Fix authentication failure from Windows 7 when domain joined. + BUG 6688: Fix crash in 'net usershare list'. + BUG 6693: Check we read off the complete event from inotify. + BUG 6700: Use dns domain name when needing to guess server principal.- Update to 3.2.14. + Fix SAMR access checks (e.g. bugs #6089 and #6112). + Fix 'force user' (bug #6291). + Improve Win7 support (bug #6099). + Fix posix ACLs when setting an ACL without explicit ACE for the owner (bug #2346). + BUG 6387: Fix Winbind crash when multiple IDmappings exist in the LDAP directory. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6089: Fix SAMR access checks. + BUG 6112: Fix SAMR access checks. + BUG 6279: Fix Winbind crash. + BUG 6291: Fix 'force user'. + BUG 6099: Try to fix domain join of Win7 Beta. + BUG 6386: Groupdb mapping fix. + BUG 6421: Fix POSIX read-only open on read-only shares. + BUG 6476: Fix more smbd-zombies in memory. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + BUG 6504: Fix SAMR server for Winbind access. + BUG 6520: Fix time stamps. + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6465: Fix enum_aliasmem in ldb branch. + BUG 6484: Fix searching for users while adding them to groups via Windows usermanager. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 6526: Let parent_dirname() correctly return toplevel filenames. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 5798: Preserve CFLAGS info in configure. + BUG 6382: Case insensitive access to DFS links broken. + BUG 6481: Don't require "Modify property" perms to unjoin. + BUG 6628: 'smbpasswd -a' uses algorithmic rid base with 'passdb backend = tdbsam'. + BUG 6560: Lookupname failed, cannot find domain when attempt to change password. + Prevent creation of keys containing the '/' character. + Fix join of Windows 7 RC to a Samba3 DC. + Fix bug in processing of open modes in POSIX open. + Fix the negotiate flags. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to 'net'. + Fix a race condition in Winbind leading to a panic. + Add workaround for MS KB932762. + 5945: Fix out of memory error with Winbind idmap. + Avoid duplicate ACEs. + Fix profile ACLs in some corner cases. + Zero an uninitialized array.- Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271); (bso#6615).- check in .po files for pam_winbind; (bnc#499233); (bso#6602).- Add ntp and network-remotefs as Should-Start dependency to the winbind init script; (bnc#515629).- Update to 3.0.36. + Fix Winbind crash on 'getent group' (bug #5906). + Excel save operation corrupts file ACLs (bug #4308). + Prevent segmentation fault on joining a very long domain name. + BUG 4308: Excel save operation corrupts file ACLs. + BUG 4370: Clean-up entries in /etc/mtab after unmount. + BUG 4640: Fix guest mounts in mount-cifs. + BUG 5906: Fix Winbind crash on 'getent group'. + BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. + BUG 6099: In order to allow Win7 to connect to a Samba NT style. + BUG 6279: Fix Winbind crash. PDC we set the flags before we know if it's an error or not. + BUG 6085: Fix build of vfs_default. + BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work correctly. + Fix logic error in try_chown. + Correctly use chroot(). + Fix bug in processing of open modes in POSIX open. + Don't install the cifs.upcall binary twice. + Fix mount.cifs handling of -V option. + Prevent segmentation fault on joining a very long domain name. + Don't try and delete a default ACL from a file. + Add workaround for MS KB932762. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Fix a crash during name resolution when log level >= 10 and libc segfaults if printf is passed NULL for a "%s" arg.- Use a conditional suse_version macro in front of the SUSE_ASNEEDED export.- lookupname failed, cannot find domain when attempt to change password; (bnc#520645); (bso#6560).- Don't link with --as-needed flag on post-11.1 systems.- Stop the smbfs service if an interface goes down; (bnc#517768).- Disable build of static libraries on post-11.1 systems; (bnc#509945).- Fix missing zlibs for cifs.upcall and test_shlibs.- Update to 3.4.0. + BUG 6431: Local groups from 3.0 setups no longer found. + BUG 6459: Fix build of pam_smbpass on some distributions. + BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain not. + BUG 6497: Fix calling of 'test' in configure. + BUG 6498: Add workaround for MS KB932762. + BUG 6499: Fix building of pam_smbpass. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6512: Fix support for enumerating user forms. + BUG 6514: Improve error message in 'net' when smb.conf is not available. + BUG 6520: Fix time stamps when "unix extensions = yes". + BUG 6521: Fix building tevent_ntstatus without config.h. + BUG 6526: Fix notifies in the share root directory. + BUG 6531: Fix pid file name.- Package /etc/samba/smbpasswd as %ghost on post-11.1 systems.- Fix net ads leave; (bnc#511695).- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164). - Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164).- Update to 3.2.13, 3.3.6. + In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478).- Update to 3.0.35. + In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes"; CVE-2009-1888; (bnc#515479).- Uninitialized read of a data value; CVE-2009-1888 (bnc#515479).- Update to 3.4.0rc1. + BUG 4699: Remove pidfile on clean shutdown. + BUG 5456: Fix "net ads testjoin". + BUG 6081: Make it possible to change machine account sids. + BUG 6253: Use correct value for password expiry calculation in pam_winbind. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6305: Correctly prompt for a password when a username was given. + BUG 6328: Add support for multiple rights to "net sam rights grant/revoke". + BUG 6333: Consolidate create/delete account paths in pdbedit. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6451: net/libnetapi user rename using wrong access bits. + BUG 6458: Fix uninitialized variable in local_password_change(). + BUG 6465: Fix enumeration of empty aliases. + BUG 6476: Fix smbd-zombies in memory when using [x]inetd. + BUG 6487: Add missing DFS call in trans2 mkdir call. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + Improve pam_winbind documentation. - Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions.- Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user input as a format string to asprintf; CVE-2009-1886; (bnc#513360).- Fix a bad memleak in vfs_full_audit; (bnc#510035).- Update to 3.3.5. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix joining of Win7 into Samba domain (bug #6099). + Fix joining of Win2000 SP4 clients (bug #6301). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5853: Add keyutils-devel to build requires to fix build on RHEL. + BUG 5897: Fix shutdown script example in the smb.conf manpage. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6301: Fix joining of Win2000 SP4 clients. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix 'net groupmap set' segfault. + BUG 6361: Make --rcfile work in smbget. + BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a directory. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6415: Filter out of range mappings in default idmap config in idmap_tdb. + BUG 6416: Filter out of range mappings in default idmap config in idmap_tdb2. + BUG 6417: Filter out of range mappings in default idmap config in idmap_ldap. + BUG 6441: Fix the compile with --enable-dnssd. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent infinite include nesting. + Mark registry shares without path unavailable. + Also handle DirX return codes. + Fix Coverity ID 897. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix a race condition in winbind leading to a panic. + Some man pam_winbind improvements. + Zero an uninitialized array.- Update to 3.2.12. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix "force user" (bug #6291). + Fix Winbind crash (bug #6279). + Fix joining of Win7 into Samba domain (bug #6099). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5798: CFLAGS info lost in configure. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5835: Add keyutils-devel to build requires. + BUG 5945: Fix out of memory error with Winbind idmap. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6279: Fix Winbind crash. + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6291: Fix "force user". + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6386: Groupdb mapping fix. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent creation of keys containing the '/' character. + Fix bug in processing of open modes in POSIX open. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a race condition in winbind leading to a panic. + Fix a crash bug if we timeout in net rpc trustdom list. + Fix profile acls in some corner cases.- Default with passdb backend to smbpasswd for SUSE products older than 11.2.- Explicitly use 'tdbsam' as passdb backend in the default smb.conf file.- Update to 3.4.0pre2. + The default passdb backend has been changed to 'tdbsam'! + Samba4 and Samba3 sources are included in the tarball. + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Made parameter syntax of the net command more consistent. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 4271: testparm should not print includes. + BUG 4831: Don't call openlog() or closelog() from pam_smbpass. + BUG 5681: Do not limit the number of network interfaces. + BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo access checks. + BUG 6099: Fix NETLOGON credential chain. + BUG 6136: New AFS syscall conventions. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6253: Use correct value for password expiry calculation. + BUG 6291: Fix 'force user'. + BUG 6292: Update config.guess from gnu.org. + BUG 6302: Give the VFS a chance to read from 0-byte files. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on malloced memory. + BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix segfault in 'net groupmap set'. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6357: Use Samba default command line arguments in 'net'. + BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4 and IPv6 addresses + BUG 6361: Make --rcfile work in smbget. + BUG 6371: Unsuccessful 'net conf setparm' leaves empty share. + BUG 6372: usermanager only displaying 1024 groups and aliases. + BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids. + BUG 6415: Filter out of range mappings in default idmap config (idmap_tdb). + BUG 6416: Filter out of range mappings in default idmap config (idmap_tdb2). + BUG 6417: Filter out of range mappings in default idmap config (idmap_ldap). + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Fix the core of the SAMR access functions. + Fix SAMR server for winbindd access. + Add dbwrap_tool - a tdb tool that is CTDB-aware. + Hide "config backend" from swat. + Fix linking with --disable-shared-libs. + Fix issue with missing entries when enumerating directories. + Map NULL domains to our global sam name. + Fix driver upload for Xerox 4110 PS printer driver. + Add "net dom renamecomputer" to rename machines in a domain. + Inspect the correct computername string before enabling/disabling the change button in netdomjoin-gui. + Fix join prompt dialog test in netdomjoin-gui. + Only gray out labels when not root and not connecting to remote machines (netdomjoin-gui). + Allow to switch between workgroups/domains with the same name (netdomjoin-gui). + Add NetShutdownInit and NetShutdownAbort. + Fix samr access checks. + Add a security model to LSA. + Also handle DirX return codes. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix Coverity ID 897. + Fix a race condition in vfs_aio_fork with gpfs share modes. + Fix bug disclosed by lock8 torture test. + Fix a race condition in winbind leading to a panic. + Detect tight loop in tdb_find(). + Fix chained sesssetupAndX/tconn messages. + Fix strict locking with chained reads. + Fix two bugs in sendfile. + Fix memory leak. + Fix file descriptor leak. + Fallback to the legacy sid_to_(uid|gid) instead of returning NULL. + Always allocate memory in dptr_ReadDirName. + Fix 'net' crash during domain join. + Zero an uninitialized array. + Allow child processes to exit gracefully if we are out of fds.- Enable cifs.upcall on versions newer than SUSE 10.0.- Add BuildRequires to keyutils-devel.- Remove redundant Requires to keyutils-libs for cifs-mount.- Detect tight loop in tdb_find(); (bnc#450974).- Fix lp printing with kerberos; (bnc#476913).- Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all other build targets.- Update to 3.4.0pre1. + Samba4 and Samba3 sources are included in the tarball + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Make merged build possible. + Move common libraries to the shared lib/ directory.- Update to 3.3.4. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix usrmgr.exe creating a user (bug #6243). + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6279: Fix Winbind crash. + BUG 5329: Add "net rpc service delete/create". + BUG 6238: Make sure wbcLogoffUserParams are properly initialized before freed. + BUG 6263: Fix domain logins for WinXP clients pre SP3. + BUG 6286: Call init function for builtin idmap modules before probing for them as shared modules. + BUG 6243: Fix usrmgr.exe creating a user. + net conf: Save share name as given, not as lower case only. + Prevent creation of registry keys containing the '/' character. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Don't access a freed structure when logging off and re-using a vuid. + Try to to fix password_expired flag handling. + Make sure to grey out change fields in the netdomjoin-gui when not running as root. + Don't look up local user for remote changes, even when root. + Use procid_str in debug messages for better cluster-debuggability. + Use cluster-aware procid_is_me instead of comparing pids. + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Do not use the file system GET_REAL_FILENAME for mangled names. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to net. + In net_conf_import, start a transaction when importing a single share. + Fix writing of roaming profiles with "profile acls" set to "yes".- Update to 3.2.11. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix smbd crash for close_on_completion. + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6205: Correct sample smb.conf share configuration. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6263: Fix domain logins for WinXP clients pre SP3. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Fix resume command typo for "printing = vlp". + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Don't look up local user for remote changes, even when root.- Don't lookup local user for remote password changes; (bnc#493507).- Update to 3.3.3. + Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly (bug #6195). + Fix serving of files with colons to CIFS/VFS client (bug #6196). + Fix "map readonly" (bug #6186). + BUG 6195: Don't let smbd child processes panic. + Add backend_requires_messaging() method to libsmbconf. + Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf. + Fall back to file backend when no valid backend was found. + Fix a memleak in dbwrap_rbt. + Provide transaction_start|commit|cancel fns for the registry tdb. + Speed up "net conf drop". + Speed up "net conf import". + Add transactions to the libsmbconf API. + Reduce memory usage of "net conf import". + Registry cleanup. + Fix handling of SAMBA_VERSION_VENDOR_PATCH. + Fix build of pam_winbind.so with static linking. + Tidy up some convert_string_internal error cases. + BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to run elections. + Allow DFS client paths to work when POSIX pathnames have been selected. + Try and fix the build farm RAW-STREAMS errors. + Ensure files starting with multiple dots are hidden. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6193: Avoid messing with sync_context in libnet_samsync_delta(). + Fix notify_printer_status_byname. + Fix Coverity IDs 722, 762, 774, 775, 776. + Fix build on old Heimdal based systems. + Fix compile warning. + Use parentheses in if condition to make negation clear. + Add dirsort module. + BUG 6147: Fix detection of the GNU ld version. + BUG 6097: Fix smbd segfault. + BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6139: Add missing whitespace in mount.cifs error message. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix a valgrind error. + Speed up "net conf list". + Add sorted subkey cache. + Use StrCaseCmp in the dirsort module. + Document the dirsort module. + Disable dns_sd by default. + Add avahi detection to configure. + Add event avahi binding. + Use avahi to register _smb._tcp in smbd. + Fix two memleaks in the encryption code. + Fix a scary "fill_share_mode_lock failed" message. + BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set errno. + Don't use reserved words in smbconftort. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Parse_packet can return NULL which is then dereferenced in match_mailslot_name. + Format the header check for netinet/ip.h more nicely. + Missing break in conversion function prevents tdb password database update.- Update to 3.2.10. + BUG #6195: Don't let smbd child processes panic.- BUG 6195: Fix crash on passdb conversion.- Update to 3.2.9. + BUG 5920: The length of the memcpy was calculated wrong. + BUG 6097: Fix smbd segfault. + BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS server is invalid. + BUG 6099: Samba returns incurrate capabilities list. + BUG 6100: Implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem. + BUG 6161: smbclient corrupts source path in tar mode. + BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif(). + BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client. + BUG 6224: nmbd waits 5 minutes before checking to run elections. + BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno. + Numerous Coverity fixes + Fix double free caused by incorrect talloc_steal usage. + Backport delete semantics of alternate data streams on a file truncate. + Allow set attributes on a stream fnum to redirect to the base filename. + Fix use of streams modules with CIFSFS client. + Fix more POSIX path lstat calls. + Allow DFS client paths to work with POSIX pathnames. + Ensure files starting with multiple dots are hidden. + Fix guest auth when Winbind is running. + Fix memleak in get_remote_printer_publishing_data(). + cifs mount fix for handling -V parameter. + Fix guest mounts. + Clean-up entries in /etc/mtab after unmount. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Enable total anonymization in vfs_smb_traffic_analyzer. + Don't try and delete a default ACL from a file. + Fix remotely adding a share via MMC. + Fix resume handle for _samr_EnumDomainGroups. + Fix a buffer handling bug when adding lots of registry keys. + Fix a O(n^2) algorithm in regdb_fetch_keys(). + Fix a valgrind error / segfault in dns_register_smbd(). + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix two memleaks in the encryption code. + Fix "fill_share_mode_lock failed" message. + Add S-1-22-X-Y sids to the local token. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Don't miss an absolute pathname as a kerberos keytab path. + Have nmbd check all available interfaces for WINS before failing. + Initialize the id_map status in idmap_ldap to avoid surprise.- Obsolete change from 2008-03-05 by removing the needless examples cleanup.- Update to 3.3.2. + Fix "force group" (bug #6155). + Fix saving of files on Samba share using MS Office 2007 (bug #6160). + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + Fix corruptions of source path in tar mode of smbclient (bug #6161). + BUG 6082: Fix renaming and deleting of directories using Windows clients. + BUG 6154: Make ZFS honor admin users. + BUG 6155: Fix "force group". + BUG 6160: Fix saving of files on Samba share using MS Office 2007. + BUG 6161: Fix corruptions of source path in tar mode of smbclient. + Fix some NetBSD warnings. + Fix bug in processing of open modes in POSIX open. + Fix use of streams modules with CIFSFS client. + Ensure ACL modules work with POSIX paths. + Use fsp->posix_open in preference if we have it. + Fix more POSIX path lstat calls. + Fix a bug in message handling for the change notify code. + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + BUG 4640: Fix guest mounts in mount.cifs. + Fix displaying the version string properly when no other parameters passed in in mount.cifs. + Prefer gssapi header files from subdirectory. + BUG 6176: winbindd -n should disable the winbind idmap cache. + Add a vfs_preopen module to hide fs latencies. + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a valgrind error / segfault in dns_register_smbd(). + Fix build on SLES8. + Decremented by 1 for ntcancel requests. + Fix creation of core files. + Fix first mapping of uids/gids in Winbind. + Initialize the id_map status in idmap_ldap to avoid surprise. + Fix initialization of idmap status.- Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc.- Ignore return value from subshell to fix build./sbin/ldconfig/sbin/ldconfiglamb03 15420667904.7.10+git.124.8d97fe90926-lp150.3.9.14.7.10+git.124.8d97fe90926-lp150.3.9.1libsamba-errors.so.1/usr/lib64/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:9159/openSUSE_Leap_15.0_Update/64242a6901485b8a6dc9be6117aa64d0-samba.openSUSE_Leap_15.0_Updatecpioxz5x86_64-suse-linuxELF 64-bit LSB shared object, x86-64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a22ad66df16bfca55bca6099982d96aa0477f785, strippedPPRRRRR 3Nq''/Uutf-803646f7f26b9330b731ffabffa79641154b7ea1d74054abafaf26f6e0742289b?7zXZ !t/!Z] crv9u;ʿ˴ *H}+ ee< ؤoDdܶB2 vgW!M"k~s" _ޙ]K>=W3Uw_n ZJjȭg(`nVqD)^bp'IeuXR)юVsoHi_˗M& 3.#E˞;ƚ'_8S#B2HgiTHE#t<.rT^^es7r/uGG}C1 g*NRs/YH{y1vۋV\5YzמܠQo* ъg3"P(@i'(*ػ0NfeciѺd"Rl%y̭I> ,[=^MGinf/MV{H/7mNzXӖ r.g>ՒNg"ן-y)I5`E],PM= &wl, ^i3tMj:qMآ8)oxh/@A\y]@PF!1h&`^Is6DJɈɭU Q7byO {T`SA6$(UsLnam%Lq_$#T%8}M.G37IZi6^pFv3]>'Ȫ<ߠɡ}~=6`78 _!ʈWgCtZ&\)_0(Gֺla)1E.m#I/)P4B4nE޼129+i+IoX`xJNf&r $UI^T342#'N^|u_+o8YFI On]vux}9 =$,e$t?1x霎˴-ʀRh',3I)*Jm0 o=Udc6m2>`q i2Y5 \֍>םW(+lRxX@'&џ_p|j!i$ )gIx]a/j_Pe_ cVː$j6b~殃TiN "_-'|+䰎6d<40 /^-h<}7,BWkpώQكi(r@MV<w'Fd(;\qgf3) !p6ɵzO6/-n;jjYe 7Tohψ3^d@ @"bw= q5}ɲNJ,cv]`鿂Yl^e{A$w"DSaed}XZW<-LIi>.opU#L {JPRRsS[x>rCEw%Z%r*fXvŋ<+xaRJ$U&D#YBHcec9ȴ㑛q;F1渺:o_8" d"rP^Jq1@]NA[KDl@_*y{4kcM?ȧ#}G)Hr_*pU**>ݤ+)dtf4Q w-QʯE V/ZY/-hJ2A"-)0`7e_C˯P/(t&$G5ёSL)5[#h ɐ:bJ;.g%"sOHߒ@sQ/Q l諊*kz+fdzp%/0"_cJJ~S (%U\ DZO?d50e qLPkfr@J.tmqqkb!Xg xx,:]` `F_Dq,_,Ov{B9hPBDGts㉞4OKl{mYѦyQn])fĘmX< >ICY:=*}d7СY%!Nns\ޯ&eP$)BbߺE 7m~*% ]ɷ= 5cE9E @ ?Dbn҅NJFiE%}9H獉3 4t˟:qu?Wa@ M"3[&f.aW>(^}d6 K]aWIe"{9Zx ➯zL6ppDْ|z7_s>m`UwKչjyÇx# YGr~ήb],zQ+JnX@b,bAċ?md%ȺzI#i4mCʁ Ie"* A^y`Fw9îxa~k?_-:,Ř>UM yg{f6l!E1j;'ܪ)V o " )`6"8<;௢yR0pJ= @?U(s5w]AA\ht{ V9xj/ EN'ʑtU>i }S"GW8YIgW^u–;>"k/j%Rf%epGWgoFsA wX=Cn)f7QW6ZJIj΄gDcI1ub.kv]v#xcLcbO›l.6%PU'/jg_ e  EaX!T-~Į5mf:t .O2]5KK6+2V0VRElpEY=ټM2dZ(YmLkWE#Z{!(3FW8[C+,4u q8mhjmypM4VNaE v~7<1n QU٘7Bn7MuZȉ`` ^,R,_< 䊚ᠽZ ж\o lUX#R>c7nN O. I4/WkS(?%nu13k РUVY5" 91Z"e" O oʂrCQ~ϩRcuߟd;_ny**w[=۲( 5ϗX{]K#Ӹ mi c^옿MW|ӈz 둂V㈘)X ̒RnvrWCl݊)nӸI7G --#doF@A/.<fHzTc'b0rj$h%0F&D]*wrW8KjLxb|T-FA kn/mp $0p#7NդvUo9ZE! $4W&!{Ntr{ff԰$?YMn,뾘uM3m8bۀ[[a:$L 1x_ڣ@G:Ukrk\~p}}%H@tϦ/Δ")fy?P=RkVv C9AF7xH{B`xF"C ة.3GJߙVy=OuPY;1_=D5gA(3Jm0dc?%aTᬋUo+,\Y[{ !@HG*)8!޾yU uz!Bur栨d$ rva@yX%/XQLΣY q ihxy|-tN%J9+ƂBGE 4ށq\p,qdrԡ9 p>&[=C;9Ǝ̾|ύR(\M?)-Ow)a0l?F6Z>?T-yyOVldTRnOR,)$& @zqgBAv]ȫ/2Iz%vࣽhG{܍yy8dՉy!~2B[A3\/i@~w߽$vCmQglWatWXa_+$a k^/M<]QNϵEM4E|850'&»(MSh-PdssdT+>y@t 7*CI14DlCVKEf}*kl.Bo&G&Uz"qiʘo$d:~3<<|ѣ3d.DlXգ[)mBnS/B3)7}J'y+<^Ik&L=JR/{ Yr[ 9Z?cLOP1z7ntF.z4:"FM$y{҄~mBK\m]5&Ӥn*Giy3 2oϏ|-A*+j8 +Q7ŰNgMmʰ&`Ure]}0; bḱ86HrP)T~`lc;'dfD)vh~%Š<<<YT E?gYfWZP~Xb!v{3+1Ƣ大aKZcM"X[@ E03żC9yEԿӤj> zX]RU"*#}mGw|Q[@)$( +nk_n,?t@˳9eٕJT"GP2RcXlC$WoFyO3z_9?n 2ufVG l*;u #}#۵kE-s(ra!~TXƸ(/\\-r; ˆu;K1:;Xz`S=-m>!'WPQmK+\3 z Ӎ*Sl#G}d7ܛ~^cݧCk1y(V(2al 7=* FXv"ߪR$y76G^E9S$:0Ž $S4EVUY~p0\ʹXֳJeIŽ8* l`y*,xlٌ8!^=,5F4e4;w^%zVDn%GM-ў5՗]&viȇ!{Eș0U[ lb SM` a9R񲝝z2Y(Ns4T6vRR=8cIzDLjK\AX[$ԛʎjwpwlg_h?,0gE:0){|%–&¤1Jj-(Igrg`^=P>/'+}jKPR!0AÌf@\Φ`RE6dƔYlb't6%%{B~B)h cڏfJ@ 3:7&bew'VB},$@A6kiC(<,v (\| mM-=!o?ʼoE ^Cu-\ 5~=jd1^z&!rf:4thc0B!IR^HTZ-uIcf|cZY>5ͼ`"70ր~'}c2εgFHm{:ZIrKV)q~syUv]#_C `Ra,ۧ5z,vKQmyn7 \˧>+R9ygm*ԋ<9-a$ftp]w˅% [ -H>*18e̝)Ano0g)K*åͣ޺- _qt=+u7{ǰ?@hq)ϒۂY8zN m=@5pԨ( /N:YЎٞM3utva!YѭO /F{ѥ/&XCa'і - R:c_lT@W~` L }2(y3N#*2f< V΄[2_ؼ#{>6؛&E⒦u0KS;š|'\O໌x7JT'W; ʋWU/()=|ԕ;vEP4Ff`&? 4zaQ0`)y!QhDxZ`PpǝB+x~k￟ty܋j2kpq9\tbn8})LLɐTyt{́Fw<:h}{@&B" $feA4I2#W>k] ᱺvG+ʷ!0/ǧWYcBW$:Xٿ'O}M'vO8Dݗ6voڞFdC]$m%"yE ~A-mFm4 Cy7'״`p32gvn4*yԲCt鈴(̃ېZ|-'MH[ͅbqA_Kl'YPyK3j͵, \H GG6*–s(K1nW؜{q uP dݘ Msddn հxN -tVpG)r_@o'ǶU.Mk^/&ƪ6DW:Iaj )RfFgGPVa ||\k_ky( h[GGD.5n2*]zNUfW^`&JVO T~&ڰSz[<7\ObmBgbfH(U%>PR5ߨIuGp~ 2N!hLh1lΟ(2\='} E+JN![CMBD<(bc'*b[CKqcUfx;6Jې\N,6DrujBw"|[dfu:E'W0jWNcPQ3Z|G 6m#adMj5W+L= (1} \ xE:27*$׶z 1*$JЗ^\42/˜[ǻ%Wh4ƮQ >.T1Y Zp* 3@]=@/Dr'{,]xn|A8h ^QȇVOo6m>f@ 䇅ޮ>opP(AWw;Is+s~f Zׂ`sSukJE~[QtA Pt "p1>Իe[zi͵f 6S "b09PJJw`H슈e* Jl^oOjÀm1 o'mQ4*a>+FւmG!6{2fNl2TT&vC\$]( tRr9Rr֓}:2ơD5Z1C6ߝ>)Z/dPZk{C^wYɸB;..[ v?~\a9f;ܽ>(~DS!]z<ǛcM@5쟋a 'f0C S%3 eR"ngDRrϳ8W֏Hbͩȿ{LmdgZ^$05ծD s_$gy80/\KRA0 xKK 2]G^Ǜk$_ŧJ N 8{j *# OomjANPێh^OܳJ~o]M~kA.`W;M3+y#/+|-PB'}o" #q-̓x-~L!Ñ F `gi0vyecldv+lv tgԟV63]THFli#e8:X`{5,/SY#օjJ h#>6 -?oi?fH\k㷱%IJ`$8<])KUMɄ;9U&aEKq)^jݚ)M7*s^X}{C%opa>=Aـlpٴ`.1Žt91o2nlfhVzV (湸·[u8Θ~ UѷyLjר3՜ש2œ}ꂜ< *PfzjWٝ)6SWyh P z֨Ui&gyMmPĬrVSLMߠTgK)\N%y$w?nR+w59*5DM•eQM&57IJ8hUyb!e{ *Ft>uNđ2׿% Za$S z'zo@Ngdp?WFhz8 y c&xN>cW/ْe矠Z4;Ow] v Bϟ|JJPsW_5 2tN]uUoxq=^C{Gse{- _ȷڙjJb }ZPxc:YCC#݄UF\.^+Lz&2 "qՕX R!Kp`K.'y*3_Z=iF#6߶u hsYo.s2UH 8cVJ._ Q 9vA,eBN[?re?b怃eImO36-ץp;ǃT[,`<+_n$x¡H7S7 j98ߛr@e(]MhesIzP e<ܸ=o7XZtT?_A^1390ⴕ>CeXtqG6v,LJc o]ܹG c>DY,B! TZU2uj:jTNfXF{O<<]I&۸|Ka!5<+^̗ʷd]L!V,eBnr3/oy f`\ ']Cfքb6 cC}0+0J^D q^eP*ء +e12 Y_6qAK Qyq= viDjtƈ S *(" NgM-N%~}I.Hf #i&".CtNJHܞB%ݶ"ə;o|lL1' b;?̵0-͇#=:vb[UY|yAAv ( vaAa`Q߶^q'l=տh79Jl45jw}Kcx}fR-e#yDiq) v4Q{-5SSh-EZ= iE-b ȔxH)FQ+4hiyh1zeGb { %9֧;QԹ28y6+D=G\۬{nl#, ILB3=J%=yAҬCZ2&H,~9XB0|{]Vg`Ӫ@D s/"/Pl ef출+[{{yqXx⣺R~O.c5ڃhd"{f)> 90,Nsq>jBK9nlI'X!7lȢc}], {HQ'' yfr|bEW)ԼEv}T7W&8w߯8<zVߘʅKsUΠ\= YyL, P# [ 2k,)4趴4Ёm ꪎ? $BSpoߴKމ`m=ëmQYHp3(z}~ ,bI!s?T6O.l0!cKΘo>]4#Uwlϑl;>ޏ%p^QO, 6cT)]8Jdak%\-< #>}XaqX,0u&p] &+g(pHnt2&) XG<կmϷ$N+d"|r".s S_9x4.!P~on'p+E'4:圅ܾ顁/Гu-JZUu_}ncӝ۵,rw>D5"8,qx pa -pLg?iTipPi* R"4/ ֐ja_XKqt7vI|[FV7USD욃px&C[y&<.^BaɃޔ©f?V@!EE2})LS+'nd;"ݘ 9lO q!ne(*hr*;wt[V0X|j5}Pr"sVZoɾgaMlOZY+)Ȳ>0d=T3vqj_ܻ D/Td|B}|XAWD5(trZ] -"Tܡ4K g p _1샜5koPv`>_߄3s]xګzy|;7vJ( F~ZFwL GK I׺im0_aZ@d ' ?x?l;a\d¢|׹z$jU}+c8;LzZnܷQswZܱxC{QO![lBc )WC>4Ie h֚i y}F{gNb94Z|]nLVe=SJ͕c!9YX%3dX*HSQsbLR$:dYLy2Q)"q oywyGFTiPCmxG`oqF\; %o\d!ܷ,JB+]CT8f_YgpooIbL6OU vog;poTUHL h/5@5ȢeFfk4U '5DZ9Ir;\?]lmw>^ < OPZi} 1kBܕ)I{:|iUy VLH@;fĨ6vM܍3"rSJ]$ Yt eEn Gp@OĒ-fQ85tC&_㻈 )znNP!7^//_ &C7GܨM]>ϑ(#l1nyؕ>ણ.h_M;v#}.m> Wf͙Q3p6#=n"ggH]o!:!(~cHq} H;IP|Rp,ab@6ZÈ: s{v,faNA;uf8| T/!,Ӌ4g1UFO Q'pϦ!*P0Uos rO  > Z'Vƒ7p,4}WUe;9Gcf<ׁoЊɎ=N)zJ&+nP#Wrf7(t@b/P9-Qֲ e<{ DpAK qMƄ 5٠Ϻ9qѵ Cmw#ГM| s}\Y84s̾i@duZ.v&j°E\O{ bLbјwʆrfë~؏aa,@ -NLR|5 hQ-I'x?-m?\NN>: nb gqPYRua0J̫DQL7_ ENln2bde^-[[AonPCN9oa& Ҭ}:+YYH_aSmC;ʠnrX䙒4JP:d34ƭoPi9fOq Zq[67n|s hY.]<72tQô&Q>C x,دCɐK pVe1 }j!9 $ HӘU=O K A!ns?X:XWS5z:cfyeN 3uDְ98A@ xp ӞtWD8'!-c]plP&fI{q8*@2*A7w(jx i&K&'nď_S&'RUI7ApC>QS""q}AB"u=i\I+e!F7 \ӈGHub8%' -el^}Wd\y]9R|b <.:6= :-ֈ }Q1׋x⺲u}@q^C-8s1V@:Ɗ&٪,}1ډSO.eo;SX+nyDQ|X~J9I5VBM.ղuK;vx '}GW9+~q m,HÛm.O/ya8끍+1@ofe= w\8_;o2,3D+笳SQw aR>_39GOQVV&|2b>%˄OUI R{S{N.ιqX#Hm VSQE/~[#N##j߽hG*{m:L( @3OcHPphD@fcs'Nc1r`If 5ףN7i#VijiU`T-$w1 2hQOy&x)WzN}rQ׈t_EeNy+䍕Mt~dY@)\rΟw_ȴJ}l~C&#G YClǃsċ 9[vR@~m ;N|vU>e˕Iq&Ρ0M K> e}G[镋 Gd ͅyrLfK^IA9f5Js5Cs,u9a/uY'a3ױS%՘, ўeR6FX'uPNx(t|"!VfP!b^.4 Qc&yQm m|{,*|~K*AL&ÈD4C^KDAo@?ێA/2^)iKAl'nxˉۚW3FgWKׇF̵BkPfZ[uLd /5 2d4rGR6S؋PhcP2S@r rؚD%۽0YUK5I]G9}Bۮ>J?E@Zh1UpYV<ԗE뿕cZ1%cgD5EQFl( gJB?xp" ofq#н݋zrq ū n$>w#7{M.K^( 协gOsn(14.نP%48l4R ){9~! PVa~wZ ~2$zo7oDmh|P%_=FZP5IbM}p#P!P~yŴ&_l3XJkJkӛxB+#H}?36r{he \蟩슇W( kf OQ9g-|;joߌjOM!qƞNF Q."OsQG [p7)LBuH͖acP| LI<ҡt6dgjZu7L4U?gPph޸^zT)/hXrl1SK|w%m-ݢ\ =VժzQyS FJkB8c]zc#1خ CpH[7g лkw.u19vqWbJ${Wqjmr] CgF h!>״ U{wLZS0Gԏ7C?, ^IF~)'ssn鐘}Tʏ'qltE9e;Yl۱ UYg!{o=R-wlnEkH$ (w`bR9%#BvA"OJ3{ϯ,N_DiQC88/8ʦ]n~. ANX)j[Yʠr[؆lW\Gdegsfɩi1dzއBP8w9`cCotyի:>:5I& _VOvT t[/";*hswBIF0&۲^橎晟%a:+;<-]wi֡YE]A-s?M%Vr҄g4+QB^Dzk[~4a(XS^/g.|K*ꏾxԟ9@Aw9wB{,;w٣ 42{>*jADFz[wZEQDhx{*w10-P Tb=9n)R+Ͽo6Gm6W< E7V[ѥ/ƚT+eQpUd<~̍:YQ[ui;g$s8rTjH&ѻtv\ukT潦!/|1kN* B]v??˫W+6!5(Ș{RH@AOr|Nj#07)nڼˆa!U 4Py1>*V3!? 1c'@ݍa##AG~G4@)4[ʊtRgTˀ),^b%i(F&ZE DD8O}ssJP=iVJ.4跫)cm3]20 m LpB@uŴC:ry8k*%-|n XHaaT.Hu5\H8nLצfնp؁(.u,SxuFVoO6"9&_C_}-?F}Ӹ튠{MB+׭ӂi(Wfq5Sz2 UWoxAȧ<~p&oǪ sui^n'=c~YvLJ1aaAJh )ON4F*}|ein8 ,M/BYI뎧ʁ~`Ocͣd@$8] Hy= esCfu0%(b,7-SԺaZVGN'sޓ˺vP)%"}1ADH=mo ~=^w]S':._ny F6)gי(8S׈7x8W% */`}#a/9pb}3}="W }M+5Ѭ5]\md ъeU?3cIL}\%~ HR8u6v㶼udOIx (0Pp"9ި3_c? GZƦQBQt@Z ̍FfU+ BcP$w])Åvk+<8A>jqșTSE z]Tx= S-nN<&al߰6kqoYdX%3^vG&7K ٮ)}{pvU9DsSLz^~Ɋw7mwŇex')B`FO}7}#Hos|т%țh5kVr',ïFg%/*|Q}h C({"Oծ?FMqZ'q߻3mYT4j>ڴ$|T;Tߖ4V7ܧhXN%D1873.; Ǿ8}]odԝA@!4j5ﮖ{p ׌L80Ux'٠"ЙzR%\&h\9By#G8)){̝DMO@Q~/'$j5`̋{nsTtMB;\4V^2FY˯8%-^谱Yo[n >\s}^ A e\ -ݨ $釔gУxne'5t6gssDL FVC@}"Ռu~rSAﵸV1gp|n# O@6\f):k [U' ?c7O wO x$T%ˣS܉Yf?By.Ȃ $G  fBmuZ!uƟ68G C6Gskid/Ú4`Oi*qS>73fu|d)՚ CH PJljaTbHEi߈'MN)>q[*/:! `Dw݈#* odZmFJ}%0X"Mub9 R0˗d$QIB3MVeAnFv |ћ_+|CyyKW:gk9f-/(rIt%{wX28#GMabowD TsgRlNܷf͌42Rjh%pu?QFj ЃT鯽Ial rUaqRR <%P?#5_}\L4ӤZ3ۆP8}<ȁE. {O5xw/*RgMj ӓ:N~*N֐R|@(hP'JK/½5ހh&&^}WZe;3 s^deδGE`m|Qͽ;\4;jo[ۏ_7'xgOKlľx TxTWA ŚGU#@\"#Qw*.Շ;[W:(݈)E.@OJ `).' rSE61Q.Lh.oҷ^8Sٝ2 fO/M?,UԔG-ۖ𠬩ptba ]$ *N4 sFT4{НPn|GehG_+Џ xa4NL89 gk,b\Ů]jNJ@U  /^,WellȉyԋGu7a1EEjnSTj`R&^T#Jx(CMSwťJץoN~z>P!϶_"KA!D'P:O/5HK3,R dAfEe!I$TY _Z}Wkt _Lе ӑ}wTl<ҿke;ìē2$N*$dmJbN ` ͅhCT6r='LRŠk7<#^=+^)ULNR[|b4M.{#FnM۲ "9g^uMK&{qr!MX iW.쌍LʆjXDgpکCXNꂥgyV2Rro`mp 8=*>1>yյ9"&5QѻDd*ؒ>#-REGGy5fƽOU.aRlв{R xX!~M h 2PHVnIaߩ8OZ}S`uTRlVRǯxGhgeI hch$ 3(*_WOH;ԩu=Nn=\R]LCys U02OJI*N"6Y7Cɩ0UMX ^|:otY,%XM^Asi1gF$W&!9s`ƿ ,ŠBlDžC9^oʻVq(\n^I^G-el\&fdKfh1w(ʇ[6 ZWc^x p3z4yţ5ԓ~N2lzf'}/lԪ6k,[Nm:0×=rRךs4 N<nɍ}y3/몗ׇ]n |rA?&ox2mZ {`@H,7@|K\nS$*DBK]_`S"OY]8Fʽ E d]/a@8޼+ܢh@h֯`8h5~=o(52Ϡ p$?C#xS^"~iπmbͽ&oVi|8yyb[%z :`cTV_MF`X|AE?DvȪ- _D+@)@BAIb|S6Է+Uϳ|R׆5{<4k.}9On%׭n)mwKI_|@[My 7=Xf]WF#2Vd"@3m7 209EjT6/o KZ &Ҧڵܲ |[1yTn/Y,ܚؖARg*%j߬'I]p#)cr LkPʃ#5Tz pTdt'LfwMF-J"~4&q:| ɇ(/bı[IIl{S^H-+wUcJeyMk r[ZV`JI+1<?6xv2p8]Yzϰ'W*$"!l`Jj/+# CM; #fr5Tg5 [.0BTE NA#rk=2V_EÀ8MTvP܀#x:x+{Sm_T4`zmaS:s!!""oҧܯ2"̽6iY (H}B+Nñ1Zdk9ka춐22pKm,F$(d .T4͡&kOE/q+d*qgW q ٷj }gPu.z+[m(nVNіfX1UP1<ܸ/,078YI_Tt;i*CLc|?]|JHI#a~a4W>0`f ={!:/,*DrFu*<=P-Oɓ%B+Ҿ2 $ b8&F$K'!n ϲm!ĕǸصD1;f_-t jĵ#BW36'hq1@xhmw|`O up+2`yRf"%U@Ls>!dr,!_Vα0=ʘjGcG8F_B=wz" %O蕈oVx` .mhUX yͳ^˾ ]g 9 Y$)8V~[@?RRiCHDnծ&tvne͋ooq?L>*S?0EjIȈ\{B1ROc5%{$^j+UMje(j^k3%G.8в4VZܫ+WVpݚSH,bGm{3C;&H/yO,Yqˠ&ukW*#aA=@dh!g-&1jH_xix%yҎo |7gkw;H#WTExќ`gVjֲ a\RjMg'9 '%{4Za\ޟ9<'!؃ir: t1EW|)U~iӎF z6_Ra `l*s&>G+9Fd3/=Si>D@qDS2[L7;tԲp1#`ڬ,0RȲX$柾%w~.7ˊ(\- 7x܈m&2#oNSNY붭z<3.`LϳlDlrX<Þ M_`fp[8}.?ysdRe`EΡQ=xuNs̶R $H3M->g3A ]%`̐K 8r  Yζ\Z{BXI ]T8FR bhG]Pꍀr5m$z<ůT׈(O!1:iϼa8#sbA6H`ZP Y!odF(U jc _δ#\wȅ F+8 ]: W,s{ GuV1I$6@9@0ht` +Lg}C+ee;MNZz뚱TcT! @~eV[JIW# m5u ,r5Pjfe+]HNb_ 0ޯ^!6}6H ǐR*f'Z iGv/|b0H4kXaAZDtU[l`,|)'N-Iv ۹ߤ d}xtV@ o~Cb'b21m!UJUz6N?wp`>$&wfRwrwd8ŌKL/jclHʪ)$D`-z-:OpU%^̵ɶ03'0{)ʤ `OS֋5& W0[#Us_OC 0T N LY6fX <5"1j(LGY@;2EWM"L$C&BM5h'E h3葽N(6~hыIYs4Xbk|:ʘaF[sA)-jڪG4BNw9)W$8'>%tĪv#ÃfAnT2{':ڠ*? \RSF ɗt;ҚFXoE" P)ffW0hyp폍 #0I6?34ـ 4ĺhSH"|ǻ#_pTZoU7;"Q ^t -{`_ &)|pÈv$TH|u*)UL g)xH"mwqF)KW]B\ kk&|b6$2Ȳ_{4=0_'[Cb(XR [ _1ZW h7^ kUA(_<$qu<Ɠ-q &18r7R! QgٔIdp!xn$Y`Ǯ}Qq?IYʮ)"64u.K*̨/$ӓP(u IaG9NqDq(^xHM]RYW,µKkݞ JxtSDur=&}fdNt)e,Bk7;|3 cc5eF)8]QdP3  2祁mR-%ȃAM:.j# [/Tg~:3²HuoGmc`F b8wUpn*a" ]_!!DfWe½,ytNOOcD>)AX WkV8 .kN͛Jt*0G0Ț0S@ZOˈ)9$rvX29CfE}h2&PQJ}Q{c;Txm{̑^0 cZQC0^ */7|ɏc'kMmI&$-vGF]KKrJp)P=TK|4a;g#"]D3#rU}ąuʯ 9 {KމwOdz,!5|..pҿrbNb|{rDATjP-2CKkfk$:ndMb~NOSv4NJ]ycIQU9A >O:^l;VYYwUQ&{W@r|:E tc':`7d/$C 5̑fAwDf:w;"x3qʹ]\~hXCe*[aW8/߳KT޵ m|S1(ffKԮtxBO;_\]hԣ`?qy a[E*eb ?{Y>+&LXyDir# *Lxcl)\^t<ĩ]9}ҵ6¸ *яdOܧ\ :Oh sm,'}OZ]M6b y _4&)nSK)^ONe7WfYކ_Ȅt('LG6`(* r@| $E! 9@JVMႴX8GnM-3ʄ;B#M8b݉`늧~<`E%/ښA=!YG ceiͳфA\g)Zfvp?k1-{!\u^#O_[@:@oDA |WB$k8|Nc 57 s;>A|L ֬+߂^>>fSbXT6un e .GgAvX愶)`aǸhRvDy2ˮò:'P;T9A? gZ.fF7uQ-?5RR0Ims t:H+?3yaD6J{DaOmOl+"T·Vd\[3YJD͸x4G&nVWфwm RHMXC{뿐ڶFM8Wt\nԚǂg5߲YJg7ϱvA Xښ rL@6 ɮ/ VX󤋙iA}aUg`4t~7#-i_ a\KKa!]ٷ})*5r6O&cJԑo`^h@M{b TلdZ]S*tEX9,Omb2Vb 8Jȗ I;j`:X=JR6yT{޲)CIǕvePO,j#qTu8[AIF `0q7ft5چCzNB HIեB!:N1TSA- *1IG I8pVk/A }XY4xc̫.B!_s3Ą`n9NGtۣ=}bc9{bmڕ."tˊmkB֩l,!3m՛J?HNup p0Gw҇ϊ(=*2b3Ox> |G [P\$5v̓–:lrpe[FDž9͑eid@1'uHd}m:P7+k^ TƬ|ĺUť&neӝ#ʪ)Q9w[f Np/[NO|A{2y7ۙk4?f~[ʷCw8K꺳W0<*+Bw,F ͯx;#f'P.}RPD ѷjq paռ6j3|p8CS=`-w10s"P8*q´qId0WDFv.>cz" 3Av'E2^u=z^,U%/_G&cAl|@qI„Q/%2fpaD!ZOڊQ8@=iߤI ԑELD-Yl걅}oF#jYS<=8X-5R<<>nV+b$Ӊ7ͧ+Ob=xN̗;1BDt]ԎL1]'NS7-nf9ZM0",BtQl2x䎉 (,ƿOhKMS!Z3@F,g]݌sbn2 X7 ڙn7u/tĵz"@*q6,̩. 0 Y;י\}15?Q=50D+tPý˖֜@hǞvǺ{~GuT۾WyJiA$ק5Vvh ş䒵S'ov+vņ/] )9Le|5҈QofĭD(AEzfbO;: Px+Hvr>f˲jguvY9I τDSYCjkH _Lr:Yؕh.r܏*7Cׇ3b"ve׬ KюHvMVȍ1L ȰK43M-`D ꫯ1XsϤˣ=L\L3L<!uϭCZ> ߥ8]GJ}PKK;IM[G~Nʶ2u%pse@Jz.TZO$_OX^CeAJ(=VYYNl -s),RQwGŴZB ]cctagzǏ gC) /t6YUNgn\"DXE'Xm<tݼ 4uo|Z"Z_wbBSܥWpg,cQN],V_.ݨscg#Pىc8upN,.t׽ Mh9nPv_pRq8'HtE`L2Z2/I-0[z5 1W2I/ne'G?"h2,X'W|~O%緪n ^"51EٺhvJߍ!οlDxt~+GHワfI ~8纴5,X.Gլ4.>9s0B ˒-$O4ST%"@zd |/y@HJt~.w"nصeaNN!@1 ? ' qVmN RJI(uP|X 8~zLqXKB[$7n3lT!smZ-ZNl`Ѻ^*XեG;+ŷ W#*7]vyiv̍"K x7G~.̍~eeIsE)TOY|[ 0{iQݿqt3Xdg_3C6\jv5{h F3WP-7$q[͕؁!~Toį/mɕ{U3|T[ l].hi"z!.+|f/D)zѳ ;R dMP,GnI^_i ѬG)dċVlS_-c\h~%m/]ZK <}TSr }{|nV8!Tk ' Ѵ?'& 3Jfz\݁)yѠ%22: ISe{*ڱCOŦ5P@X.V*F[̽I_˿=y8]#Ʉߌ$Kڷ.``oyUhKq:^ Ӷ=2+Z}(M{O@t|gFc_>A.`w^6{qd .'m# uv?5!#Q k[ >}.a!J}m-F]F Pl{(D5@\StNx}a%CpT5|%Z2͡=W@p2F۫Aȣ@1fhhh:w֬DYk'C)фu2j'Ygfe\֩Z9^@E9_O_0 h2J9pb>`VۘDd"Kﳈ!xM -ʘ`W*}Gc)gE\D[c鄺IUe{Hw V}P%Ȓk/[9Jfr1kɯ=Hcn&ZzY{5\DQ>bϨ#-L1'-g‬2{oYnY$#Hf,/ybŔuU=L{OW7 M 5x;ȆWN`]sCvEw q&P";醟!jw%?2r̥y. m( J/)ߏpX$=v꺷&*Ɏ( V ӃfR2mo_.!Wʹә_aN-2.lkcEQ,܇[G;KR*7?#nYoE~SίzJ'cbtj_ͿolY &Gm2?_PxBQē`Mh]JcD>v!G W"J2W`x6PƷ}'uA8V!s[SSZy``ivZ/AB,G|lVƿnI2h2xf&ZVKF|nuaF(&kݸ] iN1Y0h ?#'ޕad /\dßOYL#~9Zo#;+\?6 rrr @EKP)= VޝY g饦\ifR Mŧf>ɽLbG/*6m\B_V<]:νl ǽtwrWeq7ioɯiVr~mbD~=HvSTԧ.Q b"}×0Lwlr8sb ݥG ƭ`t4Gs@vۖXFB[6E(oD!˿kiiYV]4H,H_-C#ɶ-Geqd낄}Ԉ7Go}5.ϭzÄ#w,6FU)Zx |_x88C GwҒ[O +,5k Af"T:\^!|򕍁0.4@8o(eb&m;L P5cZvA4 GbIrhWP,2>ӌfQSZ2""p)tԗOD\9͵hg(uQSEO-E|w&Iֻ_r̺~5CmC(vM"`/J(x:ۚ~Bu~וk~9g>w˲*Gg.S2#-D=\XC|^Fi pqVFL%HÌwGy7u0u^"XZ9~fuW_x s*sFa'l vhqcZ~2SZ'!+Ѧ tJ趢.o2WC쑗)9`rOO6TqIzV̧(=_^:ehx)#op;-@+^YBtb<>C fMu/Ʀg]PzT6^$9X%sGfN(̹~Z߉5؎8)R)(r a\U 6W}Ejd|'X6dVj19,εs>tfWhp˚@gf(uvU('D_,114Q*t1@y\Ji^u 6ا̥ l/}04O0/iDDBAiL SD>J"_މI* ;dZ 'Lo@LHHќ* &p%J͵őSQ8 -Y_0.㹙xP1*C'02s[y/ETw(6D4-CX C#ea`9RWV@H7 C䳺RW.:o|iq -H[*n ZF+͢2 rEqi7o}45YlB.8p3Y ~}ו;/Ô9QypLvN:`X\[@X!=Mh*ŽSYzj}?J,x"M2ToM۾̹ LYP}3q^7yKzOŚpZ>3,"v$_ Cug?Gef źrOVs7F|i#d7Cxr BFVd `.{8(Jeg6S8﵊A5LueKXykdUKhfպ<Ɩ 4ܪ[g1tZ!s&{Gd|%P=Tds>5L+B?hK>LU,RI"&E.$&ұݟդ8 *G~rUC9aaGTK (Ji!Li&μZ P7J\Wzuola`J,批_R> ̘%~U^XPϑkeR 5QW!M8rD ׹h Xk4D =ݸzCß>,xbvHX :dlnE `M3BT^1ȟi nŬ u:Rl"=fO@ X@Zhkܸf}.RTR*'A9q^%i.i8.<[ vkCg~%ŘW\@PZv8d.%,m~'> ,dQ:]_׺ǰ_3>llCklM2gi?-&OG!C:0XrD:y؝T'kV> =3n)j?tgopqڥ3<7?32<6 hvAZbu^5F"v:,m\ÔtIEz$$$RcF/Nb3jdopY㘄$5 !qX8s0~Kr^J̌صu'?5$zbҊK]O_I=>Buߐ-G5 RqGy1ÐU؈#oG<[,˱1ua-?Zt5]QԧNRpC,$)4do,J@ܱwe%eVd5u ?7\,;by3̛H g ;en?6^^3bǨ1ߝ?wBtc/ÂY!d^=XhCW%9!|,cJFXf%[NeVM W mi|ZYNM8N#Sm+z¢ @QWۡDAkq7|J`)>LnF*w1Kr9g4 Q1&"ܟS)H|&/ky4 >Xq1H/9ry)d0t)\fQk8#!4Fv0Xcj+\Ƅ̪"AG=yDO.)iJTK6I]w=cyv|Qc5H: Ç'i +Slj/]!adKgmikv.6/_qDXh()LZ{;12()9\BZʥB\wC{Uװ&A*8#qffu?0O/>U]|a>[FKܟ(q)ikX Imm/_mM*U/Sdq fqQh`"uhz\`NGCSE_#[q g6UQ#TȜ{J 'S|?.LWYmYu*ERGۄ@cD9^~-~L0cii !b W$n پu}ΐa8Z>cy+}̜//BU,/A@-4zY#{<u )M_9K&46Hp = eP5?X.\upk-qFJ֑A1/9H[9J8p]?I:֜ll'u$3R}a5b& P馰#"^m?FR8Ɩ-TH?~|u+`Ԟ-6LEK[ >@DM.α()Z1ә0!RGT|;l6rǃֹDվahoHH~? }'{삸o\ߖ܀m<%fƽ7] jh_s镱nx ֆNY=TEb7.T!YNc^|z~$!&uEJnD<3d"f 3}x`F(/z{v# -mP-MNI D#6f_V B#b_bM &VYNY^lJ8}l8}QoB}ZZoi0 yޚ2Dco!#]Re:`;rQ3骴K`e1DZiC*7AR5)pla,Yg3\٧,Ijq w dǙ/>0ZX=rl /"=FcudټP>Ԏ8[9HFsS1P$#ȱf5B-BP)ؑD_vY7j.cXS Rkk/&#o X@87:P|mǵp>;º `DyHy.~;Ȯmˤ铹QH`pjzwI0tv7o侩gH䴢m, r/b (CUңdUXEF=~I5 .qP'u`9r.C֐lta~{| \ϹoXɯk`}icrDG--=:ɔlnOϽYjk=Bz@w6U""6S)CS%z SiDiㇳq k8 mT̯dY-ްxU/ç.a>ce[H2@fy^f1GYẍ́™' yq+E7 x /0\CΠ{)ӓF6q%9K-vI#GXW$;:1DDZϣ[[c8#)ao` ~f boHn+62o+]cS9GOkL-Δ~򂼴 8^ݒVd(#xE oHf64%V!$1')\B?8g;'TZ92w:¾psx7 ۅtQt:O9Wz/~0vgrc ^pM !MG=2?-g9f3eFXr}rsre^)G>.$థu%I3g_Ґhb~RjP,labna}^=Ǘ$4Zh|T}%|8AiF '4{[x1߶q5}1{ۇ * :KglT,=xqlǯA7'&k ?9ϫS qhkqAl/c/\+y&(N1҇El0&4@YA\|Afd}qQ49d|pӍ[ cdܮQnz1NV[%y)rpU>?մ!D:1GG:i+dX8 ΁C]u(G&-R.'8$]nmi 7`-Xh5V.n0p=pNbnɦSGOnkpN &DMT,\>/QDX|`T% NP& wuV ģ*Ew8MpNڔ^TLye!Y,<MJ+PL4ctz/^:a 8Z޶Le~/jE00=4Uj?xh4bo\73^鶪B`N8Qd˾jTA6%7Gm˾?_噚$0NI'"7먊 ~,x5%Ao=oW ?^RKӐwq ,}u|hշ ,ZCp:{EX.Qm?^Wx$N7S'kcbYV"lކfk*=o;`㑭btq5GHr9^ϰO.oQ@[B`ρԑ=\u'IUЮdV򛼤@ȁy5k>Zfq2RQ[L>#n%`xl(SZ=EZ?"Q?o]S@|}6'*Fq"S̘W>`mh64%:$@>PHrşkEt?@ǁ"y0]6!Iufajdp6沯ؔ&k &XYNIǓ>45i񝁍M_@|*}ٌK"7FW"3Fd%f0{.g| ڠmm)|z0+ Iď$Y'HjM? /ntsk.1˱.S2/>Ǹn6+r"򤅰q;(LԂ&(pȂm0xr$4EϯP^5 EnHs\9DMhɈ+-oqcMl~xpY;mgjݗxbyX$CYbujZ/A @R v)m]6TD OtgM[vR1ɋ=\Ʒ:l*] {]'WlZڬgoyd~¡Oҥʻ,]LPN.Gu_8gUQx&jVUE) .O(H&gѼ.cMע-k&nO $hҐf9 q)wg*QZ(@;vsAehQKF!HV_ܺF'klwz &a.w@PO3]' V ñc74 4$sk#HI}@yw|bMRa Ӯh\B4_rW/_Y^ЃFQϏ3>ohQ_fI9XA"-ݝu Q_ ]EhS $_魹'H Zɴ [Ūx [|6˂ uKp:}$&F)U@Dx=ձ˗ebXN0zWR6K[[|i4a݄FK}\\JvtM-mW5Ydv;{ LvQV6&6yj&WJP`uN.z\;`"IF.\S@"B]WcEv Y [A.dEM~M/ jtiϢ~5HLKϜilsɊ?o!"/CY8Zfz~ 0$~.xnG0N(r\iLXuIU=^(!(tp<! BRM-Ig*Ni|fߟ?l\Ϟh}q65&D7sA bw _\L̀+nO : Y4*z]kٓ4C죷OEPWE_3^tȽc,X4VA̐$4sqpH̃J/҉\^C6{O8v7Rɉ$g (XIkvIѶC1Nto|/5.^bԯrKSQ+~:u@.MuծcC2ny+#G9Sa3^Q+GJ* ݨAՁ+g&mWke{BF$Pp UYOD߿] nA3c)$j ӗRMCi^[wH%+2`v,9k^UgX9*Kqk}O"/U4}W$qQ 4d{&QYcNAEC6u1V?գsWUYF1H$hA^;hOQT}WV4bU[6wzyuu;:Үβ4b8,.߸sH,TQ>T8qzDTZYq/1oo XV[5"ͩ׈jEj WFƅ>>VH( fLW':7?AEuIǠ>@,<1o Us^N8r];2j8,WZɷŰaVG#ndBh?y: LU^pXM:&)B;A_$ Uw`mxbx[Z,c .J?6B@*j!"kUCPL^28n2IIцW 6z $3բYxiA萋0`]+ap0N~'X2.!19Қ &&N*")Azzbe7o(j#S=@3i888ɋv#C!Z3Gֆ>GsTl -L=nb~x:ߥ#}u>ݳ9ٻV3ޚ@ P͏1ex}W3ƓG?~`=TVNA=^R*jAK硹7㱉h&NwFs].K0T97|f^v`+BBසeUMwEx*uFC|=/'[}|NFR#R h03o7nGԏKCnr8ye'ta ŲjJTUH/ZKAwd3|>? <ΟvyUu)1#' ɯ /+2<3Ib2$ %8ޥ5[ӹ6F?l [bE*dfzJ:m#7r-[6evqwq<=N3XBlCnAF۱:4bߘb._91))ci8u9|ZI]kWذ b$Yc}-%H)e5tM g K<(geK*s] wK3)˾s2EgZbs'Iepck& tmv?T?cMߊ.3뽒9(D_ӟ@CfG9 >2n+8\A^92h~R%Ky`V.#Gh  "|&xkUSH H7(8A1IUV)qZs)\KˡyUV'ߥ|#"+z9!^o ؈m;jcݐSt2_o`w8mmlJß!ԒpSS-e.$R_Md]_G_dz̴ fzک>{m`(ZV bh~Di3t& 0 3dJЄAkeHp(m*SϩnxBL&Z>VP= "8 Sfyi8$($.B\Ns{,LMY|܋pE 1r?=dp6yNSJ^UġxߵlPe 6j'ه*2Եgq5|yZ{o5swrMKfo(xBh} fc#1UKMi>YGU,9yO8Z/ 2͵jug'LO5{mq%56gɐ'hWQӧ#v'5#t7~R~}WR /n%13>p%ԋz&8ĥʿk5rQDŽtX+_1a '3dA *VĝG3|sOWy!N1iho/En82Ġ_Γ{cU׬룑'}&14 XΉ  =LڪC. ߡ FgDuV(_Zx<=z_f|+H];cN$CHqg{zl??_\6LQ#x3s y-1.py1$^jДNyNGfF\ 䘾uSCΫ}561#M6ÇQ*{. Y5؝0?KyRO1㧺R[0xsC{{GtŮvI0% J2C彐>7|6i]ƒ%$ /f}Y('zW2GF#oZ{h \\C{5G"q1I=<;,׸AҤ$DtQf[dJu&?`ҶIE9oL866ӯz A(8=$whW փXtQ ~\Է2Y|~400ib-8TA@D9F4 vcҐCm 7A9Q] (K=ty%x~$f_2m/v1/8[_=?``l҃8P=ޤ{6f^VSĵȁ5eAK 8[>&*p:aW A~;n=,iV"7P~~4UcG oֹVRa]ۤJfjN%"_) iʂDڲ [W;^VܹDUVۨm+z\q"=|Xz34lI'_"]6PvYFFg }Y^= 4EQJP+'턂$gsƂy+Cu[ gAQX[ՃQO)r5WtL@8D\쀨b-.?dyJ6%B ߠ5 ~ n$PVّ37pI$N+R w(+oڢX>B$5kU3"e.C1P#y6EDxhnA1i*ٳº?|5& o :Iȕ20MH|ropOd`xiʄ[RxS!rR` ;]CfRq/G%ɚSbZJ?nDxX=DF6uA9 4ܯhI (+otzq&`>\SRtU2>)i۫% /b psEίX6z>IcE[+sVe)mOPQ)0vw4v聽ВQ Ȟ,ƻn8V\rL u8/ī֨-SM1PGl"~,,$Qc ~'mUȆbuySXQȃCXشwr-qz}16l=@~Fvg% `)>@i<7r+Μtsӳ՘)gJ@^ג ,FBj⻃xw{n(.s}O @r7mߦN=0faU L}P 솯YVT]/%Hwu6I-:H:.fCٖӬGp?^lzy 17|IL7'Bb5_hI4 | Zƶu-vz$βUP^`< 0Z26)V%:1A aa4]'ΙOeNWIbWRywwSЏUZd {aNFW&MNK;(SW0V \aB`D@YNNvcSjҿa8c~D"F؇x$pNs2kwT@2T~ẠlJ\RIUۺX L=[c_{ /N Ashp9U턕uj)fg "G"oZi18E~X2Ιrd{ZaHv\G6kk(XGJ6ӳEb@?H"gh|d:# Ai.x̊8PT6gͲW_9l5 s_Dwۙ~SƓDF^5qTH:vi*"˓S>E8L#ۋ~R9}AhBwYHՊi[V'}Tv_B*VZ/V [R-EL tI61xɿ'%d~"$g(Zr`3Pǖ:ROO<; dUn:D(J"p1OY+1K!V24?I[ ]v0̶6cŇr7帍*L`;Vdڿr?%y'hz*beBg7Dxjq*)3neȉAx0MonVw @\$H"f+=ؖ/g}jDžx`pm@V*)+Nv{A(o)|ᤑ~-}WT?Dlv3jlL m:?yu5r JG7?P@_ ^=t{kA-;}rotj4Ğ׵k@J-9-@|&O.INFa2sNgx{%GLcdc* eQTϿObVe>D&Ok봱&l Oin~tao!ݚPR(k#^͝ \ &k&g7iOrv S[ZYuRLXM/ %q’֌νխx8_A8j8UR\[ܴ@Jɰe^8n:w^SJ0=%ҺIO4-%GW}b1L(KHX4q΄;. q珼, !@)AΝ$M>k-=lH>zm߫/M7-\E|g 57OU=vZiw#8weGZE4R'JŖ5Ķwshyla|:[ξ[dfO]$j(8S0Y7(c&JLV6rC-t@}镢KCo^VuS0r`i2u~^ :vNY!jQO>J^ %A~̀8!pXO?ؽ%}dn ;:b;nVueic[%j_'c."r98Ӱo0̂gzM Jn}7ܤ?p6z̥G)}6VVAȘ=sB=f@,Q\聤(T pߝ&SF^ #?kxI05:%Cצ Re!4:nv$VV LR>i)k%ETrdEI xW4 }G ګ8%t9~%;.jj8U؋Xo;[t'Y`px0Ud؃3 64o.6#**fznF'dɚ(aHin>J30aXkEfaQS<JB^Dčo,/I1:{rZCga }\2`j 5BC\pWr _ݫv7sawd"eZa& }|"5(?~<N-,V S/w~xigݣWis݇3"O$ъ.Dž+C9%VI2aU9m4a-T)h9д,6Ё̂8~lNjRo^Lq;vSL$g뽊64qɂ6T X RؙV(u| KAG7MFs `فxD.A /Yf$6 ~ӭ7DC{2BJaGA!T[ oagrW٢@6"|b)0!:,/QМl,K`fـ$A%TԮRJws.[—Y 䱮O|j֊$^ yuN ^͢o)$Mq N+ v\xncp:G^>B3>Z +u[[u੊5 R~0R b[^/ 5"Z.}{'-,yzDvm&=k$ne3Ugқ[sS4p[|@Gb&8 ZE$Z96؋R^153WVtf=1%!Y9x|Wss U\F)4 mc kZh@7 G9xt^1@$8u)x|Iv:ㄽaϟry{$('qbf";f %@d`bo 3\xyd|ǎoպcLQBs𯯆z_DߍQGq~r#s'mx֣ 5bWx'[Wi5LN9K5vٷX4R YpPo87Ao8wWk\7\B*+ ucE^lޟ%vhe7TF\t#\ӈ\ͮX?S rJ:Z~VeВ;7ooh &545>JڌO\cz{OƤc=Qf~൥0MHGxo?IzC_ݗGMDIv|^b{\Zљ }F?9'=5lʑd(wcl4bkW#zhmiY]M xX.볻k%SO脌d4ypDk`VY}_}<[x#VK[ LQmvSO`}f@9y^'^E Y 2ina;C@Ҏdٻ| ~*ZtqHmÍ "Ɨ$PTzCD' !Qwan-y n $ QRwEiF X%@ֹO5Zcʇ6u@q qE$2[~?EYTkHC,{;K.&favfR#K2-oqpMbH^孌tZS4BH=*G! D$9Ry-1mY*/RX囩a!?&7kdƏ0\R,aF;aqpU= hAC;B ¹4Mސ̦܏T8kX| lֱ Wcj Xi0>/?VpJQw +hܻxS01n`F/&`l~- E|$(zGuhne9 +Y^a?aߣSf{]T>:q@:=1C)W r: |h:+5wgP&Ի˖JGqWםʀs"]N=T)$9TQ7{J&B'Ⱦ,]4,o8Gf)M*S"j5BX@yʛ22bujS\bJhbWdB1yq 3xSY%_8&a .f Gym }P?>tm Rzd^ z$͆ۂk 1 ~} t6g+wR C"hI>[; DMz滈MDV[&ae=.tI4y/xz^R6(};)8|hP4J*g|Fe+l5boFΧTPt^0Ll;[&yXJ@>:۬]+ru%XGcx/s8B\(' V.[Gz$:^_JRb׃BP)GblU:,7AzJFtMrpW'la<4Ah> [5hVմݿ q0l0vUo,RP3 'G7|5z9?`,>e:@I7d[ ɮ)Gƹ,h=募G+>{ՄϹ+n3G:s(t8L ;ilIM;W'/yL嗑Xu3*7t+grI|`&Gv S0ɁcoV\ |FzJ/ŷߤw•wrTMje+U[F m)3EQZҩJrD5eoBc1DIALAv6ʄ$ISHOxv*ʶ֕p8Ife0QJ^uBt3%緭.̿S4I,6zzsѮdrV\D Q#~-! ~0IdXma%1v 8.>(0 YE.{B1Y> x?]XiA݈DZzm#z,\hddQ6/CiȋY=6rEh ( ,:{Yj[M+ِi(N61;zAIA_Ùn J9Vgm ::  y cF^hBZAwE4guHRl8SR :9)Kr4> R%/S*{PzkWHT7 ;`XJPBiivHQ([(Dv-?z}Ĉ[i^GwgYKrW* JͣF _Gơ$R66{n%#t^R3~lq6<-vf0F,}GPkjiC7-i6oNkIo|) x aSw +zW|t7Ą S'd[78[%; |P㸐\ahix1;3\7kәhޥrnЙQ|#vSזGgbK tfje^Ʌc5B=dw|mrUWٺ*Q5J-!0 '7cpE\].{w ? 06=x٤ ?xYճ$HLu.JPZO_f%s6%ĠFȿݞ32*+-h'oin{z- [t$u݉Z_ n,AH8f >NKɋ*ޞXLÎ{܁Lg$S;VMB^^V<|~ GO&"hP[o 2g>Y}!PAPx ))QC@.PQS-g`~Xnhbԡ1{U7AMHbi% 93s+.LO]9=5ZCEwy;|6K)h<ʠ. w/,XצXeG4eMCc~btg6kqplcm)<BmrB٤!FM50m.q>2*.T|X0ST<8:5;->Q&H+8ߙ{9S y;]5L”Hf6).VsYz_SZZDWX]y#On:jOęI{}k6BXu}uR"ćp@NӮ"yzꝸh B?HjQmELnj16m aEϔ2sWR%@*4LcMDIKp(/=:ӧ$f!*M0[P5xj87B U&im] ~ rKjϣgqk,xK~pJ)PBgob[ד9a%mHc_n1)R1 אD<- m\D#T`>;Cf)fc:^"%!V+ CFp/GZ/ UC eU O -/67ɂpةÏD_y;=Z\r'1VXznk-wƉ"0?!e ٭7@P̈́4 /pђ#! HzybP6 R!дּzTuI:@KHE MeXU &茇RC_0`S{Ta5JDu''%lRܹrD {iZ $daJg2;|v6!fD,ZyT n̈́>xtrX^1ƀ]ubptrwśF R 0麜oݕ"%1T҃ntpΡ#=n7ڞ_ʏ;5I} X`P:7. 7cz $::'!J/.> =g9FO0IK˟h|%EWާ VDD"}5K%a?6ٍAjL.i pRZ G$]|x0GX&b&ϑ$j{`_4ty&R]bza>>W=ͼ,}Zm*:SԅL{= bzV0]!q6=`?fWWXdz é?6y4:JyjP~g`4Y-i%)c%Q~;{b>L`pPaS3]˴'Ol,6G'o)-ubɑF:YJ Nh~ul mɶw 5.s %R'$H*ǟrݹ!ޢd:r)^D& uO u$Uag^wXEs=.,'&}& tfԥ!;g!޷3r5;Dt]_X8SԖ66E R`#ҹ藼#/mxjUT#N9asM<|c,˅ʤ7J׼\Jr"?)Aϱ{7fSvaQ͹WBxS@/5-PV<\2 5C!U)%W+Qfufl3v=? h~i Bϻ*f1VVڄݍ Ta]A6_6C~ />Y q9rQi޳7&89QHBȧ+18\N<@T d4 +1;>YA)f.3%f[NG\ ɝؚA\  x!f}'&wz f@@; X q3[bW^o oϠئȞu0o7WIo6d+mc' z>)t|Uh؋-7]^]_>y IBӞWSڃLUtQao>l}Ի96 ~D\+f%iO/!z7o8m"Axئ_,{mjjyB-} VPT:ʉG7R1+z;%-n+N($#]C|n}{m[M/wdvBD"&.h1PC^M0xu$PعKǭ<v>rݚ늳CٸV?NTYՌ@fF U_A`jehU$:n8i1_ $)E2חu ck~ywtdJRU=дL[] Hzϼ:݀dPaG-l4vY'B26\)V:zVD~ocq 7dOr|Q Sz }Ipt`AK9/#g8q50B(-LDl3U)~Vj;C“cq%=Q)ZRK~fs>#0!^mFTpnڟ6ycT(ŽRr(E'm5J%_} ϑ\5Ꞁ"ĉ1RXeGҫk(x u%Jɭb}_,;G?rVM4R0\A[A2Ǻr"ͣA92q:K0.oƷZFCM?ϴE5MX0ɻV ܯ ),1 &.\*6TbeP.& 3 ޺ x5iXB곊hԟ(.TD ?᭻k4dY66Eqk8qA ;݈L:e<}yb`҆~{҅X0e߄%+!SR铻&k\G P콝.ěJ2L ]4).]N.L`e qfr^ 0Cm/֊ݜ- ?{ˈ8/M>a^55Sgdrۚn T2$Sm/j2Qkuk+0~*q(;KNr,Cfp:~iܺ|0(=MkM=!/ɵHE GOJ$V ..e5 D֩($]:7*4B+sP÷vr;' uzn8|>OFDPʶCI?/aHPAU VP2 u.v'E! Y4h |ɨW2~V\ȱ1v(;mwϚP;{07ywi;b[)P6Ͻ2GwF)W1t#MdjK>UhwWg @%s >Ǭg2%JٿzCd1d%2IW(S5[qA̕bxDKQMi3Z TFm:rwsa`\XE$Z5Kam D7X+6~1=zq\HTn)Ʒb]nx/7+ JHH?uRPF8{F|M jSRU /df _ +b3f00^p;!*ޢղYyܢi=KکN}`q3b WRBS:,!lNd֚ALŊVm8L|qW*|iТiz{gLQJ_Ψ2dÏNbE= \'2Q`Jk|H4 tsq9P>{.6SVp+XP~4Rj}YJ$lYs g4@9wc,.!ghw6FQ>h׹h 'Avy1걐q8YՏ?H3|$s u7.`Na췃FP %JCBiqbLju=d6)x9|qO@ pcw\Ijjgl86iWvP;Nw2M.arf"Lnv<٭옲) Nr1e h m%1(CyKmpG%f14#^k9cж1;wIN L/;le1/QRzl orJiE X /~U/;7+|]! #̥NG.6 )A&]ae\v 1<3ډc_"ڜ!MIլ?xa$>R=OXju.n)E,WwB"L@]>Ϊ`:|kbN᫟P ko\w#g#ºN 0^Y Lv/H:5/F*1#ڍvE L5 s[O[#C|F(G 䌟J_ \$QNv<ܒZQ._%'h&4GU FD1)pW>aJtU5UL%͈0Ts _K^F׍|^:s:  \5@>ҳf%*y傸ؕED|;r`92Hms'g? tNH=$7sG Q; ܍n~ M#] G*Q+#W CQCŒ1/̑pWKېZ<+'~~E_W@c 8Tꎛh$nDC<@ÎN ? @2(>Vp]3} 8c[Xo*,ť.Rnȫ)鉂Ȏ6DUS"q.sF73-KS E5{"6| QK[LIk"O0Eб[Lo_{zZ?nIe[{edfq[&b~6>A8&C1v 65ԅW F]&,8[']W;55PMY>ގWی/.Gzxl<ՈEknHUʁ_/l`lSd}O `q$#Ψ9X OZ8LYA!و ?-=`CulpN ߪ BJbVVFSw4䫳]aNd)=͏xw@I%0ذ:s:?sPrΒ _ `eP)2f=TNXgrb2]0E UӄZ"TXZGlhȥk`0 (t6WBi)W%8gbh{su|Dӗ3K{)ڈ ϋpKWLqg1c ͧ\t.e\d]GH%<1s LGq=*3˼63(7eHުTX $_#%@Z699kcYwqͲ)KR垺dѻ$AGnVW r27 WYi 1{uN\'۴rj,.k^\(T\͢5Rԕn۴su9˜795A_Pץ',Gl9|N@DOqN{BW??x=E:XFNKՖRI{ڱGO`fdlQ-5/]ȝ7upxdɼ@6Dk@ l"G),Q0Z=/ RnhΨv@׶2GT.9~8D xvm3qhOu˼j*ɖmD^q:J;8;j,Li0Iһg}֛ ,Z$ z܋ٚYeތVNjIw\+|qUzZhq?O`\ڌIXU-at^%Da񍢟W3UN 5}>"0Î*VF5gbVE+y^ .ҋgi q#,Z_[Ax/fDI~7DE3ٺ(xn4 ,xgjw];pZWXv1Y.mوt;hbh.<@y&vG_O)q<9=MNt`!XZ1G%)#m." ![tt#*_3@{1@yN ޳U5?Dž9{`B'aem#IJ_n*CC0WBF g*rur30Ct:?Dicē>cAt%I)b+nRu֮[&:&jφ3K]4UtI*׍q,̤Et{aT-BkT%U']~s-< ,/PSDgoG/Qf6^M}+*NO#`+4B5$@KXdQ: t"swa*pyİ-`=grΘ 2<_.0}*Y֫uqO{@SG*5fLs[f+N55c.jR[|חg$tI9G[E?68zQ!\S8tYYC?\T*||*K+ޚm7GRq7xzɜDDxO'M^dunA(C:q9/O=,rIZM]9?/lE]@? , h(Ӗ :Ϗܠ$%o'@z5󜃘WDr]|!8 yG F'Ӷ;:(FHƪЯg?ՙphZJ Hy`.-9zP"5(Ѝ7!-pcIz#!Mٌn huDI4>BJ9~vxN!*7BrDcBo)_i/lES%WS葉e 'M /akvBKָb"u?wR>@Kn_4 l_\|:K(10 ͉~0EGУ+eq ذ mb }HZH_;A%q7teNSUr k+:Hw+ИwqX ݼ#TzTx1 Bܡi뢉`1^m-[iu|4bGycqbٮE7Sӗ%T >z0[2ds0 orj}KL7~㽢XAG}J ӤtW\I},`q[S+hHCLeۢ/"zsWpÓuU~KF2LL*5~[5\*GC~}k$bsQQ&ۋpos ugO-Jl*|8[Wi3alB;̨ڇ{V'WS/_"ε˘2E2.9/̫đ*%Nh'Q* s)3~!BfƖ|_JQvQ䅹a p,>Bg#%6m`QFQ)@>!{FsW8&Y\JTb} Vta-Ñ# .Ndh <ӘaT7A.7YkwYJ&XeĮЋK`,38E>KΦN2%DrӦ8𙗾2|G|~Q 堗z4KF{ C D,8IoU z܃J/&`n69uՈAqgb F̺-lv\c6d5T~oɌ*\k7NsK.φL,5dnVݏ/1O_4ٜ3BΥ\ 1`_]+Ⱥws֡_udP1! 퉴1:uVVU-`EjPvKC-XdR)+]~ MgXh/u\}E2 #?UФt3P U\7d<4@4~nW9t+-] sHNXfzxrGP4wQV촲rQ)_ f r/Ɓv~)"A!GLmNvѱ7|@QBgk{-_2zX#=Ya_ <*F*ҽ93Z{ˏ! 1u`9 û0p -[AXKM%峞:GQ^T^&6Ɔ.z])o X{"mFH'궪*k`pNN=BGoc2$=] {=_LniңEZ?;/aT}/^Ż=Z,օ m?8'#~yeW9RDEYilr*MB+&]|!,UDZ5cHPE hb'y]>ÂZ}6%J`*曷`B$֊f^wDS(0lU z1 2zd5$ӗ@tg]Φ~@M= K$&6T$P@fQ8Z05?W^.iZ@<{xZ_VVE]*o[j'ymj|Uʣ+MqtyÛ쑙rXKJ|vN}UI482& VP" A DqRWtkr,%+ܽ%jy}ۉEl "cwzr[nd&r\TqjVf|F' j$ӊ#"64]PʼT߬)~<9]KSZЦĻ8 .!l<lGܒxFj栉B7kǕw`5$ ¸5_]VS`-۝]dy-$UG$JF8YT5L6Ts$h5{wK >Go+m -ho=P*%W\8txI/b[uBJf= &Ip\$=6,gD,=߉G}/*=HBhap14dRKȒ"YZ04 s ^ ؉dRԕ'7-H*q(` =bBᷮmփiN3x0[cgx;?M4(.~7{a זYAp& @N ],Rg^O,4GlggٮN@@ػn[Vanֆh?uC[ rR9˸EcVɥ{ N0N-L[5M}ؗ7X#۩Q *[d Me\ԑ(G2#'•H+f:@tYаӊ7˵i~]A#&J[1<TzL4g. }ҮWos-3/G!m%9才z_[~qRTK̠1].g h.>膭6iTo?aV{f'selʧ\Pkup]dzhVWńIOhZ1]N2S1߶9InҠFH¤ f~*d,16{q:k.LZ2a/d)sl )$2dЊJyh}Hm?JA8k}{6vJ5k@v8U@md"U$Pd S!cY򦯞K#Ts]WeKmu˘~eu߸U6,3wQ6XVBD~'67/5 "_A?HK3`(LYE/9scd, DQ G8i Į JUiWb9"jXޞ̀u#D(3[stkS !:^Jjs>s;P!$yٻ|ڐ Ƣ~{v|cUU3k)LoF5ɪD*3 {M`K-7P_]sl} V畾PU7UI&em[$C~-aԋޞU#Eѣ$Z #cRW^ v.9QTjLt6;QYn:ɈqޠArɛV::1NRWiN(D&.uC6:z±r.C7bzqtOhZpb>:-S_9-Wx_!s6 6 3 ﷂ:8G\0"@ FKݼGl˲5+1WCq/ 0 絏S;@Çhm6 +m.{/nJD~>VM,1`e.C]%6o+fnR*jfPtG]>2襁*pYgW" (Bϒ94>^0DgݮQc'U,OI%LS7hc.߂H o1ktM%VwY/ Χ>hmV!o;k)G(~9jZ.kbRV3ԮP+Kg޹_YY/EN@'`1BD>6ASma5<6 Vgܳ ›4)-0ǑE*uL$VxVi_Cې[x\HmҊ"dyO"[=)㵡?ݓ7kKǹNJzʈ5{ ǒJaT#"-DL܂76栽!bEs]CTڭy +l>~kUFM:_ 8`0Qޠ0H3 B]B8ᥞ↫P#ҼBjc%>=EBE r<< _c糸`;jCЉ, 5[^ (ylj?gZ JvԸ::SeC{*<Y89P ֙^D .Bk$lZK\T gr*9]ṑ5*O|dm#D! V uo(|M{_/",=5P`hvrZ秿 ~+YĽ.%Ca4TITP3/7 &VEgi1})Fw\Eβԗ?"#TWw8_X%D_-kj*a!) Ǟn=D䓯C,ChM)^|ABQ2:Iʼn(e)P=%W^\ϑ7&@>T;D\+E1;:WȔHHstBRz@HڝSXEO8s_S* j ߠ^1.@Y\~ *I}#«N-„)4Np70i/ p&3AYhpi]hH8B޷F̒M2,FIO;V75p 0v;(VSl fI'٭ DAC$ZWYtY/!C j!<^Y<,eefucɣ-"X(hyU #C*CEc0cr7BalM6xvH3r4Sa!*EiȒyfW¹nU23__QzA }V{hs~r~tel㮻~c/n"'X/x`/;%bxVַۃ/(o| CRݍѦS}"FذZ0*]Tv l^ZYN1\ (B`R; )Ơ~w 4#bhss$J`!EڤZRRV^cWY1 WQI\2k+f߱C| 4`/$7 6Z/өm;UכCTUQBN xwEze)N녞+$WJ3V WbdѡrCOh4HMtѦhF@q}bM;B>&Fėh;"W?H򒕲'E~fC*OqS. S!8CӀUW2*̂GS}!5KyY&g*jUىq!sГcduERk_x.Tbv Z 2MU]Fk 0e2;}Ŭ+ Kf; 24 F[g6l 5QzI.(Ձ+[#WlK60nf]*Yvh-ƨ~Su'J֐+;ͫ^`_XS2ߞŇ f~3ClF  p.xڃy24Qrη_( Zl ٦x=kO`ؤ41>0?W->lTefp f+Ub=7Y0qǗlߞHcZDMC[RAFN=W[C@HH^D kx閫4^Ƥkb<U$x|8`8#d ] ?t$93J9%NUf坜FfD _Y(?z@Kjь%:D"5;cdLN]̶~%p@ Qy1Rl+-M_FϤ_[ 04 :*fg5$;O fjbkɳLmaY$D24 s{@)~s񰜇 ƥ9IYKm Z5#$+dք Fޥ%|-o#`Ӌ׵VGu{fdt4~m񹀳mC!ōd**<&9隉裉؃'.qod[f("u0BqX‘i d(U q8\reٰ YA!Joރ?қy:C0r``zOtDKL5 1f ,rw=zDyn֯]1 #D${wr0]0>!`p#EъdԗE{&DđhܷKIta.G+y L&Z~8$p}\4@$zƟ$vMB&S '[/F 07;},3y1 MٮDCÀUEdE]ٹ^Uͳ[GߤMGqxQ*Vx`:K]63=(+ OggբFNEbS7,7#L ԫɣ!,;sF/ÂE67>`z^153u~iϗXU;ICh+鷥s!o q˹qs8b{K?V*wDUjn\{ui8/tp\O鷺j#VBwUCJn~۟J :)-ZvPBI_J> ԯIIPFIUUQ0wVCP!*-G PpqDOL.]ҞDՍ5Q *5%-ܑJ?O@ƀQ>0]Y3DzZ~i*0 RWq6ԓ|O#>"zYz~Za : Z M K/1Bxh!V} ;@ixGa#.04'YAS+Z%v%J /#ljՌ%v>Ky*(CI3]!31D6gC1{4 B{Kς>@S,A9YiMiGj6P7 ӘR_20}q{18F>Q*"B>HB%g9~ iRJ6%k)XMdXߩki?=B>7%GUff3FKz'ϠJ;R:d҄zf ̏Zˇ0_--9Q#=Z蓱nT $ap`LXq`HUV/٦P`IWSB ]F`u`RttcQs) B6#߭87of8M׎*HAo&6>{:] jWfn^S@׮UV+{o\r@lf3$BQěvඬY^ZտMbwYBZ'A4ޣD?\[CCߡh⦽yi?ӳF3Ta.!izXtb Vt/1rzmefTsB]r&ٲEf@:U7XD|w('DUIx,t?C'uEP:|S_8vdZ!Wde>!CP̷^n|יFWe&-Wa?YܦIo*qfb+L=BjJ6炭A pP {N('HO=`0RnoTgDy?/tL~:ƊVy\Dc ^O/}3Z[#c3˫nĥr1o Ef7Kp&FBA el)CzO݄POgg{=os hj4Z6P캫[TIo$ez;"#5O'v+#?c md']Z>PH2BPy\LK.t"R>$e#2_ 'ʰ+jf fK^|UGo 2x]>ciOUS,d3FqgfG'ZԽ;N7 —qE"uAW@qA H?%MubpDP@oIcm۪必CMCh=RvB~˹^o=)q iE壡|S#2Ri TR{G` v{\h:EA;4T韕 @g V#A]q*j wPKv}1^;Fѷj}6C8WrhRlJ9g$ǔBxX9gW 9jF][/k&=:2?.mu~יQA` Պ0yr8>p'rfTVQn@*ޫ7AiAxvNj'K}( º« ;S^f6@¡_R\ S犴ՍaO ŝ# NkX=SxPvu u+rF_WߜѦZʦϚ}umY@pXF RH$3!RhydCDίVj(4:ØKhţ $-t~7kWg Zr;Ԙ3/= +7z.4<2]uC%E@MvhX4,LuEȍ[94|-XF0V9Y R??kjk;E \eue6`*R,6gLw#XYX=JBc5;8(Zu$~ApS0xΧ ~yAD&Г@jgH"c}a%"0tcMcR39CFT~=ClCs!I+|TbuEF,oV0LǯYoW923"7uȦ\@eRx * n_•\#p/VA.ӻBwOf #V 0%FVGa|)%,Z:^a\XRxOQl&5P!yg(B9-+~靍 `ꐼ4Z( )$UbLJn.0 1큍.wczRϵ?t"]vMے >uڀn8M4dn;rUk=#Ce 쫝a} ]L'Q7S]&,7Sѯ"ӖVOEm~e2wΐ19"m :hQU$T pNkֈDߝ ϡ&j]0Akw4fKGa{X\GPaj'"lb 52< {yIHbF3T`:qF4;ҝы ֧J"}IoЅ(kZZbjeH<텹Pň b35+̖uU)lf),'20iEO'n- :gjG"<ayIb]w&(ʽmK+ǴG|%Ak]6hЫS'kVikr~ R!P"Nr% fk*{ U3"?>-g@~e(QslD+\5'|pdٕĄZӺiˌj@!s؄zˆw9Ey?d2&-biu}!Eb6] ˉvİQԡ lI{l,C lfoՀ:V35ī]I4:,6.bpΥ.I*:$}.̧:K g7p|.,f1aRqXry+.RS=]S౤.fP@].}V0i`4ec]$ 8B)DV/Qz5:}%IL뿋7- 4Բ>_EjfPu"hz#}>Nͪ}QZVH []G:k'u׿ݱROVsggyd݊aO˼oK%IWjH\-#@YF"Sk{4άEvL[eH:τW/q7X24#OUruA?Wbp֪JUW9]^W9K5B&I$OvGvDX} ;zfz]{>%Q`/!g*XѺGrNe}Ec\$ֵ><+ۑ*9Lf?MBBUryɠQ v6[3q8ԖuA Ѭ,Tr .W|}D>Rz.(Upmk06 };I.ppt8vڄUYNr0oy\82/7 4nx7~˔O:R?6eN+5uEP~IֶfE=n8&?#VAwv [a@k{3n(GDH|8,uFngدډWR+9 aA_%W :*̭1QrLW6Ym|R񱩎JsLi԰\>tM^B`0^"Z c{#Xuƫb?0d0"cyVo?쐸a4@ޤ;Mj8Kn@x&(S% gDKM+ݎf'L)P< q@*g|:U7l%F $Ngc \*gZʀ\8D ;2ѳȋOí|GRuv^G>~xU =IЂS&uʺu1 A8`H[r'ZTAR~:I,sQ~ecRdln%[mݡ(ې˭1SrI 'rE͐IaP~VmDϣy31*ßubmT,MaغZ'א7W[:P`9Eƾ}q7/ 5|CRi\ԙFgYXp,*m8]K+XQ~uGFk'Su+F/)\I@cP77ˑg?a=Z)_WZq5B![Uapz| dnIs~KeP{$( LX.)D%ueUޏ~BX 2?YƎ~4rc<$t3+VDޮR!˺67 =!gĽA<ݢl]QKjs[= 8|los4*WLe2xC}lo*{MQӺKxǨ,//{Qk[~:G6G`d1ܞ#`RʑzҺYLXn-v {lmwSH)q㺚 3A~}g s|AѢGrç7: Z{;@أNJEgk= .- oַT)Y`0+vjBkG`71&k3UOyrn5q) T~;ssUdY0:퀎)9KNb6|9%9l ׇ;o5A=\&>1ˢ3h{$ivdF^mtT&R ҝ5IyW.lHMYӾZ\hzZR S|.]Z6J'<$Gx #:GO=LT80 4V Pn\ѫA1W״g&pt}qmTW*8qRjs[LJb\H܃.D L3TO`{UUOiDH 复S]a@8T68! }@ -l4l9?uZ^GY (lXi &\R-CEgd˒56v`5jr|$L#e`n?W6;Eޓ{}$pg|(Q U hF~;ɓxNe"Zw><Ýcr M*fў8~=7Æ־*iMUR.~&Z.p KsF>F"D h*XE^E\2{oW[Z_m]C4cG)b2iAf_!&*rDʷQ<`}j,Jhtwиº9#chˆahpoⱓB}[ߟ@P䆇ʆU<{sXšݤBW]c@-}vCGY4ZЉ3an/d&f-b^&pmxbC"'{ ɦ@j*ʂ䫩)вZ^=ȓp# ȗ,Ju.u8Ҿ+jE>Llf$zRKYD65t\!ꂦ29z‰uJ_thRR= &|<č!gF㿩f#Ih{ʠH䬾r8|!U0uePv%K56lxnVDc*.1ђ53Wg2o'{L]*:{Be2@POW^+k=TF:\p,D5.=jZ@5c@ oQ[+AH۠G\ XU[4D1Y+!34[Tax Ha*:e&І<^Lim\gh{r3ooBEF S!PO˅'rM* oAa2- NJ*@#jcE&;+-q6:q%Su65*mOJ(_#[^e_֤ WfU| WKFӵ)MK:>E5YփD=f` TjaYe7QI԰}[i)h^2bTNMh C_ENNV$-y.oQLB] t=O҅luQ|E5 G?JB|AsxqZ|"= G.027g jv~K.5)c~ՈVtݞ2J }Sˆrh`#ي|5VO3g^ }aT- Wab3di<I5 [f񅔶a<)LPP8_+>sېmG J \>Pׂ)O0WSny,>="`yb& jFXxŽ;#/{W@${:-Jx¥%N]/$ ꆝs_>q]"Sͺ,8j okFB1$% n`H` ,9>[*fLP+,Ei=U+! 㙂Fmǧ!>!q˽WZq{V|3=tEijFLťL 0jS08zGAfD5)7XMq?Tnod{>Y օLzyI?_qt=jEŊ;T.X$ica7`e %KWngK~Ìx4w&D}񴇟rNopʥxb(em"cƫ[CjFX±j%,sw_Ȼǀ: 2}e_Cwݬ6I"߾ 54k.Ϗ43:QuFg\P<6e&0lRx81V^hZ݇čY" qlJ.&}E`7뜁?|hj3β ڂ{f}ٴTѫ8jJd|b03Yr+tʪLeRd /۾$8< ݳarmʁGET>qr'}x_CCuZ 㐑^AHT]FM_{.4 A}[3īKmwu@jbl3̍9,tVm` mƐBf"Zj1K{4 V~yGJڳ jU=YDКȒ8ߕH՝xN/g\?%"/C`z8x$/xW(}CG:1o7^Ѝw5'zI2t5)lB8ۺGBe(fy ϣC߭5bC;]#H+MHj'p؎-0>qSpq *vXxc?@ l+eV[EXB"IgĮ0ͪk e g%:zβ7*>~"oGzq0"!$QQi2D,ȳho[Z_aZdڞjL-W`lu-m㹩DذP: I ,"9Iޖ$"pe=1QݑyiW+fy̋gp%g`=Pxp loJD䝢+2c-ɝrJ!}Y!EN@^Ӕ3[f3MQ@&]7بN@-G3dd ո^ 1fȕݫ\@PY5zS/<ݘPMVMSpݫ,׽֬G5z"Rqp5"ԉPɌڪ{1ؓH9(gM/^]¬V癦45}j+ ?S2Ziz:031QJJKi~Gu4A} +וJ:8DG)Sցvr C(,uȾ`gYvYeyW?}U6-M4j.IRm^A-q[H=l#'d,}O gSu<4Lլ#!ߗX~ ?0V :r1: NgV*r|:}>!k% yAxOm@zumD_'rZ_L޺yvt\SP=>9rC#<3)WB<"߶CJ < ܧ_HeiQ5 tpdfvٿk8T6A:e?Nξ?֯}YJ-@=OL2:B^zb6Utl4/ԧS4;d~FLSXh-==K .E/zn v@t -_kW1<{3ɇY4!M3T0IEp#&&wǝY)Hj^TNP?]d7.J88ه?Yt6.#M_mcj1 >?x+F7':KhQ]<!lNX-vZ:@eƩM?& EcW,}A/8HEn)9=KIdBdH(" {"^p/UQa77;ȼ2diMQB yeG@Pp)2AK65^UW&Q$;4ύ©kԓ{W?0&"l'z}{pp#6b\p_$OÜ%Ehiظ̃ P_󂮫re\v]byY,'Ym$b>jO/Qx؎wt3CZh~Mʚ9&}Ȃ8s A:ȿ86"hۛ5؋q2jCMZM^!|wWC m˿:fIi7Զ6]}'0mع'U *.G\{lĎ)R97CE\ 4zKiܰRx݀b":H{.mix53q$څ(Fׅj\R~=fڔ>6e1x5SO~Y[5-cK&-hb$"*1 -KIV6drԮ],$ԉu~K3!19񎀰!Ԋa.4IљVZ#Z[KE[0zw _&"a⋔7svF|UBf2'vu9ˆ :BW_жne#gF/WC1HgY :rq(ElrOob^:Gd&uP]iDP, ;/5h`%qǪbz&n$:IC5c0A$ZνfnYŭ#&܌RJWK64}Ld3 P$6 ]|/җqł"ܑńU7 1qn`K[_{ [So'}| MjmMq㻃 4>N%`#ySM1Q8IZG|iq\؜,A{^ tN/k? ii/T ^5_;ɺ+)WWɡ2MRZ}HhS sԜHRܪ=˸o'D98! ]۵yrr? !Ο~e9Vގ''b?Gm91 hD22.JN֠ ]2Yk1wh:; Rζ J@#w֒+REY2(t6oQxyOh[p}:t*@ДyԉWoi,GڀХ ^z RgRGQzLbi|1D&k[Ef =lF#ph #0 q^oXϥkZmaX O?o0*87-3EӜ67-B>'b ^G1~=4Wm'b@3W}YR;PD+TSuǞ럳Ç:u*yF+{cPnniz6Fa/?Pf"RJdz$;G㕺v# "*;tA4/^}(7ՋN.$G՛7nƙ&b5z`_R j_q#xR^ ai¸ne Pc@Xz /nh 2/fm\.*R ◉v7cBW!$&$ty#v#B'NuL̮,9-gʻ/j`$46$ ,g"xܾ/v""Du)#0>ꀇw]?X of4ЉKGyk}z(F7x?C-[x,`hh[~cW5l,]b^ -ښYN*^1~Q?t%'=  & w`JJ|q@[R2¹iIG!Ф}WەaJ6ᨗjΈOr\=/˦5Pou7%j>X)]=^Djz)6D'W\˷6lt#?0ٰGc dޡHI`mç{U'MS8}#s12(K_|K`S)#hҮE=xVn@/׵F/Jj|<鍣^ HJFU;9gJ%AlK\kq7-ҼLYv~c;^(Bh[b]fZӤэ i xS 6&v0QG?>vx USZ$ ~SVɄLzE` u2#@5`5pzF98kY]I S2IT_R]dVuZ?;-XN!˻(9?ZE|S-N 8Ckz2'4ُ%cXN36e^@pXs戞5otF~.80ɗ鉌3Ϙ$d1[s`m~Lܰ>E=g Ҁ;ܩoSj:$hd2W>P ,^%e %,ʩMg[x=zՑ:x'cX`ë}ǜsyM$^aH#J_nquY$ ygP1ʾy׌B4JܨE2l& OqM0Z5N؄Q.5VQ8wyd6W$[LYJ^Dgw߮i6*E''JDޒfPjFp%o۝ (~=1] AI=+ͨOY ҩd Hd<>AJzaZ]3(DWʙr%ҥE ]qz:PC /&!+#sϕD'6ZUVP:Ph.7clb~* RWןE O [ORf4杨2T4 ]4& HɒeΝBH Q?F#Dzﭩ2>tD!FFT>(; > r$qh#6VqX4VYunTa2P/t-kG; LrNو@9<P>XS쩚/y K}~Ank> ʉP 8Y;\Zݔ,Mwآ' m;UӦ 7!ɖڵ h!,ˡ4Q^{#h褶'NyϷDDks~$07d]Vg7S{ *Oٝ鄞ҥ9))]kERـqJD-y\xS;Oe_v`Fk<{o0M> v.&6ҬyC&ol**,/-t Mʒp:hfV4"wz4AJOї'=ߞQ-OUJPooU-cqd@#`8$pf'+Mwi 2kXl bm>h%tTOky%F*v1MJZAb;+73g T|9h8Bp#њxWrek|7U={IA#2*ihFp76N~@5{۟.W()+'s_nf3@/5wjij5cpWw8)UsЮK{CK|wm6癸G(W{zw}L~[RC;'.KrC~֥H~˂ŔK{80GA ,+D^uar;ru`ӜKP'4d|!Fݕ H=p_a6خd19㹑Г: okBE4A^B6^CSuQ%4ļh7\N ^9 mm_[%+!߀=7^D|\z08e5g°`=Ƣ7`sLl٩`vۚ}!4R]Q|q  MFa>O_̞''H)[CvYT ŖUޒS;/_ TPj7]\h˜h kB d5%/k"GTI˵x KM-}?xy;:DYqxeԓ:}TYmBOKtqh9@yb K1o6Jv6>>D a@Y0ris PVJUoz·Tre%\Հy]IeuA[T Z+q"zMA}4EC O2S|cU}ppS6J5 s"S,X62hn"8uoSs1;~[@")MB+mTXFy&3pi qi.CGc35XK|A߉sw2KL>f]EEnކ- >x=V!pR&0f3$>R/):U,N؄6dIH%!MKOrYD)%@Y<ۋ< lTċeث̽7B`1?A0"KY\Xsg=zhH+;";@h8p@gƻ8xv/o|~%,Xbmi$eC@`,KtST|]D„>*-f"ir:6HW!_Z=u -q?0H`9mގ+b$+)ejbgP)C˒%#z?|H8>JFᇘgF#=E/\bPn+G`X,Xy%?G/q-y8Jm;ĭW4.w+If}[Q?3ĪK"y;&_tDh*jD(Dk@ =؟ډso?X^jd'hvB Z[)E~H\V|ܚߑeUL1m5"ޢ-7pRT{Ma1ؓK @x')fDv5 YӜ9fpf>&T&V&~@C S޽hDl{Awf{}x*^u[,u}E&n`#rLQ];6 [sZIq8kw9ݪ`}]=*ӗ-bZӢqk=GjԱwVsݮX 7oh(,JU, ,%KG8-j[ x n~/VQ/9m2Ɠ@9Cfe\ɘ#b ? GqsȹቆU,Uf1BP:}Vj匂56 qĂhD(HS")(C>&'<ꂼEfӃduǑ%`&Y"`AP๢+50O!B̵tm"A27b{}ZQTt 6&ƞzB1eMΨ @bF6h*Uv!!!n ]eEĝzχU:[< iZyQ)g3ȈaLƲ}7af}W_d7}/wEI|=t}ĢBzMtգ3$務S Ft^~z;T|5Geg'9_8C^ tF46\eAvލW z٨ts^uLBmք{%a7k^تN1/>1QӓIsf|r K+Rjyx4̔raw?-I1]W hFa)lŽ=j*n5 y>G?Pɗ^.z+-jPDBU.AY*5|^O^k;NPUaTC)'mki 0c^_'y$kQmV 7RB4e+pj*ņ+ZbuZz 4dS5￙D\^n ?h[!.|.Kz"UU§[. u!CPoCDF16 O=99B)lOqߨK~ H}צjc}Rt]6|zлv^%MTS"C,4`Rĝ5d%ZHʳ(KE׀PU 6 "5[9#D @Y4@2&߁M Fpp\vBX ~Jrlu<[4잝i߇y\3Hk,\[&B;>Xll`;s6񻔄p#S)#s2%s>9Fk7ƨo?8O Y#שּׂ/IQ,.KKZQLg99#;"X>k=lX'ԚP#RUnhZ+[+ŴJCW$|iJZN*^F=a5*%.FL9Q%Л] bB -W Q6Yʹ(]t7VK@lX= َVvig7(4%/e(\" ,b=)&3lIm}D)_-(F,5ԩIh'Ն#B֧?PO`+Q }G3 fr1v  tU/MK>ܚM]Zc` (ٕl@FچDV!w{٥!:A$՘ࠪjTlkW$ߟI7w4D,jD8Đd"̥QKfSkWsIT9t@z.]|slt,ux}\?igL%|O1e{Xhjw8 p ,L@GFS.1gv(8x_!}E` >: -dž{T8*kQt(L /^XC-{.A]+3 g5í; 996"ʔQƘmSMgd `d v(8_m:ϋzȾЏvRN:0m2˒-hԜ5%A5˔x4&?,̹=;m 39p$"OS54黁tln@D(6t-577m3sz4O`!Hf:bXCw)D7š,'.e>Z`EAjs4E.k ̐e2B_=\?+ F #ȼ<SBӭ&K#* ^凜^~{t#[ ]HrXAZ"`>F<Z(7^jhO9^0Imj emE'2DS:a{y8ҶKeaߋ17&#m$o 4O~|ĐH" a*e3̟ x/6>ɺ 2 K)՚3*΍` x7[)SS{M|S*Af0pY:ڷbљTW }P6w##=dr9" Wizij;KwSJgy%EF|ՠu+o ސ'N yFv y{K_%f"Ah|ih\૏vqmFxA c#!UBy>e/ų0x0+LwXT ?ˎ!@2d;Yf'1!.|X1C2]-$nڲB#ٸo4՞#*\a'sΰ*ݥSB]OO!kdE4jMv]3xj-};GV64B6-zlFR|[* \j`bF'}*' 襫f$NA9VB׍w@ },f2x֬VT0^C"_eDig@Y :ƷDt]~֢tC8̜A寮Qw<0Л]+.z y*4!r1\.99K\q:.`u<}R<"z(>s/!-?R(d*> hڳݸp$F#g ` *߂0*έ0rˉԜkuץPsޡz oZ[ݐ: 012q2TDrLA;9թt)&Pn4fqEPO&fuRhŻu=M$KXapSڡ&L/?'{CnA?{G)5e$r+<5ap[ʩ}Y}A{UJ͝Cό]%K^r-%P'cfċA!5ԃaeʗUrZ0+^qѨv{Vo8A9O>X]Tn" /oq̜9E&h3@eJK=;st7u,rjqJ]M_ TQ?NuWؑSUB[rYrj|(>sXmzxgꢳKD>n,%).)rm-%\;ʪdl%JΆ[:4Ƣ07L(yv3|Qga! ^ uu$*Q,4YQ݇&%?Lإ{({U?RKmYR*8-*Q1}8J\S221x=kA;ٽ1'<&>?[w$ ^~_7lW揥KՂ'z_vw@% g{52l ਍-efp X:N Ym㸣bQ=KXhg&X@kJ(N@#ɣ-0WZ@E~E^=r`"\3ѬHItMU U*$-+PD4`"lM^WÂRR80?2Ð72N.^jϫ2|Q7Z0MNMn`*g9݀W1S`3=coAЕmcR<;B"7EĔn1:xv*#2ɅG2>F`>rn[cz* Z3vzt ]W΍ϥ;rbsF3|8/Q,jlR> v  rLo0d>D@%w?8]f=xplʮ0Qh4'S,-JY׍c0 lŹfUUX]A6}QН) +Hb/a 1Z5u %طdјJX) 0,=r\-[Lp+ޥM8i4.y´І:Q3$ƹ!{XWK2LiJN-g^[RAu*YQߚJW Yl-hm)b 8[K|4Tk|\C A(~O'J<)mfٗǦ6q|I(6qE5Ji|jy-Prq$pnmʨ&")E; j>||P5>{~/t,8mv?A^ށ3)5%_H*tMKfuiL{`ZGh]ܜdN]zx$֕HɉNO˴G/o;5Uiֵ;-UQ|3Ev`(`6c "'%,ךyxA^^OV_d7l6V2a?ocVT* 2~^|)AU@ O*7!eI i)'SEr%Յ\SXU^!Iڶt Zz?)Sh%/Q[*xƽed2< 0\VvGz8.1[x`ږj.D KS\5l 5I!U&IK\V-m;𨇰?TQ睳F#sވ()+VӴQ :L 1F"] Ai[bV@ozO.>h ֆv FW`<[D x lcf^B\6¿&Q+qt>MtR4$!lclֵ'QJd$H{zC˟jZsGĹ|38`LSFCaeYYWfWBvU)7ί}aE^V: Oḗ*)pm/KѱOQH ,<8L*.=WQy!F_ҮylE1ҭX({`>,3d)zvGT<.P1#Je28/@Wm#E 5tO|~zf+.r#|RPs$aQLsMqPB$t Si %j Uo|tW>P+<7I/ؽ1<"^}Kt8ώw@U0x+l# SxaK>*q)W2@ߝo <(Swe(Pt֛o&D.{a %P>z͚[ƾXo;ReAG*[^CPKw1$3GA.㸋 Y0>6_KE ЄŹ?BpbHyHg 'ur6| "لr5(W`7Bݐ@0A.Z]Bbksim\_LyL_$ qO{}Ģ50Om%vmEn@m ^iiykV$K&hA>8tܓgw9>[Y9m\11wݥD;KGJ 1"?ڄ&F]ѷF,SR՘rA4]FY*҅ͷ÷mPE󫧀V,b9VzO SmRj\~R"(x2*.wA/P?SQQ@RRwLr88"\*_4S |v D*9ښrQjW.3rrmJoعy@ڵ]W۟&7a(@֒h;Q紳 ~YJe8f8 Ckoajմ yԳ\H |+&.d[">5b芟Fze h3* k Uf M |ބuU/sSy.Wshx+ cN{{a 5 3gGkLW.٘rW*ocTȸ_Fr%m{g,iuKI6KN9 EAͶ& =T)GF}rY8zv6WF\ (bbɏ'g(/䡛6ɲpTBڔrm*S}\JmLY&t>u #SeR*9n*)(՟wBTvתּ4qo KenGc4O/ji 9L| %5W16D@gsu4#:Q$_WF ؗ1 e^ڡd?дUֱDGa07?bs \oLT8sI:u\Pg-S+")r&4tkvh Mw5ѩۦhvcثM4%%w"ן g%btXN̽2 h#PAM\= y;{FYp✹ͩ ( dou< d&;gc) dMCKU$nw|i+cg+CLަippȡWwK~cS20 f3|+q93LH 1p\V0@gH{\MRe`R)*R3z>7-8fwΖ ڻGBsƷAq-5F#D/uN!e7<cfHC +ÎbCUN=RIpfU"gO҆Ni _PZ{\oߍjY2LT75]NP,\$PO}NLgT|^.-P=83@Edr ?3We8G@s)Gdy24:XH" ۮk3NmHZzXp') PCH "T<Ŭv/ĀW27w.̫ZC!p%cLJ6nȽ݇C|aӏv.P;uŦ]XDҩ£X*%'(G=b52XMev##3Ǻd6}^<& |RNob /hp4N=J/Z(rMƎm7]r\M1>Heu;)>$=vhW=k$?39-fI3՜ۉʮތb}W'^7WiJx39a+0`)M7Dg<[x4W9;?)yyuظ Tn@;ұ\0܃!3YWTs(rC| ¸Ʊns4]fXߓWS;|QLHpy.X]]Ek|h]R1VR8rRvRH^{e9Y]"V%MOO4-.]I9O[qqZ6;4="lW+M9_]Q6>NHU^D?yZ:,LTF `O 7`-r /:D*ndžda;.]/N°:nƼ.t12 d+rݥA6p{]_(JE_ H[t Ҍv;x] 3esǤ.wVbZڜA|+3F1s+fb'WW.w1b!ñ8]p˲M"վHt4$H<’AW>x;m'jʁO[ng)myV-/)"~UDQU'SYL8[AD@-2Sjj $e1_z K#x]r8LA*P搰S03Kjkh5ߦ.m }̻fXa$]l*.:<70] ŚA,mE423%_@ \ɳt(g/)ݺ>J~ʀU^%F&^jaMj󪟻ৃ~@ſŮ̃4$'>^K \ŝ^3? l㵹jAlԋTO"Xd`dA"ys\*.ܡMQi0R! BJ +!lxCh@r@WMkڍNy8)  5d#ϲ'CGk8BpƯ2YrO_Zfߋ0b*=SV3 iB -omʩu#)H~^hl*2 7RpmxQ;!l߸ @6&oiDCUs cTYnIyTSЗDsK4k@<R_ 4/E$4+lMäӊ-0$GjJxr$rt.uKgckD 1z.nR~8 LU#^J 9$d|:-Fx2xeU$zWYvq@&^`tn!ru LzXް*b"#hsa菇c {R?aˊW^kdapAjOh_cDr9Fb@Sї5 {Vl</xu&\|^P.ޛ'-y%IPII$T$X} Qѫz砄M nUE|(/ \;^ϓ>sc}HUĹ.K} =7qDJz*t!OGg84`9ҫM8;E^AX1-YI$OÊRpr 7pHGD4)2T7~X78HɛKr\t+57sѥRMm݉u6eΝxđc}<cg; .눯IKaݫS9ܶf‘Eq ?ic$U@A^0- ->ŗ3;Nty0j^u/)j :"BD'rH3a su"zaO-*&Y396UBB;2inYǧɚz瘜`Ce&Q>0@[J[ogbda){[-2SN*$v */ u=aQ =[Y^ ]HK(5_ )}Gs}B[^tzv<$ag5!h嵮G߮/rO:5٪>vPű~TE5>k\`eBALQSX. &nOQ?s%NzXm"8Wmk2'[Bw"d$tК9(NCa $O\QVb"t<׈:)b>) zeyRsy>mp鈼_,1$A6ea<t;{tdƣ #jP]l OA*Cs=Rh vFufNC΄X-@ IҌ>O kLR[g,btMa@:Y%$~U䯙ISvR&LHY@x$8v*b~`b!ri+1P&HQ 4EOp7z1BJ#l&4d;ܢ!R'e."<zLX果bO#ɱÀܝ}c}|0(g%[v}埪-rG4gA4]V!);[h!k$aIRff S:}ďހ +^-{VX3gՌ 2yz>/rr^;m@U"%Zv>6rR*MyB1 yLհQ.`dFgFRʺj:u@K5 -sÜZζ `f31 dZU%rX}љ3P<|=A[HRĀ tjH=VR3O07 QD9iR\i 0UDC[,= Uܦ|˵M"tb撬s-dy#;2Z !ZjNiູ*VCAL%WO*ѿ*Es<#簗«`0gL;!e;yO&uѓKf?KW*,b.`1ӌAK E$Xa@OaZl[$ʪR\3;mCQXe >)AfX1KSi0f,Yfu]]"ez 8S>nzX)1@ob`T(B(_f +ydWla73  Bpq<Վ1,Sm{~D9h%V,"3wA~@`;uvէC0X47h1 ,yomjqO|=XM]iGnji>S )堕N{pOO+贂3{̑r~+aBB.a.TMMgF*+"hVCtІV-Y/*^55 >χݚe@ո==X; Қ+gϬyGwjYA=Jd:tCxhOYѻ,-uSp֑\܍pL8 Ge}JôEf(NQf2M#i"狡|0 !iVHQ)<4εUpA~3ݒtkh<_kMj/4>Ǔ.&mv.Z4Y0`)?lNc܉M 3}(}ZEq^iC=\3]jG?b[o *Qv!g$-^EB$Ç|q92R97^5|mpAj^}Wf5rg_5f* Ƙ(q#=M/jbs%|3c+R!N/ӓ ERŲI35ǩ(7.sZMY,%@hS]HO8*{ߎt>PseѢN)tRa"oM.:et|iᄷ'OKytDc>ZzL]F%r#@ 2[ 4{a}b6׸$Tepvkѷ f(R9*Vp{O'۱}_Cm0 + ) t#0>:*ʵ2xLX͜O+8ʼc7ؘT̤ӼY<r|YPYmFFC0+tF)VwmVoG}WR\wV/NK`WZD%b\[[ y!pzh3]t'NFw9+~SϢXCu"oWϬ(SCV|O^ ]@l@G!1?IT L~ ,\Vg}l]w.f?c+F< 6,O.jP5#=mO^W,a7Pa|HOLA$4}ܡ&Ѧf 6zmc]&TT̆on~E|܀mt*7A>* e R!8mg=,lYQȨIEt}4UW1ygS< u`^ %8D?2tܜe=Ķ ]Ei&)Cf\@W.yc*pi*C:[8"RC-E#t<6,vvI -,mZ )H|5ymF'Y {fsOp+Ug|dfm?QEG@J'UIcO-Lxk1'LH3ÃO_`28PA{̷v}2h>.0|doF*ސݍn!٭VȊ:Fҩ&lOTǗZ:%^8- Q'~s+ޗ* MVvj]6吇 *7N4a$zP.8LP3R ve%oS^&,kwZlE?yd, Zϡp$S+wDgn*62C0V4}`$P@$yFX" gdǃp6c`یMwx {uq->{ѳg3Kia^ p )`*pU㖕*tظV*z??e*} L& 83 wbƥ׸Y) i-X8eno=n2Ғ\D#mfn dVt2nPVd\.IA*[Xs06^voe @PZ6>(!әLo.kh*\};[b].!+ߧߞGWB1ݤ9r[YUtx&`4f :5BQ6WZQ^A nZJ{ge"JT KYo@႙tёVuk֋n5nU5 t\<(D4w[Edv#z\ M_1G(ТOj6i$mQ}@4sawEq̮G!RQd0`}5{(k )zC }%'BP|w4_CA1B4 XS^sYG\ȽH%ts 4/V=5l|'Zߒ}(^W K-$1.tVe⇥_v?U+6 FPwTQve0'^h鱌 PC$A\P3EJ{@b/}mkI3ń1HO?O6a2Y.O.1Yg8Φ{ ̈́K.TVDϟԢbx#[pi_{ qÍV}+E{k}}is$$ܪnĿlaǠ-( 扃WIE%V Mf*k AV^1dW 5cKg|vEÙZ=Iq8ݪX+O롤 ̐LtƏs\Wlt8W)B7KC8B3_KT>c!1ޛah0+H D VdTj>gƶETNjM/Ai25 ;C׻48\*-˸M/d^0=;o)rX7|'rRȥsctgd7e ۷@l7uQTo]]o.L)[)-seˁ1ٴ"3| R@;ƹ`,MOz:vGv9mhs;:.zAq[P&{ 0~=Bp qwl2mߡca&E)N\b%.2*lfv[ |S/=9'!".qgr|V`xXd(iç(72t xƧ_5-R2Ha߯UZc? dB!Lߊ-ض07Eo;^]-iSGR7 7fGŠSYu/GIgs"u*I~JiM0]߮ךٷI5RNlZ6ePO!;= pWSo0h)JRنusTԳ!ߠ1H FC)@D2k e]6eU)we&P`[>_qyt5`pPNO4λ <9$ =W}ǪFx?IiFDDu'݈s2o, N͚x!r9^7f(ʪ 8FƁC"Q˿c4uIjv,}u⯸`{~/j˸cſ<lׁl}!L€()A ai?1}lMV2lKǾHW0Sd H03 ֗7D^vQ 5#rBjVSRP\b6:8S;oJ-ԑt <"]*RHۤ5.-*5>u<BNPCN`.by%Y΂z+=6i̙ Cňol&P쳘 oM%sL2_'υH%S=kƒWTu[-EF JK&Sc=/釥 ^`$ar쪉=6N6 69xpl:Ő[(JXFVk{7&^ŧw1;eÍzXk\Glݭ].tD#RW֥ 8ͤfW]m_ijVR!^FE({Вprg69s01Cj~gx'Pes+zZ6vpсw8&J7-ӑD%`2Ww M}pO'ͤ[4|)ڨaTyq+9PT%?sxTi[J*$ܵ)Glt:) C/MGV(9e R+ouh~THVpPBsPizE4$`\Iyn%WmGJh`d_FЌP0A֧K}K> I'5ApnǀL_S"tora.#ێCi#W7K-!/'䵖 N`A5ow5qyFi 8Ɣ Ч qJgPd#wE'{τJxHTSS0P,d1A;k t Y2%I9* |n>vzipq]l*Q/{H1)=鮐y_,|gOj'!l@4r[$']iƐIރ0Ewk IUGٔT2`/m1V3ȗҼN ϖg, urN"t|p8WJ +E򧌱m$-uNBKjIP M>O9,tfጟ-:))Qǐe!y>yXweַ fAn<0quwv@Dw~j1ZZvf8;Wn^f.pԄAT<] Jy>X Ɩ3&Ʋ@E[ _74.UjJ%QޛҸ] }} T?p1mLڒmNHX+U".ŎOP@J~ Hz”.5} [m!QXeg1 0&*~'s "KHWZ"- N OdB甋Pn43}jwG60 l ^­8eLod(LsbYOn )~!Q\NЙyӢy]mj(#t1n_ um).WԉOY@*TiDa咑Td (ڟMtAǤNwN)J:)Akv ' ~sq%ތr夰4ѩY?OdQ1Cq b~gNwHFިTt"NA4$l·ncޕ;i1l DJk}W\(Mk <eIAp&ns(CcfܦLIˍFklt'_uB  o 3m#1NFoS3+jerb4TJٓF^$ޱq~ 3l A4GveGNw흆^ ۋp:Kg!yݺφ8 XNwUL"vQ}A5jFԎ 㝹 4B:kŬ3c۪vʲfSS #F\Šk @S+/GZ>b~ns/)ʘ\c/"w:uUD8JF ek\'Z7qXM P=NysTP 2TF/ۢ{MOSj^7}ҩnQ)Qe 1CH s(]T!Lz䥢x'o~*q6e]xmOu&G'I, Ơq7P-M\o?ar5nm10"aM[@cʧ-sfIsL@זfr1 !b6\hS3O >h^rn'nt"ۖǬ7a=Qkte._?qY-} z&Pt`ɃV8^n/@Io0!BS/ɐ} 19,.i$4+qr 4,m 91 TZSyREדb|ejT*,=n JGG-[IU=i,ѩ26'_@ *sPrͧ>hO1^£#ȹ z!)%9b)!zy7l=[LBSj('-O.dERFj e5, T8`ZȒ00P԰cS/aWR/2=C_^T`Q /G-+*i| ">]f見')bY/9;k,*-%6`c=U"߽߮˦M 4|n_̍WҔjpah?BPCj6#/Oc# ] a~KLX᢮@v,(BSˋj­<6ǟ϶I:}]1 ZB-:j5G;:(!@FCEv:6р=0yŖs:@"X|d<c4LO4JI)GmN,.i(10C^Q1R7$}sJ_uR^as  sֻH! >b9Oʏk)L˯pv\z_)X&"] r+Z/)Oc  U"_n$1~'yJs>xt'Xa 5ƻXx^&銜2@7 >! j㦈<Ёqgr mCq CeNw'/OyyÐ`K h"MUC[1GpPo` W8k㏋Po12IgVt!\N4sў9y pN[=.:n;4D[_-:90HT ț*:<2P#>K`aYDv TOyNc4:Q#(fYjV;$L:U?w%D >$RQ|GCf :H8J]{~|+|f>sFaSeCD4q- '3]=],x\;_RHSvcȸ~1 E-*DduegXkmƨd7[O&.Íȶkص'{=P#4:JB7Qcƫ_6E9 aC٣|Fsqai Sk|+ B'%P&=v5g$q.V\Zfl-Fw4_Z&SGYCsIhR>F~oil#9>I7hOT D*ڐ*._/^NNZ9o=@< VҧH_"fh_̪%we4RTóUnmh0ΉK3ur9VQ~dsDYZs(9KCTG\Ȅ*u8!(w =% ˆ66'&DC={t UAhZm,N㗤poqR}e@s_O5i\DwD|G{וg%Nnz-oITfel.i3=(i"u2 JJ=a2 jRH.(pf4h؍@7/J< ,H( Q2:i5SAC lat$6}3^F'Il %l{>){V25f Zo/taxL(3I5aQ>*Bb`v`xִH|xGgU6zt$ʼn!^rLd!5`㢳lC \M4ȏe"Q_@r4PBK5d+J>{%K^ flc*wPlBP O Kl/f 'R( ЊpMQW E<ǎ8v7d_P9fPydoy(ޓsl &tS44k?bu{xn  t܎4/d2WJ7l*ńu=7nFLqo!!уKniBR= 38Ï0l1˱&r w]@f+IGO,NjBѠ4J 7&:k@̿_͛uya1V}K",Y'$|ұ= uv!q@nqA}?Z|#` 6RhQԫ?&ϟZ00º j#\Jv@&. WE.ؠnȔnG$4[;Ӓ-_r|= k#8*W@(R^u Y7BX> & ]Xk׮sʲ [FSb7uilo!, o^N,F.F"R: |Ӑ\Awn(VWZ#/siwYea=\Un@N|M۲}(}R3)9CiYt]x6A`;?M3~/J48Dz$ 'w:B&p.Ra^t߉}0v`MZ~Sm+̲[i .,)vk I 6Nc_;&>ݶ_[ 8&^1I>HcޔGgUn\;}w3U9E02}ZIgICÖ, $Z r4.\sClҿ (U.džydqS|!J0$ѝιL34$d )7qj~̀[F?GNʻLo-j%,,vr&7$W?w=WUa3 Ьcv&[Z]HXZx-LZB(_ 4e:exK/lk68I%>]̤ٯ ao.z4#pVY1n|RNqc)2 9w@!4I'q9Z2LCJG-ZYN bͣb{yo*5_+_,76R0vGUP4ĖݤSpbĪwXGVuggbR^Wla_siI8D2ÅN}DsLpn3Z-O`SlI{Vu!p_j{R.$1h9]| 8lЋLߦnlTΣENJGUѩA!A-1s670a숕f`wf0~`\5GcIG!V :J~pOlb6Uӓ-GI4^BrƪԼ]Qw!y[r//<`Ę)NBA\3cԕIŴe,0QARFBr2ooD:y[4>U0u)DRkh( L d4Gdӯ͢J_&1gqn )emD^OHYp+G4ő>2&Bx˯WoG3Zw Q/x'-¿\ax˽*4'ȣdqϭ^:"@kՊa҉ OBaVL0ludc3蝾&hI3(>";GT:)rtEjI5K VwU?lCڧ=2U'D bUbSq;A@>.ў0AJ3xP €U1c^H؋ \>Rغ@W>J^䝋3ʸΛn[Pvb(n:e e*Y9D6 ǫ[ .)##z`QSڥ|vRvSHL#MžSh`t)`zM\bpή@4G sZjrn;7MYKYWg†1Z5,a<)St\88R=b o#6;yG`jfGteW3B Uq"Pv.͛Fh3??2Syg3|#xo<&p|\}eNh}ٮ%}0RL?Z~[ +pŬt% tUvt"܈=W)qp>/KdP̰eDF5\ʦPrōo ~t_@LԸ_!%tW10>r`>pshK{M}x, 8dbR%,Xnó+ ga|M+<|v17D̦H@t SK*pO͵p/A>æ@n:vrmMqI`H QkQ"i<c7$ˋ. /ஶəcє'ľakxh:Y;F$*Rq7E %j԰".e .{ -U9R*/$ 4a|sY0;*R{^v{@% eIn"$ D5zs8dq|jl)OܵV7lkmwrq.X} Id-%Wt̝u@n:% Zk?%hJru*bѣl؆{1,`bjZk1+;34C9E0.bsZ W`a laBɤCGhr o+) qn,T/%KoKk(_;`2e)FX'\nnM[i?I 8kA:P2B_O9NjX )H)>JowXR]e?KP3+a%, с;[L(?~( y=_ţ7I\c =r DLD|DDG;++ԗ8 yЂC;Y7c?m\ +sy~ߦU^$IxEfz$rGN9i:zgYl$b"!W108ЁI~f&SE78u}o]SUAC/q<~PK "yBϑoNŅ\JUhhO6XԲ(>laCw{A'y8<ۧ2k7/(ɆկBA̶+G=K#@!hNt;:p_"֧wL 0GhǴ۰]ksnovz#VWACeYݖ7{!L@ YQVá?={+ " ߀[ٜ>fDr[E,mHv?9l|2aW@XU=_}'1s1E86r;;p H}DŽSW ] ʞu!7M9k(jiFI0!FQ\"{$Pa{=a^X6؄W u"֢dB ܭ`.̽;Z$c6| |nO TW|^$э>iJB(udq8HPZPuг0 Pog,~F|nbge!ZAG"Pіs%.4~`U/c94O,*T'lߤ,8)1 kb2y0Y1g[у ,L9?;hVhX`HWlVS69T:{"{KtOʉEC$So/WMFtPՒFggI^>&FVM m8-k=B'`OGvr}]H5ZUayy [[bUѿн֖)RN䑢yboȚQo]<NNj]_fOT_1 =Jk0fv=lma V_޾mJrNܢ!JHZ*R @c fw ?6ܶveTzj>Ҧ/+~ vdcjϛelg M*r/{xLпytsI o1A88A TQ~:5z*b0ϞjEp3;q#,Co}m_a{.3)&dRb L3T?X {Ԏv4xU:Ďy@ r 9 UygR5L ^ՂLj;f(Lhd^|iYe)ڻmhʇs 8^3FlO9 ?~cݗw+8D,& "VH^S6|+̩t*ph<CxĖ q Kp~ I 2_ojaQAc&baLQS8u d G O>"TLT`ư9~ٌ6@TQO2)Pv甁S|EN?_ 7W yg z<~[?so4$5:>].~6ГWZC,Fr;UDݯ)L,*$Kʫ2qL8— 8SXV 40kTQ:-,@ߤy aa9Psq_Kc)1}\s8P N&Aw:x߸%m28츢>JMu"Y@\B;Odזm)q7at#3B-Ki;|mkOQ5h!Od:yss!{gϠ0ҹ8ݛϓ[2@bߠbynrvSX[=D@|*Q=>P83(g5ӑ ^)UUt9MX#?ĘCpBBjdF}5re(|lhnB=%HFq/{ѹg(*"S;'Үtkɻ$s[1X>Tҋt#&䧑Fr+ |GgD8xo|(F&~$ 3b).s'o4{Vo}N-6FqnXm} HƆ2\NS$ tw],--nԻa7ZE@ %  &}6V4OJBWSzە1W)ƮdHq,1 7M^Cwuh8@gXvYg8T6&N,tc%{<; O{ 8[k3mEGK7+hq)\u]k2 5/:1uuP'A`sJ/-^`9+5)\E+Inoe7t/1*,cJ>z{ҿgC Nrt|n wJ~md[kiglZ<_>Y^NdxX[E~ 0'`'<2^61m9O!* ;.WY1(z(ޙ[|x 6 l|NvȾW_}KLAk^Ub@aRzATә@FG zG[j}Pn8&8 qJtN<:B>S'!"*GF;nͬ"`7NY\ȬSgH?Yb!5,;:j{EKLk^3g"-Z&`ۦ!Zqk)h;: %T6xǵie9짝;YO,cӯ[Df̗UYyR\ q 3x*M!4F  'F<_dtLjmJ&*$EG"Z)a 2LjyNa6ai'm7޹WVGR|R c%Ar`\?6>ۨE䑣89;VFa1KwM5({^f$ XAcL9'4ܷo`Ӄk*2$ \0. A0ks7`5Q 9z(5 > $핗C P[ni >FN(4G0vB#S-ΰ6 J)mѵ W^cpsi W}?nj 3"S7?{y⏜Mz yw-Kwm4n!92' +J1N7hTxOKvRakxR( ~U5zkߏ@}p!>R19,3`fz:Br, DpȒG|wpǴ}9|sEz&,w<3Q4*?0--4Φ^?!z@ ]tîG oQ8$RO}˹ɿCZl.*^ 5*}v{[*y{ێS+v9H $inN3 ȫô dcoFǑnf跐S=$gAi~L0J˱\+6oP_ B$ ОYW`?pk3XӐX_U[ AWW4%FCQM{tsu)$i}=z^*/B_gEjDM=C/R2SqM `:$,6ET*T/ X K%2TlJA8;NmNqTCS㵡L% j׎T;΂Ko1P\ q53V~}b.% Co4+wz,V;"-\dLOG6_?؝gY)~[yDbr%-fqQAVn =0$2=n kY?p\ߗo*6&qXo+Őzְ'$u_+{UDon hMƬg0_M`N'ĵ|x9:O.l܁ohz$ {耙x5KA`Y_HV`j-yWLd =B)UmnpyK(ƞsƧ/`ESH(8lzO0NjƁQs)8څġ Q+A I!nR<:k0/ ԣWtBB gRJl!8X10؄lA:`<Z-fAackf0 =ݨ N[LҊ_]%S> mP+2fvQfN@1j K"6[tM);n_DNe d~rꅟXoۨGט"٠lmh;ot2^+kK9XWxsrĒJO9uP%nFH}o ΐ Gl$4y m;u, v ƦPzy )75HҮ킅/j!`󺶙m$4^Əged;=+Rum)3J;OꙹfU(:C' =-KabVt<Q0) sMKӶKh OAhhTn[}fXmPUOjmidr)R},4gpYY uA4€ֶ%3iڪN R`DH\F ܔAIi^h彆*:(OKq25fg!enK$q߉!_D{j?he,bOCZԳO@cdL㘮Ce S(DK-ƸtkDRA> 0L<9uwm}=p/ɕQN;dkd|$]5krL ns-4 k89fF^f͑{tci;gi B;#C]j=iпQYa#uK'ox*m2#Ezmy_xdط9 yD6h. e%*IRX+m '=hsZ7aC,VDxvcQ}w Ws嬤 PCgw2l1`vA8йRuWfiP0~P\yo+4̗fy]vJEmȝػJW!>YhyC1EȚdiY#8ș}o_ZyThS-O@gc҅I;FZxu%[lSXqYǯuSM ^'z"Ƽ}.2 G~y;O)G7v4GZ!{Tj3x%Lxu)omIC }”bc S) @MRG0NEaLb9h N3bZ§ac~;X$x4VDmWrR*@Mֽ`XnēC  2SL]y#4Ji(`Y-e7r^,ۂշ9kՓ3rJo̓a@uocWC!eaDBH%*̏P mrqN,*6lKlgQfLHXԲkQW-N!_@7% 8~%e`~63 [ s(p.2[Azy}|p[ STb9"|:L9JH`=hܟ }TVͬQtjD [p p$1n-"`9F OOe^)>>ʉ(: ,{萔r?eရ͂||"٢FnG5h~/2< >Rw 'ۦ%9 O/xgY bD^:g-iIz0@ }| +wR!ix4Q-12^F HҭSj9J* O~Eon.d.ue`I̷A\!w+O@ Ĝ SbE%}H Ej䪑m02/3ʄ;F;<`OGE`GGe]S쑅RL+.iٴ#]mFh,3l#"JQ \z-VG=bΰx=4/v}4"{URsZ%`L:'} D/3tݵj&Eu?5[ U62G'agL?,M1-.7fg'82P9I~fs@5 kΗa kbPY^ YPL\ &zn>?Lh0 $*d; c@(8=9ֶ, 棶?]ݓ"ZTC&mljd 'Ds`UԝMUE3SxSiĚc(.-8DP JY\~Y[Z[걹Jtb%%n ;Eէk! m1*Me 8X+Ɂu_Hr`Lb-ntygg6d Y 0q[w?IQ =?C m֡F%=]`rj,Pc묝,6wDV9kH܋<=jn:u-j~@R W Xz %ԆYxLsR%>sU0n&1֗fV+1լE\]`Cn-!|Pa9rƳyW3qVB6o!^Z%٣GZ&MD:^3r+ܥ: ('dB}& 3 _WIwk:Mߛ}{`V"h7뺟- s[ XzqA 9j/2| }.qFY5:$ce_tU'Ϙ~GCm<5R +EVb&1sV{H՘{e ry;3H3J Pql uj'sg`LUB,rD\שA{M1VG/9`L< OHN>~fIZYj-mdlbX}Kv' |0J~4*:>#J ;Ou. 6{)my*'[܀Mj~A'+"0V:H"Πw/!O~A Ufc߻?O+(.i`Br E-_cfkK`sLk%q쉤jʣ枷$ Nt~Z>Vo@)nY #ULluEufզpHRLgUpL qhXfb $=Ae|P)>jG&tK1y[T1U 2g>f<+H;G{Ik޸2VWQS^CS?J- @v;_.9(& jNIAUˡ Bwiqr!Y3q\Wq{/*"6ڔ{.;/`.iqO.ZLg?NGk0&; dڒ-s+(`HY1JwS23z64~2+_W!{Th}u!6{tr]f~}Tt)kS,g7qҧA0;r|ͮ%yp;xpHuِj!Tʭ?[EЊW,(bJջͩv0kד˜"MhF~xQǾ"PZXڦ$(kNbޟRZ@MTK;;6rɚY 3Ϭjz,CE >ѧ+NZ({&JzԈysW!K$wGo7fV`:(SCWݾl#ha*>w'?@ܺi3Uס@RKkץ&Q$gCDx%MhYCRܿv2itz|Џ'T բèrHw{juFIsrW=vWajxr@^C9NʨӤC;ƀ4c+4z+pO^ Æc& 0𬟌d^ځ7ދ"z]&p*ơ*y]*DZbɿҳ P:;Qewv"<~ ㏩U?ܞd!١`ÊcxȔ6iY};Y :\#ƒYҶr+6b4WbD/VQn)$:d8nZ Cz1Pˁ`9Be+bio\hqwnu>^keIӌRx2-qgF#)blRG= `0^6%/տ.|aa)UXgY*ľZieNj yӑ-Z*jqe= jEŨlHxoc7MA-~1UQͺ&!LtUPC]P\H~<4%|8 woy=5= -<:Uh_ ~{h|}=´ZS l> iH$!n?A"cbwgInbfbtrJ6rH_)zn\G~Lu,ɷ4`^@mhO~XD?qt/9ϖrEX8%1D9~Њ52uMe ]W\Vl f=iy$'N͕!V)uȦK&D/Y΄pعY߉jSHge{ [瑩4+) bjy[0֚SW\$Q~ۜgItۈsnۮawI՛Tm37]ڦV- h1KF=aeTq~i}4O.u}bvo-l(tR+2q6Ů3 d]{aZOHQbdK5,E=p]h5`&cr2yKn+&2*x%v~VẠzx- k"YԮ.Ϡ=g& ?\+YmpއJ&KǃBð""7?^a12gL3-֋c޴?GEkoƭUVmH4QlJAXFړpVl{?>Dl )+׺mJ'Acy11YVEӔFYP\8i;K)F%:B`^ɞ#+u`8 oVRt#SIvKWus ]1J_kCc$YCXAc/6Jhi%)W;Ÿachtq`7'4at֣/%Wcowbe*&K : g(‰zȀ۞A峙2HD׭&x:740ZTt]X7%0pL7Գ-C&:3o>mW?DbO6ևYtkV8&S1sU%4{f;=TRKr+̡*9N ᐠ13H6C*~6Spcj'= ¥S0Ar0:"Qg=&7?Ls<Bnϛ9z)K<\mW4-&zg.Fzp,>bΉ<&uWt]>dY$[5}\'7+_-&+dj.i0?9˃ZDpvT/vtc7*HRuD,6-E1V,F\,ip<:eP002bRElXL w=PzYt/&cÐ&brQ y!7IO 5FcлQnV\;"屸I~|>F{c GL?6D辨(95]B옾}4U/gK'XO4Air}(C9z'򏑵n$NrZm2h{*6b$~>nF "y]4~ y{qN]ELbPh1B  .!]R0P(9)@N9~' ZY mﴦ?"e$gcxPPiVX(GN*mMصڦf'A /N!Z#;¥8c4Ͷ ߪ\1Psat]*g0"!ȪS=pUwU$`K "I@q CRS0МQ7m\dV/U8ldU Et`W%LZ\Dm^}D6nY5/dI"T2;L+d116=VE &X]iu FO&+WWWMKKb}+TB:e1-C! 7?@6 lz$98K)u2AS r),`qonXh5GMqHi51%Ņ3dD^'hncU$80 SG^>TH 7Vҷ+PsqQ$J>e<$BCygVGhaI9~!@ͻ,DScsm=mH7A[g]74 k`R[`m6)@z7viOF0D Yv + Bִ@< N5ofjfCqjAMBLP?׿48'~̎#p4.Bc}{D39s=n vw܄]J?&yU29n,P0IwQf3,*Yκ˃*;=JFVEA-g w3Ϭ7%j<-\~ϛ5}>ѻoy*3_[N^7,N*W~Д Md`²n?Vi]LaW)yZ1 RS}R[z)ha'>V95K-B hfˤzрyv~逊 Lɟ:!2i«_FeSI?w/I,S"oeM[4\N';Ǜ:B&=όI9Ȱl Tv'8EH>ͿS3CSА"E\؋ Z~V(S|34V)۪k yD)^I5G>"#^̣S(ZB䴟,Ђ2ImoU- DYVXP 9D w2SR˪\nVMYK?oHp g` 'F9h\zKޮ6§Î}'wGB =V(敭>9>ϳ1h/.Czn= ,Oh3̓~i wB;JW%|pc|-maRH'OdDd֥[g@boWxi B=G ߱|nbG~wk$/$5B-  }zuhI*0Rx6/lTHbXK:ҁePJ#g Qݵ=ءd0UJe*OhdRVM~τDژH'؆󋶙/۾i}u0p B!oD.:!Bc0tc6uhzk?ijݤ.8] XԠF5-G,tU (ny4=:>h1{h9l5vǍ&?ESC"%h:w_*IRߓ}|OPto9Lۨ&BGӾUBN LT;~̫.:/ P4J@ppMd5B)#5ZXN>ҫ0w(Y~ uD18w{*-j  e"6=CXٚ A_ٌdSHkѰ2w"? :ܹJ"EQ Q '} {xLS&q٦5A}Z ?Y$X0K_kN`+H m!pxyQO&f" Eul-9omqc&Jd @/^hvEu3QW!}ARv, q v[n\I-Jz08. ~m;f]&5m%!*˙5kmq Ud;q5q$^1l`GyØYС $b=[l|4"yXh,k"Ǿini ;^' {q90~&hbh.bVY3C"NyEb{~!3JB(OY'{)Mի̟G!@M i}üa{~d7Yef_KdDxuE;J0Mp`hϓCx!.ijgg q[{gc똉Sӽ3TAZ&kA;uA6HYO}uᩔ;ƴг´DwT֙B9ѪԀ\c=?t ;!!jhB@,~75LXJP 9׃t׸Otmi[XEuXzݚ\N⃑!L2g3:UU}qH*G_ /ɥ-0?%@GnB wlFG.4&?^fbanL-/e]Jv *噞Pj p<ܑwS3P;s{"x'YDuc0WҮ2E&F,"b|ltvypOwS52nܑ*[S^S$)f.`Vi[#PܠHtMjldR [Cs__iRM4PDEe9˔H<_ڌc_uqI'J]z鐵dlbIM2–?t&s;IScrh o(QRo4  JleJ`OV0Um ZuTjU_MWy}ǝLHh2ZlG0,ROy}}U?ҘgQ,sy5 fW?D B3Dhd9WAџ:/;X [5yq=-[+I̔oҳzڄdZqvS}*?+׳+2OT0T@ӆSwײyj[MrE* .>B՟^]y4E C6uC>K<21h9دCe ܿG5iink R_Xʓig>?$(#;"(ؚ1ٔj mlRZJqI5>_y]+580p}:;.ٽn:A%%)+U892͌Z@_ŨW 'mlq%`EfX~@Q͢$oa57p6K-~('N@:kc  Dۄia$4D_⚠30וSrSԠ!Tbh Lǥ,;'^٨'X0+oϻ`cŻŽ?]]_ΥQ/ %sA;]PP}Jn6=Rl{SۃH_Xʑbs mW\TTNrDcဈ3)Cq ŵ+ݥD@x\1L9 Jbfm\ʑOB22O/R^t"1$czx 8/n[#9[[O&, 0H=JE ~;l/1;@C#{&ܥƄQ+)hSh>UW&b#rt%`8n:=)Ot()kׂ.5 ߌ2) wx4N W?-f"y}"?.J&N?If2y߮ҹ@GbH/b蒳}'4i@ r,,MsW%&*> FxKJ5vl{ V-3b=68o*H9LrҰӘ..v00Fzgш} Cj0| k""+ EӔ|3=4^Ts_bƿ&8 .v/dJl &LRGdk>!< b^ϒ GNxEt| ѰY0ebS?GVL>*GnH\ <Ԡ -f6ac d: Xʮ3$BNN°2bb_EٙG~A}~[-e?+e>;>}Gt.'Ěs̻hKꥁݧ:#(F 8fFia[WvУ ֢::z Ҥhi1c aKbXEV <~AFUt1818ɵ/֯2k ]Uo4slDRQ[|m~iz.sxbNJ0OUX Yeppy-'˦<:kQ\ӷjj# 6jWv'(&SvH) ohtϱA#A[2x%2:_ uяB;oW)Iߛx@"*rn]\ OVH7oi?%Sͧ>x셤Ҍ0N`BSؚ 8@ gȡ>o5x8vAZmza+:ܫ!v NaXŸisnb+ji~ 3ެ?]r oȗDAhDŅZV{z*WF()b܏WB5m(: {,sp] l>Rqnzu[jT"K7[| 7jCZuП[{ u:ծ"6Bh'cStcDLQcBO >[c??GyIq&scjH~?9F@ohkLk*I} 'A/A{HV.x.Q촉f-dOso~j7{1RI*דוw'2B a|"< 3@Ʀ4.$O|>4zxM5~0dYjj%^ƿ} p^CqV! ?b鬄٨ڎX\ӭ\y {/reMygc3IZbb!Pw>!ZX4t'AwprS$dL2b~BU~C ^dZ,u :~nRo)w%º_ױ0S4FbwUk)*^_ *lnvrY*ܢk#ڒq?oF`qvPTn?MXo\Eᢐ_5.'Ppfd GocAa0wg['.6 irFaQxmn3Bqu}K7#$.`9,hF7BH0vT&xii(me*6ՠ!h Z[\O J@pf[@E~N R qY>xm T<&4lCɵ Y{±zƳS*gɮY9zo2٦{dh$v;-lar9(s.4#ۜ&8j~<Ӊ^S)!XCݧ x ;7AKtXaEU~ PE'> ݐpC8x+MdWrR Ws+EϗSMpŇG?&⿳5>8۷N V0AZbKYaۘ&4YCa^*[P!`<])9rѹC TMt*lF5/!0\}kxP V4bZ9R{~_Aڃnai=֏a *=zNYH;ˢ 50X USaueνyL@huJv2"RbM q)S9@0 c* ?yR 4+i%dȒlYZv?2 !%>SVAǙ ᇐ.T*k6p k7ݼX6ç^ΰЗ, A X&ң9SPD󐆣Bbh :J5 o\? GpCHJ?4qPۜj^]m/ãŜ*6 ˃J]j|FT'9OĖRѣt[YZVuDGwCL#Rmtя-XcP }x՝KEfd׺u|G(_$\j&YZ +Ȩ+~a|}UT_iJT?_L} E֦rP @Tu$s *(Ӈ5x5$rOMϜCLOCUm󰗊T 5|?j̈́R4L`oJF]8LJ ;C.$>r)I Q|5Yr_jxNo.Y7ۗCb7B7R2 Bzd~@X! xօ3x2cͨ:`$>`4&ƈ0# `՗}ԡ~˪N^'=IQX-7Z&awGb f俄 $Gt_S;.nk%pb!/euSê͖*NҨc'4לBy}p&N*@謁{D1c&+gt lQJAT܁\:be;AjkG$"ECn|TU.T&RN*I)f URDiڜDdfqdBG'4'L4}FǞ%wr {9i1g>̌t$LtHL66<6ĮNr0 :$BgINZ`gvBrLtv4X;ښq˅1Sمtb(*e Ɵ:*he砯gP 5; XG,t-yLrY_Єfe;Xh'rϿ: UM ߰ 4'8s^ V߲[XoD)bس3+ Ǽ 6R D2;:rjU\P)ٴZͱ?VW]n"92v2s SZI@]Q ]pr- Pd(Fү0> Ђ/~ ԭF&&3}A݄ VEU7O[mOĖNFI[K@3g۝U޲N/OЄ_fN`-E+?{Dc <i>3!TmS7ۭXƭW}ڠM%LfKU sjQ;4ąY& )t2঍<N8T MzZor$\oG:mYlUbB8S#LW V}2zukZ t3I&H>ǥgEu)Kx3| -S;?fXEITh]qBf cu3f#TBfL|tdĽ`?[y΃ɨ H`].0,=J,LxjR>>we"n8eU$cu I l1(a+B $$^;$ж{>-oޝG=:gpDӔ:W+H9/̵_D} |.sJ's4(]/k91%UTFl21k/V`+F!cm_@hlU&&n܎[-{Mn)ē~̥Dr X'h +Xft fLu)BrJѐnK󗺕f0U/)vM  %ٔC= GE%fgcw̮LרPWO/|~;XrSeF ?o}/WQJMN[/bpKzE盋A* 򈀟Nj5 \}l G'pM'îW˥:RN9;^v$S`{}$A:*t"D 3CE MJ@ҏc+vtg6(I\GENYp}v, k.;e(S k劺q؟;I)$SX3XL'8X?Ϡk}K0Ձr ћ-   )d]NHq@quN%cSMsL= ak% Nb῰B/Z٤,9E>dkf+YNxCL番?%նD"DɑևLy[^('h^~Y`0Sxk=\SPAigy<1A?v:1`*jkI1-V֯\c oT[ 8eĒ1!"l'g`bj]qxھ+a| h {(qUW{ώ G&1Q9)mM?Qŷ{럮%pu/7vPDXI -v4_{!hFD4pAPO2w ܽlNA@=#F9'> 1x਷&7@\=<QV s BFHT ~V˚lzj;= r~@iH\9GKJX7Va%WC}VJ}\ HK vYyD0dC0jy]We$۽{A 5ű)/c=J?u9J~{X i!x孛#q_g؊*AHR<)x< 7g~0I +w *LhAx#SKlP ʡhWmc&@ J!= h#Oghy=@T tR2gDD^XoHcּZDrpb?`|㑍:!g*dV_ԄCK}xώ7-{ve#n7<$ާd/&~u(KÆ_79\w;b+BȌ5< o͒;.w\~Sdw7Y;mr|HF.EݷOP^':GPkJ1RU^Coir2Z||ˌߴ&?Ɛ)EٝJ8K a5#XUVRi"]6Z1G{jtrRs`fLw/r BX˄HĆ/R?Y^NƼ*{&*ڻ`&}3Oʲm M׍{16i ]RSİKVYsTM4َyK6$n|1gZ``'!*8sTɂn#H)|8s1N\sx.ࡐnȈnFdt𧟶h .Aw" b^5UmCL65DM*fRIjp. s6E6<.dDЍqCN~[K=8+)H!(3<[H#Ѣv1m$ hi(1B/E74EQCc .MR)֎/_h< ie?#w^ Q-֠m%bm?^a`R|ގ!%Zt& 5frn:JXA<I~m{l-IU!#"Ҝ /lMIs3HF+&.8d(oDST£ 9aQ[Gög\ReF{ >UWQK0ړ%_+؂ %opI ~ژmP\=ˊNݴ#SԝKM J5v"/:=XT 6ޑos+fΎ}2 }* "9``9a_χ0g{{1'~aєY'Vbd,K(y9lnmpa:Oȴ%j*qgzؕtޤz(84o2LM-s!n1`13`8{}̔oW4oѰEfvK w0qZE"{unVnY;)$waZ$ SrGsD~4hcw,(kj BUxQwؽ*'/cbr1Mpa/5jaqbU,)kCRߙ_rPigc#cK >vE8U:f!}a;{ !h32`."6ֵ0+y0 VԄtDT3W V{mI>ĭaYA˓H8b'+5= */P"3 *լڟ{nm-5<הeo- Z}SIMrm9|6W%U^aμ HiGĄzÅ;!Btr,`BYh 6=Qc?E 8N~G֡ĺomAZoOcjs]c2 Q=ͮPC[2V1b ;D)ACrL7zTs`h0%vPJ5CI~#cqPx~ҸxGܻcPAG t."LĴ' mo.x _ 4]e eIHT׀cUЙԥT:l&7Oz JeI\zOVZNMEfǣj%ճOчc6QZʏKȾj2#$EԓMvaISSptkvtQuI؞~9Ҁy9PWh:J+AJG\-@=~hf*LVD8ӚP,:yքw  %3ȼ(y<8Q6q2X#_2CrF!'7?)4Nف(P!5e)J9ǞE#X[EtR|,;9bsB7l$r'թql,U,=< :1{6O8_≐,2c(Yoq?z/i:}510ZoFF+omۯgl'C |EL "I8s"eVSZ Q%^kM̤yYqrc~ i^ $e_˞gP=.[lCV(V2kP3Ѓv=6yʶ]g+|8#bYXGF֦Իo{p96mC*y8Cdhb9bf7MʖZ /]:p4miY]LP=y4.~+#xΪCLDɀ f}DIM.%*ơn 1Us8&D\E ר #[UZk~\wΰ.CEW= #7ϐC N`L<"XY@R&uk CG%w6P/d? nW)8 ;Y4{ |Az2.]#C1# `Z"Y>n.VH_ﴤ;\Ť]X#!1m$(KFkg+&DWdwm5A%.*$#0_9ރGvCCẍŋjpv1?VG8O0tNwhcfSwANcׁT;3* A4ʟ0$R4/|2Sͪꋜn‹] NINFJ!"@3-EuRsD5˛UvXuNIIVrj.fBTPpأP O |؝9ij3ei|AU!LpNI~࿴IצgM!>X zX vP0`吿GT9" X3%CV]º+`\|O;J}ßnZ[񮐞ݣ>a 2E!s0nR]L2j|;5 :$NQF(c:G/uӬ^ *1㫎a7'͛$o. ^WOȲP`1sOv |=ro=>)MzQF̀;br'QU”Wp})g*o3ڶ4A٪L De4g˨[lx)E/>Ws/$vےVdt= YDƑ⭓QkY\Dv112F)M:bO;Tb7'8?m.-$kTA<5Hjs'Tt }̺u[Ռ 8,nŝ6Yʊр~-OUsՑpoV&㠴$v?"Z6 AD٩TϺ6_d lco%PA?NT4~>dCdF4׏N#x h K/@{;,L._ä^\hT BC,[ʼnŒ⺡+p]*@U*;\^G9B ($t93L2m.LrC@BG! xOzABnQhZI&_%` fK̥fu9cNѮݛS`^X FyWXkMIAq5`e5!WQccjFԂ̱(rчĪx3g^7. ?ua̖zc!F} 2?O#R=y#rul;:ߔ뽝o:}{Y^̴":mze9>mo0٥{?!CB-B[M\#FҮL4 "f;q#/W /ڃY !ާ[@d r4W:%:W9qjЗeCFűpxνX䩫B>\:-3LK[j W1 4G%+ŵY>.H 5ĊOPְmQRu-4@ִ"f(y1} =Q(o,IIk_b'G$!#YcHz2Q r[{sQ1Q^~ꓡF(+r3HKKG#X)Xc#M XC; wg}}rZK?7>~P.RTUPgk=)n05&iƲ$+hчAxJC7Y2j" a6y9-ɮ'fD2У g4euųR|牰,!q #=e iR-W' qnpU%%3vW#h˙'ќMI?(Lk%f:,{BnW%v3(HkG(`i 2f?&F.yq;\QIgvknq» "މ.Y+'S+V ai{fɶzg1B8 CB\ٍ,~ޛVDI~SDu7OP78|0HV4H9@tx%/y/~o% l:h,5tl#+OH1+: LE׽έ=k|r>ԍ?Z\w3"5Jgf̋6=z# Yo[ktf/@DStfEwj9ޯ⪔`J:#,F^GCy*F mȆ͐1]̫WG$j "SD}8MBy8.(M$&Z]sZ7>T1 ?>4\aH#2g A/\"c^a__W([g{N&,wsRl-d']BZ(2VP}lD#,/z U7l/p3PDQYhq]I&`Oo̤R/ MyE͒5A 8H tV9[ie"2#SUʭ)g4sEJ/qjw,vMM/UyîG/Srs4W _yWSG"c*?_mG!ahn~szcp1ІTض% 9l͈ⵚ]@Ń7(89{d6&wa2Xffhpq%S%Bƒ"Jgh`im}\hZ#r(GJp&qIeզ(ס0",oz)ӛFr+.n#x!s^Os6:B3N˶r>{2'% (u#&YprJK%Q$%ÐvL;ڶYxu3$;6EK">^J%Yl#\?!ac1HIezw$KnvȔGQ"̔T/J%J!N-^GF^>%zPw)LQ(Y.OMMBaC>'͝b=ѡo/d1(% Rڲvi }WgLaB)0&- jF?OV[2o/\IY?f:Q%LK[*k ~$=x.ɻxҫ:&֧-se?aMˋzI]`J'x-qi7Q0-r, I?h;ANY'E(nso x`UJ#ϲ7[rMH G8n -ȫ/]fADS}̀j[ . l`vdbyM0Lm6EIi&9ѱȵ(֎aCh>]ҀwqOd3Y[xZh0p搤Aia{sU- %rlƒS X(:fږ/ &QGro9ENZDɃL^Td:hNUK_l@,q_z{ꩈ2 jjWTcs Be }90ؗ`W ]zB⫯ ҹmJkl:JfF*W: J S,!0y:j{mYކ5ziMbC86'&|||5 |BJ85_ 0tZn~qÞI',|Cw6OUbKla3gI[Y.1AB@ XG1Pv&ڥ7 Sm*{ZctˡYevN3 ܰcR֨:p eApgdx`b4K9Jg:nWާ4[*BL$5Oyl %#ydU",MttzqzJM5=h c}sM9hZZ`xLx}vOr dS= H0p4 ;IVV[ޡ$xQAf{3M4Έ/VCQȍj!ZrлZGl&YVoӐ!U`MW.RCQ9G9;n]O&#fjZϣi^V#MQBL<6ao5E#TQu0n]۷H(\bT_4?BԲ*:O:rxCG=.'SY_/^m@qr!Ɍ҇tH8ҦkY5 4 ZSvTx z*P>:lQ҈qA9,+; 䲱tQ~},#kMf#/!v3cԍ#!Lh`O}Cy<7 n"ldԲH`S5N5w;ӈh9V㭏ݙ3n# Kg 5@D4!酖WB)}qxO5`:@c >GO+Ch$;Tj*z\!DmN1T4eNГ@TZj3']9H{sނ& Pۊl6" n§)gnݩF:Gஉ:CAƗcv2GJQ!- '> { vׯK(4t;Fw<9IhoNڗ$(n^! T~13Q0˻D)Wc/ĹAa Dxʷ޲ wm@g r_ĭ\z nY^.vdķIKץiI^rtz]?Rpx[7We4QЦoDiwP`8\sy/z碹h1F`"Yۡ=H[Ho$x%3,2>&yٳ_Mkܰi 5+"a4aYnp@qRKp~(|b+9&{%ݱ'ArS80:5VNXt LC _N;7|-$mKFKj3Ĭ7H{`  |mO5 "Xoh]2!c[6&(LooJ A2myBLDkw?60vw=gd]FYu\m[C[Uh#:',HǓ3TwY^̶iFB/KE>`@"@ŢӥzW!_x 5 ߏ;*54 W($xMWѨȇ)wc-[^RˠK(k1`CۯDKDfPOE^N ͍_<يd gK֢i(b; f`~fr'Lѿ0Z|TҰB:ި;/滛to75@˻ltǥGu9j o^-4I=K7c2'!bPrffF:Ӫ]10o.R`BFb2q̓BXC)[kh ˒vx5lF\vg<"2Nlr=LeL<XYqI;ڰ2*Ȓx6wgGZ|p\x8#\GڵufD}u5ϩ( pB `'*dp* ߘ{L_3<\2ɕ=p/d@&_*K8GR.}71EI?X?B|-w=O0W.t:@Ѵblqr%ZFK e `FD8F&^h\ O7:S3e L\O}&zQ)xs @*ez16;@N[}EZ>u![c7< :8 9V#} k`lρzNm{vhA8ADTm^NÀ=D o{((l rE+dvW.@1/8q7A S ZGL Pu:Ӵ2$s{Yg3rHC?f]\?fA1Qu@CSڭe^1Z)xSv5JC٨/miZ#&QINd^ǴCRljab0HOjB5rgIGc X>?LJ*w7 JZ"SL&ۯrb^whO\MYy- y/l-g.ВӅlWZ1-jpma nN6ľ=]N7<1 vXc(?Wjě-^6h,O3Lif⌡EL-+~kcUBC̀Qn-ײ`EXZHj|G M$I[,n v1QDY+>#,b `;jcYξ,=zGyeKm~j/=C ˒Lⴅ_DDdZz Ԅ^VPBڸ5H9`kʊ߿9ڴ̰8_Z  oPr3)R8ɟ gRe抅g嫂tEB]4l^AQ0V1'bq-I Ozq N[|{; UycmXmUb`_F>}E%ʢhH>y&2I_M xq@mBz{( 8f96ٴiEgX ۛӤVi? 򨒥Q& I9%OPφ26!`YU~{hTv yR~BFyTBS f| 6# 2m<חSR@c[Ӳf bШP5tL0xTgXE #6g9vqs5^\u> XZUBI{`aAmI_}ʔĻ :;V>Y{:{-LXZroX9[ rtdIa 0F^}!?icWxj hW'&q2zYWhfm=0YJuow6 Oo61fn=&l Å6 =Fe|/C=o(Ŧfy S2azrM>dhYOZC-ei/JF-S|Zu~libcu3?\^a︇UL^eO&n1:\zkdW}-Q3? 1B<fKwɻgm:MޣFv5 K> $" 1SsAqR@Tlb3CXwu`~y=᧵B#}?)} 6hz$\D$\"AA(tX/c*õB_,Pf@³*o܅WpVBxD#SiZUqJA(_4^ҳ`v`.dDoDg` %NzOB^^ypJ~Fy ' |qF'՚F?}nd@jiCh'_%dP+$)X&@'"\1LKPW&<;'WW\D@mZ>hTإKϛDiB-'A]ͪ3!U șks\]ǒ-VɥkkaӉNYw3uс,Xew!W,7VK@R DL0=b$xH{Ÿ Q [Fax7ΑGUowנfx+N@bmՓ $#l/Y߀H s4r^^6RzkCٟlu|^pdIt˸,Nuij ƺ;r6M{2n\n."bי/e@/O$w{N[Vc\^%_&Fn}\0aDc 7#E֊ q3̆1рһJ-"cBZ;-xPW#`}lpD={-GWx>e0l$3z&uGi`U.%|#a\jA)OX^2&IjZ}e,Veկ<|ivyڋTHcuAtuTՂe݊ .B*}4! 5(Gn^ZYKJβ%'LH/3c8DjxNՃduJɶn\uM֯BO=k24:SeԒB!Ih:i{.y ֔&IUԥ3|l8r`(󨗤MKy]a6a({f Zf~90}XGsZֶ9Ӛ1L DQ%cncTOfgqr풟flEb8|Dmc+'t,(;d>:> hJy%!֭QmG@dځ>wp^g<7U\=\)cDqqr!U:"RSS't'⁽vS~BDc1vG*~;4\W_`ÿw+(Ow\$OTP׋GFwZTz%ݣ@Rc m n`J/"ɩմ16YbCC}e<[!+\|nE:3ق,:BfI5!,Eآ)OA6aΥ2KuDAJq|2OP:xoӁA^fa!#-Lu#? Mڊ"~zS iW6FۃP* {J%;ZF OxQ g=ŔD/PFX/뒻~ˮ5VJ6|_U%;0FvÖw bH=)/7q,+TG5{j_!0[k8nP!Y*1J.GYK"> juwO #S90yy5 v}<>lBe> G D)/B$$>i|2Yڻ'`t|wlWb{@T/!zh|ڽ68C#2/VyvԤZD:&α䄂~smSz ɘ B)4.QcL[p{/.$£.ODW't*{t? d!PZu|9c*͂W.x`i[v}*8o ,Pnfu(`['~6O fLQ]j] Z tDbwh͓'/+8l( 6j3NXIj8N(G,e-e1&~:mbiȤIJ6Ҁq OuŽĬq/l'$^e_+t(-В7# >^ygysjP^$Z[&q > 8S}%bK`&c*wev}wk7TÖ |JA01 Qpp ے) ^$=L"Ò*8nv\f7MV@RoYh8wPiۤ\SiYc<G&B Ynz~D]snާ"%#y^5ޮ.;Yx{Z 9ۅw8tz3w骣n~yf잡_Ҭ/*;?iնryfßpTb^bB:?AHZBaBC]Y#YE9N6s(+<49bIy!yk.\a}:s JI4ӘW >y*/sRu˗V!4$-eF+\1I&Yd01֠Klp>.{jkf~SlӛC7 %D8WdH!0hkIW#"緯Mܺr #EdiPNBY ߟ?v@ӍG6S$3H&C?]h>ҩʒ?eP7AqqaYh](rMuޚܚBtT C4~|,\*JCsZ|_VCKA+"w9>7ް\+Z%njpn8n)dsc1\2k?ɶ"f|-0aM6k5zَWTu]#Hiuw]TU _>OMŧӋ*<`p R9|K0ܤB`r>FU>zPG(0b޻1jKSqTșHJš%GM흞㽕גCקqZT蟕;IF] ¯ #63Awb׀ UXbZP_ O2WrrjO&98FqbD]s5ffr#f"@XA## TfD5‡F "h9IYy$;Q "SANe1Դ7 + :EKN>RZ &F:jՅ ]< =*^>$5r@_6.YR8<[|:ˇ$* s6"R٢MDVw9I-FJFx0U$4QmM`Xj<537N kP`Auv<1'-cEOzY(s|ЪQ5FElW8Vjd*:}U/pia&*pQc>U^*}x1n`@a_aO@ {P.ĕվ8*!%54P5o,'C SJ? eqJsepobI4>5I}4nIPhrO{Ƙ7ao:Gfvi/FHyaqh +55ESRѤN-{wSMtź'7hӤ2`rqdV[m.igUOg7A %0ôDHW>c=]3=-+\0-\͆J%s:-`u-Fg-b#ޙib:uJ>"w]+ )bA%md0%Rg!KiBNk,ADnUTr+4_׫ms܍8! $?ΐiSOט 6Ҭ}8VE+"hԽR}_}vkZp[kE {v!N‰p:Fzd;B#YxP^͂ķ>e AptYzhh]"ؘ\?p,{[V^,~9 XRCӢVEFbILGw4j [(p>q["}34|omaLUxMp2(%ȱ +%3NUZx&7=2Gc-jRYbFIţ;2s';mwÅFižDH nH1wİ'#ښ<ٕx~أ/Dj _0'Z~A,йF1UBM }{@"m Hnbm#>pv2:AH;Q#UtLx/h-dނ^q &;!oMd:t9GY45|GdikYZ5[$BZ> T.(p`sk-g‰]MLMo:gA& 䁩&.S ;ri]rS>͟BoEƁUD)9YlJo r l*h]W}Z>tw#ei>wS^17<`M:CڇY>a>tmkޭ2!Mp'ɾ=k0ȝO1c<&sO\qLaL؂"|4ְr h1t͐Jl;1SȫQ.=J2y8!z1/őJKoGx5ʹIe, SHaW}80~k܁4nPa)]~ h3)3ĤU9G9GtMW XWOИ$-k.)99PY eޏ-No'g Hj ~3e).zE4$f Y[OQĄ=5)MniCܛC+A"%Q ("~<qnxz܏JOw1 aSvTNE=ȕNi /+y>]tB߷&2zXG6_v)0b55ۣnvzT ˳l!k8V~&БqM"kY_96T|'׌ oX).TԦ1P [@)qkmo.qVBVl; $dnFΪjD]I:R_Ab;5E=x\HmQ~4~kl g2Lע:po,NHm=cgF4G[7\ f|Sqqj:6n{/*RH~2F=lzNzi'ESF%"6zXpaψnдTB`j({מbC8.Y\׹ z 5cBByrVX'nq\~ RE' Je G6Q1&ШWVnÛ= XbZA S.8;B?鈙Zy\?cN A8=viatjŽvh?]^Sq ݌}+?W%6Qy g}|Zϑ:S.,AkD65z:RӶg1; hJ+y\3Y*#nבzsǿm^P9(){»X9pܟ yPUz>z8{{ʱ$@[gURC[_thy"J/:+ќYISoF-kdB_,1f V*e&If~s5LKA5IX+~_j"xފ6Qp|Mnҗ>1+r۶HHlT]T0+F<$C_\|/X8}WXӫ1 {cAJcqwV;?dҒs ::)t|.fYJ9GBЍ>ԑGEŖ>g4H$im[bZ'{Ua8Ę`raLͽ_)Nl{ BvgNʁW${wC20խhKYᚨBRv*Ռ*q1S;De >Sy)KuMjN⮛dOҿb\f?A cJ}9Y9N Y}Dj8|s8"Pp8m.J nDXTCe; UqmQ+ hV4$b~#χm<S^|w;(8~1.|=9N$* h [x~bb8^_<_ x8M'ެG\۴P>k i,.ZɽΩ^)6 g i2NmZ*I3`BeO9փu@M 1X\IF/f!iʏ&oYqHv\ ɛƋHd 1].qc:zCHh O4HQyHMA57$| `9`pA]CF *5"λuv^$\KśT!FMb"l8gU1eT.h6. 2/xxj%^ NX6Lhbz 2lelMk 1c*r:\݆1@,jǀ4 '7N%~"ZX9i3rdMĪ89%wAStCqW8]Js_nP=)*UAqH/O­ /"%xW CO6^bfȥ}5bFHS[8+X *x+пu!Y.5|5uݾoX?lIy%2VXYl#;>gMwDY"ُ)erO5C1"tImu(=\P`$(1f`)(ZIt]`ӽj7,B&f(2$hge90b@X>vIb@iyyoJ$C)J[hC.M&fE9y/@%9;ѝ$?5H}+Qӹ/W;HA̓˚U2Ӄ`+06MNQ½ }RTȏ ? Iʎ %}^K3\Y//>hG%=KNĿ—1\ KI):9~۴Jݼ:'d6r<_ (I5r'* e>'k 1͜ ~+?u؏Tҋ7Y $! Y.6ԨSM=:R\s:&#\ݑ)WKLQWSo_Yjڴ0VvۥY|!a14WVpW8.I>\j;+‚xԤ$iyoX.gvApvT1pU@6B࿬Key=qp݃Du<&(tTxH*K !V\&'w_$02kvlvuf!)Sz*QFNXD3S>(E4i%wƜqRd1+Ёw6Kb|ǪY9Ó͡T9bΩ + gʀRE<(u/"lTXx2Tk}wGp . f=e]acq!NEḾ`E"#m!wA*"+bB.\dp}U)\תcLMp!/iaHM<Ȫ.bY'B&xZvONTWE0!}^ 5'%_آJ(F17S)m0I@-LK%Z!XbZՏ# MdNcκ89AV̳({Wί kXd;IQo:bG Վ`U_Q[IrF?`/Ȗ(8[TN7Rad'b4}cbtZM:(~UU(1k!-dRPɱ:xD$ׯS"}Э0v:3fBU#VKS&e ٱR/9DCEq[\)GԶk y'~jgNBh7:PGo&'aD쟥HOTcX e ȵlСyE7dPݔ F3z۫K Nar0=AG;j &zWw5G]i'3biX\b|6ڂL';O){W9!Sw(dQWאc(֤.F]1!;-rQZ*P5[AGBQ3[Ts}X"lXGn\g!FxS+b@J[LA'M77g_CQ:%k!'=;OZ;X˅Ҫzfvs\;}UJ}Q,>-ˌFមcnO XDeB/+V89Q#m:mVV|K|z(8Qڽdeϧ1K7m== Ex7oR̰aN/]qŀI6m:bvwf0L /Sѳ_k,)d^:{1{[P;X^?\w\k_}> 7)kwL=Vq<%_>i`j+2.dH$Owy*xc7 //'CFrec,0RsnŧuGn?-# 9G0HVx;DB[BKyCaYШJQ$8t.E~s=(oC-X+1 5~4ˎ-Q.Z xOyQ;!sQNz2eMk]f)}ġ^sl[ŭ* :V ri(3;%wD' tuvF#Ȣ,"3H *DB;)aRMqG>tKzi_Gg)AP\dh̍~};]LZeV9sQcr޳|vUFkk7JL@E/yK_ڮr (ChG8.>?vTkCl7?@~ŽN B銩6*5dMnAfU1c&^S%Kjֆ!MEiV` (Aqm$(Ҙyh!%GeG0I)o"Dzu1~M*;j1PŷV Nd\콩tw7!V&w-Q1AdVPZtC;(gkLsyIng"<1nMC%"LZ)K&4p/M) ~+?Tu/_X91^8%-r!˳:ϕ腠VBXczO+Ƴ#?گU3v޼c_ ,_enQL~̦6Ҧ8/:e_3 ^P+͇(~.cGԄdn-"K!^5&k8%oqk=C38'W(rT9 ->VAnh֡,4>*j#@27~ !ab _?PkWdY^-̸)mh]]gƵddb !]~l($KMcҡr˿z9q4KR*n-H%HXoE>$R4gi킮@^sb쳚ElQO:O\,T0Jj.Du&#P>qzئ4{Lɹ9sǨp'n!6OSFhl۰k0L^^4Z)kbFDrO8Ʀ N|,i%Q{T@? W5iWM+:M,''.Q浕[֊{k@xz뺑[eLwk*dj!vgp,Ӡ[7a%Jcƒdx tV:*F 5Rep7XK|CiW;6"ZU!MjϠ>%GcZV.V Hr{^ CsrQ);G槳W u -y5U{N8VnbɌk!:U1 &T|{}~Q-h$}aWlktg؝Þ` 6!/H(rhњZZޙ#79Q 4+T,VF#C/A1#5HD)*zM( Y+:N⦋Q|. :`FȁLUE1oXS-;'`4I>O:3]VLTH(c%X%.YMQ1 G1f#`[2"7m@tyK)s7ބM 1\Y /(_U z\2[~{=ۛ6+FxzS`oJwОUj>@kzRYl:zt3)BjڿpM|CwSc=A+:&wt0gSHp?iGUߚMf;%J^?2"wT[^BtFC%ؔj0_,H˶Z*18V1wNّi$"+tj9G!j. rYF>r `_ZgVpԙFqpʆKտijF1N8 Cj:O`Zw]ɱfV;q4Ԑ[Fte ]MԏՎ(NUi PE&Z%ZًR-f{"q빳\L'g0hWÜN *xpi2*Ê0ތuౠ$Ub6#,'})۶,<3]}DN#e*?Nwjl|ƺW r*w)D2N!d]iƞŋ ۊ'*?ޑ GݔKfVep:IV;8j,J8d @sSy X6ױih8;`O|b\Ū x΋-\]EtAYAGve-AnavVgߑ5QT5Rмy |c6W`c x3mԳ oʾQ˰1:fo&ޖ#bcr%!ۦƉmOz`h e`Mq&Av7 rUp82T DOv 6sɝq!#{tba!tԽj(p9.£tL|W7[ Wid23w^g*-ai ֲHJYdJỎ3aYZ ǯN3< s\螕D6L:KGo\&W.G4ݛ@n$ͨp: ]r.d/FTkT( Ŀ۬>N@ւiTV.Q Ʋ 2ľ >*0*c"0ĮDR@fBvoJɾgP"{fܯ=}i]H]{cgBf0ITkKy$r@PȉPn-!#IWN}n_]5!FT QJ&&@R(*zm\L- sNO:d, iכe1.Ȭxew+>1ʳTYWΌżt' fi1}%RuRY סw'r)|zU?`^[_,L@wwp!]r} i~6ƏEԽTycH PXzJ3ӊKJ""YXSp7t:Gnh|>*uDq-DrS0x|З{d$v.vS895/w"-'9̩(}J̍Fe9̱YsZa 1T5f!T f廍З `tʶ? ;d`}gmPCц$bVK}Z<5?0/\(_ZC[Q.=d]wHW D ;mA* #?7-0Ntߟ.%*qtqƆl_ΠwM ,XP8M@"_L@z0j%># 72okGmK9f=$v<8&\oGݎfifI(<^Y2_ݓpMجN˷J }7or`YĜ̉gPі5@Hch7TM{|H1d]Ñ%$_ bjpUa^}Xpr|mRc1g'vcџ.Kxz}7ji U_rj>@r :p칗A_ȷJ$粪LC;C]*)`4aX\$82Ȱ]\w,wZ_Kzo=,20/Eo| l98?Bf\qKt%G?Tϙ'hc;۱uc3OT~MHc&jl9+KmIQHv-LuzUhy1Y؟aM}arpEk;DEBE̜}WxDwYO̫\> 脇y}MIí#UEHDdge-As.7IN Zܔ={UKgSHg2smMJ% Q3H=gz_ wV|=b>'Ww>-ˈXfMPv7 44RCr1k&k@7-d> MP; {Ýܱtkvra`>U8u jvKk Jo0ltA-A&yOn@ IgD \tp":o6(F6RqA|?1)rj{6޺މ  zM9)Qϼ >_0(])}qX醐i$lVDBG씱0$E/g$iZ]sغ }esa>z6 t'|f{hSv îH%XZXߞ&1Pcr. p[:\ e3zZE,MN1ibѢNޑY4t֜Amp>z$C/J|]OըL0KWIVz2eۄx78-DE8D1}C_c3n^BI.ݷx(+E/^D>_r¾`E#3!KԹ#F((F ԒBUOߟT$rV}[fN*]Vn( 2]ۢ}#aZ$Z6. XfwMj!t=i7 J$X0˕ }<"bb' @K1hB1̫p|!]-q-|q$^R+|rE?U$Yk ?K63Y|El,e oL Q.@f; c b&w2s1d!h*NZymy;2#)~Bvz5s6%ĈQ$}oJJ\a <\tQ*=0HG` _ҌRi`3Q1>{T T\5"J^ޏ._&iEp5&(6%Auj~;F2LXJ*}6 ϶PqOz+X˹_R&iUiNR>^ܼB53om*NC%LJ}\[(Y邕OC-Ӡbc2A]R;4y,D$ oWݶf^n'ޯOhy!0(% a&`H%R=LAJNV`]S9IYt,FRf>st+.T_&.3`?vRJ9q!?nƿntҳʢ|ÉbNAukh0^sƦ)U/"&qg&܊eu+Ty0H1gm1%0%Co`c]'E~A*uP ޓW$G=26g`sY>Dr~a%ڎV#R`ؒO]&]R&?!ٺ&4ZSlPVQ`y]Ra{@[}Fڃa#ny('ؗA+Ԇ݆qF>QX"!w_ٟ^I=Oa}d.h5缐wM+L6x.f\B[H ՌMtqM @ŧ˜1JNa>uS[ьG LI!zЏ?١Z,:H]M 1=nI 'P,- rnқSYUR l {"]$YWz* qE a!*zc |)$Ti\f WO#C Wt5oӿ;XUkJ>U/S D0tRj"QpbMy,=$0yXZō Mޗ#?z쏰GoM%V%zGCCŰh_>YnA\Q1K&&Ǎ]̥z{lHxF Ϥv;7>,FkH| lZ[#TW}NIoRnJRkD? ޑݗڔG"0`}r '!,HBSϣJ]9H.mVn ec(oOo!䱳SSģ54BQ.VV(vP[LeqR ]hr_Q^(o'2_yEܝ9G_Ou w i1֕3f_RήK;0& -*tOSno[N#ÓU9;d]5tY؀ حpJ khTx|;3-H΅DwY`k_caou0bV=(CN$"B)o>sG]vn<6\} t@xOa2{3D=l=Kni0#8eu]Oc\@̫g^b@s=h[62ږ\ Mkk"@7PHLx89!Mz(p:KpQ *'oYXH28f ^}2 ALm&H# ʇJK*7=(<\q¶~9q&E(%9"t:O~3X@םj3Pp[Y 1 H5uՇǾ1 k TرMC+#>^7ԛItU#/1 O%dDN U 4t붼Iaئ+}3^ٻgd%'iaZ$@_{*MN BdXk>IrzS/s>j5-K?}=w-G,~QqP*x|gi4b(&oU+&[:>TLI- aWnB~+t ,7xxM+ #}qLxh}>̤k|o-QMLp# _qaGsf3;1{ s&U?~Uʞ6o2ow8B]qOClhcj_}ӡd,[pE %E% 7N9cFmЍF;4%z&"]T'k/c.l3߸X޳88uNخpo_0b5p($ctR6!"2(GҏΤXƾn)H&e۠H {s}-~z[[g,j& vfk; uU8p oJ VXOARxPjF5 qv&JH4n4lDr*M#ILNN,E>Zq6ׁ%6`)F[:1\,V.Փư ZL;:|PG{@[$%Ä, 0%~P^c-xԙ |^,{{?_H>n" LJZ1V~3d x+ /"=etQahp=U˜c[w8R_NOWs%s 2µ-I7N19P#AIDxyۈK4BKἏ[ &0UZèg,RR "8p<Q6((S#AAιÕ\tݩJm0>>&U&x(`qM)278 J]VJMh179&c'P(rzL!?1~>ipdžoei{u-$UpML!m } Ȗ`(Ee ,p0oZE8 RևT?. PB/h|Wŧt|胯_Vb܂LP@QS5e$N]u(Է  ] + TkW[n)Il_G!ܚDľ#-{,09)7_Qr(~љϫӫqK Ǔ~Oi^./vAV=lAE/CTU\@܎Y /GJo@/'Vb=Fp@)R48;y|?KC>lg䆴Tοˬ.ޖ'f=azM1TOr/F'; Anlyoƭf3a.2 m}K,:}{b UN!G/Ko).o .sJIϿ)!-%l=~Z*&ha1)dnj痩]UкM*<ދPn&G'o+ՙdXWQvάs0?}5nP:AfU`j|?/['dٹsԜLUO-`#Ӝ{&Ꙁi3eQQ9A*ˆGW(TPtSUܿCъ}jU8>!yC\Hc4MR+o``Jkø)==!8tRUx- 9es1#C:);OK'Z#q[Ǿ#9.^Q?lT2ȭw,'MjKB)0sb' z|&V!Qth׭>Ctp c3!(;Sɇa{4ׁyP0 wcĠE: jgo}E_~NNv69/ŎLF槀KâĘr1|#UR1X#m(t|nxL+#wsCf ekR$Z1rދ J`Lb'/xX~`Qڮ8[XH[Ye%WbtEQQJAb-\n#閾E/U@5 1>CO:}E Ԩۜ?b=f@W׿×'rW tBDOY#َh :nrv;sIq ?C}xq<&>@x9?ӰQq}|Ȉlqc2؉E02/\|6xC!ڝWQUDWDl V,[ógP5GgmM!R9nrjk`jYs'ߣ)@I;dH&'ݼ%%y,nx'y%cȋCG0쫢 a{IvOoEخgKQܓ?3KqT´.oSGE "2Az#:དbIQe oz|ῑ)"]*AmLFa]i\ߥx)۷SS|n* MKPS_e%~#~xgyBHV3 m'YY"斾J?d.zʴL[E"}| @a&A-AtMZ%ljd3@IDvCisWytZeJ o/I#q(Y$ݷ]H{3PxYQ9OߒlnrOu E{:-'qbD!omig˱139 B<{IaQo8b- mn1< ъ0IFȜWaJ(up{O_o(}vgO󚢮ʫeTۙR뺄N%_gȂA1 ƿ}_+Du>scK<pw'Qe0PeqA(J]:zz栅)O88aꅹL8K&1VDC!Ca*Bt0 ?o3W]t_3a8kf8o5(9S -ʃ\8%0CcFY`\m%vpxxˡxDKJ%Ap8!ZU5UOVEIc؝gQDT(GOM|.jV*aJ `?h(=]QAB`tU9VnƧTiSsN–O F lqރ>7.V(vc:{ہ7: u\E?fDMsYXߴY =|Dh[X@Bm0˰:'P!q$Rڰ P:OҞ@D0 ,cc~}L>/"sZ$H$R4<71H v |rtULQ]l6{W2PHЖE|޶?=7? yO%rM`4"ww!IEs@3>^L<)&% %&K0z`]VBd3_}PT/w .30zm/-%w٢ +>W n|̖@B8g:k*}Vj}EѱGF_tJD\yKgAp9gP`:B =u6g Q7Ii=$ϏKzSQnÄ%-nXu!!bkd'bg3MjHCKq[3rt{PXO}>>nER/yal¯α +;>v$EM) /eMuakU?Ihx"G"_ X`/ȣhmwd:=K]#PBw$}F>s fN |!^PF~+ɞXu<|s|DC/Cy-j \PF8}=V'wsx M>M\ޑʚ뉣pou?,,bAٛcڂ@4_@ot:F ]$#}Yo(WcJ@x8;j1m/ЬIPMt[*+ɀ 2$}a({?ae m|$A7_q—5md& q·~YijKew{g zn۪P8l6^@PȣJ&%TͱdZN؃ceۡ1w3^xF/7^t׭  q~v3НQIT <*'F&(Q x.XzYCt\2c_8.KRmQN+|[{D9 ңj`G yF*`׷J8֐;8)qQN(z7$V;L3\WZ_S?/; zyN;FS$d8&Q|)jaNT ~XG-Qx܀7"]`ZWpG9 X0%#(iNd[& (RP;c| !jv/ *I!pJ K}w VEO-4kYwĺ&FN&$|ޔΡ^(Vt2%릍oo( BE&zӸ(Eo>kguC|*|\|aP٦C<= ϨߠkľuLv-vUFd.*