samba-libs-python3-4.9.5+git.176.375e1f05788-lp151.2.3.1 4>$  Ap]*θ/=„cusQ,eלH |܏4 g\Nm=^La)lu+SAe&tբoK 5M)J(@X}v%y ̩S䙺\[`Í>2Jd+5k ػ5iH' ,]s &j==VvQ-P&' T{1h^m7j*B99D9:3iw?928c7c8587ace52bbaf4859956a312bda175d46c9b8ea5260144b4d14280b801c4079c2f28b02b8aa9b60df75137216bd105672eଉ]*θ/=„ gΜkؓM?hF#[ 99.TvREv]f1]LF^%~]gb\[%FW37PKz:_ tv#^K)N'XꚿY*4 AA@|~/-7r~Y f㆖UqkV3,:ʪ~ [1{&|fb: xt-`)kp>h`?hPd/ ; ^ #(0 4 8 @  NNN(89:"FbGbHbIbXbYb\c@]cH^cbccd}de eefeleue(ve0wfTxf\yfdczghhh hLCsamba-libs-python34.9.5+git.176.375e1f05788lp151.2.3.1Python3 dependencies of samba-libsDependencies of samba-libs that require python3.]*Mlamb76openSUSE Leap 15.1openSUSEGPL-3.0-or-laterhttp://bugs.opensuse.orgDevelopment/Libraries/C and C++https://www.samba.org/linuxi586YE]*]*ea47b4830a3a87eaffe6a466a25c4a627826747f705f26ffe29c81994dc5887388dbd3451a5114e206428b47dc90c1e0db7148026def767a79e63fd3c399784brootrootrootrootsamba-4.9.5+git.176.375e1f05788-lp151.2.3.1.src.rpmlibsamba-net.cpython-36m-i386-linux-gnu-samba4.solibsamba-net.cpython-36m-i386-linux-gnu-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libsamba-python.cpython-36m-i386-linux-gnu-samba4.solibsamba-python.cpython-36m-i386-linux-gnu-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)samba-libs-pythonsamba-libs-python3samba-libs-python3(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    libMESSAGING-samba4.solibMESSAGING-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libcli-cldap-samba4.solibcli-cldap-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libcli-ldap-common-samba4.solibcli-ldap-common-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libcli-ldap-samba4.solibcli-ldap-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libcliauth-samba4.solibcliauth-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libdcerpc-binding.so.0libdcerpc-binding.so.0(DCERPC_BINDING_0.0.1)libdcerpc-samba-samba4.solibdcerpc-samba-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libdcerpc.so.0libdcerpc.so.0(DCERPC_0.0.1)libevents-samba4.solibevents-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libgenrand-samba4.solibgenrand-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libgensec-samba4.solibgensec-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libldb.so.1libldb.so.1(LDB_0.9.10)libldbsamba-samba4.solibldbsamba-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libndr-samba-samba4.solibndr-samba-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libndr-standard.so.0libndr-standard.so.0(NDR_STANDARD_0.0.1)libndr.so.0libndr.so.0(NDR_0.0.1)libpytalloc-util.cpython-36m-i386-linux-gnu.so.2libpytalloc-util.cpython-36m-i386-linux-gnu.so.2(PYTALLOC_UTIL.PY3_2.1.5)libpytalloc-util.cpython-36m-i386-linux-gnu.so.2(PYTALLOC_UTIL.PY3_2.1.6)libpytalloc-util.cpython-36m-i386-linux-gnu.so.2(PYTALLOC_UTIL.PY3_2.1.9)libpython3.6m.so.1.0libsamba-credentials.so.0libsamba-credentials.so.0(SAMBA_CREDENTIALS_0.0.1)libsamba-debug-samba4.solibsamba-debug-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libsamba-errors.so.1libsamba-errors.so.1(SAMBA_ERRORS_1)libsamba-hostconfig.so.0libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)libsamba-python.cpython-36m-i386-linux-gnu-samba4.solibsamba-python.cpython-36m-i386-linux-gnu-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libsamba-security-samba4.solibsamba-security-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libsamba-sockets-samba4.solibsamba-sockets-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libsamba-util.so.0libsamba-util.so.0(SAMBA_UTIL_0.0.1)libsamdb-common-samba4.solibsamdb-common-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libsamdb.so.0libsamdb.so.0(SAMDB_0.0.1)libserver-role-samba4.solibserver-role-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libsmbpasswdparser-samba4.solibsmbpasswdparser-samba4.so(SAMBA_4.9.5_GIT.176.375E1F05788LP151.2.3.1_SUSE_OS15.0_I386)libtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtevent-util.so.0libtevent-util.so.0(TEVENT_UTIL_0.0.1)libtevent.so.0libtevent.so.0(TEVENT_0.9.9)python3rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1]:\ڭ\\@\ \N\e\e\}@\o@\\\\\4\ @[[@[[%@[@[ @[[t[#@[[Q@[Q@[\[[[{[z@[r@[ @[WZZZZZZ`@Z@Z@ZZ@ZZ}@Z'Z@ZOZ@Z ,@Z@YY@Yo@Yo@Yo@Y@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USanpower David Disseldorp David Disseldorp npower David Disseldorp npower David Mulder David Mulder David Disseldorp Samuel Cabrero David Mulder ddiss@suse.comnopower@suse.comJan Engelhardt David Mulder Samuel Cabrero Samuel Cabrero Samuel Cabrero dmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comSamuel Cabrero dmulder@suse.comSamuel Cabrero dmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815).- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183).- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).- MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698)- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2.lamb76 15630354694.9.5+git.176.375e1f05788-lp151.2.3.14.9.5+git.176.375e1f05788-lp151.2.3.1libsamba-net.cpython-36m-i386-linux-gnu-samba4.solibsamba-python.cpython-36m-i386-linux-gnu-samba4.so/usr/lib/samba/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:10611/openSUSE_Leap_15.1_Update/732241d31e5cf48926a783b0b71d3f7a-samba.openSUSE_Leap_15.1_Updatecpioxz5i586-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=ad668be2c4868607edf43e7f4dbe51b977a82ae2, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=f93be3378cc26a7cd7fc787af127a2d107ed4a52, strippedFFPPR RRFRBR@R R0R R#RRHR>R%R,R.RRv쩖0{7:L639קyxLQQ, xfw8&c5l^VaW<~PGZϿJզހ7H?i;Q~&^(?41\W^5d~LL+ `7c `vƮDzJ.ۺPV-mTdcӮhE*36})J2^Z`!Rm'S{Ey ya*ϲ*_SD4L\g1 ܕϊΩi^wA!z I%ĤJn\i٬x=?.8=zr&/A G_UNJ}Κܛ[X" U`7vyAYbj~l{:| P8 qAFX n#3-Db.B&wJҁlo+תF̙u (rkaAIB']jO7>S]M6 }\ETRi:a7JG?9 G#4):f7rb^ĬBBtUaTRG>'g:騑;hb9b֌J[jOHR%+$?3hXsOǚ1U_WwCzrIOo 84›*ԙ=5D {.Vl?zʡAbx ˜&QD3 {= L|\iIHC>k|[*5Ethp{{NhPGCkHkV4}as: 8WLi/Wۋ"zu97q{(jsEmV5)ʓ ^jE2 b[StjtkO]!"5$ڭcC ϵ 6p]5>NpeU;ʬ`[ a]ke,e?X4mLnm_~} d9}"閈<.BC׫+%7T ͊?(L]xe=8l Š[SŒX$Z!ѸBcg' D[Ō֍{T 'gM#,uL(VwsǣWrzʐ/ `eEJϻ|+6bb(O>@KUԷ8`b)_=G \R%պ}~9!ޔ mq逮нT0 gi4wnkBt;gզqHcJrt%U>)`!dsࣄèU6Nd$|~b }q4DBn`[~ݖ@H@hzE8|!_w6A^us4Pf5 {+庅%P` ڜ'Ms$C4t'4 pV.sW"a/m}IrM;PLj2<,˵ N9?As6S{f<ZK )j!yZJ3k=Fi ;W7:0qV?z*]_ 43 %+ұP.Cy~Juh _L?wy)`uo ή$'rgvY;QXo}~[Vj?o.qɻ2FM@orޅca^R۝xȒ Xft}};OLS("MicG黉_`<1#&ų!+ڊxJFZd iow?B>l{2נ=ҜtgvB F2W4]d"#hMW6/fm$d#󔗴 2tLӤ *_qX-xH`amF"\" ޲AM/cn[(TI>ϫ~G ܦ]^iw8XRp feߵ7f絀/;(?;PiGȲ#8q^ʩ?7'uo1! !-F*`u?ێ AAf"o DxjQl&4,rc=qAtklp?G눖.5-|(T< MMkS%?L˶\׎͗zR|K: B[Vrٵ"rD9PyFJېqZt@>ӊ0|Bۙ*ɤF',ielFS}y+qVU窦} (ouRdt6q\BpqVb@dѕ.ԝ>w۞PZ$*j1F^t8_G3QLgla" cA5[c(78qA-#]PEy^^VEPێ]">fZt;h aﰣ-)S[LNdUgG2 /Nsyt d!nQc AV%X1̸g}ݔ#T]Y((C~+cƆ 11yp|A^=/wQfܜKe2%u@R w4ʈ̭{Xa&q]5hYO-zYI"OW7"o@V$Lۊ^ _]R0HϊSq˹s%{8렎cFze?ZޔM(=.Ń8s{v| !*Nx –ƼIMYB㌣y<\\qia Fɸ1~5flU2T=;1|Gͳ|7Y?VW |s JR6O m=+ָ|s7fPuM0\jT o6 Vå\}ْ]J7xn=jS z@7'QЮ]VG iDx/i8N\9þ_Scɟ~ٖ\CzHA yR t5҃?Yfn[\u<ݓF4.ivd,m+*!Pbzyv'Q&'IH_\}Rr PWё?oc54;3GWu~[fg=^kCW 'zCZ0.;r+򤋵X4YN_=­v8cۖ&82RuY=YL&@ þ~;j2Dyuspl=b_sjՓ|R q?'tw#%G( 9`ZlCku@LH8rSd{D`4l_y옇=?vGn+$Oȭ4=ގSEC*m)Xm;G8*8ܙo=Kv2c"7W|WTPyq &}<9,X@<9+1Ag&B)lG'|xŸ@<;'NK3VwfGr>r(ccXk,5dHgp={-ihWh_0+;؅$]p.&\]|Zedmʧ a/r(BwوI6X}쾵%&h^ 'CoG7}} lq7R(fTrHůoH唩C> |B2vJ 4_;-R ΃8-=/߽m" ɶdeI 4RGԑ1Tx 1 R& ~ - 4 $[T^S#XOBJ5<~³[p|YjjӖjy%~ƹ\oq)*Z,HnyB,#]*,-n 0eNq@ly*?Z%-$g3=`^@ԲM*sDbrgcc# G)B#NIov>IF"z݌hCvw8u˝eXb(I v>W9uƎAe#*~esK,߸dq>cߺS8Y.ď"] mb ~(Xzoj󆇿# c&> Mg/2 cY4q*s)UT8nR2m5;k4mѠSPÑIY$W$8sԜ`'V+T*SIjV`6ܸAp%Lxe|ՊVGxp"02,[ ݡ:k2gB8O쨰!pFe;̎ڤ ^MG/6| _o@(d)Tk5N a󱇩ȣPÛ{ǜ+;3/xQc'Mê/xCM <=C*Vb?;trx;jT l|mCMAX]fhڎc#6>@ 4FO!v ^*,;Sne(@,ThQld: 01]ʝ]t̘my\+ &&cu1)4 X (Mɳ*P]o@ dO4^ ;(ASwuN81TA5fĬzÔy}qv1Ws3*AꅷxViC/ dZ. p}u]0Bm3]"8;O#M+](L) i7)ʼ)0sZwQ K-/;bV-&* #M''-q #krkcXصXODAFӌ(]HUq R>/ pi|zNciK9n-R@pA4Yr/LVٚ6FLt?Syx  qJcɔ+杯K1k.zD}c"MvD%>:Io_(B*s'9ޏt6qR^06#3RNf" ފ;qPDœTޜBb..fiz,,Ȓgqqy |hr2 [ rGm,IpOpp\,jK o@4c/l=u .--%AV0ᾶ:fmCk`xtw17궣rbMhs^| «ݧ Yu BMdțF.Ti6}$&V|~|"*Yp蓄L=`5sƛ |U3t8DcjHЌ`B1b5SRɡT>]IAI޼a١?_]Q]9 gNUgfbS S&NeKaRfS \kKL<`E_(^.]*i4),<8l!?s@zG;K?L 792j6aƟK"r0ae2AZv)k8K=32瑃cnbΨ+jG3ȗ;[$HihP4xM=&,ŭ{̠Er[JHQhFb jBNysM T"d/t{^7OJ,BFӆ48ؿ&wVlkZc(s⩬  F\ }&=ٛu>SPDprxIi4aE Պ&2hOZ&oG& ~c?8GM4/ߑPc9Y(20} Aeՙ[(tFašcVMQq 4xiNΉAvhQpRZQ6p ̵Ԡ[W>z%@n?_6CGg׎3H'MDTar&ŕ)\\nFmȀt\%#fH=ɀJ@uC4ЕInM͸LDG]!P ľfX C \g$ V!o7+(7oS9?RG}b%> K"6ENY YK]T=ڿpj`8܍4k5xxONZ[U0iǨ(,=uXD.SA$s|8k}G Sݏ [u{ݘOe:n_ځQ??>rsEy+"-X0Cl5Oh܃{m.MGϓ Pig[8 ӷͩ,c/mct$y# i^B"9tYi7ߦD9F2a% L1L!8"^ڪB."n6|.ve+X#9Hi/Mv 1V"| 8ˇ2~S຿LpfO;BY~և{iֱlKDQdzgJ\a=5&~7o%q}mϏĥgw}Z $|W|#P/ $6+p2Bt-DW R 40!PTo"RwX~ ޴cq7C*rĝA .Wgوu!)&JrYt[ICpυay^VC:kc8u Չ+?~Κ=[91jL f?KE_?q%&_6Hxڰ~Ƀ@F , fǯA~olQʙQO,u=5sJ2+_(.k?wp>ƻ«T;-TH]*DDA6i_6eUѻ2,-dp՛ jB=a.+YG #Ɋί OzfUf^]λs wk\pCſp3R Y *BZh*,߷MXgp6G2ON(G9/>nÐ`CTS?t^A1|U,b=X's2^z5Oͥ4杋_RqeWs,;VpQo~蹄֦wqy2ƒM WYB+g ,mȵQ :XP"`3H0\L֩Eg4p[Gx;.<d}M(`) ¸Tc>{R 9ק2Ϩ`-J軰w7O1IU 䚗"w8rGV7i5liPܔOc0y;děaN ui3kI{ecJC{|'QkC&^>!^,!R Zm6XچRqH e辂O`˚r31,ݺ]^R \5mrH\JYIV"MR&Qd+mP}Zz8z3pkϔ{?ʗ H%&`YV0m\Iu=s EEFjq-@ azWET{z"t1y^E &6 ;FnIMAX@i(0DҠs''s>2zHo;!4 ;Õj`:rPU#WMyK"&:7-_p?zt0Dbd"?e[l8jʆ,yV왓1r~1DnR'2S%;X_ŝg¸2|p]#S}{ΉFMF2ª)#|R{ʖtat!\ Ij]!x-uqkMƩU{{:4w O ɞsVq}sB(\d4S6:1TMTyTm:r<k;a2Ýdh'}SMO p H)ɫ,YNO[n p҆ J\P!ZuZ` Oio,*@a6fWއ =IWaƐL= rK Pp]R/twjV# hkO4:= 5x ݅n:W?+fTo:8(4Z MQMIrBYj.d˖GzwÒUF@ޒ&jvg~Ǐb>$HU=__@v,'5T972 WN] [/ 1gM}mh^FWliA3҇sa6ګͅZU2_NMXsfRhV2fŋ oӟ?j0 f3)Tݓ51(X ݻ~ !m#T8]KD BE>6q|ʩ.^aK fNz{4Huwlut Z%]d<qm" iS))e ;̿ۚrramͰ/+a*wմil $L75O/. H_+*,zoG\ Yb;Ɨ2֫@qTQ\C*Ahe--\)\"q}ĻFVxr}TyO|.Z%3 ѱ s%r <1z;V{CC(Uj8-s@lXD\o$.DiTXIvs9䞱bϲ;j ך , "2׮s;]zpWQPהGfe߄rNƜ*M,ѶK՛h[{7_1pok iy>Z5MoBIL".^mI1&B}3K|)[MI2()n'm'CFc4ݤN!*FRF#mqJ] ԭݢ֪#HH=/f"OhЅLLes [Q?}jdEэт2`]Y]R1Ǖ&QH}#oY|[Ys)ΉȐ=}t&QJˡ§VIY&>{K& x +!ӚMyɿt&`xBtYwtC I3Lj6Nn ^뼀.;X6cP_AZM+ۏ%֮zAxOގG|A :,m{Gɛ}Wԟ7RNwlQ5m 77Fp83N O_ckT`PR(/WIkcph$⃤}|E Wqb%PX- 9UdF$ .M\e?|rT^҆M34r+֙fL7XUjzmI*3M֠K{ȵXcNX*ꪀΟlZ5;~}.Q"I0UbPɓ@(?> ^s|^>oÏH0̏al'شVlWM4NL`% rpG3 Q( =cI4dZy\rLKDEOxWGT='T*G~7Z ⢁LX/slħ?'7dV5@U͂We:@_;h#*&DU]":D踼]k$!(vG iTC1 3p$4 ~]J50 PrSHuaC*{ ;_h`Y\D 5up] JܸC~@0/o v%pQǀ Xg_Duuk[࿋6rZ61ukmif>2uo⇇gcl,v|rÁb8+ZZky) 4 ґ !Tl4j #6pF5b e2mRaAٛeD?ҔrP|@Fe|ƶ:Y#zC4Z4裕MZo@rG^)Ɉ0N:Oor1,$2Nc0 >1۳03`ȇs!Cbk͙CS4aVR`n pnKzH&2ttn7e}6q6 Cp~G"rq_5x4\kg jBy/ ?D-Y[6AA@:%xf|IS9k[@%U"R`~vr fg=\-m;@`=SF{^ď d Q&gG{-l`V34Uo%^ .r$2&'R])fr`pʠ'ܛ;t,Ɲ;vv6b,L%m@nǒƔ0w# ["૑P?=% [an>DB:E4X}QT%Lx.΅9Doo[8Kݯ\?6薉3P_,O*^+Ӻm?Rؓ#HHggLf2׈vti0&@5\L=a9Pc\p& Ge.)v>`Y4V֣ݖAltTl/'Ya iND^!pq9=0хױ潯lx .Uu 18y 4"4Mi>1&p{!K/FG\N dعD3.=Vu׊j/j6±F3߶:;|]: f[JewPZ4!K>nKm6ھYN[_ [p@ŠVl"L6Q:\0pSX@RHun?ӊ"lVkTclKc5DԺwl,J<,}5A_ZheBMSUY\5uomJw8+^R$O -xJT:O>$3f$78z7U5rzcC=}pǜayEK>),"I؁t0wЕѹ|OoZc$>s)xڳ4(Z 4+CL"*pXX'5wa(Xg!xe+1[!gb ^&nxɯ=f@S>W $_C)MK*X |F 52Köl!/vXgnc& \4 N0owp^[{T!ˎ(Dt:Q OFC+^)ai)%cx}Xhu}"۰.O P,8s7BRj4V4ױ~tS}l fjExd܇)I V;!X!PoZVf dsoE `G { ?#ʯsLk ;zr ~:PHg%D\diE0rf J D-th6/Q>z:'?7ILKAb:)\N;uvTRͧl{s- .b"ٱ5_sÃ`k]#|S+|ـ(j{Jo r m9:(z"ɸtzw^.} LCӾ~x7TXޝG]2p;X}^' Wdov~;o&LmxԺ.$ !0sxsN~ʝ{eG%=2dtLWen J* ^Fv ]I#Rsfx|p9͒5:\@624ӞXsv'H*5IݷT̔3Ϛ86Js R/ ^zDn3Gv&_8E_ւݳO3ηZ^K#ʾqgEBE )"NR #\$_xL [Zo^%bPF~@[6~<*dXg:hGZ. %n(⫭yh4 fmMإEx!۴/05-Aq3 pdY9S1pLO[_MCi,>tBgPrVfVOR&Ըgj.*m(!A*>R,l3jr_)OUk֜E6r,ޔ0+~ڮI7G& $" l c", Q:EQ z{6%WX-ƺ$M9`$ v/g')ƞҢ&q]ﵨq@zCq QۏCkyjgeD~:m[FP ٪ujK7}1U#HJZ(`dCVsh8i@}@@Bwt >8xf<8oY NɤG cܮ1xQA|5Rhf פi;JUoʇ#Gኢa-͞UTNV6iȹ2cb8:OgYZ&{LVg}`zUi_dA h).^X3I{jԙ\=C23IenӂDMo@¶[͇%V|: ŚQP R,@Dm;Q`M/" O|Y&oUw Hq^ʕ:Ν* J6H=M;O^*V/*VBX-B{?`@(@:Ʋ[{H[(8h4Sa00I [9˱Yw,uWuxf @[aJ Ԅɑ'dZ¡PKD D`7*Ëjqؤu"4^uiG7Y_4 oJP!HNI32j$%+v2UνEؕfx) jz*/;"Ջ:Ipx\!_E0Uu m!A>My4@5Řn*!j0mIAs6`zlk2|FnlOLJxg8mk`X {|gqW[Pt'rLG+::o%ln]0ɟ 5~2&<^wHv*v,N4N32fg?+ GvnNGVηsX;&8 \y1YCPJ#-Dxy7C;ZB}/xIe_x P8 ,nBY8]6h-Ӵ=0*(R椾 坬1? R0("vT_Q0<exͿ30ĥXYOMk8JT Xb]"1-3D6:,cn1 ،F\5bbۆǐ)* / OC E3_l,G`hDJTMfO">GEŔ%;ҾS)B]̆ѭ=[fA)o8NatV&g9S)1e4-\*FN-[xjՠ|q@͓SoEEe6Y;DY+`|pch@$!q0 tmk 6_6K%LZyD':aj::]%BۏrpL@ZN>9P~Ax{k!zq[Ead0l@v?n,=%dR7D/p0AsTJP1QBQPE7"DH*-Tfɾtf5hc稌)39jKٻ.I}L݀ q~Q`9⫉AL|x@-3\!_ʼ,lvrXc6;*o2a,ND)WX"$KU<5Ϳ7NY` Z3j9Rs|Uu;.Zj`K),9Ukڊ%kJQk!$wK8X.Y}tS-u \4qR1 9}v3*c<U ԹwUj4{5)w6"ֵCnW MK'czQ[~K@\oJC+NJNKDi^/Ihd'7[ېZ h` Ji:&oәG{5}?1:sY׾ﳟR(=sS2+Qq| uj?+t1es7A[&d(wz<2*K =%Q-6Eő!P[odK|PH|3R{[uecލ:v4m'Db7#mDc4 yʟ$/.cVy[WF; *5˽_s.zGq].f̒焥 +OqB',q@Ed]ӳ9y=8&-cm4uY'ٶf@mբuӛ[mmб5ck\;Lh @2Dw_,hP"/ʱx^boBTQFRQQٴQ=L\aBpNb)>4@e D 1:Oh9b8`9DHQx0wB6yˑB+RI6O_qQɫv9G'ٞ1D~&Wo[Տ)Qp.G'w1b#Nj<&TA*L"K!쫖;`ԨBF =m!f}'JBq:Aq^WՏk:-_hsN% UET&(vr%J'w'o1(ڥYJlj8N2O cYmtH=0̄Ѯ][۶MtŷS"Z]dB0sG_X*y@2Xwl蔾tf"V6TL~bS%6X$#* KzJkZ?(A۠ b~M}.2-T 14g!$`zh: A S8H)B-IMPif<8v ˼~^šF5oh-.Zz-,kэb(®"A@Hn 7w6VI>UPV6w2gy$:FCnD4p^X<ڥjoYoxb!9J }체n7M08MOXܤlO<-|Mi)Fwn |cjb:| $=1v8&^i=ʭ҆b~c"^SFe3ٛJ$]ı蘺۾ 6fܢ㸤= ߓ+u HkY]#EdY#Iȸ>YG1-s7t&̱+1x a=oֲa糿^pWhP"uzOAy♆2D>GR:$}y bi_ws1<}7;9Bwþﮮ4Fy0_rYBSjbdbct(A4bm0F~K-ĥo[BJ;Otdl EڬJ8S!*[Rd=-%ɗ-]ZX2ϔhVfQCXԲZ86qXRxۗTuo{A,$J6n4]L y5,8/\~~< V0oBv?}`ҁc*KƇ9(7ДzC.铒n E$W/FCRobۍ2o 텕onGqVy`1>NQaϽ4QB X >E-]?&5GrY&cBCJVW%Fld4o*X4LڲglgiE ,4D;x# 0%/ U?IIJFG-쭜fěOy,"}vs_ hկ-?"aUHB:aU(ԃ3B(N=a ѯmM}e@MZ% VE=Z73S݃P-/3DfKd1!9nLlA-ʕdѳg#P\+n10[F}lQ#Ctԑ~kHϻtfT\:Hr㴗 u=g "ט}ͫaB(mg3泯"#BW{+ ċru/F}&ՉĨP/gd;r mt,"4(L{'爕%q6*(Itlv~iʱF@`4rx_5U.MLpfmTmNoM+,TGr!c#UeN'+Bu(r;١cfgƀ x{(d@L;\Uf2Vnw!ksgaTt/*hf@yC'󑙈ﺀٻqzFu5QMOn>_7{1\wdzK.@0?`h&2L6o f|8APM3_[ھVW:_(kHƺz3%e싥'6C'pQ#@fs,tLpAwL"/ 1йs ?mVc|"Խ9\]0O-/L[re ?&p3#z'b:D_MqWLEc.]b6kDПX Ok{AuCQds(>ӱZ: ]BnwҖOZzn¹϶Rvw˸y(dŚ1W%+ B&]͆VmAE?~0KJXȣ>4?!1CSf`k)dy3%CU:@eڳmؿ YU3o ౳ֻyi?pe H" S/PjŇ;s7$DmAz|U28n)+ jݳNVN]}i,ޝ%ͦ|.@ aLtxW0/=0e~.3{x.*\뚸 ]IଜXG(5iU~-'1I ~4s`ƺ|R$ |ZnϫB2|ގWBs.1v±FyT5ƹfIAOd84EbU 0Ǘ,5?źOM['Z{O/4v8 `ſ)|_$ C들/#1}YwVi a='%1\.Ձ+#qGLL9At|U .?7@ˆ̭yjNi)S"2N$mpsU"w7&YG ZW*@.a%^k9E%4= W vG<aQTͥ1Ms+q-DkQ3*v>ZÐo7bB҇c(PEeFNkPjM*U5OqN2ue8Z@j[ʞڹm/eOEZYN{"EFSY~?W9*ΑUW}<` I_3 #\9}EH1=߰9'4p]@Md7:]¡eFP+c LXH".Tr"r+ȔCh;5&D[z-V'ҥct i||s"= 7^}[,pUgY. Fّ!ef̔tߪY _s-A.g6>¬R\!ɝ|Hz`յzTMᔪ< ѷC3Q45^;kcZǺ[Je-`2?w=0afZCX}vb`â#]=0 :O9 ( 6Ԣ BBRtiiJL|('rg1({eJ{!4] $9k~Iv& mR- \MӄϘJ qT>>(s)V#p;xkpE{Y%n(}WEk9\IY;?fCyπ ?r41b͓4)_z37/Fh$oe9 TDXxÃ\ζtj\ n_HtW.> ʢãJq)|r vӛD-uqӚ/$/p xb!'֟?zJqqA5Q"0 :{{ rMgM4"R>|P7#  >UM›x/w.DT>XvyPEJS*T 7 };z A IdKW~&CE Pp\R4("|3s_#]>u4i:|؋uLS$25 ;#L=3ġ 3`SHZl-ެC9+2d ˭K)^\ (6 "lHfj-;*x dn x~oj!ۺBEn4tn?2[u$bSn71Jet* -/Nw8,'m[s|u0~=PXRm=Fh4 `UuA6(ssiYT5w^KPov]C!,T|> iXr_+  6: Z5~ry7jSƠM4T" d D܇;@OGoR"V]_#kޢ])%I͟g K+.'q ՇWQ9ːtSURONc"DwSqbnRo Oɳ?DwP LB_+(hF_C<滨YyXmK)5(P8Dt[r_`XԺƩvq7V#TҫOd1;6Ԩ#&#I=d縕5->0 􅥇n(^&2yCHESiyωO-QO3zy ͷ>PME8!;N 7Q4XR1CjtUvsΌ YV'ѺJfq{ K0{;~T]"׽,!Gi 'I}d?31n>El+W*`E*'G]/٢Hs7Kwb8_ RnTxUAC?r&h6|Eʧ٢IAvEiskb輵FM| ZW)H)NЮɾ,1N|Կ^ph_Olhm(yf.g/C[ PZw' PrAvG8V[ hǾxW Ǽ)#g'uwi!(7c<= ^a 6 <8zU%ʚŎǠ:'z}޳]x2^O}ǣJ 8G(f6K3 [" رHJbh% NR(YV,@Qmu}7r:6KrV+jFzBY& _߼IΓ`@^X9~1ȒtH`BCP'9n$5%0U/Jj,n0gn%?R! `}#ήV츄&99NB}, o0ϬOr3I?~{oLR ]fՇ͓GE~:ٕfW66'Ɓ46E(P-Hk}'jDRV^.eruD5Q[p~\8wWA8~̦h }JHzB@O׿G!Y}',)ﺋX4m6c=} 41ǃZ A&V]d̓RReX$= B73j%5f0 [&!N񖓦;*C (y)+p&$PnJΦ) [%(5@{W<}Oj=B4~U74$$ ,V&9V6ir岥pZ&Rr/n K4ěA9$((v.֩jADI7.\ fs81sU iG&H=2?Q- o 0z4p%Vc1'Ât3N*~ߔ;C$IXJTl{ 3]Mb D_1IJ,1z]/ځ#Q[k'?2IdUn X75f$QJf(hz$=Eolyin4!ev̚k^f`*Vzؚd;\ qI2al\FW8{9 ýF{!(2MԷ7}zD`qcvp(M` !zCEgHZ3&5S9?i 0f9Qr;74; PAR%W9O6-:npNHF$Ig}rNa92;cg 취I˨Rҩ.B~ GD880oqXWޢ ъwsrRИUJ:~׋I__cWN^i,J*X][ /m;sW9\ICeV`c=/t3(Vb7IKx׹'`Juz9l|k2[OફyH8L6&zx} bz紵@(Txz[_Wc SMX,u:(,-lwJhEkN$LeԯCJ_E"V*+geО$D'mY9K:u߃eR1M8B d=*_ 6֬Eo1'iI7㮫"A ,A"}&_\:(?w Oaփl=eܸ"Sӥ% bl͒]-da H_ O8-j R`ÁhYdU _fGehWmdQ,d GZ=X||pqoHQ0 {:"aW"bJ=8ed+bڒ"+8G_-HlEz-*l`lT\6g$c{ %.!ɯ<5-1lXIWjS$gy#E4ME5;6w 4re3-z6l3E|*(IUTh* t a-k5dm`SO^àC,*ۙ%{u(*y,؀>a "I8T#wxU]D}ҨUYEp3:t/FH#K{3SGFIssj"1,-̆oK1 l拭m^Ӵ %a!8Ԉj3,=`Xvf=2o* DITK{V}#tqy \s/nS}8>jm&59z`vK٣E2hǷD`^"Θ?vG54cJmi*6QO]AJm.JDӦ*̶ 8Bu$TV"̺Ր")d=ò}sW{tQYdSR&{{;(*Yiɂ9 #d(OY}v\Cѹy6@.2{r Ru[RvV%Lx9d-i{HsSEu>ׂt=P^QE|XV0z,Ua)2ͽn'h6sex?:k|w"-#5"iV#{nS?1W6H|w32eܠ<ҵ9n;@7] +!2}z6AH, `Es+ӧښJS@ y []SiLD/48-FlF(R*ܾ愼-!Rڌ.>Qzv⿂{N+v"D٥:~RxMnAD=(@y>vJr‰Gwid lCwb%12XR)O0=aeaY@/X&Tk.x>2B`\ )TH"״V(k "P s/x+0\wwsjׯOq˯l8Ee՘'ť~=܊K<.;GzVÀuzSFN [h洒,Ywh!x-'~'[4$;{ Ci#MmiyITZ?Ew 5*6pÊK'dR1! 0"( R;k%IGY.[11CROT+#`$Q',ut-8bPQ[r\MϽc;X)]KxTfx x+wN]U Ӆ.z zX.;MHb^jHnU6$n?dDZ jP,Ex~c s$r@/RPZ#r-`?.J>20 Gy&$HIj߰u^ۄA߃_[{BQ`a9ډ&.wG`ui|4>Bt=;2ilgiQSdtx|Dl :1iUnXLai\kZś}Q_R4M^ydLiN+cK{CCP}B`ZT|GirוyD6 6`K7TobX8VTSt12RKƈ `lHb{=18"&Ӕo53oGqYaI]%4 !A#'_ oA1}^ 5&R*)rf,I B7O y ^cR>Y$4$ƻ"bŭynhC/D QYtukv_UL#zhkX͂]Ɓ9 Ds84M,w'W $YnpPbg7s&,KJCMjZ= ̝@BKp_ҌDnY:s!jP+ ڣ#E(T(8m)͌M|4FH4#n4s=5Cؑez#'G~N7Cbec|ͲQ!-l*xAs%;Tf줢+ͱ)d ȞgEr(;esYa>3N3$hwV 2b*#lcvUu⎍4r\Ίܙ7gAm:jSKJ+ŝXR6)/ K.`𫮩ܛS*/RK'wD 뒲aB>IcNp MLms ]sjtdO+nGSɛ2HRq]2c3ˊaX? Wx70-YU:' iLΚa t-;N3SެnN_7Nޞ]D ئJ?~6#O#Ё>.әL`K 9&Utu=1=v<$Y3;'mREP-jx@lcas<4؀$MYax4 Mr'[%ýc;.H'83S[`gH3h dGoJdZDсLlxG^az>kޗYBi (ΐ^;Î1S!W }eͼ OK3G2w+aZ?n$`g_ wQ1m:Wɗ]yR[dYxX`!W h?MCn pr/F YM;ayҙ5\0k, Qe"p>*CoP:?B3.]>!MQUsz#O咉cGH$ϸuFZ|M~=(J߲8踜zbVdK {@S2=, J?h .?"ecunc %.%;fS{8QlLHK7iwOZNٽ~GhG+8wts~[*jx`@u-!%Xᅑف[ua/׌'Zp-&y&~u?jZ?W̑ݗwVp؏qv@Nz[7\Dٓ(uHFUQ*m\bLf[ j\۰b߻w&':1i-vQd7`n@Ά*S05wYj@iUpNpl! Au$s|%vԨh E"e rK CŞ- zk4V2[-ErzrV 9|&mر&Pcl7⮢1'MOxi`fޱ)pg.~lhe2=S~1Lx9YNƔ6Ter=֧m VUVC2WhSdsnCSVfP諅6ONpTKkP#$ rwY20ƍJ":&b(;fW!G#SkNí٢RRv{!?IlaK !'X"ϫq ~ jbP&i7>>BrKPw,wgC_Y([wÇkU=TFʵ}eXn."K^<#vsM D!{B[G~vꠒ9-լ;b6Lu z>7BH  <:N:FyCDv`I;cʮ=p%JG<Uʑ݈hyR潼as/y QlP@7x s yij|9MUn!~L)Xѽc&߼LƤZf %Vyο4!DV '+ܑm 1jFǕi5\n*{Riz3d*#TG +KTO'72ՙ_rv˷``}M Ҹ" @yd6gCVeHkvjO%ux_y.v`[| (b+ܵ'Xe/ + X7U*q;K6C3s;D`=^oc{ݪ \YxBp愽B=)okh^k_]q6 ¯$ϊP7YiLXk2?@xtxas oM|h#]|gxƅk{`#&M*tmLHlWd)%k>K񁑷( Œ;J) Y{z^f-H`z6E5xw5HYBi{Ҳ.`#֏A$=i_H( HdȎ]^ۭ||l X{PrN0ICW;kh=}K֐Bt}vI  1-S'TG`flհ!d9aXzh1!>\4J?{_ Пvr 阧k <3>jgp.9t8)ܛG@:bf6d:ծ6zBZ@FZ{erTO d5LP\l,>ɘnHNҹ[d2VbXwW*u ^ɔ|H8?uI3V _s 8[?[թMG'5TMv[ T ϡ-8#v$<}iZ-Cm591ZoNIH脄hJátVǁXqs;PK%h95-|G\PVkwi#\UH|$+ptaӲ8H'X ?.- Eݝp4 y 5-F_fJ "El$Nf> ڂUBda ]Po50yKɱ$?UBKTA`^>}Y>!/E0a,R]8ҔsWS~84.Kst7Kum<y)b#큸fk/ :BA~\>KhR֮@[N,P[ZJ=9=. eS l h{Arkjپ7T8;,q|R3Vq390n[?ˢVjS ô''PJ?#%3Ǭ`Z68 b#aton/Xvܤg)6†ILͻ/^gbLm5kSg"Kj>A_'G 2eܚUu`V;GIV0n-0c+tՑ.S {יd>n+%-yBIBN9s 1So( n_ KHpXi㏑,98؊Duo"%#OndG7_og*@ }U4Z.3q}[iP ;In$ Yڦۢ},MmԝDe?&dŴKy+,o^(-}F)Pe6WCm u}f#4|Jj)|zMQ&V5$51h! +Ľy/SoQMJrq`u)V2=g$t #8]zGkB#ѲXu/fC$*IPQ)u!L.=̥ve-ZzߗިuG6cB߼ X(L~4v Rq2h,O?xq_,(Gyڥ䧟x&[#?[@ݦB]/2)t=kWSb`I(>jLԾ&;K|VaNR{;F^]IwdZ 60̪~wXpdN;$; + C3}nw6 Z/ "/ڕk Xޙ"1O)O*iH0i.6 j`6LL( Re[[ϡFpCsDZQaѤV ;  !+p1_Iy( Y=Qg~UƔoJ]2z3򾡍EWT)D%Aok@~HeD]@^8ΤF7 1+q"'-{=H{=Gm͒]q_[aߵ^NSB</1$Me" Ӂ ؗ V*#9֤k~9D` "=5f͝ !|ڰR/]3wiSI- Y ~$"w4ns*=Gp¸"1Y Wb.`ȳ"pDɢBgAiWzOX9ꭑ1}1B{hrz8KIBȋڐUIwޣ.d4Mf&3_[gvWvK[L֑.Uw$dxli4UN㺀 @|T YPl+ʀuq3{Eb(.;K]\*& 9[;``M򣏦c0.A4*GR;L1`3ܚ3U [&PIOXXFdQ2as8"{"2uc+RhH .m$Ia3 0'"" *.q x&?ERxNrr{J5R QĶ伻T9Hk"wBz!!~K{lJV0pZܨ2!D!¸68h߮%ï+ 3q)11$?f8  zFH_1H7ztaVV%'&Y`S6 4mP*G޿nvAfc}Re8`*1Y=#kK:kڤ&ĖKus_6BW,fB .<5T:?3Ph)@A oUZ󷋞VeVOS k<;v%_!vZ7[l,9fǷ: "o_-;;+J!MG['Q+O' зaz)JAj 24-ܠz]Y]=Wh#@h: _ /B2l03-Qq^Gr<`  ]rT&֚٬!42&Y(dhN98U^5G"Tb0,i@E׈dB*ܕ .Y2_%\쮠TUez%VC9x/m*)HpӴSjx>aƎ!Nm/O צlUn6CђO=;ձ5K=0㣵Up=,;2>Zcmlj6%r{m:=gF3VRa?檸J/G9PS E$e+KgN, ڐ瓐YV]XI=1='UKLZũ(طEems'-)9NBE.U*\ʒ /|'QW܁uy5 erjo GY A%6V׿g5"mazqQ&#sމ?Ij<ˠGTMi\/ ")Ҷ%_-#b3s*:cR/ DyTt/?@dOa$-^yVjAH@Auf^jLz`r}_GjWk,o^#EG˕I778:/hm4X\qggWN3sw cb//h&MR P-b 3s%Cs=Q/&(UTfۛO4Q 6oJH YpCQNX w4>l[f):e׿cseq B lnz &Ȥr0ނ0v2j7\P{iTZrMJ]I ߼_hN=clŪ& `3cK2S8R$ކ.g ㅀL*y4e6е3~RJNnwwޚ-۾Op#u_xK/}VҕM1\tS@Öy ]̏$D֙Th[/inj.M@H!Nyr'fJUi/si 4vG_4#-SI:c 8;ȪZeD!W1 O0i6LC k0Q~c188}Qz,/VK ]ܙ/$7 vn3)@G|*p;Dޖ#؀9V*trG̑G""yV19pD[V(c/G^kXfMib X٨Q̏s5eى>  6W6Q uxt\I \iiP"8u,V<`} sr(3)$ /l.x l٬%)Osi; &mѡ*`Qy#~PRI\E,Q7,Lv?~sǁ/kᴮ9&0ʏZc l]w\kw A8 , #?3WS$G>]#v%KeuSՔI-p"[ jRskV݉wK@ˀ}? lztdX0H!mTY6ySS`GUE("jeBJfLC"s`.Ӝ4!-ʕeCA>nS鞬洕j[= (h% }tpMX\<ӱ*R%TIq%;3h`Z+ ehU'w W?/7VtN'9xS'i|NX(;G h, !tх<A+6^ɗScR2Lf ! Q( ۼk6;{5u!F֜'Cbuuھ2Ot]3#!|IUEJ{?y_Ee`!Z_*K0lʭY ]L@P>) "ս.|tJR#Y+;#a\Ɓ)"Xyb|vZ h!̓ WƽSx6=6˜XLɻNWLjL?G}_u'ei鲐dLKjcqr_0׌?:ZQièB,] @%켣YP )t%%90yP,KqTr|Θ*AxڹH|R}&"›Zz=—o! S6TSBqѱnbQq0hE*s\?A㶸_]Ry VeWL2:'(Ĉ$9p~7}ApPGT Y7|hܞc`^!/,jI,0Yy|L"d.T=edQO'lK?XَHӐƞX b1^gC?rn%!# Z1u|h+&sޱԇ`iV fWZ{IDZ.ԴWP(%->aZ3ضdd͎M]y!I \Dy:^)xkX$#z`Y " "qА%ը@\ (""J,7^^>qǐ=)P\.4d#=վOf 0ܕ4@ݷԴ$3TU?f%m,!_}l*SgJL^">]V)[g!Et!_\"`;` 0͡xw j(&Rꦝ8*^E#hg?mf@ lԣm|-9JjALX>FNZ:xbGȻ 6m>; ὤY?/+`za]Ɏ6|b.%Xףle;O{W>$S};8¡᜜ rk蘾:?;ɱ+/{ }F NuXwR1?2 8;HןN4BO{ M~n>^~EP]"JX\ffjAZځ3q8Nϟ:j=.{$L\|f =!'Uq\UnCoB`;BfK";cF(9}|;a*&ɬv:~dh2tTZc}U2w$-䂩fq  d= =G~ݕٝNi:K@\bSt U<4A6˟HG?C# SNGA(YblfcVWe*FjJxcD ALfb;dRD2ª,*Ql(ׁӎUJ#I4uF4 #涕"Zql1-Ulu ^:pAolEAҳRH2Yb^*m:L2[/X&1_[9sdgg}~*BaWU0^.71\GnVeԭnG RDWE0o=Ӏ䦰UbM{I$ްGcMraAPǹb0/W2D׺ hӈcPOË=:n3(|ͫu}IJ8|LH=7 I3_۷bZ|5D?”#;sAbYk{`2eǏ|cfvJiaPP~de׆쳰^GãÞ$FUG\!~tisߤA1h2J {Ql~POZv{eZƆvV!P`Յ:`_}ӫ&IaaWuu,CovǦ͂en*g;2(^>= ֘Q,GGH`:w]],m IJ6}Ĵ} _"t7i){`+!3Mc(|5tPN_ ,ߍjKo`͓؄#&9xA&Ga=%*>~-KLR(fhc5Vx\v #!(0Ɣ5eO*gGUDki;[jm6]F,mHZ2ȿ(%?p(\ꨥ=~f% kLٹ%/#f$/NߜS,Ms݂vπF 88r6\|9L g`vݥqoHv <ꢂ̤3o4{W=gBB5 `"3w=~]Z Y{-۞|1%K[cop1a#+:A<,!"Y^n#H cѝ*n[>JK Vcݿ0Q[C`M!-TQ{&{kR3~ Q_˶q˵NArgH(g# D'lT$mX1{<ӚQg=\4;P֕+`D;Qͨgb?wꘟE%wά\"N8}xᬰ,ry&OӾǗc(rȈ:-aO>AP2kf!rZ{\|cur1詯RS#䌼)nf .poy)b1GDT6dx$%L<0Rn3h A4&ۛ9br+#k4ΐ*]JOjj#U.IM8iRrj>)8:A6\H']TX>\PN"ѣDxT|5 ~g9O>@`(hǬ%{asqaG(.( qMHyPJ>+]Nu JQq }5dl@ot֡=zRI׫^dOpk |au FS6"e)/vOf=B!D'81_Ժs5KT$ۖ) 9'`x0U@}%&鼠RT( `V5]dd'y5i/vJGr%CsL$ѺweO F–kO7J#:$09A!(2a-oBA""JQopa$W uPU$I2u-CDV/{7>MIoH[$amRX\ ߎF^2ԯlYV-;ˆvr.Rm08ANJ8V1%l$9`+d,Tt 1sfkTMt3V0zL":?"5n'e]VIh5tEcN6($!6pQ>>K g_D# dž8vXynui,OrMDP2DZapQVrWv!{+W?Qxa2sBb;J JYmYh4j@ tRIysTC+ƦfW"ۥ|bC`pIJh>WVҞW\/TW}HhӕK8.xUVADbŝ?ip .76Г'Fg$ͨJwsomŀ!7>\[M,VwF $xѻ)ᤩk#,:J=}m ^j @ ?z;Kh3P-lxW3#ÃHΙE I%04-\==DΒ|o{C,Y0Kז tpͻ4ۮSB8$%]giaX'gNjs~2DwkTHX-D}xnMR]'i|?UxPmMM>/Sy?!;R5Mw_L8b3EUd:1,D~nr>@t?AVX$-_4Ldu \aJ7Шp*R*Zj`B9B#QS42Riח9dHt.Td/FD#x*ۇJE"8qy% p8ZF Gе8EǕZ"y,UI7%HÚecRf4w1=$-c I(H v nC ʃYԍwR^˞Uh»}P\ SV?ע.F[F*4s!H2-?6&&rwrj !"~[s~.nAY"]&$T؄Y;]-PJHOR,m`7hz% 5- ò Jce'+/Y_9&y*hl$[qR% #bgQ`ݤ!3t bXđ*aw^,V\wob[kѠ =7N2oǼ޺|Fr`ۖ9dh9YT h+xB"z#iSnKmp޺ۓ"k:,okfWWOyyQwmXη}&~Di(W`zxȱlꊦ,O03c J=vH) 6aѶǯ}g:JB[hyyR"V"CQ,&W+q;j[~e>tAG9xjƔ3m턧ۥ 哤Sw; }ٌm^#(`U+4B!~nNW}g$^\(0 '237!+‘(K_^5HlNӜT;>LwiH7}V) >l ɍ _ o9iZ"V-D_QHg;#-K9)1]KQCQ0l^k04MzL H$\_N8CXI:Wpy=贬[4h "{;?W {eցfEdc'N>0E b#AAH q3kC | ,帬Ս B:P&(bSep^j5hu8YXX,7.'刷fBRI3X~z^f 0 Y)0s+SO2)Q`PDu 1[Z(ӐVĭ bȲwy-H}rw"`Fn֖/ ,X sqiE7#\#B#`0΃vK_fNp(Gg4L>X x\TZ^|mo2b7F`Ͻ8F 9gx_ ci ܫĬwB`!1scOh!lPVV,p둥3$gm1XzS7.^k󪜰䍀N9X:6?"a($y+_F]BxNUVϳ۪bV8ǓrCg6g(9V}n/-0_r|\鐿3``٧fGn[JpM ~7U:6pph}xw Ñv17C"èv.fG@etIJnᢇZ#TMōHE. dV).u"˰ěm -J1iucof/(fcCW!qgUD>Y/ Nɖ+ xO2bKu4zw#VRV2Q>`Ԓ $Cxٵ" U8@Ӝl^A5's&tç%AҾk\c'*-ӻur % _EdW0H=A9c>K2 Z yvf.=o J{Ba@Ojw U^ oo^X~ݞ0DYA^ o7Vo\7jC\D$'j'Xw|!}پdQ/P}uˊ  HfHCcp(gΓ!xH>d|YG`%/ק/TfSw~=$pj%Wp`Êބu,pIU;Gwpjlտ.n C-t.!OHrukwcw%|yÑ3=45=K&z|,seDgbƸAIR&U"PElNXM OxտGZJ\[w O[bA HV[9kzWYK"5E.4P0w?jRifV/ )?ɪ;:y䋘j{C|t~>AdM3+ $|GOg+;s^[3"԰1|G(dANWz &~[*j*bKǜS{ZY4'3}fУWh'@Qz[h Yf^&yFp/ 5J{&ƃBUI/I0Xj,} ^g ^8)Kr+Yc(jG o 6$ɤ~JCn_pƗ){8LҬ/% 9o}n#p.{\Q/_At'`uo %c)/PQS@dE~ue8(毨.+82Z2Z%bb0=nⓛ s'WkGKq?w7>.+M0RxRvr1].5lWOk(Ӽ'2;G^jCU}T~~l.1;;7' |/9-2.ZQ %8R+rP37R8s &\M@rE(\v{ rT3^`=[kbRx:-D裦Cƫ2 nd%9|Yn1Hc#c{-i&SUYB푈dp]&pS8+@D,G'XRȘb!+|ЎZ,%φ%(cEI=}w]]J.+4(־ׁcQ)/P&GX?vL&yK2<S Btջ.v +J[# 0:/n!B1R+"V#}]狥MSM!mއ[[9U O[;Qcťz}^P]D>!/S(o@XOb|s42ǏɑC8k$}t3r^llN5 gՙ 25)b/D ཱུ/ZΦO:tz̧' Mc~f'KW]uGA+VS# nʎ5qH/@pL쩟|,x|t,oCAڔ:Kә`C 8^!]XFG (P-CJPaTkAˮG"D퀤U(|,[F.%EVUgvQ .2 cB#E#X>I%;HʕǏ\ 5Zi&(%0;%֣3:JCHeh72}d$?[vSmz9MT*hdIkӹA+A7%uM}-Uqz3_3tL=sFY3|2rQ 2ۗG}E~ 5q{6TaKx :'` _ꤍح ?zM" п+܈*_Lm);`PbvN F'!c1fB3m.J10*nh>HS!S/ !e UTbyK-'HX`(Kup=}I"dD&54A#Z-m #щ(rp'*}#GyȜnHO}L!fd"RI$ng94uspZ3ueBsL ː嶅 +!%ۢ֋"aۍ tH<}* aZD2av(5<1l'D殻;[-hٓ:N/~mTLhgET,t^um|>e9R?I\;T}[0[dB]Sg{qۻ `禘.y[]ֹ~̵6Uo kE1i?v\a{B2SSl7@CHef FekzV?}<~3GJ`gckɛw#&iemD(#DPf),+vYŻGG}*{[%Q[μ˪ B QAq:3Igj 9:) Hf<.u rL'".$ZŎ=~ A2X^ Nt0284WP7ɠܟj`g9ʘN)c Q[׸*'kR,T(}żIڥxᩃm8Gw4؆ˆ]In;õN>)C̴uiMn"ؑ J )Z׻N~dIGGl 2mX,[ vp}[N%>" Z{Koۂ `#Tٿ~;VSxkjGܚgִ= Z>'axTH.vKJJhd]ICVB,-zHI@tcz&bޡ"M((<Q\1 TCC0IDzA@8ђׄ݇¬gn<^],J@rs Y QXйLlBXIA'-ߠr,S'Zs)gW4qZ }k#WM aHd;nWQhRAi@lghڈQ(E[Nc%8SilSDl|.tUt!e5zQ;43Fz?gKT7"w(ScS_Uf9k%n!#@?( Cc-0\'i/'rԿC+.[P SԘ7?w._;Bd[OH Qv5F׳ Ω䇿x@-_VЂvXF;GP?.HMBYϮkie |e&)ݺ\ķ:UX zuU}hb?Gr#Ib`rWFA^X %Տ gFGԞ5ƃ|CKNkКe{Kf79lI'^<"Œ_C<"<Qj[ڿtVNf彨1 09H~rRbZCxnnQ ~r6IY[Gpz;؇SjM]!귙 %^+ V'u]WGR~T6zepl-Y`ǵ /|Z d1$@]"M j0 'P}-AIлV'\`uDx)B f:1|-m>zk+-2V~PoBn&L锕8_qV>q< ;bgh{c` [7% O̜j(6_0-F:8'CGY!R/׉? \}bѮ-r k^ WZWhD gX-|rPm9ynV49b%x>c ܳ3˳M( ݿquDUB 3@6Eo`6f>DIzPL<|LL1-M#& Wح)5'{% iY;&^l@5v*XuXa`[k"`E9%9^Dqd^unxkձ2֯}&~G,hPT1vCtņ"=#IBMAQJϽT8n]fž)z a`QFW%IӼyd/]MD5@/ dzkm3uK[-aID]wV)lmҖ+_SWd4SK]^,XK샙 $mañ"_Zݧ HN~X>ПUWw#=R"),zS.հ'SQZcVq,z5jNM Յ4C, MFVW{vD4,M0GecԚz4'Ӷ N?W\I&ft;)I^$3p QX$"5*Kr^.:1X0'*y!H_J OP}oPR+-MYZuvL;[Mj;MM ]Ǣ8Z"s't Il!gs_W9k[mPlkd!&4Sq/5韮oZBVwj10tcY[{UH:؋nCGa_Ŧ,t9:1)Zّ\1L52>t"7&r$KSK4Nv?e-Vշ˵Ip1% ̚Т;+7Edɶ?c:7eGe3_n69ɈQ$lK98_!Ŕ855/9&:fCTdtIqA.ZHb=z9eM)zh-KK`3rSapn75Vžr5j, =l`pΔ{Y $ D蝁[ A5տlǙ^}5jOBNݬZXM. I TzštlwtC9j'XF9!!{O\!{=K'Jf D|9K;hO3K6 GG92X1tV2}sr2? Wmwd.T#B p5 vS#)N޽)6MA&'*!ທמT;!*",ZR*jz6uTh;stw5}-pշ;]ΙpVy'dn5:ˉD#b3aGIƧ1(̈́ԯW/ii5?>Jz+ (A~F1ܱqa7x?<,=O]?Ӆ( 1o=a7Q[/BJ0JD+OB'ZG:S'9?WA&%!XYmX0$?ݙBlk q0ML  % 7^,Λ* t.~Un#X΅?nm R&8d.a ,0v/ 7<8$ /B-@W<=[84q {m4qêpYFx#HߘX $rwzixH0lIpt1O^i.,5\ALqk*^٧FbÇ<֦ nDc6 58qtYM3z~#Gz(Kb}ӣY's~k4$<:E;dL=CsnoJ$?2^Wjn^ugapT9r 7E5 ?eC#yӒwEɡB(& i[ pL$Oqn:HxsBQrkֱ6^V! .E7ѺMm[ ͿٙuE &d٫.WZ@hnaH;I5`z .Gm+~Dm?N' lh^(:n?Iu#[6aŦkJNdiCސ(>< <[moНӛ9\ OuAsiŞBe:ϧ6KV -s/^ K؃D8I&:8g\k_쥊w;xCCqk_ť&W7ې_өi?BHR?->_8& sy(%F y1jGxvoQý@c0r=%StxI,sDH!7L 74Y8:udN@_?qBAOjzp<_0V.ȥcT[F#.7DPhL!ř>+@(vCܐe|]  RWw _̮huUk3x^;ĵڑϜ}N %2ipcNstk5FV%BgqAkFJ]cو\+Ix@+m{R:@Rg{KZyEWnj^4,œsgpG'38:Sz|dÝPMR=} 6@׆AÝ!com ]G:DR&$:& ւӒ#S=pY!Kf=.kmQ5[.֫x͂ 젥2Y4v +·CY{:['XjCY+9xUӉƭnkYp2"Dj"k\v@۠}@VMOp+J{j= }>7SX$n+<\IО;\~oP| :! wθ\:5eNbsE)j4@3avre5,݊% ʷS#gE# K*Ω}{HԌ9isO=nA5őho%p G232f]|m|=v|,ԺQ1 AQ>)$OrJe Ln c ɪPϕ;J#>BD&HxUܔZ%[!8>'g8+e9tO G`, t>x9e_86FYph{]AŪ; +ZI1ŧRt&oY=}FWgJ5XY w8m2%teƷz;kV=鹕22yC7ΕCo 2OQn!?{uZN;'k\;oN;BwEWwohIm5&}P$08ؕiʺ L+5@,4~)tcA,te8m0ݟGfo` E7[u둘Z&;dOUcv|tiEW(6_ ek^]yv<)P9v j2MCH˴GvߢEģ@G̸27{aE{ }X_C̾01W7TN3;{7vJcdԱpg4_CM^ )(e@O|,bѭoװ|Yb4u$+pS{yvjRhuI^R.]8!$_D}k5Zv;jUV%LjW1ދsLJQ*x>њ?P{2χ,ˌ9K9~(_ [ؽp1A1\\&cV}Fw]j$SDB~uG$~YF^@ݩ\F)"P^7-q-PbG--j$s,'{6 >fn7.[/zQ:t,6_ >OUb H fS+O7X c?㹪~q^ };8Y 6kʊb7`GS_ Ql1guA}o=L"" ܪ|^;]!t;BSi鋤KfT =`:sp#sFt[kdjv#m\0Pt2FlL'Sڋ썓.E>QQ%F|iڑpaWdvŷ [S2qyv{5~M_x3ڟ Wʓ>0G k] x-CKHA3ͽ Bvв|X)!lx9~8>-vzL ~<;No݌٫+< qYd!i g8Psj.CEuyGz8os uwX6兾zG(ކc0oc}WI p UV oG#6@@R'MhԫY*\w~k,c]fU6HrGRxW EpMS'cuvrl[֜wS[D5>ixC?`<FˊdY'0GRZpWgQX]F KA_ n{SS,8njqF8Y8S8bk 82`K+m\8`|dnIQGpJE knno^`(.Etݕ,w&usP|o# q䧨]MFC,ر&aU\S({'lTp%H6oGZzTowz; 6J?0U\/XMh7dAYNiɃ.l) DWLv2CrOp]ˆv;ZDl5ٟf84F'XUF0fw K$%EXY<_B}Š^>zLG\D* ͮYDK_|:Q4rYz<[=|"a\4 2#Öa2_mPG?VIoK,#2d3Y 8zl~NݐqfQ}P'<ָ:f`wLO F`o =7.Wh/!)oE'q_Z 2\OX?PgtGy;g.[+2iہ*U B" +mP呫3Թ dY'6Y"Uf>\_S= "1 Go>U,KOcVҖz(9Gox@e.Dom"#Ѩ$ND_q`$-֕>W.{i|5f\XpJʦ\a8I(˝e;Ƥ(H{3Ɔa">+~,jԌ 58=EqLjWm\z&!' XB ¶yi8A*!Z l]IajLKhz/0}ssmp_` Öc' Fef*{a ]; iK64'8&/= Ü"DW h2Rr~]QKb|5ɶUCX3g;&߇qŐY`Wd=\GxBkCzZh2`T؎UiFPejQqFDhvsq^Kǟ`33+vA&՗GuiSjR_SG}vu=Iˉ1|u (FbO~ޘy|CidNt}k#L4">gwa!QXhUZblM p? /ԡ&DmjDZâ;@.5!\9)0^ -;"85]5[ QkBPA5GVS 5\CsT;9èlpu[k|}kRVdR6܀y:@RSDPg >xu_f՜I(Ad ձF&}Զ 4 ֙hg)9۟",4Rk +غόqS7vK7 ɴ˨4G~ Tilz~ӯ\0MLa `1(/ wײp KW<H0M'2aK^eH\+_{6Ƹ0)VsW],<veUc#BN`Gۼ|@pp# fH9VU&0WB+&F6>w:/P1G:,'P&\WgY=¦Ma ʹ"+nR̄01?TL}86!& |LaMpts?\=!l'j;P,X'NQJ1bX3k(w ^89\W#&85jm,"gg\BnJ;oIJi$3Ie),u·OzLjտf@C93D+8x$鵿RnȲ.k?TZ42H3{.nNE#m@4 yMv'Y,ABUG{9 5_fgP5gx(&")BX8Aó_pr]iz^ve.jI,괨B졼bP5yFjBrvC3=xP].rz<鍀y2"8l59m)Ч% ^&ϫLP  KSTwӀ7 E\~ҩ"RQKKr<|\`=aiOeQ(6ԥNKه/# S#'w65o ٮn[޳0W⶟y-G/-T~sӹF49Kvصayċ?~Ucc(uHZL$8gˡ2;d%L0*:v+OyW&E@gp XdžH BRm؄$wt gǥfuhw, z[\aK UܕXً=-R搗8>d,+Xn9jD86ݪ/c߃%~;(QG7O!bmfX }8 +[b'9U/Ϲ)OVc/AsRx#C!=Q?)?dku:YeG _Q"69Gc9ٱi>TJlKc%`_7bzĭrS + au8roI:{G$Y]  am鳻YrgJ=jPf_ w<B9KJkCW?x+3ٖ!M#_TѷS]\LQ$QjW~^UyP ǻ_.Kl'+Kn^P29R-g,.sA `Rjvµ%J)oUτax"=UaagC}> d*'^ۖNr`_z Ic'& 3؝,D5TWP9l[e~͵w>f }߰gK%>*i%Y)U^8YСhRIƷZzgT[QHa-]bJ[RDٓĂ>fS0^7x09`D\ {hAaH֬ ;dvMB5pQ}]颀G[e3M?SS.z Wp)Q8<(qN,hCL;?yPc.n9>mo%:v*OG{6m AۂrK r0yEK4z.ϳ\0h[a2p*DUQv}kvG N5`=.Ҥ(ElCaRԏ8] mk=Ƒ)ڭTI׫L?S& h]~P>c 7ZE{DNtB\ q轒2vv#ok?=/g&h͝> =b7kz}ŏfk 4~&G-gE*T/Jo=!Yurpay5x1$I?K^Bf=4U^yQo'ɞtÁ >P;`.n9RT*_{ξhӻyqd0ݘ ֳ!|Ǭg},kz3ˏHs~kr:r^_CPS|YZlxIzʞ6ւw|YŲjOR$ TCͥڠjY,<Mf x[3I3X+}P9/I"+ObY,WZB)A?_ 4J>RHp]q"sѸdz8(3$wv.N4Xly蝫l=A0x=t)i";:y3J76KFY`&4`;?v,h%\JD;gQPdY/{b6>i2s⭋&Vk烯܏ɀv<&R-R .Cqh/n@KvdXӲxwG{!<֚l#6,)i.k?i[k|i==-ȗE\ʎ?kD 0H3Uժ*{:SnXgRjH ), h(+;0ٻÒAyjMJ6A&A}1-Fj^K.SRh??)W .=XJT@-4)hYL;*[jj/ }L} G:[_ӎ!TZP>|\[;d%lg%fZgfB4E75Nqҥ z{Wag7ɗ3 -+9fmU6ֻ%-֐L-򅖪cIFaD6͟!E%:Znݶ)}k3 'ۚU5p>|,qt|qoM(ܮ/nW8^d{^^w5*"_w: is<:Tnd// T Y\6q ǭUuP0iCj>Zce> {|3AsmD,Fi 6} e\1%ޠ.eo+UfQF?f@䖪א !WA E@_ƭ4'c+N+1qꑾjA]+v\jՋZ(RGOXW.v6!ϿA=܈x8̚fߎɱSC5 G 8)T :2^nja&RjŶyy+E8W/>a|-c.P} HM$ɷ"uT`L/m`EM"ni} %e6xY95Y@a6 !-Aco̶߮sr8􃎉_Uqf:n f[^ILy'Mt|qI:ƍdO?ړ[=^|K@yՎw"mY4x b,GnXgE"oF.uqxpQ(;.DQ]HJb%"e񽓴-0@CSv _>kA)6eXYT* #L*yskݭ3wN&^aRHéDL @PkqJ;D"FDGcxg- .B`inF>ՠi寰4S-f^Q0t$b=-_85l(5b> ZVW@jsi^!&3BzaA׎Q%vS`H7XoTZ*+= {GofD-"|r#1ZmLkGi%Qj%]SbR!CX6,e +D4USoLD)d ~fg߂S A)Slr8ړYjeI( FxQ-.c}̜j?Ԛzf3p=6` *ENlC)+ Pc?:]Ft}<Q~>#Y=,f| Vzbh|.!q|+%<:K."EM:NyuAn[ZRWlNUE7B( ǦO`EO:nU_H<}\:^%{RPF0~Jt,L.W%O^PHh>LWhn(`|40g?A˭rI- 7X'Co,6S7qW|3O*b'X9+7oOJH J tyq{خ}S/}vuBcL7Jt o%73:`f)@71S| kP95fuS ZRH&D) bS(vم`DfzQR3 FeWf%EP026e6bO[ax&Smf`շ%hu晃@m6bw`㵔)o}xG<.7v)F XfG]g)JHQ'(MaS.ګ\ʽzOFaޙp}C!](D߿,h;#0Otk]Erz M}Qc=^TWy9QF4||j'Aҥe )&UaQ>3UzM]mce7LPO77}xs@ce!M:%f~,:rs]D!GDTecԵr ^|Cׂ˷j૛)yu%XhnXז3e](s2D= &CŞI|DoQ`43/V?fl,Aǧ7olE#Mq$|jcH{z9}q'/p/T]B[AX\*_t_in&Ἶoz[gz>gk+:Zt l rEÛ-5ZΉ$^Jχyƴis]}|'H&o`dlHSʽ3Nр~wڰL?-y:_31Z6Z$03۱#Rt/C>q5L@I L Ľz*WfR1A(ߩn3 ZqzW4Rx%/fW_ZSܤ uڌ5z,dw-^6C|[S5-ѵ _`[iX&TRv; Pp$1Ҭc~+#($&vcQ\T_bX5E yB%M8$ȽVEC}h+θ}Z!˭\)kHBZ^=pj*2̔D%ʊ1gFꑊmlsێ;&~Wb\5 CՔu4;>Ljɩ/\K/NȦzE}YЫV{JQ!}z,N*9A u$ԖB$?_<$9uܯ_L:^ mZ]OjMWla0d;<8bLMl3l>, Cs PS JTng$z˼66[Z, $Xȸ`hh`\V|KO(b)翄P&#,Pۧy@b6 =Zs9pmrCpZ`ED;a$uHfMN'IzeGv`PRX[1v#|#Xퟃ!89eT"nb/Rsa-wDk-2 $_}vJ?{8 $[i' %$AHM ꆭDdk U1&<_~9I "D)?ܬ0-oXP>KF^Gl9$$?$*!N8ĨuUkxuK P Qt\:DnNt_)1U̷YűkD$FNg̟u2]}) !VTnRXq¡Wrpyc1J+n^칹o Zwa :<[( q2Xf*5z!6r%1m]q e74_Ĭ_ oZc]=UC\_*X"DmT!2q91 !3H0}NA.x_awkw.s`J5X^<"(s?YtoKT&XORY(^HW}J{f.8=%Za3F>hdZzFVU>ZhA]/ EƧ[X"~Yl٨ oִ tSYD<[I὘vQXM gѹ1Ԙ"Qrr O (ȤA}jh./d`/[$c'[M.ާӍۄɻ]%iH?Gۙ\Ğ.Oe\M& @Ը K .&(7מ{x2w];J6$S<`40Y{]&1fWs~b7T]M.LC|'F;%RAt;%?O$š=D{@Dg%~FC;K۞ODQD"Ό]``%..)[D"X|\M+ؾ+ }p}NؑF3HirSE qoщ?[}Z/9~ڝ $ݓy߉Nq_K%|JA B}Ծj 5'D{ǞԚ2 C}*I__jOqAz﫡p8R@_fsSz(q [QAK{ Jגl6w6KfuɀuF};+D>B&gȃO A6?eHv:c,7]®\3Os>Zo-Z`HS|u9Ir= u((B'1\ {?EֺwdB s\0oA}n{yۦe׃r9s'-uZn`^[bͷc,b&^hGN7ӝD#X8Xۛ߸{|clU#jVyIbԥ 5iN7,s)זo{~ESmB[mu:Z4򏋆Icu{o*mUq-fdJNϦ88Q[N1wBe~ievS1US4Rzp(4lRX(SvGUmZٶ敇JhM 7Psl.ZUZXA %6/tlt_NDLrT"Tݾ=]˻,F Joiv`/(2|@:/Q B}-Ś @B[kB_2<>T$+CE0 8ش}-} sCF3Q/O BE͜1ܜjr_s㦶S~$G^4E±.Ώ/MbMU6 ePrt[ߓ S$=Xzr kڅ]d]KoaA/}~ }4`SJD!q)4qZyEQ[>C,@s[:M'HN"){CsN26Qa{d02?2@j$\a<_ZjNN܇O! EZR?~>Ϥ0T&8TBڷ1ҙUc;).WԂWX5ؑBԎxȹf!;#e&scY09ܸk\3CsE 'UOzYr28BD 5^D )F}[>}sK16F)9,Mu-K--$Ŧ/ k",Tœ*A*ܚr.Ĭ==E-;lK$$2 86g;}lO4~ˋEBʢ^m7~^}>zcn,X\g%(%C\^Ƨ'>mɇ4A:-vLTE[l@,Z}B4BQa3?gIcA]N4'E!k1A=G/mQ%![bi MVIeYW c*˽ZZwM$uk7!:ADd<!Z#ѰJLV-oˑ[?E%KB*hAG)^ʣ 6r sm_ TzSɘVZP'_t9<0s 4SX~h%~.POa8yṪ(1#k MP1ʙ/+aUP# һpG^X2(o?vQ` h[S~Fn-\ gxVDl^jʃ?s ן*A{A>:ǣ-.] RV e#k,N$S g6)p}[ҙ /,, fݛ?Y_; h@b BIJc;^"? {AD~jv68-"EvI;oSN_ D;JJt]ǒ^>[zP/ @mdn s# _hr]QGK6̗h 7 m`w𼗸v5-Dm?Yݗ70I}:  yPxС ~CqP 4AJOR<ѥg=xI^G' KDÿEVJP)?ub|^β%\#|. E@m#awrP#}~A}9T( ]=XWIy 1(&? NߝajL=5'u>^լS1·ĵ-yF }tL]19VU[ ֣c0p``3#^?Ldl56`G KVq~ ũZ쒆^so a}B%; +=偊2y>6ծ橵&4D]cS`Շi훤027 ʱn5~ATX*듨:tX6z䙗^ЬTZ2f-oȢV)z4/1zfKaTB$G$0[}Odc1= :֎v掺G>W ;40yIف]2rȽ.hp`&,BGi> ZtxrՕ/uNWӟCHU nb,nt9,xf;*^]e8R}]T{ο ܺUTb$@SKRbZxjFR*}4#(#,vB@|(!fV <6G) itZХ ",.!HDg^gn{n\dRn.=cX6 A* `/MkKÿ(>$l"KXд o}ÔegsD;ܤ^. h ࢮ1f7הR>صOSft3ܻprѪrTJ{M II -0\Qw#Jߎ,.> k%*}Gz1&x+ZNpCpeNq;D?}斳 Rz@Qș{IOf6vIB'^ٗ-hDT2XiAĊ~ sB&I?.qA2NCds@cEflkď|* xxĖkȍN$M.|292SAx-ZxWXɖg?CSR~V^1Ҁ*B7!zBՊ*1I%c n`O. VLªL~@Ǜ46 O K0;̙3c];+۬jx4$eT hcV8jLMnb|SU'mZۮLk:ČUd"BOVo"!J2h`rTSfZg;K:QNcٞŸ?JqKPb"{^P_ #6 XWI `?bńoSA{"GJC^-d7g)mh {8&L\+m65qV^=FJ_,(|vz0!q.WГR$o@ui$kɳ2 >g¸"Cyn# 1kLw^}⯑Y3=A3t0ǡD *ت9.i/rj0JY-& hA} l:*[R d{۾-d.=ʈQKѻu Vn>H_|zn#A$emԪ㍖(.(+D@3}u V(dy7PMn-wL7ISlDoD< 8OdgfkuGTb{5VSq=#`Pg (4O!'T,D*qtC1n1 ï˜.e]25Bp3il#kz>1io)(!Bjwu.eɯEByMZlN"ՌaW*!z*OL(*~ʪBX֝WE'M$Ua` h@yOk>-9hv .zαB?m_]V$~?"6{!<MM~%/tP(QYINrE=|q_uWhKVIyF=LMG$W@PdUtxNW=R5e,OLUo<{HH624:Qi6$&CSvѕtL(Pp !7D5d|-*(F<^úbWy:܏8ߐ òIt l7e*~DFUގ豃$= /]v3v5&6h=)P$K鴐tٙ…QF'3TЩ&^$dtY);V6ظ.}ZUbX' wd2X8V9#VJ?K|G./@˸KD]*( jD@'sac+\2ÕLpV!-/]L}F& H8ABznA;@2r-m AiLm+ 4d9:m⨡V{CO_g҄ZK~)Ҥ y.%lj*jp;l>e#m`ĕ-jb;%F$A1@7ऊHw9' rxlU_xKesCAQji0V]ɌZթdLڇSD} -zmBXD[/w A2WE1MЙcY[XHCܿ2 Om쩭5'k>ɤ# ۣ\oEm.`LG} Gԕw+*|ͮn_λlZb5#+"԰ηDROMZ;J=#Ңc11l+ѼO J/21 P+W ?LS'KHErs$"Qca1zJftxtlgQ0{ 18⮈ ݹf^c56+"Fco?cEq@IQ8€#n%ax 5{tVB€[f=|AG\a#jyZ]ը!1`el{aF\Q|A5t<[ q(8w"UREtBBTMBiOA<>@VrhK7im{*-+K B`fU0IC1<)6 7pd ު?rK-XМsm.. zMAzu|d {`#xj&li[Ρ? zhcclvB1 A ?Cʲn.5.QwuxL32'\73: {3lYٳҧ*Ty-GOlmg;_)4%>4O#qPt?~;m١!Q'TO Bu(3.W0NgP9ΰaր]̺Y7.f5f@=s8 uSi\c QM誫9n]{KdjɁnV9;;enެ L59¿xUbdqfy K{Lڹ"V;z=Ga; }/zic.Ked[xQ/Hߤ{_x`.N^Z ShT 7EFǏ a|R@oMo5j[,Tr2V(CyF`w*L(j@3-F4/DJvBby='$վ :L1,q #hQ*n\9 o<[18b`q@RAGvlغJEl铀U{н;)D܎ZǑNrw0i:M2}?&^ Fju_w.x8Ū,1U/ܲ;+m2/$INb&YJ&R׳s&{i#g4< g6o%Q lW\#5`pN.L>ڠ%b]adaowXQe=Xp'3-GZhfyd[_H= omeAVpda0Z TO-]nN{ a%73B9 w u}4CHU@n1ȶy= J?t&'%J3Q;y"vn rd)_g.z& $@JSZ@CR | Ӿ,B3 Id>4,|u"uufC#e50XU$Sy_[/QR7Bad'pg4JWyoy'/cNwb`-kC jx w!֢AF%i뤺"Ҷ)+7y(u^8W*9UґUe_ET!#sM}#T\ 2b 쮄$1__boe1B1)#ƀ9p~I l('gPƯk)<:V' 4 ^h:K|;],{=@%/H%"ga[⴫]VSW`O{pPR՛޸)Uw@4d1$J[ވ)!#BKlwOcd;f2ǜ%24P`Ք>|)H2m圣, ?Pz͝;RL]V4LN\KOO$(4;NW SDV lD ͖?g9=Aن 3gFmDcWИcA0Q0=8tGDf\NNA64E\y3YLex{^Z䇓!A,dكatj6{}9{!#u@dyz"GQLvt_VYGzLn=-$uU w,Kݍ0[Vl)^ ̗>ߪ$³iL 7~}EX\݀uW -AS.%&W9_Ԑ[Mکkvȵ4kzld /~sѸJ7NV2ŋqPM'A/yv""Hr>=ݖ gyo_2&Ix$eM4 /p V7+$39c?>,߶00"gXsU69Ce*# G|%faoltꍯOt)&9Ŋooh8bz1A/ԑE0_B{t+(xEv7,H7=_7^7>C_S4 r)[ћ{)H:8Cp oCF? gH06Q jӭm}ݹ5OMKzHшLGr[:{(8/  YZ