samba-libs-python-4.9.5+git.187.71edee57d5a-lp151.2.6.1 4>$  Ap]x?/=„3iIwՄQh/\|;^{Y |nirO"6@6^}?$ϝ ,]Oziʦb->܎pǶa°%X^K A,|\,8yj%Ӂ͡Qv!r!Yہrjt8k Ⱥ+roqA{Ꝉ`r VՒە NTng,j,@+55j_2h)Q콷b)Q9Ҫܫ)qӢ·ؙ!>p>hH?h8d. : ]  !',4 8 < D   (PhPP(89:!UFbGbHbIbXbYc\cX]c`^cbccd_ddedfdlduevewf4xf<yfDezggggh4Csamba-libs-python4.9.5+git.187.71edee57d5alp151.2.6.1Python2 dependencies of samba-libsDependencies of samba-libs that require python2.]xOcloud109openSUSE Leap 15.1openSUSEGPL-3.0-or-laterhttp://bugs.opensuse.orgDevelopment/Libraries/C and C++https://www.samba.org/linuxi586IEx]x]xcd3d15a56739976c11261cfb894e3f0a53250f6f64996bdec58655af18ad6163a2e1e4096c9993ab53fb1b48b83857c06cdcb97b67717829e9ae074a542ac14erootrootrootrootsamba-4.9.5+git.187.71edee57d5a-lp151.2.6.1.src.rpmlibsamba-net-samba4.solibsamba-net-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libsamba-python-samba4.solibsamba-python-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)samba-libs-pythonsamba-libs-python(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    libMESSAGING-samba4.solibMESSAGING-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libcli-cldap-samba4.solibcli-cldap-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libcli-ldap-common-samba4.solibcli-ldap-common-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libcli-ldap-samba4.solibcli-ldap-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libcliauth-samba4.solibcliauth-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libdcerpc-binding.so.0libdcerpc-binding.so.0(DCERPC_BINDING_0.0.1)libdcerpc-samba-samba4.solibdcerpc-samba-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libdcerpc.so.0libdcerpc.so.0(DCERPC_0.0.1)libevents-samba4.solibevents-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libgenrand-samba4.solibgenrand-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libgensec-samba4.solibgensec-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libldb.so.1libldb.so.1(LDB_0.9.10)libldbsamba-samba4.solibldbsamba-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libndr-samba-samba4.solibndr-samba-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libndr-standard.so.0libndr-standard.so.0(NDR_STANDARD_0.0.1)libndr.so.0libndr.so.0(NDR_0.0.1)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpytalloc-util.so.2libpytalloc-util.so.2(PYTALLOC_UTIL_2.0.6)libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.6)libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.9)libpython2.7.so.1.0libsamba-credentials.so.0libsamba-credentials.so.0(SAMBA_CREDENTIALS_0.0.1)libsamba-debug-samba4.solibsamba-debug-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libsamba-errors.so.1libsamba-errors.so.1(SAMBA_ERRORS_1)libsamba-hostconfig.so.0libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)libsamba-python-samba4.solibsamba-python-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libsamba-security-samba4.solibsamba-security-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libsamba-sockets-samba4.solibsamba-sockets-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libsamba-util.so.0libsamba-util.so.0(SAMBA_UTIL_0.0.1)libsamdb-common-samba4.solibsamdb-common-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libsamdb.so.0libsamdb.so.0(SAMDB_0.0.1)libserver-role-samba4.solibserver-role-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libsmbpasswdparser-samba4.solibsmbpasswdparser-samba4.so(SAMBA_4.9.5_GIT.187.71EDEE57D5ALP151.2.6.1_SUSE_OS15.0_I386)libtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtevent-util.so.0libtevent-util.so.0(TEVENT_UTIL_0.0.1)libtevent.so.0libtevent.so.0(TEVENT_0.9.9)pythonrpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1]_@]J@]:\ڭ\\@\ \N\e\e\}@\o@\\\\\4\ @[[@[[%@[@[ @[[t[#@[[Q@[Q@[\[[[{[z@[r@[ @[WZZZZZZ`@Z@Z@ZZ@ZZ}@Z'Z@ZOZ@Z ,@Z@YY@Yo@Yo@Yo@Y@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USaJames McDonough npower npower David Disseldorp David Disseldorp npower David Disseldorp npower David Mulder David Mulder David Disseldorp Samuel Cabrero David Mulder ddiss@suse.comnopower@suse.comJan Engelhardt David Mulder Samuel Cabrero Samuel Cabrero Samuel Cabrero dmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comSamuel Cabrero dmulder@suse.comSamuel Cabrero dmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267).- Prepare for use future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).- CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815).- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183).- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).- MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698)- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2.cloud109 15682056474.9.5+git.187.71edee57d5a-lp151.2.6.14.9.5+git.187.71edee57d5a-lp151.2.6.1libsamba-net-samba4.solibsamba-python-samba4.so/usr/lib/samba/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:11057/openSUSE_Leap_15.1_Update/7d5b3605a519e39b7d410acabc99983c-samba.openSUSE_Leap_15.1_Updatecpioxz5i586-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=cfcf8e65c981a69d6bf02fae0bcd82084737f105, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=c7ca8a189476b5177994711926ea12baf20b3736, strippedHHPPRRBRHR6R R'R2R#RDRJR0R@R R%R.R!RR*R)RR R:RR4R8RRFRRRRRRRRRR&R5RR-R R3RRRR?RCRR7R9R$RGR1RR;R=RR"RAR R R/RRRERIR(R,RPPR.R'7kŕwutf-895854e6edf4db8442ab3929e90461eda2bdeb777c5904564e9865acaff051196? 7zXZ !t/] crv9u$ GC<j2;.\3"]3SzxeÏukUqFR7L^!-H.qǘI=Ô2,J 8~j"9P[a]p HOnȥy_wY@<|̕0~Pw*ZP! ))r"20aDa?ݘͶ odR/dPWv`=vE M `% Eaې#_we^[б\h|#^jzloL/0FhCyw}Ut7K3*qюZ '5b*xs_[ |/,U3,Cu|^2$9ݞ7&4i yA.IkCZEE7#&XzDׯ%eJ.M<1M1YRohɷb*c3v;}1IZlG8-"-`!*1%80n5NӿPȶ"mJ*t s,:޲I!>o,ڛlK&jX1? h>sDU{QCi L԰ԃB} G+O%ZB++_еYhr*}ta^ R8e V熬r=& q@SED*>,Eү$ݞ,F %: ' _L`a&.)}S ;Dvkj1kϺ%syMTÉPrklc4Y69rjIUENKb]~oe(l?/E?Q=Yr\y4+/؂ s tQ R>Ecrij5 pYIĩ?1BM_0,N;GJ̮@`.ɜWH)-@4+'$z`^G6R0 V<@W7DY曂s;`&1C<{@1Xɸ9#>C+svFV5iF Ǝe pYL<9+oо1rF;JW}V6y0!?*tj @ienfwsf(9BI)FnJT }% w+X?\hCP 䗧dz!-gB- Jy`]sOZE8 [#}iT~V4l)U)Zi YmBSE@\Q Ig,_uץe3:\!!`_d__0S .KyEZPMsؕ3A 򥾧XGKH ->Vz-H;DE-stkG.8+ QO}ZjRϏ*-=aY\N]uTO|֊"-z0?}> f Nq]#d E㜦0 }@rJ|3rw8pZtkxVLiʥ9$p)/ORtֵq 60s>1%i  mfƔnN)ф9"݌n7Ln]p׸Fl^%n@⦾u(8.}M~TΎqw6"b}^6U3d g;sm\q[ 0^4%H!p0D#HMKsj68ڬ]qӡ>asԐ$z8nʎVA$k@ {/V\?n|wzNj ﻅXKtW\&l$R }i/ e;֧ EUSfEN%kֿ X(s,Ick"'[!ᗚyDT] C91 H-돹Vuu5?ȗ#S}?1y%j?c!&s0 ƝSӇrSBF[h5bECjɇ-K rV,N!E5Eɳ{c ' a n둧kssWq]T0>0G#rKpwME۳ՕlޗhBjD0Oqʿ* ZՐ2k29㩧򮴈\bЩ[*x':7M"BJ+A?&f9> >}<\ /mz0gXf懢.&m5m/`8[Xbek9r*"Vm:i-,I``$Nt?5kj۲2N":UłBߠH󗜭=9Tm4S!N}ɨo.pJ`Mx,TŒC#T`cE>l03U{tɀe$SRˋXks[ iN>F7]K0 |AA,,zB &b[U(3k2;oe h(' &KyK6x4N2ȋLj&a!n͡ݹ*,ZsA 55W[r2|gЧMmРNl6VD[mBx2TMs3 8n,]TL O2{H dG-|+ K3p!a8h s{'OGV$+zҹ @v\ nr@={]_f Q8bA(BlƋ hB6A3C-DrS lzo$o_3\=rPF?v$mw$ӌ. ELHi1YVWr8FX ^I5%ۼI }r ϗ.bTmX_'V2 j>iM ؎Z'#Y5t7J;B%@؃0toȺK[0˫g0q9Jr0ĽdeJnqb9@$KϺJ"]+\=٤qRleW=VzdɤFy Lft]sɜ[ z$(FPx4|;$sBf޴h4%gD^p.~Hk+aP3sv o_qÍ[0]jX3WqNX?ǃ Usn"JyKG%dI=2!QHD[nV;p,x;^/<0Ubl3}tWR-aſFz&tyOYU Lh}ѩ'^mc\VK_bMfyoWv'ڞHV!4R8%Sf8P<bALzdk]Yd8< ̍[: ԘxtQuuGDD 5tfVPf[̪,ޔ.U.3Y|[{qjfI65'satY:ۦBYpƢ(iGUtRՑg(BٴRG3CV )^RG]z@yJ7X_pӿ:5^UatҺ =#<`m䌵b٢Ǭ}+ID۞H)lʝFznVϯ+}?jLZ\jxukR\қr1MF.:%hY] n_@ÁP6(G-`?曫Di#uvcVI_.wZOt7So!7iɢcLMbdWmSវbxxٱ< X,IpIOVQ,1y`Lvki76WUmYy* wjzi)ԩW)p-6[?Lx}amQY+E#=8CphcD%`:DT[gc#΂YPЄ-ѽܼ }82C. SeT 34QU"r I:sںkf݌9D R`XWδEw[] ARt.M vXsfYU{r8'z9 ҩ|3hqWcQ)9!W-e8PݡQN<(9f󾇈~P?-KAjZ3K6P49f`OOc)|jHRʔ7ˍ ;>Tg1pu$ !#Yn>2"$$\WlQɃ*qEe-H.g.(@Bܸzq҈@l(rYU$Nz0at8^:щ#p~{{ *Ia[,Fb]h|w)88>v3}@4{DCpy淠p9E?0H]+Ꭼ++*ݒ8zCh-s>{JqxۓЋ"7>u e{ʹlm3vPC 2pϼC ۼِ'%K@&Z,M5) TnB}ia'q^uZ1&؜!L9 rsHjSPyu6)RpKI'CdJ_ѾJ݊9AVׂ$oImW0iذ rK Wm!Hv!T^A"`)ߋypʤ~@'͕˹_;-_0O+!!9QΎE(j ÒmyABF|2em5[Ӟ^װY|€V6PhJl*`QkgeO29 A) RƼnF184R3Qg/1fXk1c$Ln"dZ9sm@q^[u @~7Zz;|Y-.J5BRO>B^ &Ht[9Rkc#G*gX /5t4:) X!hAzOU?Xfq~zG<8R퉨ZiaYrj.'Ϊ_wogf&Zld &nАd跊^= y"5icy66lY?e,4B7.SfyL(G-ǒЭ{51,NXgz7&T;LrL6\o-)W^Gwhv> I ot "ⱿO]T0Qe_];;cSVw6n3Gd}i6 m+4pc<,FdxSE{&6*ۤYȾ@NlU(r)\z V` ( -)|!M:o lZ~Es㙤e&=~}o>LS;@PM byH@H c+f6Rv?yu7U=Q _Rtlcd~*fy"vVg jǾʝ2Gi~Pػ*B5tfӕçnn;{N*g'YM1YOoSed xG[ >S%6ij-="`ϔ(e}"DYy 8MQ9K2i/m=HG8\rvuKiY]~# 8;̕A+y9ρ]o 8Yg{t| [$ڣ`DHb"Q,9uv#d>>7}zdh{P  :5J (腚,hh 3|UJ]B/&n`6vLl£$gf3&Gx^ǿ/\!CuYX7:T`-w<)ޔ.F*,"(7ƊWS^MsXLgG @SJI1y{܌fi: )ng OrFj>> /6ПV/ń_jQJh2T8Y2|)%ǥ#1oBU dџ_:Չ3KȴWᬋBJq1lpa *a8wK߅=+;̻V H`w'^0J.18* e&Uއ8zHu uY& '*EV#.dh,rUU_U5ږq0LB<*Of-%% v1;s~!N\a &4UTTؑDçנ@ҡk?Źm_2dn(#d3ZB ؟]t$p$X°ijHO+:Bj_&6.;M^Ն(tw=CH˅e6nޟl:z fh~8x߬ƄÍ>f`SH#~a;_QSL߻k]2 , yLY&$Yetm^*׀$<Z6=^c*KdM gYJxsA+>|!|!˹4z1W5%Wɋ1::V ϡC) ;"AV724Ԥ_@嬙pO .3LFRї¶09E?DNh%f4qC= } 7z zkÞP-iBb"+TO' \JLwR#thي/ ߭Ee ҡXS r-K(%rE,BȂe Afqd|r;2]mr4 h:x}ZUcotSVq m @mKzx8^v0bF#"{G`XLLX5.B> xpNkpK=uHʣ軔x%Si}$؃ ]~POG].S UW:6 ފ\Bi|߯`>=/!Xdߣ}C2NP,1FSGaPl[GlmEP b?I`g+{n*@֨jΗ21n)]7ll߀HQx1L>7dʉ^P.ƪE99}g&tO:'$݋ LȨ~W!ܙl$؊ $zn<-( UOoԅSO@Ν.FE^?X j-t[W@iިR)$Gy9xk@X5s#HC)HUbD^]PnCLS,t,=z=ֈ>|Sd\IxQwiw㜲X<{s{Ռ$Cq"ln[aT<ms >2[Ar7"J[+m}s`$ۢC3 !3萱 5HV`5rXWfmɠ=$XF[CbmȆo{93 OOf=M2tc12 Oz@J OdQ&xxM^l(~C3>d)[Ӣ31uD;>GtIzZ{X`C@SeKJ132 9?[ լ:fD3 ̼N^pB2F8;V#l_+ %mFM?pE;ߜ`FQ$]̑Q=cz=Qr(/{0oUU-y1I9Չ@4 #}~+U-ۥ[έ^ yƨ ɴ1 6Y@_tLEx8gfQ>׶k^🐊}]'qT>..* a̴=XAsvNBF oaI&}AWs0~36e*sk&9mc̻ x/@U!|bχaxЗ]A5\֤V{M|1`+Z"D \#_ױn{j`mpLaѮ2 ΈXG/4=u9 da7n1c^AЅKX.|@{yL0y_۪UBq`N$J[p0'gr?%_@wok!-)[ʊ/ !S.IBhlU[6ef-Db z]žkAw(WWgm1{L"ᘕ@jz󲪌.)FDɧ/|Aݩ ag-1W2dŞ eG˨e-n i#N4Ň dG &u+|OQcPLuq.m@8MޚmӇ7ks^Ibg μo4@ $8IJH.+AEUJZi%>U cQ C ?z!R҉W>  )7Y塱D}}dlO ?v[kO;h|/c'fɆoc@RB~B6 Dj2ճ\'?`rg@0 В?v7rnP >;]?;}@W12 ,؁-켱kdMaKp5ek$ 7fLI:Z"K,2 hۓ~g?C?׈sk8̢}m,'.zNatXDߔrhp?:Ɛ6/fxȍAا3mY,l֫7Ksn{T޶21,(դZmΟ۱J^18Ql^RQi$ +M7!fiƿ%D % M%+œrÞZ:>BDI,YnoF`{ְ6HK!L{l;.{*^uV蹟:k!Ĥ{LqG8T_zDE9܆..xb\~#tEۛc 7 "-a њ #ƹ٠^_f|3۾O|" YRNuh~KW[My?) *#B(?7"9%bbi#C"8.]G5:W4FGS/w{.,jbFPr)bRmNג9HH0ibBC3ZMO1AvQ ߨժ]a/c"lrZzVkfGhZ"uG}ī^zS~lA`Bp‡[G RG[!`K0BT!2Hu^?ߕٺ)\F̏OH X1& -ꈍ9hH?̊MqWd$p#+3+u* *`Xt!pF4]Yzlt9Jc>֓[B3% `v{۩:'hC[=6]n6$(0M%p9筭M" /% ss/})--h?ۤ7ӱ\ kT:]|-gwI>OXc!! dnUa~yY.97?| fgb`'vn2?x~%.[Mv[ MYn3HIq5o'eC߶L9){I'xH~*,$\ ̆=:D[ /?>t?arSᕟ^L&:oC:P+JX[o V{FTߓWi:]J[#!z4ݥ9ywGiQSB͆jo%,n7 LJWEa Dm-}ᦹ]zYYSy%c%$fSWBL+:qOi+Y*Am&;vt37φ-[]K+@?sjYht *Xmÿ5dso\'>7G%IɑU"ZƚL~z^B  ;6P`']#@@,8+'#yJS WjeY9V)qz4BЙ[~$|^ey7y>5W :K:zjb\&fyoٜ+句%I[Q!:^ҰvE˺+VL,ZKha9WToq.3g%݉o'D#5mȔnPaDOQOb jd\ꕛ4SnԖF3s^g隮Lx*P0:c☔ q4xh}w5+d*lyW &\Dح3vD7#ajw~V C;D<ʓV;8Pe.P^hL &tSԦ3J61JH@W/kb\.O׿rc{C?L#{EB9=7IUdrR^;{'i_dzJ0. qyȴ?œaEakl|pQk~=dԍ UN j(j%)cEMEz@/v%>z W(C~9p&kOt @-}PMӻ%''DnN9ь!}y@5at9ILݍT23-'!D9nkitMCgYϦ2g-w9x>8 3Gh-a/nɪDF ܬ.b%m^hVu:]M;utȾGYY$7X2 CkSa?b8#AMELfy}* wŸh/[(_Gt/f6{wLr!20Ff-H]Y=r>I5ՀkV*X[e_TZ2K8c4{^Rs,8p0c0e=.qFR"1p]'LCeH?ݼ!ҜD?8bg"9w'Q]CI4b[fVD&"]&,+s-zܷh3U NYUeV:R9C?t9űTo"PHY0]Uh#(T>oSL%=A;^RgKW 5j=;Zii7NG*.HK*yuopt䪕HBS`<Gᙢ(Zp\v5Z/0'*Zc%҄D(Gz^R lBnZNbּ>n`r̊\":+ix,f(r<;VP_KzCﯥݞpq 0Tjj#< czi5 )ۊV| "Y ]jmq1Υc'BbԖ`:kO_XJ؞诛Xz|emIbz^/ NT 'z詹nv]Iarf)5z>O $drR{Snqld!Rw{XFA7h31R5RfL:ti/ +ʱYhS ĽcgN }INrl .o-!q0kt+;`LEPCf]"瑔&< y*eeHj(>>q$Fc<>ŌKتʹU5jhEy|j־WWPVӄ9{Z֯ql )ЩKOTʶeӺnV"bbl'kN{-xPτ-MsEŞtMļsm5{\_~x-%iVBifj+_"̓#^ jns#f($୕_O727ZQEDB0uFFT& ƍ#~ c~W_oexB1b4|]╿0`PKl ːŒb{$F1ASď 5+#c@1eMIs,OAlz`b.˿ @?\#SqnǠv dgDž2_ˁپU9+I*9?3g Qm{Tӏ ,@ 9fD_=nv9J;"U7hLnc>uf,JE( yKJldU}ضg֧5 Fhl9[P7hl4*L,b2ւnY~Bк83V` zT` ^ܹ!Vk;2M3_Cjѻ5f}lh&Գ U$/n+E^hY&C|HAऋ)}ew>SRFo?X VY]&AKQᢰU[iSBQO!?HaQZSD)P (Us+5;̛88x. ^6+B52M*kEGAI B^݌L(I4 R! d>dA}TMA+~ wFuٵ>R.V Sd-@1?44FiS*.Ӏu"bX3(B1NH&"ɐi[]Ӎy̔Dlia1^9UӔ&jT[h+f~&>j J ]m5ޛHl9187"P13" -0?sX[bf\6k3ٿ"h< D>J5Z"EIPl#rީa!J*l _ MQr+7m/"pu?gZIBwց3 9E!Qj{ ]Q:&Q~9Ce=F^7wu[4Pw*\XѠN(u`P GCg姷ǪoDH7(f8eyYZWTjۖ;;hAALrW;Xfc54JvwsKl3XٷٞIw[=1e2!Ɔ0up 65}X3H,*iWj >ȯZjJE5ii{~rE:"|+Dy=7az}4p?6>!1']?w2 b ]2RZICY ]Nb/T+ϕQ6r4v!@qi C5qkCBx*-qtaϲi/FPJlHIͫѡĆEJ)ܜ HтaV)c%jÉMK-5! ԑ=?X́UT@tͷLQlz8UQy1-N  hmlIy}Tl/n4)o-Fx.?wcDJPi(F$'w/qfR{KyFvȏe0'Ruա=%+f : ڜ,{?6~|Z ڠ1`DNckI}V-)jshSD  V#, D%H!hU4^]y̌J;46їg !9c%w=$0DVpKj*p̲sw&bG.CMW{W# 8PIgj2{3G = 2n 0cU^#kK $+ I>+y]]]LWڧwkD!PœGeuPEO3vɱ1D"܉˸z0s X*8N`5@ ۩i[)b$Zr%Y;F?Θ&QWҷ7)DBѯ^?Vop`8}ACS1YH|9<?ڙ&| ,X9g[,Q:MGℌxx^P?f44*nO-*'uL*d&-p 8+]mi_D/#VrtBa++!E P'h,-I Ul4k/I/8Y| ??e:Iĩ'r{qI:Cןȑp@ |'%b<,zft9%U' ؗ6Hd]6@5Fpajs\ VXZ'4e+kש"r[n\syZ917.8w ;vE~Zf!glI'1s SWkG'B.޴]% |?0!@9 ohUziW=1b0rAŲ:~B;!pވMz1 q54=,;rH?T'>թ΃k㳯V/+R4a^6Y -\^Row( n t-LZ)"J?M` o )p'DO-/(5~@gqQ8u$5Im]wD:-㳼<; *J<;"0C>R%1d ewH@=;F1&*r3zU :ʼn يАchr㔇^z&~: fOT$]S N15" ǀ^^ PBYԡ#nsA[KMkyzl[ \#㪇ƽ܇> B FmrfM )yuZvU{E_~(aDm+SjZi(lsB%Z j_ o+}Tg\ qolLҩK;2S[>}wz+/TؓA9/XGSבC_Xԝ_.{L$(E)biC -n߹tt:# 1ObG)?!X0DI4b/oV6"P,_$;g8 ?98lW0-ۊB 6U>7UHfgKkk[>0&ľ<(u7|3ׇYCU#iLMgn.H,i4xDQ>ףCw? qCfUxKP*kBAhF-F`e[ \|Rxf5;iңYr^6Sֲ|'Д/zM(a!DLue?R/e7*Wc9rf=v#1]BL>^ֲ%=5%^C"5}B_ /ࢮ%ݯ%Ld^\IG+J̇~R]T+@Q mRaZg;' RF%| ep3.ѧ!eb@0/S٤HZW9R꫈>-[G+x" 'VoaKٶֈ 0*DF.p\3HVCBw>M_| 1QF {Sº.ǹNub|e;yMϽvhN >)k *,) 21Y6W4Pi(JJȊF+zѼF x1%rť'?YH|2X꼍to6&Zy9Ul,OzĶ .O+؉I>6ia+#)!D[ନ1TƸPgHQSpG` R:<3 v{w|3=/3(8s+*C5~,Lݒ'?!V &Bi_ёxmԽobf h]-79"P5Ȩ&?BI#8^%D7wdP%k_i/E\adݽfx0ۏCH*U=hEЦ ɛ_\mrɓQ*0VK3QyS t*M՘0s]XbP+{ԸlO{ = C!RV˂tZ2fTbT:(imV{PS mh'whSOb6 Q!io=X6Z@1P$ W`}=X4a[Zݕ]јe&2oҼߪ1$痨VPs5G[CǻR)zT5!yJv&jq؍A uVk(cϪ{s'0Ч{c. RrUFG9*@i1#YzU]MguѠAw'Es] Z%Zp BP׳=f6\I* u+7.=ܣo񺙝nT5Dn/(_6t)}trEz&iV4x;ZQ﨔Vhk&8(YΨlIJk)ctcU $Z::|z-g^[c-Gށzio҂Kf44k^X~WBpM\yB9}g 6%p!% c垆8 4V Ss6}AU1DZdt/yƘOEOP0TsD]DŎ91;ODc UE"qWqӂ=0Ŏ0JKpf2Š`r5Ga>MڠbHq#oA(#;S ʼ_*S֟46ij-߫Yʗ$J*cr5>ie=`jF|25”tPty L^i\jxJج.*ib{'!2QTy&F tw'(#)Xd?$osMò}?7 m "b19!ٰ鴓zZmpOaqDI;/*1Λ](h 76u‘:t%&kNS?uGa]3:y>Թ#`)P $wH/2 |3ĠDA([!짬3c y ;w.γeN!k[pa5txJIv Rvs<C 9k IjN|?! eWoU5BScW}7.o8Nwkixٹ1m חa@M F3qz`/7U&`;٨PM/V|qPx}l-GW؀nyLӘ51FxY$꼮KA;Gt:ws3;f6ɳSP9Ѻذ%DW/Όql*s96)V@Őwae9Dr2%jh}cڅohkъj/Yg9moh,gBpAjzӏ-y}zr% еs{fnd5c&=8݌6S~M11f ZXQM |?b;a_X9 $_FPJ+D L7zбSGwVH74'xB xfQQ(;HE(֜X] !ˡ =**ŏ&aǩ!L$X1e*Ɂ1yyEp 'YQl.|_?]Gŀńm3wgPb CxU;qzg֌Ƙ"}Eu_4 +Q@y:>S! ,L}{8^Z\ ',_/kx͛6Ƹ Tkׁ" 蘭;g'm=Ṋ?7a"+LOMv04Kd ڢQ(kJe3]P\BkNg$' #T(@@^SVk"Ig WLԄ3{Pj=6vnO}eOnΆÆXXya9֗%rT3%L-i%~S]+bޥgB/r,u/M/7#i% ]b6j=3jJHgUVh?ՒNM_ی2~嗙LcS"dj'tCJDAQl9s"CXG=ЉC% k%$MBvS \J ,D9ɵJWQi'*Oq sqX Iq&m(? @5P{7TCs稥&dwk`)nyXbyd06nc@[<ѝmK [V[V{.U1 4qv{ E;}k5/C՚{{h91geʥznbX0UjolciCbO:RO<K5瀲aS;(@2ۤSt*vTĂ)u#wxg$b@=c|{5WPej6?Y.!7N?׃]L'H,~ׄ[' f]ꪥ1HhW/RR$q~G,R8:[E)B@2_OsJh^kAn in`z"ZZ˿uYZ*}~gi [[Nh (P|!@dHU7u o徺b[ba&µ J#PZr}%TL$pIt,3;[%淪YJ;:#b@(ad 8]+")=oSϦlՖ\34l{ÞU9g.viz[S^3X#˂U0 &STVu\17gkԠ( ORQ X tI>qt8a5mͳxJڂNꋕ >06N)HWGpl29m ]T,3 ô l!v<֍ !pG[,<9)T& 78Žq#3xExl5&0:Q⇫k-:©%| D .K+ñK¨݀-$xͥϛ# zk?r~tg̥9" ,v)jT H&S'+D|Zmy^ H_Hw![8%*a_rLX4 ,KS1"l,  ,͏"1꧘E~[ ?8ʣwj~iThQ;hWMg̈4a>B;`=mZT;9v3$cK 7:XvP\1(}<}}@9ķ3!R]\N3Ohj/< @r?њ}FHqCģ1X_cJJ 8r;<{m}ٙVy씞<0\bfsXQzKl-0k]$Kp3ko8QR>Uo/$G,@ S4EfǢ!I#5L/;&1av^SPV ~VDN SqBdz嬏SOd)IQ.kQMt0@Y)R88ފQ$u29>&( w>q<цk/!jht-=+hf-)F }jԊWGAh,ȣW$ 1 MtT- !8 >%6 &g^z_Vr[:1:ƾf xc6#Tdd6v=^`̦$^KM3 IaEa Y@UvUcl}`t՚ūtlZd>%M}q^.kgx՛}%@đ6lx1`]eQ3*]_R,)6F1eife(& N`mWr(f K`6"YDVrZ1F7g/,*B& fD }EXM)Oඨ<(ph09k'$4BЅaK3W4t_Z3=)N.3R8v7iL`NWW5JCM6I(4BuZ'(*V~MlH6\1{9 4䑈WmC&[E,T&I[ाH!r>W>] NG'5LPgUW_MZ V!g]>E岐01ڹ$F^F tZW>l[%F0zIB D2D'EOѕ'/ Gi*ZZsއOBvC զ'eO4Dd4kacn_,=Ô$5Oo}S!- Y!3-M48 S7~*n8E $%#R%'5ԹrТ66!;konT'; k\.xifhȗ61?}ES4[Hơn_-R5>` ~PcRp+9,Bu'Q 1# U dk/Z$D'"ndIf\HMX?K&#>q;_ȅ/S'QdL$GvPjs[P.fʫ#.&is?.9p) -Q^jў3bB lt.D~1c&ېX⚶~Zbt6R?(sx[>D| 򷛑;t>;:Ix^W njHj ]2?iEE#3o" m9E{iwFIJ2ȋDBw4M(dzK - @%`y:b\ɻ[ڝ7pq "Vf+Ӯ,rtru(i1imxkV-\I`,K*jﻯZa ڻ`*\ͩ]~gM={K!ʰuSUPXFl{[%1HAI ,Hmcb:F .x焦1٤A*`AVp^$%0(/a1*j8%)~'O,VqCTHks&B _;.D- fp7%яUD<4VYe;sp0Skh'~g eH{D{X+g~Y/kf 3>:箌9:Uw׺6Rn{츢頪ax z`gDݓ 'H #VUjY^p_KR86?&P( XY PXC_ƧkߙCKT2D%HƦU{ؐ ;M.۲ځZ&r6>}b. o=566EX~m; 1Cqb/D}ZDd *C}ˢR3p8IQũx[b#3QԀ}7Vi&PzS%z.(M(<ʋ+{sycLjHwXiFsXl1ȥB'KW'nmy2N,~ [Rӭ'i<M4(A@y/ i{\(c4y1]:P8m{^2O/:Z%M9 .I#'AoM:9fjoӹ7w/rmzםG1A-Qrћ=3YP̴ X"].S}o 7 ./K[fuXi<ɇWFΖW3Zd(k`^fNlY~'Қ_#QaҚ߷,N_6'jTud,tWbhAf ~|W=)Tߊs0ҝLJwR¹,I{u Rgn8ps0|*׳j/3 lšwIeB/Y#bOi.f g lIkܪZLoR3ig\NoH F7:KfN_q2?:h*<֣2Im[Y uqh,V/70oS2eG,AL"];<3ADh|rvuH$9KzTQuͺfhR!x*Wtr $SrA a|00r( d,¾؜ChUЁTHY,U̷%4-T9}ҏX<"'3%3al`(ôv " ؉jBQZLJ}kH]8T5Arf/9(:z- JN7%Lm2 {f|zo 3cS!1VN40wаDdB*ښYOIJ TwEc~.82Ę3I$ >7vF"S{20?lT&'73./ƐX<R'M`j`ȥܯ7݄@4G;\&c]ibzoF;:+q@7^j^j=ddLzuWFzCwWGnz<3-:}{~Шc`{$;AITlʰb,PS"1={ b|r+Pg]PK^] Y!NЗeDE~q'w{f\9g?@Uy:¦Ĕg=Q^KZE}@-݁Guz#65n㛋Sx$ƄsqTRٳ7-"2_'Quvӆܴ~veWfu!(Xtc'x 2/w77OO>W%ƌ)W' _\5[H Qʔs-7(/Id\cVDDW7۰!k~g32T|Ri: [L""_ݗiaxnYĿ?҈MDpͱU X5.^(r}èPw}JfFyt^sU%֨Pߗ|ӡq+L ͆wfeoC811ZW2ÞN>ƜS/ .4Dc4K!5jߐm9rG$'I烲 YG*D< B$[WrzaM5Pq@IOAX,bqWqIem pzyMcohу*_9ET;wYI{vʏ Fcj~JiC߃8)D®DjtH OJ~\`oZ|nf}!,U 6~Jl}Ќu,y`MF v9uq1;{o$S%VQڹ2.ƺ{puճй5gW@uQs":SB44(TzjMnP/'XfaYrn>ȹ5 B5|3çDq$qp >ٻ,V-=8=,EF_" Lp:IнQyw̶>N|ٷ{:+KӲ7ug:s37Bx:۱pSHRllq0E無mQYzƚs5rs)iPo"CZ#~MյwHc Q|1CڭP R̩;C6׮f^|< 0C wsWp>G$XmpM~!qxW0_(;B [;DPd$[fj]:گ,k=[Ptł'^@de. D\ɮ 4-uŊ,+a^|qʼn.>t?pyﶁ/LSIWn]CjAG>?U.=dU͡TþX)xXI#%h\(LG Ty A\w0L*nF>/y,ۥGʏ#lA]W|]Hנ7qrT=g^2ѶN e k@]Y$t`r^U}bn2!$|[f}mʋ&TȾi lYȧzlw)P렴{؄ڞ Zt+i"1FNZG[ t D7ނ~;: IùYJɞ4Ig0%ol7S3S\%2ӈ]=Fߘ,7hcL?0ctѢ8K[T<->q1q(#ݾjiU2KkYv@\ńҝk Jj(WXɵXFʗbh&j],$UFxD'ɏOV4uס@1dv:tbnv9IzexO&*i+:"6/T@0]UW(ZnW!f߲zflr++}ԁpZv &ʶ@X+A8/Li?pWm3Cb]ET`7emlQlT?qUSaq-IzoCQdzzMؔ"WpCAWfW@Ljyq:Exh.4KKl|3F8yإҕ =e~Ѭ4D@=Z{/MܠTbHZlsFB$'@6w\A#M#?wPg8c=-hlP}EkAo{_iqID:biIo4\HjGAX1G3,/E<0×'L(̨G!T{nDJx+{Lv7#p|\S#֑b/Q9 !Tj&3a.UsDMY ^+cvE(_t ǦЌY$ #\GgX5B Ut`O5#t?K(>U| 40ﬡy3I,zA|m ]6EQ֒d]o=~3CM)-kxLjPzFe%&6PHd)4QyٙnC\`(rK;r[^*rB?6/UmB"ݻ '; tHtu#dDBMy#ex&}[h&:\$oP?6̣ #doSY=̇_LcCdCӧgW8EVJA6$|[PBjV9_eɗw7;z.?JweQA`DZxvuQ3 ZfZ$mϰGyBt3,v8 n_ +ogEZ +p%S_,m_cj`?-- Uwm(i) F `nS:`xŋ7@rZRՂ`35C佸lJBzr *#ɷ<%L,YOѓ}45 $@~% k9p+s{%m]؟]H9Nx {5ݯH7 /M!h^&٢ґd¬yQIrKg#wA2(N~ِNcKx)jVz}o %R:qH;h57rUUF9jZ}BK\ښި'O'־D&aoyK+cezgCfsQw\+::tH]KkˍMxro`d*R1v#YP'r]y7}Yo"URgAK_f]+NڻT`&$44n>=h="p9F.)ݫ^}2,\@[[H] B E +~f"8O}ɨⳅ$@WN[9C2Kd=d0F )W-M|=s>Ewhհi-<phm>mxaCu[UuF.HcDMEi*.=yx$#) TMm5my؎< sh(2(*8>\K6" 1Y2[ h#! j &J%i6*âꮾM=;ڎG5R%Wiah6;L P? QNW8c+veMVAi^].ܢ|$OrLw0Խ Tlk[EuA^©C+zҬaRWLv1*  j^v,nH=NPM>  -J>J=96۩Ffxg53 XW4Szv$.e4J !b)PݪNuhK[M-̇![|gEVA>3` !,~!޸?[Ȅ42~ {nR, r1&_ҡs`&Hp&I >LcV mnNKf,J>4h 4 r@{Onh@ew^r S)-Hgj,@ɹ7YD\`25S!c3m_\hj̋K Ն!OgY>:)gb|41OiW-Vݑ_>ss8eI .4s( zC,! .̐N UZ)<]%H $r[dS~= = kFמ=` $n2^n ;֌[ae*v?ʉ ʷ2d.BإD.Wa/ң3IOcˉyIáE/L7RZ:.2&NrPTQt 4#a2`T:#,U`͠b_%0dBq atgy ~d+'+dvץX:bHo>тm3!r+ؗH)"p.8q7&IsR?<ݛ+KiDi&.FS]5&eѦA Âf-F7]$#RIg?3Fz#msVJ獻 G<}wP.aJ6IR2k]b9_a(";[2ǽU"WR;4ѽmAJz,;Na0ڊ䥐1FYJ}ʪgU AԴ72Q[`UwRR5pkEUT.oGNE/6Moi &-U S F i}y^r@Yj?E(~%)Ҟ a)D ]ovbU+G-geXkk¨3y` (fwNQ +?)MhU:^-_gVqNKJᒪi **6 ^:߽RD+fx_$OAXfAOd:S֒GY1qpAKHg"gG{ P(e`: OwӼӳn~׸Lu.k\uU{^` Rl[Z_WxA1d$[@eb\? #-wt|ǧWMSE5ׄ?iS!<4(Sp)?X;EkȗzHls`|-c9b!5G}t"/_ KL6`,8GݥnFb[ YyNKȾû:Ot}ߔ'Ao]-X1>Z7bLk>5H&~3(q)M /ƕb$sy[M,WPJcoObGF(8ZhOlwɚ{,[8ufK?Lje,\ &'#_9Wz_3rY<ώB• 3+@rk@CpT0K)29ȊB>͹)1!?B@^ރP7?Z͈&j1їW*NJg˜6wz&e r5*x,/N*>s ke8өxr b `lg\8pD"#?;A`FX1>cƘfp}[Z| z ;RwSK5Rb"uj\hS8Y.rmCc:'ر7sqgXU5A"M.zENk^̺=wݠv5zX2S-}D$Y3'gfx gEq}PK:.,E:Bk[#(-8#6QE#k*2>2B~aCg%p\?FL$"`;Z+;5H鉔rƩr9^aU2۩O|K]IfW:H̑( 8CEo]hr8x@(/U%~NAV': 9Ź #o?Wx~d;QI'easl&bOQd*KJVi=PfQ.b$vm (:P6?t4$^率 E~X/K֪R&dяHAY eڝap 9$ $^ؑHp{jA)88!ȤS|6J/ {T(sZ6!>lR~euS0E.b8E"K5Vwl̡cGBqt $dczGp,|K~Z?…Vs^-[aW@xG{3w{)ϲRIJw9 9 :uX}aoCĈ}teDYՔ>qoYNhOrkZ$ӾuӜM;r wX~2 "mJw d݉ @pCn#8QПd# ɨSzM"fu,BlFکUxŤ`7m\d;/"/#Nq-+aQt' Wh@s]eoe<,R]n`kR/kU} >sP:NO馻p.ul(2ȿŌh(#\] &Ck;鄗An*fJ'EA ʽ^;zT?<@yPIv? XiaȄ~Q]h`[?=6wT 6#6HP`@3j7tVWQ4Ⱥ0M=po3 tI xԟ3I4B;Ve{ykrVt\3 :SK[W<^)fRFSFպ%_%[6>fs? DZZ9Aë= >ၚ>zY7ѝzO$5O 婘ֱ2 9v!+}YB%=p:{mTzWNxY9}uMl:!oymZ/m3iIL3frn&nݶX S=  ~I`(Kk\`# U*=m'Wp4$evXR0p"yחgnJ>Gv%2bϻعfBzF"ݥZtи g/88^%uNqolV,z-(TR5>hhVʹzQ78hW3@WQ衁Fy|r1 $k|ZY"I٦sQ"L| =Z5 t/ay(7T JJMUTF;D5)^(:>Oi@h UWl>U%&keP Qx~\܊>WRt\(K7R:^]3t>/T eXҥ NE!!]N&Wqba `|"R-nKs&D$R+BHgXr$X%Ch [6QV|{KeGY^skHZh7*FNai؍f \g2 !|<_@Foǀn.:<[ilٚIZİCi+%_?#l T'6wf[8r |vOV!B0VeWGd'dܿkeEbk|iwH]mƎCLibTn%{&_DߺջTŔNejس01-ovypCV@~mrO\)\#"АNOli+u z͇5ىڑyylImg9TzbsF|.U{|VbrV|l4^lIQュZ*}+j :+Â~"s?w[(k hBTq s0.U#gM"3~p ׃+܎4/<(t SC7xIsT]A2ֺh"DTLLD-0Q_\(M?[R]fu<8h鱝DܧW =ڥ+_y0HhNlPąIIXhk>-0 NxROh{l/dzf O >rVaM}!ɨhh!yjAAnXT1NV>v4qLWqtHxT0Ո̺C<w\)h'y͎wQ{& !UAϢª&Z@;%OJ AGBev$4Ü#ZbbA>\:^qA(Q˯84Ps2 iGMo( /o!کۿEډ9$vl/}QI-4Ui1omt{Fs kH0pw'܈kQ?@]}m MUvG^qv ZBð^nM)yi'$@]'M6IzHT~yyXr-A(9ߊij./ƊJ=pO򶔟p[^g"VߕKR~E“78WV7=`Xui3lj}e!ey^W CAcs8RrolHlq0y3_1b_9H/ Ïf`yPn8;*jG!4^O3 c!gL zZ5;fsCiیaӚΣ7HS \;ou xciB+P{z=(xHSRiI)KV2OԆKk}R2bm9P򀼼$w1AV=Y>D=Y jғe]N_:jAU]8^Rg*EGuW&q3i9]۱Ỳhg:XD=ʢ)^0nܓ!50FpPiaz^>na(Rͻ My; 6ӳU]Lq?1zXD{9Ժ1̐l iAyWB6˦ 岹W՞,)@Y 1thy`?RA_G2Ĕ(j!_qwUTڶ(Td(t 3oq?$ 1/l B`v܃!d2"X@5â5bx,!^~[d5hhsp-x[TEL7y#sҗ/#\o7Y?5~ >m 'dS`)nu3p i0]D̬&M4-Z77l6.لUJ`zEq`4J}S!:8D+9QD mTRQ=sGW9}pn4hoʛiZ/QI拓ἺQ:nG,g Xj 0d^TiJ 8|*, J@s>I"<"^u g8Gqwfev)ă \>[{mـ~%'ы٭9jRI W\}]CK[>ì?&>nm3 O~\}`Gο5O+Ȉ ]t[qQ]gLj'!ie7LQ- 9hE=^L<^*4Q)D{Zò4az#SoN: wcK*E^PQ[>z/k #ʌsi 8LbeiqZ8-B@r%->rQ.FW5Tj4Mf!lR 7gN7JE7e=c0a,Y?&MiPa|oOhŪADoI֚%wTyQqB$h%zMS١X*b2VhSfVe7W0 tϢ(/nUF?8ul*e0~# -yДl-kir7u;L[%֧T1u es vڇp-S]ÙBeNf^$ZguX}T*L8=Nb"km/_pTt9+<ůOapbDI-BL}lsihR;wE} GPbutذD"7 iȆ |< wcG):xrhJ0wׄz Uhk F;N"KZ:cDGT< Ga`"y@a%聖.wVa 36piVұmqLv8W6jWhR2:m[j3ʾrPζUGs/0AֈF;)k^(ɒ=y/R *`Aݤ<ChfLSqU!MteLd*^f+psCV"(\!]Α 2O4KЕ7yOǡՇ<:҃Ƿ֗ j,[Egn3;t*t¢¯\Zu(=K"bEs';908'?z4J`o TO`0cy7̫-0^.qSFW[6A&+26!+l,ɵJ1 0GFoo;09%w ft2r%UW$P̕XlVĹw%ۻ-"N8UQ͈1L/x6,;P"IǼ1Bvc'XF| 'y!amYy旬3Dq/Sߵy=Y8<CXT[ݛQ yuKޡJ0HaBx \`ﵽڢNj9`9%ba%Rsļ;!“2Oc1'ev+)X9|8*acGQvWKMxV߶{Iok t&~Sm:"%h?T7 B}||/]>xkMX(<Na4@&hL^F>|h]\`#\ԄXhʮNI#k \wxI6'ae66[%0{UW}43c /+$f:rRI֊_.rƽ8`}/ 7<@v΁ q\4w8jdȱ̺dIS:TM4̈́!Sڂy#44 C} j}+ bDR@g魒jlv`"=oXxաDH0(AoVޚߥ`9*.ӃVXF(eN"# i;KPR p\yǓzq8gٯT&U a~U 8;q_ {7-emۖYEO\#9<•015_E q.1XA"vrS\ 9,~޿$Q`2fT}zIɃo}wb'ZCZ[Q&N,~qϣH“`# MX#11AHrt docaL7T$_S25Z{lbJ;5$HMq_o׺K#XYꙧװu$2n,ԗ0+ O>e(k] ybDOF;AGۚ|HkZN:s+ ]JA 7]!nڰyp@kEz apn yPRT,UNOkMxv,+ fErnA*a6 rʁp] ?kP_Aء) Rt:xFg8774o[@玝6d`z:|f!T4 =_ nu-r\$?kU1/dY ;>_s鉨Дtƨ9a4&Svk#L*X%f PzxV]PZ&眢JPCsOΜWii!0]Z DO{tN{\MppRtQΕX#I7ŖTY%k.jb}E7Bz]/丄vIF:(/KK-v=gHםD15UʭmxnXp/U^'DUCn's u %e`|,Ddc'N ~et*6BG\m`;W8?;4iK#a:x6١v߶ ivʔ {m $Re֟AM'yt7,L׺V L7Aj@N /Ү4 ؓ8lgڢkm׾,֫pJlD~18S6tvQhj5U J2Ɋۤ+O %A\_- E> ġgZ*g1%QcٱZ8{*X;NS5+M:R?ilG 2~׀=΃N#w(p2Q#$qIaKb◍dPړL}ADCPt 9qЯbgq[֝ߴo#}es:ЍZ\1Vv\8lA]qAFfXLBD?=[yb:8R+WJiK<[tmr,8{Z5 *Gr?ZߵG&tT[O 1MR-dSZ088XmKLbxx?>x5\Zsfաso!8ߓ`wߢ{Tc19<ٔZ^s: 27Kt/4S{* ,#A?bJh(0upPf?3ĊR຀7KC)8oZj#DS_lQ$ԧI@ %ꫲ&:؜;HN>Dr*xrx|4/Kx8ӯVH0bޡP1_9$Y=qH20G!92ڹEE#޼ȾlF]|$a'M"Ƒ3ীjBWc/?dxYY]«&VJ;|d#Ge4Sc}ܮ)R4ĄùtY7?sRCmRnO)>rlԂ&Nlׅ/$GhD,BJDt{Km~w3U m>hjy38OœqwL1j ԟLW,U`&"j.8vK k7\x! ZTTE2d [\Mεۧei+0;8!PV+ԁ0l<-\='}8a- s: 2 vsM&RTNP!t 54\xUBASHzazK42!XB[ET_nޚ1`Տi;$XU>WuF~겢q SǭVL3 Ç,ai^ѕ*21CDLjGTvcn0"fIx!hl>vCT{mN) z "~h42mm@7 qbh!<צ8_u Xa>HXĖ$и^/d_[X1=T?B#\عuqi%eqyT9fΝ@K))i7 XwpR%<*NWbDvDSM'w5O =*щ/hMq5ٻ:;bϩ\΀qUM M ٫n !*hTZ_!iCw"l8 rpQ+e#VS6C=Ճad &'3vR;dF(>P#T@\c |G?o.Xlҳ:~ZoD bKo;ΓZZ-mBtEÑ=%LAn6u$A}v{УY6BolP`HX``FQoQE m V; Vvvis'H" vKN]&c *e*s` Ӫ՛u`ݪ2VH"m9ÜS|k*-)!w2_蟄mLaQ^LjX3 +|9G6YwӛC] c_ M-w{w?QE_8|)gkJNy^s.֢=a>'ɲ)90~~OTadYҌX{vH3Z.t̢q"y]Lq%C[T EgX_LyYc- lU ` )fb-Y?mlkf|>.H+UĈIڱNqzGvG: `O2'pA(:d23*hy8HGmԑ ~l$=i|{H`r8؄U+9h9bCR3U8xzi&҉A-{:흭@܋nGzJH!kOPVy @M=/[z,Bay&'ZQǓ»O8/1 {Cgw ʧLtIV;-6DWJŎM@8,bci;r=lͭOq(.Wȹ5^\Wi4,ғ?`Wp1_:N}k)na[őES0!,V1,Dغ`[^%'G0WN=gk%mRڣ+x*РxbnɵHvRph?4`!IwH[ @S6rq;ߐmN!3b;믽ͮxB{-x]RGLUAﵽYם0*"}Ȼ%#荞6r]zl-)mjM+qh~&.^4R.>= A]4m5B-0$ Cxo_ f)N:N\/s BE:[JńM>u3`IdbI\7Q[걳]FdkqKD_ f۽*[5e_/92RE! 6D$ o!IT z'^X\ 2EXEP=<fƉ)m 5 ʶiApˉTy7n#BD:y| X$ѹ' ٣J7%BͲ`ѩ &p {g'  Va# I2;s!g2'2ٗ£gAp_4]J4ϓ*KAYϽd YO&cΤ9+(Dc#m9|48.'xо.2O?8{-TQF>2iݽ8fZ5m' y] 6PiV{{_M~'Y͛smeZ F1ߡ` _4`^~&5ÑǩV+1%(v)cڐ)EU}9CM J]@lUFf/|)[6"1E xm׹0N[QK|+kT||`52CDћ|Jd-BThUar"ώ vlӞa:M5Da:<*PéԵuQyt~(_E[K'O$rʋ@:#ڋ5O瀺v i!#!Ty%bF<_$duXmt VG9R>8LXc5JCxm)cU KTep39w8\2\ \0ChT_}7by;w;\^Vt`]u: DDΗ7*7jn.Wz6w{!\vXďFzdr!=aor %#eX q.1X.)YEzn\y]i.;>_fhZCYB4W%JR+ {uzz 2|,qkͣ}ī%|,Ur!F@ҁZN MmZl$Hddau&M;B߅bg0f,ǔTᷕk by5q uKT afsܴvM6rJjz'ܢ U "6R@M,ըh6nv`x-L}T#P[(gӄ1<t0|`'Bؚ4N}267ņ^q+4x hM1/y>ݡ/O7nGUDI|QHx8,模d2$[0e@ L3"KyK <VzO`J?5"*#NLV$M,!{<+eK@k&hQz#iI) 6?IL6FNmS9kcY?/%@򰼝ZtjH8x+- :spwPwCsmp_H+bo3{Y,U9ql$3Pn-6w \U<2 {M@bnIRH_qݝ$ʆOC /xW>+rv%'I|yY~FV'Jvڒ̓^ 6+:yE@o8BydV kQhac8Ŷ{Q/ ڻ34x+k!~:iɒޓl9c `Ƶ"PIx> v&]*E1*"~#N۫0tD at^?.œ=>?!#MC"H ָt&~Ho#]";),tάhV`H7mYch(JK@8ʊ_ !s~hCjE LJaw-nJ)0][nj.v@JEiq좩[Q2|e&,([uj>sh&)A) G4{$ꞡ/>o XBK-GJtKPױb9F˨Ӄj?]TͰ(fFk̹4-51da+xm5)DOnI>Bp Cܫ̏ms,-*5 HHb];!頁SG%З~~%$!r1+'YV mn-Xl'[ *Dl>a)1[μbKY`8DB2wt F)AeAJU_;ϳ̎Hc̀v}eho{K&J}V׮7'a7, qf3qy{,8mhQps|NP뭇DJ c6WXMyG3+oDьuЁ8~n}<$&bB n!M33]jn$.ni^LeZl~ +K"ܩqBГaܤmZ$n`_ިWGFJخu[,J׸U3R_mh { $h_^vIOޘߨ96sAd*b =0_me{Ur+c~kMz(e\Qo Q@RJ  e:"B;m<8JѬCq40t.{'b]R5'ݾ(Pqvl ◥>Tbb|yuLwXCP#~ao>u`pñ1\ <Kz{;# BtT1ƔO+F}ݼvJкWLJvȚ_|\ KE: $ ӡą!Q'`k %v_(e#2rmd Xz1M0 8ESd|ە_}_s7׭mׇ{~d䢬J"-P~:6v *Kh9K5o*@˜,1sT;Nm1a-v m~Trt{Z48URfPUxiE/ 7c[3)@WXO#9&=H>Ъ1|fZl"5Mfs~/eqz3:>3t^8V@) j3ZܨiڗEm>b[_e*[m|G H^gW6kt㖬|+߾s) gr=6;0ix!Bkc ] `l5 *`ݚ'PCFinI=vq3̼ƼT vOB,ҁ8G|!RɽtM@yRoX CFr ő+u+Z}H"SP( 9C' ^;$bWI= /9ef'Pe hEWC!aYӑ({ -8C0 6rw`m"Ӑku.dxBRB/ȳ2R%M4a`I{.K' 3rWpA+M Wd\ֱh{ sxDPƢZV s L!#CaMbP}lh-Ubۀ|!%A^UH;سAζ2c xb~M XmF å3Kf]fTJtD † R&7j!ĕȈ:BTChK>}v fi*SoS-#cKz]G:"GNpMC6=b䝪zopa: ۝ދ:&F2uLZO޷ΉIB^]K,5d 63"sAҴWPnC kb[jLx.z8bl}C'4@e@+ 1嵞 p`eFD6|61w{=b7@f&=m%'e5ޤ$t'΄ ؆v]wdH}f;Qo6;M 'd?I$'Os&Brw&=^?;}teTgy~}ߒu=:%+ ppMZIqo;j(9@R;ՙ,7X9l#G-5տC`\P&-t{|X4?jp2+<UWC=4ɶ5-P!ߔd b|J\xRbկ~/N̓{ii龖^q[;'v\e&kBX6ȹ׶a$00vqIs{,za&x+RE LV?˲$ =e*3,T ]nV;Ll?F9M]%iS犑$'x}Ȑ_1| ?mw?p/%!vm9e,xg8wNsՃlz컉֯yHL#3Tjk'/ߜ/K̚YMհOYHUh#dAwr4&IA$\(ڹѿoŸWL=uI^qM%Z|qcKQ{ꗟHdNP3.A)]hYȜ!6'|qB?ެۚgtb| n|vSB /1qa#'k9nҰ*ނfhNѝ#imN, F3 f~5X:r%C'Yt]z#ܻ$@DT!/olR03%ykls՗[~LvFX[G}U3+s`u8˥hfAb W'p$ w|mv?n UwY)dH26,|6jDIfpB0zCw?(S Z{iB:5F6`AݢMih*g!`CEa2kY;yJb%Ȟ S[H 5BA9Ny;=?V2 L<Eވc+, x-X".hpWB*YO'^FÁoù=zUVQ#-gAQ"JW$%q<ȘV2i!03Ә֬Mמu*Eie())E5X(H .@Z4Rm!^{|pVQI/P:?)XsN8,DJQ!>-ثhƇ6mRL6|CAWN%\+ ^SK+ )iIԀ{I$嬋Enbqw4NK*Eֱ 5nE!9]=+\1wKWhz4*d*Fq7[L0wyT+)%cд~S?-(H0MT/yj 7yxUs1y-fC?[(&ߠmpp[D^xwװ˫^Ĵe#NoAx׹qxy$g nF\oz%p ouYngyRܫspSQߨ:-7BuV-wOk:v֊$Ao[{-o>b08ٚ' ׉WCh#VټimcxlV"8ǪV'%}4J w$R'?l9C9{NYnbɃIE]ڔfEy4^3,"MHS,OXvdA'ϣqh(۲~Ws.%3e: Tٶe%*.7QC#b=a#qGb#eHTAbB0=g d\݉76[7lb ;1+fp\j|Ok'q^WLg[R3CU K@0ଦLsIP\۵Utl-Dm”#u2y[?xX mrgs;A Py/ 1E,51_( v> @J`QĀbt=#PϭTAI` qGS7yk,EEB3ul믓Ͷ+n]u\x\ʶ88*@ʐ=cڍ# {5FW2w@/`0?kedcrVZ2eJ IjA^SmiRdu(3&yw% & 攴2`,B%t1X? &l[b𸮹'~ݏ~0Mm*PidRs3F0 .4FTbӬZBGːj~&fATp)/ ,VK3fXdnO(j@q{`Uoqч u_gA&c|!2_1BXAK"%1;(%(a(ɔ:AN]s=U@ƥ܉@r"ZdC^6p&v3[pavQ] ͣ16J\~/iLU?oJ#KhQ®<'Lh-<ܺbWX镐 qE.;odͥ>l͉cPLDɖ$6P}>B8}SibܒSݛ:!ʄj~?C cc'6bu8:|T(6 vLeV@ X朥?:खFg BdQ0g`yt!99q$Tuw/,54Aw"O {4sQk q N7ьwg4uyO0Q':!fC»\g`1.-m&A#ٮk_ jaը;l'>eԇbGd~TN3DF8?NOWd$*t4_iJz w=nݟ- @|Yͺޔ86!`ҡrrqKex/8 -:,/ ao?v\RcrDD pi[D?Uxԩ7 OD̂<ыE/TA5O#t4\-9,v3); ヿr1LJk'~h:v~du=_s[7#۳#B}:+ [r_936&LؽV^oGu@,1M(cc6kF \HT}x |@poS_jxDtcϚ0zC{8w66Lrl1zה;MfZVs ӭSn֪ݑl')p3:(n m\ZIVгqo$^qQK_v^rXvTJ5 Id<`-w y(sϕ#lBI:?#< 3i8p-Zڪofaf6եmN: 53vd٪` f4 IA) y=曬q bc t:;:ڴ;w\c_Qitf&R(?Mk5Sͷ25Kܕ,?Խ8:庴ؤ9; { tOMp.MPSg5ѼR vb()kr<_NT5nwj;Q,;W 鐽  bۧG-j,mjP='K)_te> j}'+U0 jV@MSUo,6Iv}k5<2?"zᮆ1MZ~,y^W6v Z喸Z&Nhf%b/)<Ǒ T^@DyRqiO[WmdMiZg5oB{FaSiM˚ԱNU(l7c6}??c ܊MN֮숗Zg9([6!qH/d&v1vk 6F54Ov"k^c)>jB9XR!IѣU==5H ,cLV93?Pۅ%XHMf{,MO  $Z./& t=~az4;%NϩU2)DBzI]QpVIr؛ $Dt2=:+@yVN%^f9+~5NA $Z*tXiv:;@K=$Yj !ornW?ɷu6# P^Lj69GݷanN6,-@1/#O{UNp AηG3vtCs7s?9F_FRJR6yE7h7t8"? Ԓr8ڥ{\ P\3+ N]aC> T>+z֑,Š8w[Z60LLXMz[_rnK>flQSy78jR rPjd&J9K@J~R/fb. s8,4f/W=[{]Ȱ/NdPͯH~F=9%ꕵqx;o YIä61ΰw:Ok /MKvFO$)Xz;X]5r%~EWֈ@W#f&V? *“5 `[nhڽ9[|ו(kω#ѭeb(WՆt3z?HoT+hPXJ>B֟FSެdHdVԖhX|ά7{Oϯ?زe2>)mop{U2 ~w6 4!*eVu#Y.3KȚj'ZAÆ –1,1.1`bf N:MR*^ˆ}zhp>B Qd zTO ָۍ/iv6ThI<f*5%C斓Tp+>{w$ήXQWGg_FNc ;`֚_,/_/a8Rب7ӿB5}-ō2o ϽLbLFsXaxN[.6rAWQc_;kޫ(z0{Σ 6i7v3ȝ??GNlx0]hDh{9@qb?كnZ^e&|G.g{ $ j# PBn[5LYp/(BS1Vjr1;+ޏTc涕,hcW6%K&S5X1dߕϝ {>p"~-O\2A*Wp"Kj&-z'^j b,>n^G\d[:;dsLM׻@ |)e?wNZVP|6頯 wsf5 4.]x֟ԯlr{X.=|/65] c&,+גt.ƌl\dbJY, xRGY EaQo|EB>b}vn/9X` M.ދtݩ +&ϖy}0K) 9%!8 <_&_M nCf ybOk<i_Ӧ3@=5D*}פ7@ 4f|o$E}#*]tCP5!2*l0n&*4^M.wv̩MK* ^ɓԦj[\I)DuKcW~6To59m]or2h䬲9. Ӝg`%O] r2Xp$p﮳emI2xO>B@NwϳFy p/:c1~{Yl,h~Y~Hcz)4?>g4`$مOUPˑq=O{.43V̱p?%e0>Ys ھ\ND4_r()1\UUn*98ÝڍڋZ3 2д#L95)p߮γybbL4@x{@W2uMmS1 5M? .MK-Yg ?IO[syw l@\I j > A,2d# >3$ҝZCKIgN o3hPǩD-;WMDg*6>H c<0( t&oz4:; *Qt1GLv=4q|m$F+i {Qxw㲘h}H뭅$w"K\TUuO4M >yR&hzk!_i65y0H@Ы\bńBNX5б񽍯[Cֹ#Kψ0:DβS@E%;9{)l=8&w?+MN?)ҏ/^klc;IuK>O[TEe9<jɀK 9* |-A &so~}L6}*5|,*ݥZsL['haS6"31z$C9*iQdg٦H_~ΤU%OZ6<>&oՠ'J/|Q"Z[ifVN2w-ܹܰ4\Qf׊Af"?me ׏-|t@0Z'‡|ڼ ù!eFǺv֑Oc?(T~A7Ge3~s`[:sq8_!pF1=z o)yΗBa_KζqOF^C F_BtNuH~ vL;㈮+ƎL*2Yxu9њŃZ9d@D!!Fc/ߕɥ2:nJYyo 6#ZD+"ydc5Ɓ)*/3xeaQD#z]ݤQ xz*5RZjՃrn9[ Gy{=q(\8<cߢ"ͻ\LZCK~ WwӒ57p7~UAQkA׌`tv?jkɹ] *MOw9f`D'bf[ȏ ri AM!,j'*% VP5DB_]6K WŖJOޜ\-V\42Bz~'cz].2xTaR8'޸ pl H+(z R;WFz(Iß @@[O=tӕUrm$期Stm f wGe{kPn&Y _ڼ3PPey|y~D;scp¥58jgXW _7O4چKDq5`TA Y8 P[ksiG0U}T4%_My8ܦ:<^??T^N_|a#1/RAxD2J8X^ aW-X'8gwy]F|PK:ФGD,xtoB]$!s]&l _}C~YwWUM۷?tucUx*`\&P:9q`SG:!;F=m !#c{+ Pa^fC6\"Z -R iS)7|-*(k0bc<4`@B^fx=QoAଉ \ @G|Z᜖ȅ;aIx,nf^H˖ZN?ϛ,/5 ?JJ/n*4&⇕F z9x՛եZo`77cPg /'>adY9E|{15yO+S(,5~eIX+(`1Y]GǥjpH|,IKXD#K,}T?df+0(HRIOs,Ъ [}=w*d$G}gzw/mb(0 w0R2z{5g:cՄc R/:0BoTv[$yϧb{*LAXз!oy R5Q*䣇fTqB 12+u5WہmwVbүb.xz8s JnahPk#3ށBc.Re1jI8v߶',^Myhz A`Ӷ.T/# 㜂@OURt)4* I=6SS~eS9lh/sGM'3 E4lS~ei!S`Po6u7tj!a<9P[ r\}%WPI 8}96W1)WjNW6M"уZ}{N.xOTڶ8P7^Vw8 o{rR+''1I,\ڹ!(_7w/<0CfXXY~?;sQ9g}E[K9\[u5`'suvn{4t}+ qiabs68-jneXC;d7a /ǫ$r*PG1zTHӖCFt& ]c/US^Llg  f,Qc~C`T2QANngY,t4X{nǁdt7`7FTA=-v!sAKœu֋Bʈ:dΤd41qqC|,](d\i ur%B^cbә=֙&|Wj?kUln=BZ}ƧFa0Af4x‡10.CW !Dv!s[' d9VGys@'U(*q+zе"m3W\hrJWomف󵌞7sO>)41u"b2d/ޗ΄Ok_C"%VK]'mh\WK'<&+Lp2':g Ȝ'nאVvD=YrWukdNk_q:SV{RxεHA{ y(z翫xɝ'kat*Hf>KdjB3tW/PȘ_'fER?,0 {ͤ}tvӞCVlFEO5HE*̂F6& Q@~JETi6EV! [;SŽLsm{$/`v*-+˾s$BJ`קjwخ:y4fe K\(DlՇ¨hRDf^- #G4~v^'ZD,,Du\Eɕ/7uTwivEeO%Ň;4fpTF'u;#)?Qug9خL}~t՚GA!Ly\!K2z/Fhb)BӁ-P=.u7鴶ELA "FL?$uLJ I(򯙈yR[ͤwsnTǑ4o(w4g/INΩ1}'4|!RmAR 5zs[L%Z@b\83\l?d `~ʊ6q畓*n.d c|9~X޹yʂo}N~;57/s^Rƽ*/~kv7\^ͷ_N Aov|qٞ X7]1β(Xf~RJ{+ w1CMdǑi4cF~ẙ,ZP4,}}{\Fl_ԊŜo VF'Cvh|MDtm\x`]evrnlEiSɐ;૷^ L k-KTA_Co.fV>lR\ P\a7pQ$EmPURǖWk1K0UGG q4emY~xTڝyb}jǟCbQ~ 駭NWLoʛ߂̹|Y`~_0dz7 ПW},-BiB5/ȉ4&"|$\ z[̩A|?MVC@d5yJ/ i,OE/*$ *Prgidyn;K^UVea $k{65 ~:AQoX1\YƜ:6C+?R gxijŰ/"@ ^]c*~,q#!mG'b>jhe,n7h(Wyu a{.n򬂂#vԂ" B Ŭpb×nrNJ%@장z*SQ@a,<$7ߦ1m,v* Qڢm ~xzt&˓ Ygv[a/y)꾾PSm(3ۖ|)n 6} F/{an ,0Ne5Z>gք}1$jO{JH{׫|z ڸyl -ii&LpMnhhr ^~* `|( ]m,o# v1w,SIES]9RxC.s D8<]fcĉ Z0* 3RR+ƽFZC OI& x=O#T5g +aS@2n Nx.p5+_܌D1_CwL:4G/I~vB%e*H@q)eO"bW8ј(H ZB} 6+'&6Ҧ PYfmjźFj#5+`D>X2yoP>Flzgi.6\+]/f/qRme=WhfeE&QU^S?=Qޝ/3,(!-B[Oϣf*s9|;KaUgQNx͠xW Zg43<]:2R%J׏S{u0~5T D8kPE| & 򡥿 `|MMN/1o-`CYÀP3^vN ٝ.rQc uq@Y8BF0"#1j.__犛 Tis3^! p0/cH:1א^^`7h85AtȄYiRo!EFTP X7KUBd%Ǒ-WO%2`xrLPDQ2+s[;,sl|ux\H4[P "ᥞĐXę^y+NٻB/˟vO*WfRlK̟"!?<⥅q2:M>Q&P N,78)68'X,|+^!0ZOyw9XH c#bĭy|vHsSaJ8|.0A \w**#b UP'pmt6M"?~ ԏOK6`71<-r*_oZJCn[vȞOw>.SQռ9W&`Ԅ.i2L 2.5;1'z!ƉPwq'=* Sª cyK‹ V3dA ꦤkhl߷ECUoI6C/rmì::ɃѢȌ2!FGRtK=5/ic (,COd u..,cU)2嗬͵*+G~фm>rFסΙJxN DsY#7E+&a%$_%^7>s߁C+]&>OCDŽf1!pv^[xx(P6_r%څ5Ɏ {Wi3!!bbWZR\C}Xy+_"]ǤNIΓh~IʫP;R>8Qrmr }%6} wO>ܥJUݸTIajw(!/zWT-ؑN iOp<=qe%JFkjJi4tO(۟ioM9"0xC+*b'sŠͤWj9+6Zԩd'ᑶd3MV0`u}En.d"ORY؏;A͆9?bfMovSWl3 ;Ҵj @:*-J!P>pz%U[c0P5S0AqB`IZ Z -uyV{ s#h~(ЮNW %÷Yzn;&^C?jQV jojzF6 Nuܞi8؈-]EShh3Efk\qtZl߃l:!G;@yc Bݖ{L鐛&>dɯ-yQ '38e2skTwiA:~-fdQyi.P IѢ:Q 'eĩ~7Yo+ ʡ+Gٷ9drDķ.D~@.7f9hF$E{?eokEɪIuUl?(NUA5 A َty.9}b U~a>4fp{q^O\?~-œ pg>f⤥ VrMTUعw\܉(6j@["o􋿙NwId\î}G}(3eΟlMW Dc8zL{%P =5f9s6`}EwJ[ɫ]b\uB:V/%V~k5d9-r+ KYe̢'O6arn[}w #5B=GЙt'1 X^SxVt((`ԧ Gܓ=yRܷǜ!cTb75|x"(Xݯ. J/l1vi*`AkZ(*Ͼ)PCׯ@߶=)nŰ^RNF0 F`1{_) B^ tʎ,RJ Octт &SVvd "H:uGFL۠6aT;paV]>smn_+ .͜[]ſ.(LIq*<*d^";bN~F\/\h=a1D r> uA)VoCy?~I7Ѥb o҇bD͎LkU955sܛ2 Ng'c+"qK ż|1&2IZĜB}U;֝P,| -w>/' `7zĮ~϶.9V|aӲZHTCobI $:Cp/v }=A}ȊErLb 6Bn9}>)wP+CPy08A+15$ !h"S%Rf'uMbX"yO̧y%MGU%?QqL-8> kPV> sޫ՚'{ @Luk -{Fanutmr|v B8Mމ\pOi$I:YTm3SJ{8ѕv=ݔSZ#/C:1^AT_}`ʻLc׼(ڄhlE>̀gBp#ib%F~@Sd(΂:X5m 4>4&Sorsp.d9u ;Ϻ~  Y+,weɴlFX8l6;%iQ.ۄ 4]zݒ$$?{ZmC3 ն!ω:׬W_|R1Зob{A&JLf=o #<0YaU7iĪ _6JZu6#%FgL: <۠Z(k_w\o( 7bge}-&0{BVI5FLXvY@xb^IH5[ޔ߲ 6i|pwd@/<DzS2㶇 6=LS~dt%~p2f7@֌zbXn/]t񽈗E>ѵO=EpB(SѢqk7I-y%q2^>Vfq3>g&׸Hh4;$z!{i蜉25[8t=%YFggTu[Z#}]J;N&0;#P$6PvҰCҝ̅B[z1r#~YVCA2&uꚒB[OA_ϋ3ɲrg֗Qb|1hx(<ʲ|8.BO3CFIi"pQvf'moKDT1ϕH]c\# ģԎO;O*#QWjvc#dPĞ.+ b g%"LmcDJ{)N*RDS77iC9t s1T~Ȃ+΍׆J9J{܄e$Ұ'ODG6gD^2,2X%NJ8>tj,#S6ӈaf7R 3 )'^ز$/5: $ڦ)Ԍ[5ν#xiq;{o:9<Æ&cYJE# J<[H[pIě߷G5S-%QW6ۅ_}5\{1 oMsB 4u!>^r |o쏢)xn0j3|N աI;LLf[+ؙgܞG5Ȉvf=2^ql߯"SEDO2ǛSkjH֋MNE0Dx  7GWIfw雒m(/r? nȀtslS$o CL(HNKrIP} -Cgwe /5,~6Va.VUvQ54YmL5XD--$JGD R1oKz)g-4XvnGbZ?E.#Y1ۦ%oL[fQ4̲#kRU;C"Z(״ӴoAoV+^٦ijer(\<ưZ|qXSE= cFSگFV۾Tn!3#ú g uG3dd1MRG >[@BGnL7!]@sdMѐLk| E.lU蚈`y.k/E٥R[:ԋ<5\5\ju1# ZRe.S'`M~&LK g8W{/cm~凈=Fʣ4&0wp7i)>TdX L{AQ qfWbHUS슾Pqez74[.UO֘ff?h ` !yHLRD甎pR\VR Y88lq5 gj &ݡ 4?etX1H( :~5JGi Ђy(cA~ެ A*0y&}/h5)?{h:oG>hljށ3Mmٽm+QsF}>;րEN|'ǀ/K}U\:`◷`IH 3JЈi5DW+3-a? Ңf5-P -`Vp?)}fkwYDwێ$ c| >33" a\ Ӿ ?lK*&j us = ̛ vmN2*; 8?G@g=ط\{~;Eè>cl$w9I]ޮވq)>gǘ7q^tG)HSF-jeB2Nթ} gc+ v G+R7i@/|ɫNULȃu`j\@v`K4>rIgUIՠ')Cz\<hZZH2яwO) lz8m-s1̿/5ݍΊg;"_,`* ;DxcΘ~Dxh8B'Ks̲ PZLc}VsE3dJe4qt EVR@|GEK@GF( D(2~o`Ŵ%Ɂ$0-pP ŋ}GdLEe)[ xJ?h@̺J/(#ZUe(|Nr(iqأ0C560 l8>[ kʽ*JXiH%1F U{u@^ChM0@I8A޽^‡HwV>CJmi"/Cb.#nc YW-6`@ls@!M*D""8t2+P3vѨhc8.9VEpI(q4jt8װo!.Xoq wFSY9BQ8×3|jx>y`C: /o*u^,!8۷VIe=,Mr@wȽx '$%ւx>ۆ#.v)Kw`ힵFIA,ٔjߝ뺰;5*E+Fd7tR\7DXhH +Hk,'a!o oi| 8Qj<%'68mS6#&:Q/*=: x[~O) w' wza%C /cDEU 9dx23aJ?}꓀D䚦>GXh!}kReTb 49~weewꗫN\,2\?4D%ye4YU)䰁[NJ`r*o`@C꫃o}fP@ơa=gJ>81Ky5<)vPd~H( A4{T]nm{ a@C59P%x'1kc3P1dqa"/B {ben}@l"h)JB@{k ɐWĈRÀhoԌYνc ށ(|%&,Hm*Cժ-V'*:'OApA(Ĝ@Xt)#y*@4o8lU_UAP -BOXo5v[_YO_tx1R9@+YP^g)e@}MCJk\YxWIM|:-@ o6 T%C:>i+5U| ت !5tmxfu+J9?Sͷ˵4t8k7.էehA4yw$&IEyR.~?}$4x+aہZXtpOvw6*e%Aܮ< RaG볺 4 Fswn "i\n)cΔ0=LyʬM7H1,`U^M=CbT;H@:3v\z}a7<z4^Kc_b+hp3/QԜNGݢ,eSN1D>eg@|m8R;sͽ!˷0؉,R?.Չ厅mч 2a mQ( v)B/zwG6馴e9Z4qnצОPnL:}c!JbcLR<Ēfd:}G[ $@1 pm. _7~nShsvKek!'iOcv"/ӹm~j! D3#8CF˥1aIz;Y:Q r6Mlܖ ɐ; -թ'Hͻ^]{*mh qd! d[]X?IKϏP; V)*TΧL eZwKɄ";e1X( O ]r%wg&)>٪^ ?Ё38d'7O݀ѡvqJ3׺Ƭ&kW? Ag(S+0Uz:-ͼgM/)8\ MG>78UfnSQ|TDSl#ġ]ͫ )e٥f{tFy QϘ^x/p(9U4ߍd\EY87E\Hi) QNk0SUMz<߶H thzg2Lr4oK/=fIWI{ )` jD4?x:>)?- Vr&!:YB?m C(ƣzvnBRޑfqMf)]v|V Xk8> a (C+}A{nlhkK'H.נ : %$SG2u̷md^ i%+n5y3͜. _ZYQf۾j$E\n3S<2E "0PLĢsK-_/WR\!ufʺeweed}-2@=jPԢvP%LD _W %'3SHi=# ႖n~1  O}wa^?ڻ)nɓTql}0WMB*-Zi8ߦ'z/CtI$pӞq;O-#mX7d؜"1-Xjib7S [ p5wQA}3FgȒ;斘(ﻐNaU#'EN!)%S)CLZ%amJaҽ)ra?$3.|maFu K}aS%)\a4 ɼ?XWgn8ma><0q9 zH^KEA&G&CI RfҍWnV[K3`v~ `{& YA.Q {vfgaŲ'A(5W+r1?WěHoGՃ&d4Dk|,m6Gp;J UXN l9ϓEeM͝KrǞ,Vک*[ĔLip,VJDTSdn谦jUm?즃fIa</6U"kK53f_Yyx62# @5ìevq`z~Խr)4|Tfa[i8zeq)(mj!YF)" gInwq‹*X7UւDVE ƨkdʷq)O긾-œiڋ-q4֣*IBq!4^ GӦ!M©$z&&ЮqABe]ZKɅKgx)x?RgeO@da3\@hq[nJJ'owh]˄c59}y46b~WB é||KkX$SF$䆵*lj K/*^ ~L"s܊,Qׅy)C K "SJe˙N@B23%;!d!$Xϛ7;+axB76j"IA 0t}-4A]'w.M^ +u#:`3FRƒT{!5˻p~5 CZuۘj*1,b/zDu ]ޥ+[ðI%hy˳)o[MWъI%pQ*hzny i.d}A5(>K6ym mj`z d̂ZPC?Rnv/$%D 4 ۋWfrmL|Ytq˟EMwg0e#ǎ8PT?|JjO&Џ +K sҨΠ8&uf쌮59IZF O,#uCjK-LD}-w΄C}lZm?h%a(_QEQ|[:/vkosOJp3}"Hfh+;*{؎dLNs﻽:^R\l7cqXV}nӒ/A@` ?I3_*4nSDrVwv8 \GQVr9/YKT&V&oM"E>D΀]`Q"a فN7B_V G\IRX; zb϶=\ Ah(. ' VT?1"UtaWAl[0}GBz9cXvz6%@ {DrO{3$M'I 3en_vb|町5dJ ^gO<`T ',ϝ:lD#n%W>&lU-ӣ> +pi݄ѱ0s6@GvyZ H\SB{ .]BLFI+\._y #;%ӹpk.t{m$tԿ9:3)GXf*OE@pY|;-̍36ϡA# ]P]82bo++lHj}VywMFh!/8 ڇ/A1"$!,JfrͨΆ]=T45T! lbY=*ɩγ*c-dQ1;56+ \jbہT1qUE֢| ";G#Us lWX2X<:`=r̖DSU?BnXX Gr}U6Y TKUyrƩ JBy;OOO<(&=>;cl4ZU\vsF`#i/FԢT14j2SrZ%6GJ&zP^}l(uc K7~?_=r$G&" 9YYڛ#h$"_w 5/͇!A eZ qqXԗ/EP')x)&&w̧vS^aݑͶ냋IS\lÀ^۷mbX %xtlt{ a,k$ ;2:*bsV hC.O@vSC,[ZSU#zZa9_{}ٗ,&0Cw1ʜn%hUE4W2B2ҏs8훎}SD~8!jW,H|hJ(xC9f[F0eX Z@0ev? 솦y^xgUZ=H_X""#lY|[|.Og.S7vCq(Qe .c(RZ YNCLJ0$kH"~Q u0XzJ##;ᠺ-bvF:ZB5{.SWۗ]c%Ff= V-NXo gjhA{rnﻏǍQr  Y@AUY(Vzm+'{ޱ~1s0@)|[tܖU; X 9bcz`t<zgW$/D&fmZk*΁*SIxgw YZ