samba-dsdb-modules-4.13.13+git.528.140935f8d6a-3.12.1 >  A a\p9|λFH>\28i|#23 >p9X4Or[ O^sĒ) m$+LQIGS[ɞmCr"Sc?D>^H7w߼)w˭k뒠]ހxJ^{sCe?Jط}f߀jFZbc@PBZo:h g뉯rQjPkE#L沗r?MkVԷrI/5ea6df057aba3246b501002a82afc7571055635933b6adcf1cfe49b32c7ffc2a492fe9123b86ff7287cb4495ebf19147b34f5f41a\p9|k "Q]P 3pAA`?APd1 8 J 3JPV-L- - - - !- P----uu(:u((8(9,:;>@FG-H-Ih-XY\-]-^]bscdeflu-vl-w1-x2p-y3$sz@AAA ALCsamba-dsdb-modules4.13.13+git.528.140935f8d6a3.12.1Samba LDB modulesThis package contains plugins which add Active Directory features to the LDB library.a[]s390zp38SUSE Linux Enterprise 15SUSE LLC GPL-3.0-or-laterhttps://www.suse.com/Productivity/Networking/Sambahttps://www.samba.org/linuxs390xln -sf /usr/lib64/samba/ldb /usr/lib64/ldb/samba /sbin/ldconfigW7Gw'gGWW''7Xh7G'7GG7Y@'hhWi@G'''77GG'a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/a[/0deeba2629d1fd396d0c726232051139528429cc0f1226707f5219fb2778966d3ebee1494bbd03adb87222b1510cd0d7374d6988d53bbcfedc065464daa274ba8697ea0572a37cfc220074ae9ed7512861b8f55ea82e04fe17173280fe61bead0adf4088f2645bb31f38736a8b9df50de43bf89683e473926b6c542d8608127af7292d0151dc8d2de06ed03a337ca05172aa33f6e4600c40b74af7915355c6a72ad7ee67e1174e72597af6aacf1d436f836069eabac14b35ae67309bf12379ce762ddcf793cc050546e49c89f68595160449ca4869b9eab109ca657688227c69e687a089e4cfb81bbf1442d0d832a58421276adf5a0b2436a889f5345b8829e7f7c1e54229ca873f50c703143e6b60f389bb750da30d993c9e87bcaf53ef23663e3aa01b42a4aec63b7a5986268735323a1614409218897907de93b76fb7e76b934c85305e32f9e2f575d3ad6352a79fa956e18c79f0927047c9162b654f9c4222d087f0f13097e6befdc56e5edd109ae6a2b5001c8b4cbdc9c7d52668e08fdddd0d1ed810f6e96267e2db72b2ac6676c6153795d2922e8f2abaf20967bfeae6430bafafc4ab4a3ceaa473b154f42222f93ed06ed260878882b75f564fdb5b6918eb548b2d49bf011a69040470c5ed709e0a4f4b60c6169413370c7fb6a2e82538af9169271055455749147832dbb59e587729e4721d9115d88b4eb433676075e84f77be18e0966ceececdc35f4fdaa6034f18c6a66993a3f47569b84886cace0d2fc0bd0db49df542b6fc574571bdf0b27004034dbbc03b46c478557fbcfbe5a2f91bdc54e3787b59fbfcea1ca95d78ed833fa0bbabd620a536526eb772ee03b79a73b523bfd3e4c88572cf605dc80ec2d163e87873802aced3959f8313a113daffa200ba34559cd4c01d011020b00ee9c0ef41da1450d97f059e6d7e891f520699bd958293ecf913a6bcfe861a9f6fbe41467e0b81fe96a3be2499f46c93cf2abd9bbfa852d391d3c27064d64a5792f309fd72467ae27670ebb305a05be8432d845ba5981a9cce889a0c2f6a49f908662ca9d71729e308a44222dc936901985d37f4bdf4c426b1d1f3e9232c83dd0b43a504af731caa51911cb8c55f167990f7b76d97b568e8fc0ee969f5bde4d659e30f1852ad88edd8c2e714c2fa78a117440ea8361b86b4e968d207104ba44da9f509089c259d2b538f870f032e070e816f63eb45411a61482b7b2a42381959a2fea219b36f0bdbf21128b39e9f853d8e7d36b4bc41eef1f4bb8b4ccbd7818c0577555bcf56632437d63f9a3c9de7507c709188f5999f26eff418eb84294d8be215f9720133cf6578bfc9688c3b5b59d159f0c1a5c4f186e265c1e398ac5d1968755b6fa2b6ee36895392a00903262cef03cce1cfcc96cd2a3e4ebd6ff3555967d4af977b90683d8f1f14ee58b26ad48f0829ff20e0f847c8a2a41abc0766e550a74f831481b9234a2583d4673a894d54fb672449f93b16822de4e7ad19734a8c4a1c7c71d26179523ace43f4db9efb71f14e39740f0a8fcd6c1bad666a239325d2c09ce3ba6369fca943014418454b39c229e8cc22a7eff9d5968009da93f694f038762ef3a6ed55ca91df725f8bd0dbecdb64e3c30aedd29dae7193f16de1681cf570c808ac6fbac402c6398a253350ae22278d02b8f47a5c1716addbd7bd9dd488907f3b39cadeca276bbe5be4ab12f9ca3d27512327ce3e17f844f95426e0c34c61b8793afc112db4285490b28af43141f18789d79b3d6c85327fc1cce0ea7fa47faaa7e5b4e6f7d7770f6017ec4610ecd8fea30b2a387f932a8a22a762042beee06872d71e76da312fa3cc7dcfe8676c65452bdb4b50a3490ce2c9c15e094c635ddc28401a54cd65e177f3384d97575ec2369f2545463fb562c350f4a9953d4477536f408639f5f962b1a95b9402ee2d6578d5793f878d7e38435f91dc1dd68bb7db11465afb09bdd031838d50d9d64a126281a306779c0c2ce68e30fe8482bae061adb49cafb5883bf554485d05rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsamba-4.13.13+git.528.140935f8d6a-3.12.1.src.rpmsamba-dsdb-modulessamba-dsdb-modules(s390-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/sh/sbin/ldconfig/sbin/ldconfig/sbin/ldconfiglibMESSAGING-samba4.so()(64bit)libMESSAGING-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libauthkrb5-samba4.so()(64bit)libauthkrb5-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.7)(64bit)libcli-cldap-samba4.so()(64bit)libcli-cldap-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libcli-ldap-common-samba4.so()(64bit)libcli-ldap-common-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libcliauth-samba4.so()(64bit)libcliauth-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libcom_err.so.2()(64bit)libcommon-auth-samba4.so()(64bit)libcommon-auth-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libcrypt.so.1()(64bit)libcrypt.so.1(XCRYPT_2.0)(64bit)libdbwrap-samba4.so()(64bit)libdbwrap-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libdcerpc-binding.so.0()(64bit)libdcerpc-binding.so.0(DCERPC_BINDING_0.0.1)(64bit)libdsdb-module-samba4.so()(64bit)libdsdb-module-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libevents-samba4.so()(64bit)libevents-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libflag-mapping-samba4.so()(64bit)libflag-mapping-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libgenrand-samba4.so()(64bit)libgenrand-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libgnutls.so.30()(64bit)libgnutls.so.30(GNUTLS_3_4)(64bit)libgpgme.so.11()(64bit)libgpgme.so.11(GPGME_1.0)(64bit)libgpgme.so.11(GPGME_1.1)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libkrb5samba-samba4.so()(64bit)libkrb5samba-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libldb.so.2(LDB_0.9.12)(64bit)libldb.so.2(LDB_0.9.15)(64bit)libldb.so.2(LDB_0.9.16)(64bit)libldb.so.2(LDB_0.9.19)(64bit)libldb.so.2(LDB_0.9.22)(64bit)libldb.so.2(LDB_0.9.23)(64bit)libldb.so.2(LDB_0.9.24)(64bit)libldb.so.2(LDB_1.1.0)(64bit)libldb.so.2(LDB_1.1.2)(64bit)libldb.so.2(LDB_1.1.30)(64bit)libldb.so.2(LDB_1.1.6)(64bit)libldb.so.2(LDB_1.2.0)(64bit)libldb.so.2(LDB_1.2.2)(64bit)libldb.so.2(LDB_2.0.5)(64bit)libldb2libldbsamba-samba4.so()(64bit)libldbsamba-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libndr-samba-samba4.so()(64bit)libndr-samba-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libndr-samba4.so()(64bit)libndr-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libndr.so.1()(64bit)libndr.so.1(NDR_0.0.1)(64bit)libndr.so.1(NDR_0.0.4)(64bit)libndr.so.1(NDR_0.0.8)(64bit)libndr.so.1(NDR_0.2.0)(64bit)libnetif-samba4.so()(64bit)libnetif-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libpthread.so.0()(64bit)libpthread.so.0(GLIBC_2.2)(64bit)libreplace-samba4.so()(64bit)libreplace-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libsamba-credentials.so.0()(64bit)libsamba-credentials.so.0(SAMBA_CREDENTIALS_0.0.1)(64bit)libsamba-debug-samba4.so()(64bit)libsamba-debug-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libsamba-errors.so.1()(64bit)libsamba-errors.so.1(SAMBA_ERRORS_1)(64bit)libsamba-hostconfig.so.0()(64bit)libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)(64bit)libsamba-security-samba4.so()(64bit)libsamba-security-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libsamba-sockets-samba4.so()(64bit)libsamba-sockets-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libsamba-util.so.0()(64bit)libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit)libsamdb-common-samba4.so()(64bit)libsamdb-common-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libsecrets3-samba4.so()(64bit)libsecrets3-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libsmbpasswdparser-samba4.so()(64bit)libsmbpasswdparser-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb-wrap-samba4.so()(64bit)libtdb-wrap-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtdb.so.1(TDB_1.3.14)(64bit)libtevent-util.so.0()(64bit)libtevent-util.so.0(TEVENT_UTIL_0.0.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libtime-basic-samba4.so()(64bit)libtime-basic-samba4.so(SAMBA_4.13.13_GIT.528.140935F8D6A3.12.1_SUSE_OS15.0_S390X)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)samba-ldb-ldap2.2.23.0.4-14.6.0-14.0-15.2-14.13.13+git.528.140935f8d6a4.14.3a@a@a@a9@a`v@`a@`<@`@___i_@_|\@_{ _l@_i@_d@__ @^@^^2^2^^1^^Y^J@^2@^&^&]]]])]@]@]]@]nU]nU]i]e@]_@]J@]B@] #]:\ڭ\\@\@\ \N\e\e\}@\o@\\\\\4\ @[[@[[%@[@[ @[[t[#@[[Q@[Q@[\[[[{[z@[r@[ @[WZZZZZZ`@Z@Z@ZZ@ZZ}@Z'Z@ZOZ@Z ,@Z@YY@Yo@Yo@Yo@Y@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USanopower@suse.comnopower@suse.comnopower@suse.comscabrero@suse.dedmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.denopower@suse.comscabrero@suse.deddiss@suse.comddiss@suse.comddiss@suse.comscabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.dedmulder@suse.comscabrero@suse.descabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comdmulder@suse.comscabrero@suse.denopower@suse.comddiss@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comddiss@suse.comddiss@suse.comnopower@suse.comnopower@suse.comddiss@suse.comnopower@suse.comdmulder@suse.comdmulder@suse.comddiss@suse.comscabrero@suse.dedmulder@suse.comddiss@suse.comnopower@suse.comjengelh@inai.dedmulder@suse.comscabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comscabrero@suse.dedmulder@suse.comscabrero@suse.dedmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- CVE-2020-25717: samba: A user on the domain can become root on domain members; (bsc#1192284); (bso#14556). - CVE-2020-25721: auth: Fill in the new HAS_SAM_NAME_AND_SID values; (bsc#1192505); (bso#14564). - CVE-2020-25718: An RODC can issue (forge) administrator tickets to other servers; (bsc#1192246);(bso#14558). - CVE-2020-25719: samba: AD DC Username based races when no PAC is given;(bsc#1192247);(bso#14561). - CVE-2020-25722: samba: AD DC UPN vs samAccountName not checked (top-level bug for AD DC validation issues);(bsc#1192283); (bso#14564). - CVE-2021-3738: samba: crash in dsdb stack;(bsc#1192215); (bso#14468). - CVE-2021-23192: samba: dcerpc requests don't check all fragments against the first auth_state;(bsc#1192214);(bso#14875).- CVE-2016-2124: don't fallback to non spnego authentication if we require kerberos; (bsc#1014440); (bso#12444).- Update to 4.13.13 * rodc_rwdc test flaps;(bso#14868). * Backport bronze bit fixes, tests, and selftest improvements; (bso#14881). * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal;(bso#14642). * Python ldb.msg_diff() memory handling failure;(bso#14836). * "in" operator on ldb.Message is case sensitive;(bso#14845). * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED;(bso#14871). * Allow special chars like "@" in samAccountName when generating the salt;(bso#14874). * Fix transit path validation;(bso#12998). * Prepare to operate with MIT krb5 >= 1.20;(bso#14870). * rpcclient NetFileEnum and net rpc file both cause lock order violation: brlock.tdb, share_entries.tdb;(bso#14645). * Python ldb.msg_diff() memory handling failure;(bso#14836). * Release LDB 2.3.1 for Samba 4.14.9;(bso#14848). - Update to 4.13.12 * Address a signifcant performance regression in database access in the AD DC since Samba 4.12;(bso#14806). * Fix performance regression in lsa_LookupSids3/LookupNames4 since Samba 4.9 by using an explicit database handle cache; (bso#14807). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Address flapping samba_tool_drs_showrepl test;(bso#14818). * Address flapping dsdb_schema_attributes test;(bso#14819). * An unuthenticated user can crash the AD DC KDC by omitting the server name in a TGS-REQ;(bso#14817). * Fix CTDB flag/status update race conditions(bso#14784). - Update to 4.13.11 * smbd: panic on force-close share during offload write; (bso#14769). * Fix returned attributes on fake quota file handle and avoid hitting the VFS;(bso#14731). * smbd: "deadtime" parameter doesn't work anymore;(bso#14783). * net conf list crashes when run as normal user;(bso#14787). * Work around special SMB2 READ response behavior of NetApp Ontap 7.3.7;(bso#14607). * Start the SMB encryption as soon as possible;(bso#14793). * Winbind should not start if the socket path for the privileged pipe is too long;(bso#14792).- Fix 'net rpc' authentication when using the machine account; (bsc#1189017); (bso#14796);- Fix dependency problem upgrading from libndr0 to libndr1; (bsc#1189875); - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2; (bsc#1189875); - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay; (bsc#1188727); - Add Certificate Auto Enrollment Policy; (jsc#SLE-18456). - Update to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); - Update to 4.13.9 * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log level", synchronise "log level" in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); - Update to 4.13.8 * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571 - Update to 4.13.7 * Release with dependency on ldb version 2.2.1.- CVE-2021-20254 Buffer overrun in sids_to_unixids(); (bnc#14571); (bsc#1184677).- Fix offline domain backup not possible using lmdb version >= 0.9.26; (bso#14676); - Require libldb >= 2.2.1; (bsc#1183572); (bsc#1183574); - Update to 4.13.6 * CVE-2020-27840: samba: Unauthenticated remote heap corruption via bad DNs; (bso#14595); (bsc#1183572). * CVE-2021-20277: samba: out of bounds read in ldb_handler_fold; (bso#14655); (bsc#1183574). - Update to 4.13.5 * s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure; (bso#14634); * s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection; (bso#13992); * smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services; (bso#14604); * dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones (bso#14593); * s3: Fix fcntl waf configure check; (bso#14503); * s3/auth: Implement "winbind:ignore domains"; (bso#14602); * smbd: Use fsp->conn->session_info for the initial delete-on-close token; (bso#14617); * s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path; (bso#14648); * classicupgrade: Treat old never expires value right; (bso#14624); * g_lock: Fix uninitalized variable reads; (bso#14636); * s3:pysmbd: Fix fd leak in py_smbd_create_file(); (bso#13898); * lib:util: Avoid free'ing our own pointer; (bso#14625); * HEIMDAL: krb5_storage_free(NULL) should work; (bso#12505);- Spec file fixes around systemd and requires; (bsc#1182830); - Align systemd service unit files with upstream provided ones.- Update to 4.13.4 * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * lib: Avoid declaring zero-length VLAs in various messaging functions; (bso#14605); * Do not create an empty DB when accessing a sam.ldb; (bso#14579); * vfs_fruit may close wrong backend fd; (bso#14596); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606); * vfs_fruit may close wrong backend fd; (bso#14596); * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * The cache directory for the user gencache should be created recursively; (bso#14601); * Be more flexible with repository names in CentOS 8 test environments; (bso#14594);- Uninstalling samba-client: Failed to disable unit, cifs.service does not exists; (bsc#1180388);- Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514);- Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471);- Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469).- Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355);- Fix vfs_ceph query_directory regression; (bso#14519) - Drop liburing-devel for SLE15-SP2; (bsc#1177245)- Register CTDB recovery lock holder with ceph-mgr - Add liburing-devel dependency- Update to samba 4.13.0 + Require Python 3.6 + Move wide links functionality into VFS module + Deprecate NT4-like 'classic' Samba domain controllers + Deprecate SMBv1 only protocol options + Remove deprecated "ldap ssl ads" option + Unify asynchronous DCE-RPC server; (jsc#SES-645) + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655) + Drop internal byteorder.h header from util-devel package + Remove final code for the AD DC LDAP backend + Add AD DC Group Policy Scripts + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399) + Fix %U substitutions if it contains a domain name; (bso#14467) + Fix krb5.conf creation for 'net ads join'; (bso#14479) + Fix build problem if libbsd-dev is not installed; (bso#14482) + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437) + Fix idmap_ad RFC4511 response handling; (bso#14465) + Fix panic in get_lease_type(); (bso#14428)- Update to samba 4.11.13 + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no"; (bsc#1176579); (bso#14497); - Update to samba 4.11.12 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install "test_util_paths"; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425);- Add obsoletes to libsmbldap2 package to fix upgrades from previous versions; (bsc#1172810);- Fix net command unable to negotiate SMB2; (bsc#1174120);- Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227).- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);- Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437);- Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521);- Require libldb2 >= 2.0.10 after security release.- CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850);- Fix smbclient crash with double free (with unresolved krb5 credential cache); (bso#14344); (bsc#1169095).- Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680).- CTDB doesn't retry outgoing connections on bind (and some other) failures; (bso#14274); (bsc#1162680).- Revert: Allow idmap_rid to have primary group other than "Domain Users"; (bsc#1087931).- Fix nmbstatus not reporting detailed information about workgroups; (bsc#1159464); - Fix querying all names registered within broadcast area; (bso#8927);- Update to samab 4.11.5 + CVE-2019-14902: Replication of ACLs down subtree on AD Directory is not automatic; (bso#12497); (bsc#1160850). + CVE-2019-19344: Fix server crash with dns zone scavenging = yes; (bso#14050); (bsc#1160852). + CVE-2019-14907: server-side crash after charset conversion failure (eg during NTLMSSP processing); (bso#14208); (bsc#1160888). - Update to samba 4.11.4 + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number; (bso#14161). + Ensure we don't call cli_RNetShareEnum() on an SMB1 connection; (bso#14174). + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx; (bso#14176). + SMB2 - Ensure we use the correct session_id if encrypting an interim response; (bso#14189). + Prevent smbd crash after invalid SMB1 negprot; (bso#14205). + printing: Fix %J substition; (bso#13745). + Remove now unneeded call to cmdline_messaging_context(); (bso#13925). + Fix incomplete conversion of former parametric options; (bso#14069). + Fix sync dosmode fallback in async dosmode codepath; (bso#14070). + vfs_fruit returns capped resource fork length; (bso#14171). + libnet_join: Add SPNs for additional-dns-hostnames entries; (bso#14116). + smbd: Increase a debug level; (bso#14211). + Prevent azure ad connect from reporting discovery errors reference-value-not-ldap-conformant; (bso#14153). + krb5_plugin: Fix developer build with newer heimdal system library; (bso#14179). + replace: Only link libnsl and libsocket if required; (bso#14168); + ctdb: Incoming queue can be orphaned causing communication; breakdown; (bso#14175). + ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute; (bso#13846). + heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code; (bso#13856).- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).- Update to samba 4.11.3 + CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). + CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). - CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- Update to samba 4.11.2 + CVE-2019-10218: Client code can return filenames containing path separators; (bsc#1144902); (bso#14071). + CVE-2019-14833: Samba AD DC check password script does not receive the full password; (bso#12438). + CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040). - Fixes from 4.11.1 + Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140); + kpasswd fails when built with MIT Kerberos; (bso#14155); + Fix spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106); + Stale file handle error when using mkstemp on a share; (bso#14137); + non-AES schannel broken; (bso#14134); + Joining Active Directory should not use SAMR to set the password; (bso#13884); + smbclient can blunder into the SMB1 specific cli_RNetShareEnum() call on an SMB2 connection; (bso#14152); + Deleted records can be resurrected during recovery; (bso#14147); + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group; (bso#14141); + winbind does not list forest trusts with additional trust attributes; (bso#14130); + fault report points to outdated documentation; (bso#14139); + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of trusted domains/forests; (bso#14124); + classicupgrade results in uncaught exception - a bytes-like object is required, not 'str'; (bso#14136); + pod2man is not longer required, stop checking at build time; (bso#14131); + Exit code of ctdb nodestatus should not be influenced by deleted nodes; (bso#14129); + username/password authentication doesn't work with CUPS and smbspool; (bso#14128); + smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(); (bso#14094);- CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598); - CVE-2019-10218: Client code can return filenames containing path separators; (bso#14071); (bsc#1144902);- CVE-2019-14833: samba: Accent with "check script password" Samba AD DC check password script does not receive the full password; (bso#12438); (bsc#1154289).- Update to samba 4.11.0 + For details on all items see WHATSNEW.txt in samba-doc package + Python2 runtime support removed; python 3.4 or later required + Security improvements: - SMB1 disabled by default - lanman and plaintext authentication deprecated - winbind: PAM_AUTH and NTLM_AUTH events logged - GnuTLS 3.2 required; system FIPS mode setting honored + CephFS Snapshot integration, exposed as previous file versions + ctdb changes: - onnode -o option removed - ctdbd logs when using more than 90% of a CPU thread - CTDB_MONITOR_SWAP_USAGE variable removed + AD Domain controller improvements: - Upgrade AD databse format - BIND9_FLATFILE deprecated - default process model chagned to prefork - bind9 dns operation duration logging - Default schema updated to 2012_R2; function level is unchanged - many performance improvements + Configuration webserver support removed- Fix broken username/password authentication with CUPS and smbspool; (bsc#1152143); (bso#14128).- Fix auth problems when printing via smbspool backend with kerberos; (bnc#1148539); (bso#13832).- Update to samba 4.10.8 + CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267);- Fix build on newer systems by modifying samba.spec to use consistent non-relative paths for pammodules in configure line and specification of pam_winbind.so library to package.- Update to samba 4.10.7 + Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module; (bso#14010). + build: Allow build when '--disable-gnutls' is set; (bso#13844) + samba-tool: Add 'import samba.drs_utils' to fsmo.py; (bso#13973). + Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade; (bso#14008). + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021) + join: Use a specific attribute order for the DsAddEntry nTDSDSA object; (bso#14046). + vfs_catia: Pass stat info to synthetic_smb_fname(); (bso#14015). + lookup_name: Allow own domain lookup when flags == 0; (bso#14091). + s4 librpc rpc pyrpc: Ensure tevent_context deleted last; (bso#13932). + DEBUGC and DEBUGADDC doesn't print into a class specific log file; (bso#13915). + Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto"; (bso#13949). + dbcheck: Fallback to the default tombstoneLifetime of 180 days; (bso#13967). + dnsProperty fails to decode values from older Windows versions; (bso#13969). + samba-tool: Use only one LDAP modify for dns partition fsmo role transfer; (bso#13973). + third_party: Update waf to version 2.0.17; (bso#13960). + netcmd: Allow 'drs replicate --local' to create partitions; (bso#14051). + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).- CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267).- Prepare for use future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).- Update samba-winbind script to work with systemd; (bsc#1132739); - Drop samba dhcpcd hook scripts - Update to samba 4.10.6 + s3: winbind: Fix crash when invoking winbind idmap scripts; (bso#13956). + smbd does not correctly parse arguments passed to dfree and quota scripts; (bso#13964). + samba-tool dns: use bytes for inet_ntop; (bso#13965). + samba-tool domain provision: Fix --interactive module in python3; (bso#13828). + ldb_kv: Skip @ records early in a search full scan; (bso#13893). + docs: Improve documentation of "lanman auth" and "ntlm auth" connection; (bso#13981). + python/ntacls: Use correct "state directory" smb.conf option instead of "state dir"; (bso#14002). + registry: Add a missing include; (bso#13840). + Fix SMB guest authentication; (bso#13944). + AppleDouble conversion breaks Resourceforks; (bso#13958). + vfs_fruit makes direct use of syscalls like mmap() and pread(); (bso#13968). + s3:mdssvc: Fix flex compilation error; (bso#13987). + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872). + dsdb:samdb: schemainfo update with relax control; (bso#13799). + s3:util: Move static file_pload() function to lib/util; (bso#13964). + smbd: Fix a panic; (bso#13957). + ldap server: Generate correct referral schemes; (bso#12478). + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value; (bso#13941). + s4 dsdb: Fix use after free in samldb_rename_search_base_callback; (bso#13942). + dsdb/repl: we need to replicate the whole schema before we can apply it; (bso#12204). + ldb: Release ldb 1.5.5; (bso#12478). + Schema replication fails if link crosses chunk boundary backwards; (bso#13713). + 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision; (bso#13799). + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."; (bso#13916). + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL; (bso#13917). + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary; (bso#13947). + Using Kerberos credentials to print using spoolss doesn't work; (bso#13939). + wafsamba: Use native waf timer; (bso#13998). + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3) + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found in DnssrvOperation2; (bso#13922); (bsc#1137815). + CVE-2019-12436 dsdb/paged_results: Ignore successful results without messages; (bso#13951); (bsc#1137816). - Update to samba-4.10.4 + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938). + py/provision: Fix for Python 2.6; (bso#13882). + netcmd: Fix 'passwordsettings --max-pwd-age' command; (bso#13873). + s3-libnet_join: 'net ads join' to child domain fails when using "-U admin@forestroot"; (bso#13861). + vfs_ceph: Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). + vfs_ceph: Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). + ctdb-common: Avoid race between fd and signal events; (bso#13895). + ctdb-common: Fix memory leak in run_proc; (bso#13943). + lib: Initialize getline() arguments; (bso#13892). + winbind: Fix overlapping id ranges; (bco#13903). + lib util debug: Increase format buffer to 4KiB; (bso#13902). + nsswitch pam_winbind: Fix Asan use after free; (bso#13927). + s4 lib socket: Ensure address string owned by parent struct; (bso#13929). + s3 rpc_client: Fix Asan stack use after scope; (bso#13936). + s3:smbd: Handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#12845). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#13796). + dbcheck: Fix the err_empty_attribute() check; (bso#13843). + vfs_snapper: Drop unneeded fstat handler; (bso#13858). + vfs_default: Fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862). + smb2_server: Grant all 8192 credits to clients; (bso#13863). + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling; (bso#13919). + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872). + s3: modules: ceph: Use current working directory instead of share path; (bso#13918); (bsc#1134452). + winbind: Use domain name from lsa query for sid_to_name cache entry; (bso#13831). + memcache: Increase size of default memcache to 512k; (bso#13865). + docs: Update smbclient manpage for "--max-protocol"; (bso#13857). + s3:utils: If share is NULL in smbcacls, don't print it; (bso#13937). + s3:smbspool: Fix regression printing with Kerberos credentials; (bso#13939). + ctdb-scripts: CTDB restarts failed NFS RPC services by hand, which is incompatible with systemd; (bso#13860). + ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"; (bso#13888). + ctdb-daemon: Never use 0 as a client ID; (bso#13930). + ctdb-common: Fix memory leak; (bso#13943). + s3:debug: Enable logging for early startup failures; (bso#13904) - Update to samba-4.10.3 + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum; (bso#13685); (bsc#1134024).- CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815).- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183).- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).- Update to samba-4.10.2: + CVE-2019-3870 (World writable files in Samba AD DC private/ dir); (bso#13834). + CVE-2019-3880 (Save registry file outside share as unprivileged user); (bso#13851). + py/kcc_utils: py2.6 compatibility; (bso#13837). + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869). + regfio: Improve handling of malformed registry hive files; (bso#13840). + ctdb-version: Simplify version string usage; (bso#13789). + lib: Make fd_load work for non-regular files; (bso#13859). + dbcheck: in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816). + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818). + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854). + acl_read: Fix regression for empty lists; (bso#13836). + s4:dlz make b9_has_soa check dc=@ node; (bso#13841). + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832). + s4:librpc: Fix installation of Samba; (bso#13847). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853). * ctdb-build: Drop creation of .distversion in tarball; (bso#13789). * ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838). - Update to samba-4.10.1: + py/kcc_utils: py2.6 compatibility; (bso#13837); + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869); + regfio: Improve handling of malformed registry hive files; (bso#13840); + ctdb-version: Simplify version string usage; (bso#13789); + lib: Make fd_load work for non-regular files; (bso#13859); + dbcheck in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816); + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818); + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854); + acl_read: Fix regression for empty lists; (bso#13836); + s4:dlz make b9_has_soa check dc=@ node; (bso#13841); + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832); + s4:librpc: Fix installation of Samba; (bso#13847); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853); + ctdb-build: Drop creation of .distversion in tarball; (bso#13789); + ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838); - Update to samba-4.10.0: + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s4/scripting/bin: Open unicode files with utf8 encoding and write + unicode string. + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813); + passdb: Update ABI to 0.27.2. + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813); + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);- MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698)- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2./bin/sh/sbin/ldconfigs390zp38 1636457309  !"#$%&'()*+,-4.13.13+git.528.140935f8d6a-3.12.14.13.13+git.528.140935f8d6a-3.12.1acl.soaclread.soanr.soaudit_log.socount_attrs.sodescriptor.sodirsync.sodns_notify.sodsdb_notification.soencrypted_secrets.soextended_dn_in.soextended_dn_out.soextended_dn_store.sogroup_audit_log.soinstancetype.solazy_commit.solinked_attributes.sonew_partition.soobjectclass.soobjectclass_attrs.soobjectguid.sooperational.sopaged_results.sopartition.sopassword_hash.soranged_results.sorepl_meta_data.soresolve_oids.sorootdse.sosamba3sam.sosamba3sid.sosamba_dsdb.sosamba_secrets.sosamldb.soschema_data.soschema_load.sosecrets_tdb_sync.soshow_deleted.sosubtree_delete.sosubtree_rename.sotombstone_reanimate.sounique_object_sids.soupdate_keytab.sovlv.sowins_ldb.so/usr/lib64/samba/ldb/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:21699/SUSE_SLE-15-SP3_Update/08b059d7b5a0f63758fd796f8b3745b1-samba.SUSE_SLE-15-SP3_Updatecpioxz5s390x-suse-linux  !"#$%&'()*+,ELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=39d0e0e26b8732ce8bfe4e21415fca929c928735, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=bd550781d1b16db3bfc2c037c2e7bf0bccb5f7d8, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=34dc1041bd8d8ac24e85bec8d556f708186930c8, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e2ca604a495c8e12d664c4d967a03114327417f0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=dbe128bc0c0b7459bec9f530cd9eb5fc0aaab7ae, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=5a7240670563ad64225c9871af4a8eebf04966d9, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=8aed5dbe9a1f7cba850d15092fef691c6bc0def2, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=4851a74f2b4b2d118b7773e6ec8a879227947dbf, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=62008396cd4611cdefd26cda97d8fde8c09ced4a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c09a09e9f2732aa6ce457c72faf39884366e8316, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=aaf6a5df3b89c443281d30278b31ddc1ca0a25bc, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=26a48a4e3c1695b16f16e11fcc61aa85d60aaa7d, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c345861a0b8f7d70451a217b7579a654f6d2efcf, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=835a1c45d3de0e75f10e9713d9ad99b6a034b803, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=51c7812105262523ff4518678dad216342635a5f, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=cf91d2e554f90446b7446de2f143298db158bbaf, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f14832428ab7bab1d42fa0de17ce4d614085bfda, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c977b245b6f34b38438006ae58e02d0f8ee94ef5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=4eebebe396ecabc67db988efcf83dadc2ed78dd2, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a995a47abbc497b4c49938344fef5b7dce494bbf, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=0c28aac14ad0387b762ee07195d8a72745523fd9, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3b9c779120765c275756a4aaee98bf21ae7d9c43, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=af96c1bf95774ee95a2997f8d995feccc88dde92, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=95cf76ba8f8cbb90def848fc298fcffeba63d918, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=0231b7fa5f0cb04b1d2aeea6e783decd2f80fbda, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=b289f9e8e543789986a8679c13873b1533e1e4d5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=0bef163bc94b21cf0d62009ca522b7b9d57b57ed, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c8407924e7c8a116a73f92d7e7a629043773642a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3139e8fa3cad5cafea10e62c394073fc59414854, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=7789c98d4e057c862a664b08aa6800b1d8c5be6b, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e0a2967320935817a8f23fad8124d68b6e954e6d, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=bbdf1e20df2bcb44033d8704d929a38631a8b4de, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=aa4a19cf1a8e383494bbb0e2cfcbd5373a603d82, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=83e6b34dd2e8d241d750ee4fe441465be221a457, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=b6690488663d9575d277aa345d9c19ea7f712591, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=adba302cb1218c2777e6f609a7a800c077f456bc, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2d63f25bf61778b7b6a99a464e84d06b0dbc9f7c, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=57c34fb4a649cb7e5df52a15acb327b526b9c93d, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2e404e21f8b764740e601ec8b53f30ab88f6937a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=290d46d10000562d6b09848a548cb287f9a24607, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=6fde0dadba6862b10663d09cca4dacbda1f068aa, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f4eba3529e129e432d3187b7065d30fe0598f602, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=20ba37bb936acc8267130cb75402b82a1d8f02f3, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=0ab01a473116ffc97a56bb37ae890bc97880668a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=602fb619be8ad5a17921ced51e11196183521df7, stripped7C`p4>F\hy@Ly ):J[h    7 % - !  RRVR\RRR,RdR R RER^R*RR0R.R?RR[R+RDR]RQRR>RUR)RcR-RRXRERVR\R^RRRdR R RR?R1R6R7R0R.RRWRDR]R>RUR[RQRcR-RR?RdR\R.R0R R R[R>RcR-RR\RVR R RRERFRRTRRRXRZRdRR0R.RRYRQR[RDRWRRSRURRcR-RRVRdRhRfRRR0R.R R RURQReRgRcR-RR\R R RERFRRRR?RdR^RXR/R5R0R.RDRRWR[R]R>RQRcR-RR\RRRARRdR R RER^R6R0R.R?RRDR]R>R@R[RQRcR-RRVRRHRkRCRmRTRRRR?RdR R R0R.RRRRBRDRRjRURSR>RQRlRcR-RR\R^RRdR R R0R.RR]R[RcR-RRNRERLRRAR%RdR R R\R0R.RR[RMRDR@RKRcR-R$RR?RR^RdR R R7R4R0R1R.RR]R>RcR-RR?R\RERdR^RR R R7R0R.RDRR[R]R>RcR-RRR?R\RdRXR R R4R0R1R.R^RR[RWR]R>RcR-RR\RVR R RRRRR^RXRZRdRR0R.RRYRQR]R[RWRRURRcR-RR^RR R R0R.RR]R-RRR R R0R.RR-RR\RERdRRRR R R;R3R0R.R?R^RRDR]R>R[RQRcR-RRdR^RRR R R0R.R]RQRcR-RRRdR\R?R R R^R0R1R.RR[R]R>RcR-RRRdR?R\R R R0R1R.RR[R>RcR-RRERdRR^R.R0R R RDRR]RcR-RRARERRXRTRRR?R R RdR\R^R0R.RR]R[RDRWR@RQR>RSRcR-RRFRERdR R R0R3R.RDRcR-RRLRVRRRRdR R R RfRiRhR\R?RRUR[ReRQRKRcRgR-RRRRRoR,RTR#RRVR*R R R RER^RLRNRRAR%RRRRXRdR0R.R(R'R\RRR@RMRRDRRSR+RURWRR]R[RQR"RnR$R)RRKR&RRcR-RRdR R R R0R.RcRKR-RRNRVRRRARTR R RXRRdR\R^R3R;R4R/R9R0R.RGRFRER?RDRRWR@RMRSR[R]R>RURQRcR-RR\R?RdR.R0R R R[R>RcR-RRRkRCR\RXRmRZRRRRTRR?RdR R RHRERVR^RRR1R8R0R.RRRBRWRDR[R]RRYRjRURRSR R>RQRlRcR-RRbRdRXRER\R3R.R R RDRWRaR[RcR-RRdR^RVR.R0R R RRR]RURcR-RR?RdRR\R R R:R.R0R2RR[R>RcR-RRdR R R0R.R2RcR-RKRRLRRERVR!R#RRRdR R RXR\RR^R1R0R.R?RRDRWR]R>RUR[RR RQR"RKRcR-RR^R?RTRRRdR R R0R.R]R>RSRQRcR-RRRVR R R\RRRdRfRhR?R0R:R.RR>RUR[ReRQRcRgR-RR^RRRdR.R0R R R`RR_RR]RcR-RRdR\RR R R0R.RR[RcR-RRdRR R R0R.RRcR-RRRdR R R0R.RRcR-RRRdR?R!R^R R R/R0R.RR]R R>RcR-RR\R^RdRR R R0R.RXRR]RWR[RcR-RRdRRPRR\R.R0R R RRR[RORRcR-RR^RFRdR R R0R3R.R]RDRcR-RRVRJRdR.R R RIRURcR-R#Z^c8]Xutf-80206e065dd647d4c994364345e7d81dafe9550e92eac324b3ce509bce194b86c?7zXZ !t/䦐] crv9wTh:2J]mrCr\7哷 O`WF8?29Y61o3^t5 0EtQ8Ci{)ܚlj.ah)OY|~Џ8P# ewЄ}Щh#E쇚=71;gB@X`!_"_7 `bjܛU%mnuyK`8546}rWNP ygDwd.aU(giQ10 <yf»h/kF=T~0$uw1/qMGe黭/I31NXu:d'Uֽ!wC Ґásoճ[B+F!=+' wp21 sAeN'ŏƘ$YDH-]} [Jah@v.L~pDأr!p)ra)ԓsY2g (OGfӗDz7slx{mc֮l vˍwa>i/ >oGd"Օt>V yрK1DXB˩Z4J &ujG2 sbIq珶 dUu}0@h'/~4_ ,mB]8>\Gв_;~ 1x Չ+kLX^!& R&j[$Z|`Mnp;|uuvHX#3fh]vjO}O'1Xaj4NW5h%ֶYaZq%ZQ/w=frs'cVUq]c׬5CoZf}+ .Is5H؅ᘟ+P= #|(Mt3M.!;o3[`]f\0f;(&-1GD\(XKӻmg_ EVWGĺUu_uargV@Z(T ܑ( v=[q-0&Q!!O(H][ #2> ͕i`OC,v8lVWJLۃ"]z݌l95nYּD[`lҟB(<#ah{]&f1b<25&H7l'n'{*&v:6xoFYPJWN95y@?"EL '+~StR(?m|]R*;뺋Т}bD3oZj*$c;# |}0}ȞG>NⲞ`g0eH@Hy%ج)l XSAf\$LM[,={i[OC YQŠ/>W{h$ @jRjvk&E>v^,I<vm sKAKΞ˟_M'f8G5j| /օPqikbjbi 06xbʹ'#VZX“ך+dQAU6yBl]۬\o.İ4-=]bB$B~Va}?杜BEn-nW0 [tnKAO4T~0*pS_ʹ%2KrR CFSMV+ d.:@7atݮSvU\MC3g!ksSԵ3GduA"EFh5$&CΚp4YqZY+70*)BNYtO9bTTmCFmEvXvԪ~AK:֔It`5g?,-[VЉfXSUI.48iV lA(M 4/LGuƼ`: >3^I:y!k33 =jw %rBR^zrwyi'ڄО?;m8"$fB* {Y?͇Om3Տ*pL|$ZN.xNfWqp2GJKBFƁ(c?HFr?}ˢr( yƛsO~/զ?GmX ~9$UA j&t(Pf]JIp_WɬD/U2jS;>$$7 ,W@S `EnNrYNa ueJ*NQd #%S MKy|GzW`4'<*9zw؅] Kߗ|}hcL@j 4wm([}=UƵˣ@y&9#N"IcP*RC%qfnx|ɶ|7=ϐ [ G!?,]{CdCheIXG:~w!)+`Q鑨`R uʀ\C`1<k/OAJxx-=TW4?p'[S`nfX;Dkȱ= 4gQR(Nh~ YˡB&tZs:v9My׎qWwrw'[PA\p-yJ=׼ X-A?gQJcH`YQّ.YxO r|Ic&y3$6kUҩIliGE%IaxF;*#3 38~7 KIf&sNcDt>Xr[?BS)xh#%"кYmBl#Sk`Gq \J-59ȒY' 3u&CMh福ӽQkeZYp-AԤG̏oEa'3pi\` \Q6iɅ(c~Q7%I"k`~qnR/=deG'ZlUWBHbggNԁ(#rgΨ[pAɟKYjڸ]~fix~I̊]Ub %Z) @ {˄{+LtNCˈ7`ƺ"WGJ& K~uTq>4bY q&r3*/lQЕ/?n*Bbn*ǁ I2"hKdc=mq7fS#pV #zZ\phzと!{<ٝG,p~lGBLpkӡcf\hPVd7SZoQUW#U8Z ߮+7./ʺ*03Yt#&}IAe{;ƽF' ߎ%9yg&d+kQICX*so r˒6hmv8jBg3qAeS9WzAEWmiBUbUa0G[f>ʀDmڽX+b6W3&!S#V_-UXJ~{D5Fl>d MHt$cy t1={mTͯ4zZp{|~K2r |8"aX:əQAi\Zy ~HĥX1΂`M2\լ Ie+p_lfjl9 >)]} FU*oMUQNI԰ Y{+XRڦ1 ș9su\@MÎ- d6bM)ɲ𬤣9\wOJ{롂<OW391Uaf^ $cL%&doIB 9N5wɀ!Cx"0>(w^tzX*C(- ʀ=iߓr GZě !W,F )J iPeLLck> OYw{HXKcA?,7כ|YDcӰ+a 3ID^U6!^yq{Ѯ`MheFA 'YF![p!s[#ף2-3-ǏE$uN#\x9Rn#1OHxwnI237wE+/f B[MѳV&c0fpn?eu1N1 9tcE(ܪ<~}2je0>U͕l/V:Pkjy)}hn^8 Y6ZL_vt \[NDhU .Vhtk Z&3K̹4N]n׋9^d B\egWqNi{A~;sFe-nFms>Qx}sN +1o֨ 0Zu#V!GœE{鳡J-!d>n17y6"w" &>w&6뱎\7לD"4ρE)Z2cye戌E%;s]?(0V8Wa KquxIlo f?,/_Xdrg*Ԍ*uw]618Fq7F=^^ے)LAi! 9UQc Ɨ1(qEeTSL: P/3 ?hz 'vx8j?쉖UJE>zDnLЧmF(DDeAόg4M׌y$ᘥ?|QZ\!yN5uT %6TQSkD_FWe⮋RD/ǟx7c}۫2ں"x٤я,L4SxgJ:/F$}>m(4N_՗7>ҧhXkW!>BTEM(i" ׃|ZH 5 u"R_b@aSe+]&bc68Kz\":rila"Mnh_UYC k0w0aߠ|m~Cn`,TqAvd# plW,xC^->ɮO%e&E-YMYIUԖjyȷ~<73=P&r30M9GV/=dbV>-gh5UY8#d4,))jtaC`yf|35F1D&af׹&c:LE(ӥ$\Z+!bkkkST b8NCHDL wNF߳$HϰЧ_r0=햶Y~og}tZYZCar`„\z;%GL3hr%&E B8<o%׌KuUZFjlMN1+m;m29ahA{O%pW9`wR+si.]x gY3*p2uKG>P#.4! ae򪂩?8"0pzWSWPي09YI:ө+ @ǍJVm־cҪe+ٜ:O_4g'6_ߙEpSx #GTJ9'zy𥪬KBcD9`{14=Q8pV1jZMǟ'xx 3S# %S$V)ӤG/`̕`\ B3Ң=8 KK<=6p)|)W:+ԣm(K / :3TBm[6ͱ`hjT_Yh g!𔜧>U^ >p<>ˮw8Q=/nd>suCP?<5L87 "x hN&Ura#sp4XQ.jEfHRɵ>EV$6c؅(gSMr7]V^—:@sK/Pzvň>xz_]! ܴ~r5gL2O3Wv?iů*eo =L HB (sה&?P#J鋵VhQD'>LR"Գ 'FQ֮gh[չ+kG'x㹉K >HAD!C@3n1rc ;ZcIt$lR.ܰ63P}.7p4[LE炔QJLkJ)ŧ,rbRVn_Q?>2hѐ1^h)DuLU1 z/ ~'Qe(m Eκt=,7)+jk:1!dӀcwĴ>ҭR]u~vOgW7gVyP?DC_]qt+5%YO3g0"c3k=I)zϫ 8rס/h ӆWuA2_@QVpuOz͵ К!b\.[R,,NrNRڔt=-Ui7` m_)͎\':l]Gw6c!Bp#E{7#F:}QXPn>+JIB /ZMQѣgi2#oƜ.>C \Uǽyȷ45ca5T“ W7%:'{jN~zq*K:~F7T'dΥy: D o 0:WWw) 9]iPn$;P3ٰB*w*{082΋ћ,>IW P*KzaQj}jC*#Yf :<|ވq$YqEtr&Zl$Ra1e;'M xDaݭ7<26n$j 2we4]8}!ϛ@[ǯ2b@ JT%qn@$[l[K, &oGOjXJ5.x`5okL2tٺ""sðm+EԂJSrphO-5[I,԰o G}^ 'fz_Kkm() .SUyL+[{ϝ#[ ~UԿ7”C̛7Y}Xܐ;꺶6ᄟݖMFvM x0Iﻪj# \% czQAm`n^-ة%+yx dLXKuxTò#ۤo {W Ġy𸡻 JcXIh+)4hfA}90^l{bpiÿ%gR詟j ?8T4WO< אּŠaCge{rY#LnA P}֜kf[ x}cN}~cnv3%VᄡsLw\K_#jڐ @eJ{tCg3לehLO{_:ˠO!b^l\ ѤB]aMj>g6xd(O~QjGfOƋtm+5 ~stzo={_6\\h}.8R] ,ݰ أ$z-?\zZftOXAӶcOIݒ<6qOw #b*x 燶kZUñyN+BtqA2:Q|M G?ňohfG<ĥS_~u@9L<l̅vNPEhMAϲ̥B1ƨ= f,Ar aYTKы-alup,0:擬̦᩶fO^TFv^!7U= VoadNCyI4P-3#AZ/λ?aژ*qCSau6 =?/W~+^0|b0UJ;- F)o | -qq$#hSi * 9\nZQt:ExѼ߉"KBp:ۦhX=(O hCeD*$=4o 6r)q N#TQ]&;rx#%;>wһD_7thiu+C -w$EFtGPE0e^S{*U7FϳP%a\T: wQ #.3%{4o$O["gШm%Qz2?s K<ֵdpєg2_P Q"PoIo.ί<# {[t|Djz^ÔGuA)/uSo#Hm?lں#WEApv {TqH7sG͈DzP/,0{h7d{*!wZqZӌ%heYdOtuO{CEPZ%ᬶ ZPk7<;^0JBٱ'Jk\wT[л4Mfv=ќ=QoiJ::_O+!{PZD9RqɫUtu5<U`V0w/)E  tLyҕ8(ӢȪtmv&b]uЄa6 ^,|;r%wgfYڧH4TwJ߈R"Nξɟ/oOi?Wfm_ )/+Sy^#Bρ¦} V4ݻ/4Efsv8h#vXBͲvG c-Z-Nk H$7jar:kud7#b`Zpŭ! d$;k}sK%ů$֢l`7gZWvXZھeTIRd @K 0Bm }5+h}HNx ^Rh?5?D][< @7tǽ|u+@@sC9, `a e$Bo8% Rthյtkv#2 [c;HX.Q"f@7z (2_Ϳ (6IGh waQb[HCc[>Fd(G+ANбe3)&r/& FSWS:Vl}W!:gnu{ox8t۬;n7 W6+b(\;Omx ~ꔇFύHHr y{ (sN2KSGoNv &LAe=ؔ@^vb#1Hϔ;$=t4Uo}4[cXA+ n}? G&4gѶg JHGl9aIaMШ 4씗rNپg jD̗P8k x8W2{^ۖg&9Pu_?9K-IpOuj !FSҔD2|r5> nH#I/+ zLdZ1YJGs8|5vԁ@u WB+trOWWxhҝJ+·wˇxHn~ݪ S^M,%[IlBWNNdsvEґUX7ӝ'ĚuwqE[6uN͐(海eFf)ztD{X oB$o‰]u:McſE%boke78<.&=Z2:@> ^-)vN459;ѧ /M氺8!~13\kܵ+}lWv'(Ncǂ:)Tf[]Ql8k+!'~dA-sHc9D`p54S`FW~ ϭP(ƈȞK3WiX*ǽcI;Ǿf)o{@~֐,&V8k디ÂD]~Ev+ydJ5(ohO a sf|૪CbnrݤD-[P3 Xg0{ʥ /e[k2ʀBZKhk!<>輑q\\C1o1/)N qy.ZIR[YXZ&:䫋gig> (Eaz,WMxV.hv\UdeTF儮>ȗ>#3)(ڜh /S; lؠe}!!bYaCxcC ,S4r _(M*V.F\<vV(ocnrt,f>l <1ޫ0!fpV5F!ԯrLay"J1 g7йZS zVMlyQBe |V[x.H~U1$"4q͎t# VY GTmN@4!gJ9eUPuS| fz8lRdkeBg30 C0!7QO f2eap*l+%|9Ԏ&FG" ѿ8FVvlZAgqq^4e_O+[(.7絬NqPw]\ϓ|UnSL@o<3 $ɫ(-e@#5ߖl5dB.ksc3iDgH!VkՉ V0`hTCxGN 75llߙz`|z;![ݩixrS I*H_# \W*H*%wFKEmy T458`-E`.ICP ֣gQ E% TE6bh " ٟq\d4>;Hc"ح+E^vd%//s[(Qq]7`doi9I2`P!f|mtp4E Q[Ѣ+6j%_Q.{H>oϭ^yҽ.0)b+hvj=U8XݥH Z[  %}蕟jn@/SKN28_0R8?Y/xIVfۼnj稂>ml<xB A~ !qãgMŽǀ7'-G xI}gm_JQ|f:=,<>▽Ryf8ڪ陊R'0je) #D$o)PZѲz -$zs̆zᨕΰ1%ߒ.ixin(NϤTx`4 1\o5ьpc%V*gsyq.\i\alXee_2|e~tZj~|QEӤf.ul î8|-1H$+\S􄒨I.`B*Ni wS 5@PV6r֙qyU]5ׅ}2L+a43,e2VEcS cA)\=&n[r+@W\. ˯{}Z+U"uǵ1Ɖ'I?䃊 Z8<|a  q̇@BgOԪ_}csES{O|&{b|[t30clԎ@J;R*aFZ|$,O"w0 ^h cC䪌9ȡ#1r;".8l2]u1[$PwSGj768_p'6kkʉ `z0wQROnumVvx>Tzɾbw(O-L6G gqPni3̩qm 56*…N-[cZFbZgWDkXg+AG{lǪ~d&}!KQZ72_TQF, hnPƢdb#DzVOł%%]+ͻAXR-F3+e5/1%j'L`̰WE@MM؊mq}JDzxT͂ @iqB.=#t.ͽe$[D~[Ȅmb_*fcѠCxڱDy8u{CVz1̀ޕzn}ktc² "hmR8Z¹<Ȫ,0 ^W&Ff?. ~ó.&`n6uhLOGH71Iܴۧ,wiF3tpV }+@{ѪlF\7P&a|#ېAҤSWqehua+d2Fr;/.>!zL=HǔucֱKoz)6J#5D;ʵRd>*P),Q. 9:=A1 ¼T$O! ѴDYGWTݵ"]1,ґ;]!?̣֞䟶b3)r#yƬB2͎uTU1Kְ63Tpƾ6Qu &!WPI [Z3i }qA5P1:)2{1Ҝ LYCRRkS} zEۦ># k쌓@Q PG"`x0%xW,|chʣa*~ߐ٣R)MF؂Ib)qMX+pҝ pp}rSޫ1{}< <'S[g=n #2I0TVn/1b^#e3> -0"X RSdS<yo$uns'䰣g_?=qasiw'Kxg8#ӥcX%ߑﲈ)SWڽͬE O=9+wbo&! NdL ˀIjGLH~sS {Am#;`up[/Xw) H>ggzbL.1V_л6 Ưn_נs[&iUZx_ Y{7vMlmmDt FvdP3*~ Ec:ń׏ Ƥ\ܤegW^Κ =< @08KF/-CA; pmz#GaA &=z(IgA'k ԾJ.GjX%\LZF]\l)E{]7$3U/g0v{졝c VEKw$,V7φ\N1rO]Y]`D[2OPܞvU)l+q4 ^) .:miapEiA]0~"F> S)s{D,3UZXFOcQ}Ƞ8@eL`/xn":F˕2IЈ9VAyy$P'A頎"byp p(]Y36:IaQ Ʉ:-2tF!̤Ԓra޶JfspYjId#̥}0z(MT]Hqo `2dKz|UԒ{eNΠ-f5#jaF%>6Q4jS.ܟ"͠@:2_+4& *:!u+4 Г0O aӫz­Me0`8y%`[lȂJ kbN=1,)sb$ nabmLLn-ԿHf'h+: B0V' U;(kk$%z1ru'M)md C 'd@Q '-"Qf l7$9k߅?N'fBdkZNT%(͕JKlEQ&)[0{rNQ3d:=GOC|*' hHa]o]<&"SZUbM."Rw(mEdZ1h\9 1Qo~8}]p}[Dw}&@>/1VRɖ߃ΔU_rFl`\~u.xuJNPчl"$Oͼ)%zB/!_>ʠYN>Yט @EZy% \Bko,0s3ޥJ$GF,kI!W0̇; . OOwNEpv WbFA-|9<4 10׈tnRs VֶiXV`DTD[R@o5+$؛eux6.9&ڤL ȗg|^50 G6eikx@-;y*=d HɺTI%=  C P"3[/VkT3[p ph4p\f#u;c9Kx[9b`iX,s@~~ZGL9Dވf{5 2K spW>Vvl%,/qlg8w$4oHN/ӿGx*X+ CmUV=ECԼ$?+ski=/s b~p'%;J燹QV8#.Q#&ˆ٬&8-aQVyVVZ>II,lp=48 =UTN\ k YԔ2g⃮twbtNU4`m0gk98i 29BCX>8U}!!GI ȮX5=jSAz":ޛ(ɐ^ڈ>xA*sW%t~qzqcR|oԂd=l[s ]3X۾2H EnRŤɼl O1FPp2K8wf9oAx)'Bf$'#i]d4|;s%hc.~D{'g+ Q}HBP0.}Wzًƽήa&o,"'i In(@SV`Uo:bR| A5Ïw!u!t}ik5#!wIFkP>-AU~M'irS|R  12+A}Z!TG" hTsLwa7bA&"DW|397Ӵj$Bz#R̦SJ`U~ec{DJ}yE| ]&$ hsAyڇL09nDMr1U/$0^\hL}b=!c_'1.lF H!_Q{Dl8!£/)ߓ?%kPZI]1 %6d3rJGb񂪴 `0_錪\7ɽ^%'>&w+N*4XiS]!93u)~"WQL^:9njxU/vf Gք>ɴ=OeqnPOGQ6{E^2Va֢ͳ8@<]fM hNP:E%CʓQu"|ڍ@ʵΊ["7KS TRASiQUer|v2Hɵl8xlU^Zrj׉޶7]%+L5HBd,]: ^ds)AB ]c=DG+njښ)M*J(]7 /A7EGt dYx58 Y4e5:`CḼւ Jξ5~ˈa ^(v z# ܘbp}-Ho?1Z-U<2F!3R+wAtFmbDX{eZ6Ub P?2B{Tz(U  tbNM4&PsPUj"KRE#Z<%t"5tt4K$D۫ TKazFS+_qXuyX+tdJqHAhKF9Q7oHcIT!DikiTx@xcE6Ebp n+2\yC0V5LpS{=מԭL=rwP/Z-BxEԴxK OMr \;QIW7G#K)qVr{+8^hFϤWDm)0c&DtgbH ׿k9e^{z\svtmdkstJsҕ.s0$rŽ5"jkcGnYxrZ$K-g,ϭhc?m1Wgv 5TΡA{Pқ#2z5=#h ň'GllHGpNia?5C/ ||}oݝdqk=ض(>cKJPs*>}xgtEd41|.MG|ʶJJ`R'Іwm@(UkonS!939JD Zյnm:vwu_'RVٺqnt!+1%cCoM'fAU8H͖/R,lKMQ c *ѫTv{U5IS1ATgma~\% fնF L&WܓהDva2t5aHo )n3copN|,n&-18KET CO,:D!ⲳ: Buܰ1sgM#`?P56Z-nDwPmhԵk8CPPf!w!k*A%Z.T "ھ L [޾ rG/DZ6'hw~]I[C`1!(# Xbƿ1'h۲y{ xj~si7~ Y j-!!xF<%@G;NA@+p|}cζ\W¶^XIQtzm2v+Z2?l>f+pڱ|cn]gQd/. RHm!c ɄZ wHZlߣFt4=-k&#B`7d ʿ<TpG7eiCcةbM+|Y܈vx,fWA)Ы_Y,]SVNzObϯ|%T!Son#kpݹOE~> ?f԰"Mٱ #PV6[hɉ́ .Uqu )=5!0pƈWD^xr#TMLקwO"iˤEҐ'PK9y( ɫg4;n3 Rk*Y*9ED,Jmjɸz,ɂ@[kHLox!>y {Z{h*=ÉhSuСHe!}?(~s(]?6\0WȨa:@)C\;TiaVtc}ϯ]v ni`8M^ځ*=mnY͍B @@v?Ok  qtf)a[kÿ5m \v͞ {/wˎ-:3 K-k`/T0\ F^6΀~a'J4/r;mpъ0PaInpb s]4,91$߁h-tC/Gʸ=:9Ej*?m ۢ,gdDkk<3oFK睩2q>N΃)pf9s8|&DAͣ^A&dWE7኿Pui5>F+ۃS]B 0;Ky5FW 7Ofj2s4H _+?8..WA rK!#娉& D l'>'BR ]U?'ˇ5o=9aT]~)Ƭ6cFE",JDƧi+?Zs-W ȕN?8ul|C~5S)G~05$ѡ/8QcZ>.`Ntעf:@"vz߼qd G{jp b[-aıJ! )ݓPTAF(ҩ-%&GĶKۏ/f!%qZH3fFW .Z_︍%R^gDa5 BuyPAɯ*)MidfMj=ʼktD{1s ރlwν6J8$[xA/ql v֥-{V ]GrHCneu,4s: C)7&+6Hpa҃I vjn7ژnER iΆ MCjV+/TҘd :G>t"=2GɘH s,q`GsOf3iYbaH|?4^.1Vh aiL+e[#, |>0쑐zNТ+榙D}+yN7΀u:77J*Nr8ǭHlY!=L5m2F=ű/+_Ol@;動01V;(Y/(B$X7 |%ԵwZt|/A*%"nM>XC`__ )X֞`BGxM= i:rgKy"ݯ`I׵YP!Joyڳo3to3R2Q%s kF IXeh9#AXX$Ufq QZt1 `#Fw9i޻OV,^rXm ~%-D-8)D qErהA|Q Qr(ܺL1s?k҂y=%YC[ac/!TqӒx*_S ߏqdA@p*E]sXyrZK>(xh<>&X@)w}sg]rj# :ͮP˹ KE*鈽髀Ağ&LU{#3t *PāH`&[U OW a)]c;Z:-6׸P9 ^b)1>>{W rI#Su0'wg ԋ@  ܜT^@,pt!$ R SAz;˥a4 cө`^!Ûf|[lqk͜٤оL"?Me@z7j 5ZSS[֥m\E>Sz"H1q\DE9 =/s%5"\?HUOR(+C, 9% e?TH}/}HAn8"EcF<:s_,42j4w- FcfqۧS* 5CzI`RЮVdZGAtƉH;x!T0KV݃&;+k!mOuCqCm|~G8OhaFzF4ǼgHfwHmԻx%ʌ3=9'M茱( ^O3` ^zAQz Ccgɺ` n%ۤZcC1Nd*9} 2Ow^RЇ?R XM|I#Q<.5Az?3BiaID)(ٟG`^Wy3ZShM_[^\P UUYS|=| >z+ <'!1\s)4{ÁW&H `7n!.e2]Ar:rNML1JtBT,oW8I!ry:e[t[CUOawD;䓏QQjFt s=&L@봟& ;Y[7*@uS_hښr(|6X ϤgR=IrS-nRğO,h7Qfp ө U \-HhQ 1^Fz|&B`l. 3'}4YH\& p0N4 |}j*d+`['ا)062jQ}G&@ooI񯻐bZ?'`o:]Q:Px,3Y*v4Ȧ )b2! '*]+q:{مI&Va&bu sA̅dCS3%:]/zH)xwa {td\nm .<zjHZТD@PT jt֒[盀Ą>/lV"-D =ELzƲIH ?فl#%{Bs4|^~Mp+@_y{׮VuNpnR QM>),p1{ĈgF]!@ZQPL8')%g}.AN%)p$}GT}DSLV|)dna;OϐhoKE1ΐ_ߎLu"&DS˓Y-\#ɔ<ڰ}H[XW\GB 1EhocOK>}~_8o #۵VJ s;G+PG2.-d/~22mHHo[^}\cmr?È #Uy h{1Уam'DZx5)!0ъSs}E! )9O{ax(E&!C/efjG"xbɑW7EEMXvxp=v!F M8{3AtY ׵>Сn } <| ]I2TeQqB=tn#Y_!k=%6b&JLHXO@"4|׽@{^Diߞ-MosPW@ _'2Akiwܮ =BmZwkץ\. 7J$br$r#6eۀd6Yd,$& =(V QN ᶤ5(9M9Z[id {~/0lN@`9vX=$cƆ'4c+/p%%r?ޤ6/lEJ͋JLMꘘ#1Ҩ/p\n2ݹl{| ԔhGŇ5 zX78k[ͪOo1phΉp,-Lwhٖ$qyp/._ptAЖd?VVK,^ `  oR̭jfs6h6HTu5)UQkaL0`W 2^ErsD G\9YX N<ϵIfdlDU cayr>Hd_N(a4XO0\&[Vl]H1s(a#ݞ p^e,֧hf&Be[)Fk@;mjU(J@c7UOx ~;+xMƒ*I5-|MP,0K# Kj4NXc])ȵB6Iq+/j6Oxoŏ4Qۈ[}mؼwU==7qasCENŃku amu$kAi5v A@ej}'LW=CRуsKLPyB&#ֳO)|y9$If1]:M%Z523Й^Ywb-cʲZ"qK12G2Q[-7[2V5W9TCo ~ $ ̶ybRuAaYH^49n=Sq"Ɲ-L1 (u_ri0ib?qs{;cF")ƥsOAm]?mI TˡhSBtvD9ZYA$&JC1_\J!jch00!^q !4bs(<}$| T_ZB|//Db@^*Mt)wa|k.T$ x1 ʈ<3To`9K6¦iL7 StQL= K/-KcM}o,_vNvFdv͓uTA)U$Yq|FJlʄH&THBYT:e/huv+8-DF4Yteil[ 5EM| ;kdp/{TWJVQuA!sWTʃ͵V:r5oЃ% 7~5+v\")N+;wph] 'kSt%<=`y6$9$FN/vɋ`⌃(q2&'I.V9Ditla#eir\5Gxvb.[ Xr W"̈J<FfT*<1lb"NZɧ"‚C3_+Tt+<&\dAR3_΍Mz$_AP߹hеEeCȔ,lc}T~*`׍4}+ 1u>e0埉G i`4Xyƾ( ?үJ -k>* o/2;4nPAvY"8"zO77vX nvR mWB?O]׌u/ՕDNbRkI(->Fm& XV؁$Qxl2/3pJ)mq;ѐ)Płvx/Da$8oH j&KXMFչC xɏ̅[ yLO p r ŕsWmGg(6􍊯7mi* W ?b<7w<6min>"#;8Q5ۜV˄Vm膼 b_%G+unHənB+WUS {;ˣIiyݙ5 QzYD {u.Y"w7ȼ'֒%9T#22lJKLay)c=!zgkN G]nOC< &)P{y+{q v퓽ݘe!J0ǁE<1 P؝.!p!rDq,PtA#;4 N7$KbgR/@Di6CBA͏ La8DU9-ѥ<ʷܪ:!tsqųI(+%7Q⺭qiB;E/ :uG33TWmJVbIF$NhZZ8eU~[-Pweek@=^阩>O96:3GU$0exayAxΥo|7@|$m[J&6H#`[ˆ;S*w A&ԈSLI>Os3e$]6!7ڞ%~%bnVχ RuloK3 6\%CL.QbAKd8'+ޮZoƚAO)|XN“fO\5 ME3%>`"#92TFD֦x];؟wY(L}|00UNk  -o 3_@m .^5gu-./tK6(K,S>tKƹwIȺ/#[n5'(hkpԉ&I:/t?.y̶h< fC!u8w%bT6xCLH8g|"J?Ƞ/c*滝L`e7kJMtܡ:sAQ]Fog{+XPUfh0~;Qn:q~rYȥì9ɺ( ܾh8CĔN唾Q}ƋO+ʎ&`>|Lg6$D77pg捎F 7MH ̐Mlp/da@?mp hˍX58,p}QE@^oPqK3U${u9Z"IrSҐ_zpeuf %^-F,ћ@G{hwւX1Vfw#tD BOwxĄ KCTY9NGb|/2@xѳSDȂK @JOBTŢ\sTk>J{s[ B.tB?)׶@Ǡ<)'βRn3C5V%pLA}$ ^˓6Q>ߗykhOa A'+"m^hSWнkt:Gxn`5 Bu+$sm7u-Lx/po3:^oƓsj ֝N ֊Ɯ' 2|VLYI-<ЃRZX_5p8i $ EK/-UC)jqАIAjS*YH~ܕ^ЧsIv[[$ߦt Bh"OUd%^V< LuZR;a HKdrvn߉b.A#$[qj6H!Ff=mg|~yV1‘ހ68`h|} ymw3ڟ3I_Oq*pʡRTS:=]i$C[_]/'k.֛lnq>39%)-K]NPc;k]рfa+ ע AAK;̭PJ5GblNQW-O%np;`u*Gh;tx`l:TL>5U$lJ}]㯜F,_zځԮ!gV`P&WlN}HP%wĨh LJqsV"iWUbhUyF60 "s_[1ۊ2},Ly1{%NA촼ۢ!On{RdϽZ:"d|"u [AG߶+pN(cR~Ѥ@#4kjw=cIJg 6Jՙfu;&g0H14KDZ`o-`HB6}x3Ay)jOdu^9? KD VUxnŁ8WFȝzU_><dUː|ql1rEBƼ"cMP{JL<kApoѬi|uX\SMJS*Pt29mH-I"^ E=V^l D LYEl5W4dvRϝo|.! &8L[@F5|5Ώv摷ܦ՞0C zW\ ~ZVu~y=іeH̩UVH,3@ q5ߤ4Ӆ΁ꖭF/e;ӧ1bR6uEVIRܲT"ҫ;Id'v#n+s"PWky(6cYU2zCC"%̽ #}7 DWf"pQwF2܀LE40q9Q*gH$趦o4dC{Iuѥp5rK~1f0On;HcڙPJyxb,BZ]IRzH2;YK? m*zvz*@p>uֶOpԜ+ɝn?b^ZS%mߎBbpP{gNR\,.?ϮF@8}kXM{0i[#,pL ?H⻓:Ц4E~;}NPOՑCoAB[zb_aȿ 4~Lk3et% ӵZb;0QI"hs n_T,?tu}q&Εb@:_7GdhZ/8ϖŢh궮^zOf8fiuS|iiwt'lXXAY ͆η{E G^$ZYLbLk\@8ptܜ'}/#C@BB\&-NpH{hTWQ=""cz1B@H!gEYubӾmph}i?R +>7#++R-", FKeDϞC-Όd:|?])46d<-GY^" S L. ?~0,J̵gz<ߒL'ÖsC%Z_*X}`?n2G_) YG \2& GVm @ǯ,十oFPS+K|\bQ+OfJ54;x"pd-(pq9(NmFR@ENwx3&BM~`:!0ò`#y%a]@/OF_BAPD\ÏBVںG-~3edhݚȜ؃֦ }6&HI[1ͦOJK1Fl6&i|_}NB3ZwAnSj5)[PelaUǐ@;*Z-ǥ-!Uo倚5̀h +n(xO a^a,%68L_,UWP"Ћ)"t$q}Ϻ^oEZ*<3APc+k-;~TvAQM/=L&Vg!px)Q9` 1q2!C=Iå3B|&RG/Ι7{NHC)!w]/A ̅?0/$J߾$iqu X@8eܿ \kQܽUww_ }@@QS;^":m|LL]g$K1f@KCT3/؅xq)UMY4\Yį- 6dǼ74֛7#URARAeX0y׍uY}OA/ͩE۽hm2z5xΡx_kգi#x\i xwV[NZnʊ9:8BJrg0b+C՞dζI \F#PScahavrUb=nwEV-j[=PaD6 @)>!!: u+2Gl*և3 ^4`+v[ Jq(gUMM*&,$ h׏=>b&uAZV_ه>?>!&톘-c~?F㓊ҞOCAZw-w| 3aRm {NcM{2Gjz>}}:ݎ ]5Ɣi! 1k~3"_X ,Ktj?,hZhSKw&?q|C_V^"&,y5{x(4ڄh S>r55F6~_Heۡ%Z^m}I`IuLŰ;@rA W;W7'Sy@qѨܺ ]D_u{DBKa!bs]"yU~SO?^>6|ۚM:Wf}9΂IX7vmQt fw6LVOQ aWs|@RYGY食aXOGV2vӫ]mfHmyL3|*߱}F ĭ29c ?m_7&jbä%kHAYvק3a<)leV@beӊ[w\ǵiE/*Wg\{n66g;[&ƚnd##'MqPC+@hsb㻒k(rYU%\ќ)uu>:M̝t数 RA tB/ܲƙF*YQ8>P^7› R%}ٞ9ϳ "lK #mLQ!wEb+Xuge.)k0K~AlU# ~(^j/v<weſelG~(*0<-H3~K{0yVA r8Ԯ*OrCI~OFl1#$ w:$+UeH &QBj=\b8^w/W)>KLCIl@h(쌅 :%M2}^-󕲠?En; )`Ljfո7_L΢=q D5.qտެǮVqh']ЦNp DB0s Λ({nsqxMvNroUW8B}}؉AVNk:b_K ӸWrĨNSa%HR;@k*%ܘ/> {GA]h@)MҖG bX[{aV<0Xy=N>J# rMUC[msN,eQKv iԄ:r.6wHxV4L;AR:Յf K> ApRebDV 3_vjɱoLv+ t [y1 ҷ|>mhrO\ǷaQ"@nu HBP݃GML2 %z*:ʘm•g)cBОi܅pKJх?k7 $ž`ߔ1lmTyXP8˦vs̒i: eBOd" [5AvF\@9, CWWIaWU 8_ݖmRY*9r)yAGgLE&́vF,5($!w.cs!T  1 _蝢*@6thfq~Ǵo: /< (D7(%Z>&6DORSH2ɅՌꓳu..y&_cle$e֟*:n;pM9%sd^N]QBcjM޹:,^6/"(STK囸۠rà3y%$" _;n7#?$"*X==x%rs!Hu T+`hF!b8Qa;UX> Ħ|L_΄^ &bdWwMͰr Pp;sv-95yZx1%-S@6v{ 8Y829T0%2 /M[5(/׭$rҏr@:.ԩ~_L$ ˨< WY*z:-6;ғ<:N&z\s7sKt*Pxկra`LޒYK]0EPH%  M3/\8-C0{o DApuB@-Qd.?4x"Q<@K (WnsO`SV 9rtDKQ1˦P7Zy.d<(_q[dl,pA7%Ŷ8a؍̟'dԆ̾/)G \ThAA*S sW#DgwROw`I6==;?q%iH@UJi^bp&T$#U^{jb$|Q8tǗωt?7 !AS޳ =̄&Y%dS)R ,3@c;ӏC-临#>Jħ27lZdU=\Y"%Gdiҝw)`!Xt:zŘ@]^NG QTZNWb2-c.b/uɡJTL z1yPLXn:<)cT#Ă) Q:گrx<02{S`6 }% ;49Gfj8`z٩DE8eEU33< c3Rʪ=*reem B?~#qX?T/3v3ȼRY!y/v QM2(+ WEYtP D^ /⌫tdwI.g=7P՛R 0z=q>&ݹJw ?NGj&di3,p "b.rxˑs19Ćrjb$> Yx3LL[XSȥ8=!/$j8 fZ@kk y=rXxvT0C2 Rk}W*r:V!F4l`":)>mL[>iDMç|kNuE[޽/%\f"v6,b&1WW#jRHӍO">I=|n"UHUG%֕/щjR#I֋FGKCǂgc% /b䉳K*LJMUx25W4[~~dx U#P+nϨwA:uKWL _ }zԴk[Ԙ/=wxkT 2W q(*-8d cΊl9'Y NA}@;RE" ,G!+7#'o lBT C"/ujB#%cSWm]/]?j1喺TWƒ.)Ge9)еḿ j!dڼ/BWSl2@:"sڻe0 Cn#R"0$99hוZ#vҁox5ۋ~O?6`qLO &rIˆ%ºt v DwL4TK%.s.#_/["p]NUNЪ7YnL`"Wke ٛ+hMRhBCSzzuJ[ֺ߇lت8'WfjebkPLgH ćc۞5`jB*PF@y0abI(bOsfU !D]1p@C^NN/6CXV_icWL鯊;Xtձp=׾FM8Gt٪Zġ͞dڃPnl6;)'jHͺ$h .}c p2\:JKnfp2v"Hrf_hR<+}&VXi!ZM'ryyuE*J>ǜOӎՕgsVBVM(OsJmI[qv% Ɩ*O|L+M }quk#ּ6)nźI <  9ֆeͅ[vIPX h$;ESdHr&<1է?64{)";Qw,_8zY(|Ԧ]+30ONzqj[Kr'RndGa7,9 R>x# ccwg",U+yccJGN烙R!K%(,E9Xe~VoqzڏDqu5%m_ec) H Z84kPuʚ|6 Cf yHh ' fxt/ݬE2BKk;1eŻQ?uf;Jd7jXm7ލ8SN倎NJZ2 %zua?v P*Y ]Erw9C3E'tbeyˑ1)C>A,Ir0TPi=)= ꊩ@ !gb|5TFEqy_}6vEPRN1w,ayijGt@Xß&bŢvE[B>vT*0M:~*7Nw jJ4<|j{]ݜ"sQCN`26n4,c2Cm9WR(񍃱`EX^/77jO~SƮ6v`1cOj ˫sUt7T^3CfJc sbe'j+J}i@PppS96"{]m _JqYo\t#rAa EiuB:2[epcK׋t8/%x ef*A{Kz3 a i.ѩ{$>˾5,Zr]%1 sΰo^?n1hFz Oyfs .0nlrWt ?}zپ_Gψ !\a9fI(X|HH~|V'D4;rQ;;Q`ζ4ĕGvН94SO^gfWUoi<5G n\O9g3Fa^?Oqԅ9H2G(6e4p0D7[ѼnH'ZULU.աmʵfzRi-rX12!Wk?3Zֿ'Eh /rgW{90J+mƯ("0HU'.oCPU_ti (MS z](n1. f5Ϩ*ٮүxIec<5k6Ǥ<:9㝣WXFИ )lĻ3m߂6^caJVm_ƤjM3]]5*`́jk UO O 2E[‵'x]KyFnkaƹe{r̓MVb Ε(r Gkn$}>@U R4E#CKΥA&@q~7#yH/ј7j8K4^;21Yw_G~0,nEKk6 質,X K5dlh\4m A_=[ gW*˔#َc#jı'Jʲ1Vj(?~pKz'DIh1Ȭ;S *CE:,>J*P8Nף"?uXiԒpgɮkZr@XuNb Ǫ0 JlUQV$X+XHxS5l!R-lA O{Seً)$w׮[ܜ uO~Q7@XZb?6֙v'FƃR(zq)j 2rCJ`1)ZәEy28| -|阃%"glc5<'џGv+&p4B! a_-|\C*6x # ՟2'^-|8]KV@YP b0=:pzO2/5̊]@{L55E>O!NA-kʀnIydGK<][ DJUv'r5DfpE$iB+tGmt.U-QZ?mi7Vо^ǘDЌuBPVE,i)[rgJ?a,DVCtp6$B*QhXK F.gHtBL J=wXfv/t_\S1  DFoDy8;@gVVe˦X <%?O>GˍkgU*BPJhE]bw{W/ V=awo;rݼZZӇƮXo炼,ٙ_ +Dl,FK=NXesjmJ=։w\ДS:bh% y3kD{PTqY>4anLI^V9@,7.e2瑹l$yC>CCY{I8sf_#bl Ν'Nz87:eU/1+wVރҺ1'a?D qo\{;eO-s#cɠHE3zOW_(?M2E }hFwZВ>RFY^ ؗzs d,a7޸ ]d{9}Q-Ig%CI<='G򍕹r5TO^.iOyإПEbk9VS(+EI{̊Ym@ڮ/ֆ&BBD@b8_QӞ;Rj#1q;7F&zy?"``օ}q'.mZ%ŦQr7@E1#e^q(&wx7g"v$z4;\bL$>(MA5']:}_+}cfktDŽѨ*^υUc(+_ p IPAn5]i@**|&c}ǖQ3Q+1<۽EFgx;J)UcL,%lO1IA\vq;;IKlX[p=\}(U7( 52[3㌠R.C)]Ejw!lP4wtk8x 0 mv5QN.QwMipm \m-Er2 6"]7q{E(+.=%zxTܡ]v4LvYJE;YgI"v%,gf-;`NzjcƷ.@~6l@ *oz+Ov}oV^c=K~G'PT)TF$B-(?V\Wf{Jg)J-A0dK+#Q띬]Vy}tr*]NXv.Pst|Sx ?`ay\l'3j(:jĦ:S]^CrNSx̛N N}4@2ޏM'=NR" #lUA9OS~S{J8Ź.ghE4駳t tG  vkrUP:{U#:$Ld xj#xWv)_ Q=L] ^`}?=ryq eb4 >f}GGWN8?%EGQBPՖ1\Wf*Ղug)(QlP`~Lf/Jk8 Vb@Y+ UJL q;[Y]ǰI * +`QȆLsA9. ڱ*T羚U2:NbQ]Pqq)9gbHg׋aP7XK :Uz4[#1WV+F9l)fHbBibm^յPZ򓺈49.t`^\vZCl bFaY϶8TG9*p*xՙ*/)8WYd-.!Ŏ-|'SOؽ{  8*tZhֳ[@kV ̓ _̯.8 3I5dM'aJs,u|lu<ް᭼v>.r >s|Fڻn]_ ' ҟ"ɁKEXuviD%=pˌ uzk\Ζ,3rQ9 𩁱91b5pO_Cp˟G:ssoFܢ+t8r&JS~(r` @i6 kѧdLz:"S=9lE1 YM\dT Jedi3שަyңs3,0C d=Վ#rUXw+烇L2`rW;?h CgC `2װۓq)K!NŨۋ*&Yjc*a2ytղ73ɞÑ`LuEI5쒢j-573wrS.e ^YG?MyrʶQF=sI ĞRHQӲ[ V" xy*c(7RHӛE,3{YKĜFIkx?9˽̀IqhxG 5P܆IQ8!A73p՗F)ѡ;8{l*q<\e/mK)͟^m׾g:  7:xSM|yDpN]ĢØ6JaܢOsOP̶~wRBԥ+В1m&#]5@L~ey[|[?2y,X5o-ۦ0b? rz/圦j6@,wrLQO(! L;д،Jw͠@vIicfti6Do"qb4[ )Ľ<&v 6PÚ{0% 1J3Ah:ߖ k?(E)[}DEmLB4$Q#цАG[UDM8'PlI!`J>̪$jJTSRyS0k ȰKnn}T'oHI]YuG\wl)`9Wuкh$$erBnWbP56L)БlDrW^PNY6&+#03a~Fz8p+:E6nϲeQn*ղހG)¯#{yIvڃ gCJ9|Ad? T,I(NYlLâ,#n'Cv!6# ӈi?po! 42ӉKܗZF)oV %ЭIAS2 .!@2- "}W-pj5 e)'7q!Ap/X.iT6<d *0͠x ߁hUz>Z^?,B<r,oYۅDܗA 5߁d7^ʾ>^K}y%tLїHNY"db1]+1 >{AUoԐ-ݫX&%-%[ Tֿ/[%LJ%[C&@[ahA=vR]a-sMKRh,dzH_<3$ k!2a DEK'srQ@Ti?=+PJ8@9|!\T0ݔfp0bdPN@29;PnRA7\u_f8 0ӀdW^(hSbsh De{vC7U xN@eE4|s;^cUqۈ`\fB '݂yQvՓaL_8N>ބp7t'89a6:>i Cniu8y3h7lPG kd^NPjME*dARsa {BK_J%jC1IVVju57FDuGS5-lDpHe5[eHEE6`^]-CsG`ΦUz>@4uݦU 䚡*#|:e7@L*uVhdEQwy(E<ꨁQ}qFMb}ɥiFrխᇂu;N[46(}!,,g2o12c`:X !ttdj)yZz+Q:υ,[0oK:y}[1ogT)7 YH~g\nKcX}flJ0_`g%pswL>ךxG&kpFD{h9f=4laeF-j'{Gn@.R8 ,SMGWm^J{Ճ@v; \ٗRbv$C >6Qw"# s2|[(/ֵg_$O^҄:)$2nAu-t 6f`!7μ#S`MhԲ|]E oQmPG&P ObƠJ* Y7x*{]0>6g[{7H:0B1hWEUv!N[q[V C2q1a|xYm#xQm2tJ1 qzݥ2vF}^ozha @u|s6+7.ŸO*>B.،AZ@<.L="2F1 C[(G0rҒ2׳1:|="+gj MPhH"ۄxlI;jΓ>G;yjWi >dg-LhI)h{[N([$X{`bsG3l3r}AȑI1{xcpAK?${QYIf&[3X]M]=8/(FKr~ttkU 4ELӎ+<ѥN"wC=CR~|lzj^•.qġ"cf̤;ݘ "pZS\C'6憌AuzvI_wZ*%W76'Tܹ;qd)Ke`1"(=ʩe~d{p_HQ[sKn/חNo,B9zŜL|$Ȣ)x ($=aL"!9DBCROZZ4"ݶ lshYN F{p 6ތ]1faSnFi@ !4glAN#$v_&K?6H ^b8)ƒz߲1A"?zl'0%f<3dP]@dcEZ3yF#^+CGuWZ5G0$ZՇ_gDūy"6。֩p\x~cai m@gc-N"TZJ'/?Sa+tKHE7ږ?S^Z'9a&%ZH7a_Q!2as"ԕ(ZA9͘;3o|uEYB 9xVVV tl F[,/-̢[K65EP#٠k"d5Ϥ;%'Q} }Ur >y{Fy6*'5 {lTЧ}ån{fOni!pVMg5C4;Jc)Q>)To+UL&la 0k@]ZKCYpZ'N=ь_h"3_8CZK/me<`֛l%+M~RWЯbD)r(ԯ$Ơۓ L]bNsb!\5nkHD~͕30UH?[Ap@BK; RNŕ<4[J-wDYهty؂j+/ect^S`(V7E- e+d$? ʰ5L;=ctۃnMi'3۲HDސ;!y [4\r3h(rAv'QJR=7cR5h/p氛KO:ٺ® 8wGN,NFvD4{#) V(vCךvH`JrN:+&: پ5lnVycUFZ39QO%1^8C%?Owʓtp5.JW1 P:F5y<\쓷*4Ȳ^S B{ [ ~{js~mb4_UeZ:vܮ>MǞ/_űߡ5f\3wn:}./QU:-~` p1ׯ-zΡH\hX/!Diܔx1'wq}ۄ]u  +dڝ f$$X!L_ǔ?dg(e$9fLl:XP,x"Q\[8t%JIT=mp0wloHf^b聭nc0@f/qinc /c\Ҭ= 8D>-uNِXG /[onR:٬⭄):zi1Ө2}ɠg8D Pտ J맏^x䪥?/VX MNx'c4~|ڴAnAEU=%ˮװOA|Ԝ;;niw7MWb@؍}:^Uaԗ T p}}0$TG]sUE96Kew;9g -Meo:`Ӻi\Lx:wheD{Z3~!ayT652+3ڈaK&A1+(mha mnr\ !a c9w|}FZ?q`*{xƓGim5~yqmyn F.A,&u9_F}'T_mvR%l9D8D X_b8LJ&o|kr8$+lo~xM|_J>oy_ | AIVl/6W^gSdlߋەw}H71T3SXqjV;c2jׄ^ZL̊EɃB9ģ $^N<`wNuc: ;y$%}^jhiKLZ$~lػﯟڣd_~~ma#ٿ+Q>LRA1~骭#zcB&\7/ةbTYV_4ͭY xj"xг"?D_ x=A:xva{SsRoί%,Sqζ.l C谡u1}V Q^0طLgZ 6bOۃh _Iqr}8*E:%3ݙ#DoFWur&Gx˳T4Qs]]TJ^3y,U31H [`ԫX 6.h&yq52O8ۂ20 Iήy+Z 1,59i3eJH7q o/Jm{ӣb7!^s# \{[YV@~mYY4@*I {S N0tȦhJ j:~Rf= ɟ!$|U^=?mC粭H<~%v2W_rU#uQ;~f0?osD#,rΑC?6Ƙr8>پgϰJݤéѵu7ҩt7ġɠ'/,OgUK4z,[cJ]5' _1QFdPE 2y c`U*1 {x^"#.E6j AK16ڤa[Dɔ?|=8 PAG.~Mš>菧uI`XEI%vV}Dfčvn &wys3,(̘ Il!'?I ͏#0Csmcw`"/9QY0jI"8bE DqIAYmH )wJ8ʩossxs7Qi|'MߔjGLCY5 Ze#Ȋx6nbFXdOG괢38K.:!W'gbm3"X޼|@k,}EHNGQ^;+5@+ph XȎa.$֞|@PEL,a{^m8MSon`@d diHF"_ f^Sexic9e֊{^Mtt\kWyP(Hegp\A}`W:Irr#}PUںۆ+zU*@!}w(ֲ17R@ /E'%p踠-4dHX71d !gW3n;Ǡ%ߚZ^u)3&^Cv@:{B9]Ұ6OmU rL Knd:Ӷy؅Cl!ό;@/vRBg0قl6%xu3"5Lji4SN3$uU9Ҡ\7sKH'B:g`o<9xQ _[/zcy\ҺҔqeV,(dQKF ),hhS.NDEu I|JV8y@[ kH#N4v 8-HTbh*Yi@,7RIczoP`8j0}Ş?X,%h '1w,]u[b/] 9ݚAϴ,YucDV H;zlQy{4݀U'4竿dDQ'f/)6mǚevZo {*_^׶0E S8s"3#eJ}˖$3/nc"+VPqPwA1j͇Hİ:;J&\,J"W:#$so;^x'\c[N'\Q6#Ѳ$qnu#YbݔZxi-d$J"VÉ-%dnmSpreJ:Ú̉`Pp;,|C8f@0i!Zr V~UU9o)Vv!H|SHs!ZAvp(PuG\֖P774 ?b³;QZ ^M9ׇr^9>G x7.lWyGawo,0@)N!bøxbM4#X-, f GFM ߺ_2uY: oNpרl&xc@JĪ׆*xq\=$&thwqv$Jc3G|Zu=^\{ *HIcՏ=w(lubk:W,mt#EBdi*TN!bs-.}~][p?~ZcX8@w =iם4.q,"O&'ӥ1|3xHLc'8X|tyC{D t1}PUz-YY1?BcL=XHƫ~Ma@*OLغ U}erK9L~9WFfA!dvcf7u#޿"u9R8}`=%z=·PuCL \:^gYe[j5W] 'JŤ9E$givQ#،FwΛRMă-m Mq:z`!x7^3J8.,y]P`S;ter/ޔFsmL<";; syZiP5fa)6.'hl%2>bSYciIEq`ϱ\Yhv1M?]O UwM%էH#GjQjA"3D^VY=>4|ʺog20Q<%31F|*e74<^. 8mN~E9حhd( p( qX[ [dQKX^S !v~ rT!a LE>!+ՄX.b6> e2,z"#ԟ NHG~nRpryLHKoX}6 #]);*Ll_ᶩ6Tߣq猛Ah?4;z؅Ɇn!D6'_yV!%Drn,ͬ hc=4QTJ 3qsJ'ɶW)Q #8W*;f{e. SQ${me&vbOw8Tfl ]EiJS fuIj| |ʌbQ}%0f>B9nɒTj-˕+sm"%v{P 5"΍AP%WTz)u`9*VarrTVRJq/0Tu}oʩ&<$LDYY+8P*=1?^j(}ݻC!/_V8{؜zw1YfS}v Ϡ(ISdijb\c{q!:?@/uӝ⤥_Q_t -".`bWB-˃S0Ł^59 ȻKML3KsT՜J7rD^^´|jfj{~?uփP0Cxطdk@2D4nUB$0nF ;7Kw!ڱ>$&sqыgJ)C[pbJ_AO7ZQj0ޠ;V[@*C* \: u͈o A]%hPRފD jT+_lMdX.7] Z×pw@|I^脽>ou{fNt"s$5U  ɶ7(zp5Wci1ХS(:E/ƻ=vhlBKC#QkF*>Wpߌ+ (lq3§(@~`y~0!_a:Zρv0D7bl\w%x*1Yj-jukB߈L7릢~ } g(Z"T3/ ]M7NVքSsj1j.v5ζof!ㄐO`m-Qq*I@G6UmMyt;>XF˟̏1 ;t'Ҳ4 CElvM]1tOߍξ.ZmI`CT#%YˑHbe?Vg.%SikQY~祜綽0F&o@o YJq*.8笁?E/ZjSn8$Mғ'XAg+#=qJYN'ܺ5Պ&Mpp2? ΚYbme|RՓߛ\ !X`ۄRbxOAxt83Ih̿/-5 3ZJ7:B|ZM'ٶdn̐MFGpvƅ7hZsejn)qw iZVZAZ{^-It 5[sξBQ-mp3]Ez!dI5QS=e>)oӵԬH/Ä'{k,bJ7I/Ba=R!LE]@>Q'$P XV~xW2ffX>|jjV's[֎(H5ĭ*lZ}f]?Y5ZBx `Zi.^~&eYyڡ§:{ԘvZCKՃH;1OB8xm?$ /i0p-˽gA4wc/쩨xG5f= x&|zX/H(%e=q|F^^5+G5䒺9 ɽ2OxBi~ /ôBM=Ua1=ᕰF ƹl~F]u"D.nX%:鹔mNf?ʼn)#&<ml@&X䔎\p OwO<;r RZ rA Rw(޵}f濰?*.{~94,Wmj JڕN[RxpxiMYRß $'cfge9EaβACQObkcu&%VvQ s7C}p`*#kx*B咅|gyx<<;Y)II86/&[~CduKȇ_09[5@4}P:"5 \A``qo7 JQv=%qXVd[.lVPX}h?QDW󬮹ʺ#e_\ o.uO9\I 8i  i?M)[CX+&׫"FC佥MmC'#b}8Te{>Yg!v^>*=򳐱?$),X/9 -Ve(Yѿ,Kc&Zyf|){W5\W}II`5đKa3K?klՐH?H @3Y~/2Q$`Uvl> 6ˇ̀^Zz.X0Ox NUf7Z~wQt¯6Cy{Vq-|&;M#7T),sYJLShw. qhJmBIr~&;Ӝ7;߽MuLk\hNq3h-)̷#! /E+|KpՑ ,Tf*%Ì@i6WoANj`.9oUͬͩR9?]܃ /NKBQgX}%@,PM_(^vaO=lܛ(ړysc[ ZàvqܭOEL\'fũ礸Ҏ/Zۤ|28bz}Ct툺[<ѿ/ŔF1ȕ-Ǎ/z L˃paEPmo#3 7=ZJ|U M G8we+0NQ",?BÇڬE[vҒG%c֝^㧹ڷ=$,nJ1I9CsI&}o JDBM3%)`X᳡@}/4igY e/q]1#aj; Sk>jimye!4w~Szmq-@SDsƌ Z G>Y/f`!e`/cǻ|᤟Va궔=dFƴ'`-^rxZb B>vi{ *|:x(up(qRd""WwCfhoyTbsJ\rb/ pxrOQ&H@?Tahw>Ap'@of0jbFu-ഒcU; pw-$m,w3؈Sm.Hnufr ˣ:d^Uu$Ad9^.Ke ߚjTc{[¼SdKtt|8#n^\PcP0#TߥoLlAw;_[W!?󭕪oxя>Ҧ !U$SǸ{! W<-[v_AL_}«gQsBRum7| cъpTT (KmwsѪa)(P}_.Ǟ2Zcwc/\_څYrP祷ؖ<+ nwX3!@,Ս9X%=:5|0pΠȪhfTHqwU/o@K?ZM)k~UW16ئdp${i8Œ۳ Hp"D!cH ۾qzcr'$S`n!Rf?\ ?- ͫۂ(0L$ `PA^;V3MwkFl-Y)ae1hEU">X2b<-Z$]5CiM(Fw`(1ˣ!TAN;+}E;B;W׋Pީyba4W^?Ycլ]qVKDM{+NzԠ9mO8κ憪7@M~|MB34ʹ)"';O RF8=jV=}r~gIJel&yCC!AiA%<5צiع}ASSb 2j^#[ 2bUjORSgz~s/#Um%YRq?w#%O:{5CړE@"ƯHLg>׸tZ&~zftNL\:,`6{Yq艕CK`vwH}IcWhqm(;h9dT sw*hAff|O2mHt7\߲nᝦ=0=LzYQ+)$K9qÐ̏5I+kuK%Ɍ\3$Nxd1C+IVP; GrHlizjwBp7]c L}R)`ZA#uƻm.D* @ 8cМA xWcSULC@} v /dH.&RIcw;T@RM5aZỪ/w:M-QFQx]L_4RcVLsܸ}pkJ7kޥ]+X'odd1&R7 !S" keK8Q$)O`@7`HrUBhr _W$낧׭=[Yf)TBoJщ[KV *hK ge:lHQ>/\&'&/mRb#}LȜfqX.W{骅3+]pypAκsZ֭٣EFưV e0DVIj3 XM`1W!5 pXOH3@Z;eGW]u0T8,>lNKZaŸ5NmP˞t_`U/k d;vkUaA#U >M*zA0!ѿƹWco&O*XKHsTLIZ|`\Ȧ/ȋ4jpURARNp 1 cSJE:ma8@Dz]M PSy/#áz" =¼ Eۮ]_]#bY}ڇIBk )T(x 0 :|{S=T-` Ղ獷}+3nWO:p!(-..lh. nHr p V꺵-G]1ZSfeg&q!Y ) SQD$rqb@$vp.ws5D<1/)8$QqQXD\c:bۥ~F][fhWKF Pbޤ7X%SpWY)c'D2]NV n8C3(Xٽ(Yq2@B, MS^8ӍnnyYBXjM* 6wc($y-*Ɛka2arAĘ|04SD_ 1`Rށ3nA0QsAZ8vQZ%U=izYWmĞϞt-NuPsc! SXR=l!sٯ1C[k2Qr bލ ߷Iԕ %'pG0-o]'cMMw'T] 3hK?-һ_Jp82h~aj !hIGݿ ,R”4{3$ʍ0ivC`0K.Na֞; /Ka*BqRk9P珩i%tM=ˈy/ Md/+,JuXS( ]""\$a^B~Vө+a)e}dO1v81Š޽rhkbn\ 6iRRE7 QrPťu;!*S~i+!q)jR7ThwkSB\ Fk+I8q-^Ģd֟2iKRk !&nk)EB'}x3aCM нS-Mp҇/@U!H܇/dZDNuۼuMCƫ,;.{BY}U؇J ep/؞cO'Sٌ /SsA=rFG#<}Dfev4mG܁[#x-ưջ$ ~.SJDɉ x~s`#(6h\T0Esx뇏A" &plLF4Q J,$kMsAjO@|d\! ⓔ 6smA(9)ef9!P~b$ju㹑JW&h째H')ܜYK w 4CYbNx%^-Q*Rx#4Nٷxt4y`qf/6wp-pq=(O*y#D&)({OsE$9I(3D a#o !6:_&fj[s)_G9%`x0Ϊ'%E$yz/x1IPF9f%02-"m/pTd#{V<ZmL_6}!$Nf0_4~iz]ApS@Nb;2orI5X]S+ket9~u,aj[ΔA Op@ۭgTiN3N#8 Y*sZ|*kYDB+Tm~jcSSs>٥˺R̟ NR =tqa?P^f%ҭ.wQN ԏ,`O*P_Na80~klWw,QL مIeOQl׎3qY.\"}k{/:A6< ՃWMG`Q_E{,?%.ṲN9Q5 B5.7jګ] PnLFP_nԩpG𓏅tI+7_: 3/}Ͽ ]>ݯ`S:AU̹eCf9KP$V?oEG%%k?;J4]5ݽ:\2^n)ռ&y`JI>P9{"&, OZ*]ṗk1m7uLb}Lft ¦haZ e=NxQ*,Qs ~@ry3yiQZCܨ(¡%);K,^B}~L-};TR8Ar۩ghk]$Uy?u5&(M/Ѷt:K.6'(L$@;5v#96kYJhXoie׎sqe ZsU ~ `ה63'P<ey Z3$yjq-~_ދ:D9t\\Ԑ>\a9wȇ-X+kg4cV.VnOjjd ~ Πy6L6$M,hsɉDM %F͜U@|3oyiT~{(!j{buITHBfN/pG K Փ*Ư$v|AV(14͹g0@YZn5c?9tq)ݥxEpM< N *8~V9e:%^S~,tuK 1qcy=8 #ڨ+?aSCκ,UAiff$\Ma,uv8nr6i2 ~<]CfdcüSzܙ:%",v_0s2'Pm"--̓62RHx9{C[}-k_Q.nqE{(36,5-E3ohl8.Mܔ; o),>l8ǃ!x;3g\asMJqBP_aF~ySރwTpE1^I>iIHwznxAawY"@G^HD/gxW$w7ORGѵ@T S\3/[URvu}xsLJ]ad l{﨧V`cN2 Cx+[\D0Gcm?C%Z#ž' (YqLtEŌ0jBH4k:o ׁXk7 x埗bumQ O)g9 %Ɋ NX0AEZY`yTe^xFۄw:\ }]V4$ܫkֵP:t 4{(|hDyr _Q >tbAo *wfn;ʼU=~F..aNEB$OʶqkmIfqzH.w̭xkN*J.X G 葳|POs,wg?iE!J8E8%ءD {p!9x}pKzܑ̥h!+6( D`pG|{6RN^{^j+ȷLzMy\J>cJgKiso=k d x_fw8S9 GyCێGL:CGK4U)Jj3uQyGP5~<ƒk:^Tv1ᜠDsT;91&js .K3:Wr77P W1\wLTq{;Ҏӗ"c1u5 tFLDPOlVnWQMrJIpWJI>+r{B$aeC6wqYe&@zw1r/jG<2ϼRT.kк ss:;DJY+2ѱ@ŴZj"Q)zr#ڻ\ɣ!L*/(s*Mۤ'L غ2Cr8_*lܳG:դ%dڞƛX#rFE_ fd_l!%K/۬魄sK)Sϡs9j%0'Mwfr𐆁8#r1ܩf!ԚMBρ0^$T: kHbkn;JU&ak)\Y=a2-@=?9X羕Oe i e$XL gd,9 p{g ^Iy` 1+ \XTmT&UF8UhU &6\y&JEH='1 H䀀ͼ`(@, Wzp?/=$a$Ota#]0HbyK2+ibm>ׅDUλB We g w.Z /[ޞ1޾U<5j\}͸iYb]Gtw!I?q qъJ"/eQEnH8TPR !4V###c ]pl\>lK*܀9G`IMt'hII}gybʶU-"m y绺Ҝ@']3N|Kmp3Y'e$wi7zH9ʪsF'`So%c3ه%Uam״` ?Gg (+ޕR\Hڥ*X +Q]_ :/'^?UH rPm?|%Ӈ9L~s{5%U?M/Gh[ĉ{?Bsv|kr@ v2N=δ:Y<=K7B eǩ!4VqMV17߉}0> +)O@܊0xmvߟS>v|+ @r: j,@^E-Aw;7@kw(,GW5[lQL0v~ӫ+J}Fđ9Fb^e4~ř60? ^0@G6Mϕ}%)ď8TAMGxvvܬ5PnQEҺ_0A[rv0tPS4?NI0J 'I'+KMTbO' Ѳ3%.Ilxt2av`άt NbCjYr@׆E'6ļHۃg:*Ʈ@8Dt%Id.SM"*`Bw!ymzzltg>.fQwatwЗ.OTf,M2e7;eD²U_Ig=~O\%xgGX;J^ 9\86m&jk@}\FztR$bꟳ Fgn~+0jeݘ1ѴUw@XMLXt Ǖ'HbꣻRՌ%89:o,Ȟn+;J#9mCxaaa!#LB]8,5nm<_?ھ}t\k7 ?jDfG3ec+a kCo?*k`B M&0%ܜpY>;>Su ߞQ{))Vm}J~!w/V!БlوP{*KS#d@qBzd-Iޠ$uO{Mr'Mk L s0[X,BsݫqEF4.=Դ\T:7jI@o%qܮlf kCѮkW3dz>5q[ZV\I9RqK0/l: M0~Ek2pnvENDRha]<ϕ:--'W'N,]9ܘK&O%F-i>oW3ee w-Y 9}>#{oUIӔ8B"@sc m,o|Lf+'t݆UPvrKF\@4֜ޅ|tcߚ.ũ87/u:*k6BIdخ r=0 HFvY93 %ەɴЯa]l$*qqVJ,m.0ϝ{2A \MyyF/PVY+ܙnKVW֫h֥7K /k2T-&nrqb~JE>gRZFrP4lײwvmV3no XF}Wwqx/lԢ6MrC~i_@Gx]ItڤEb%8t$~$RfKoQ\\`|;|Hd_ nGi,uxPbևaOkN5[ >0#h/ ~NZ^h 7=u}uuT?7Ms:SKY:9BI:(7̸6bВWo޿*[!5q#ՙy& 86i ð|˃j4O&Jo4&8t 2 AsK(dkB]PϗgQ^I"ٝR@jgY " g& ƴB ZaA[DuU%1а#$>xWt}9dοl?4XT&}@Mt#{+R;=)k)$g"FșJK)1+,@r ZP؎ݟ^!`Egr˕@_!,u dN u7lXIۢA \{|uc:N[c^ΓC0RQ%@vč>ŖzA:6gBN<]&1orڮEX$JL8™Mob;þױY] 8&l2(b] 0yB>ДG6:< 9Jk&N(%&o?Mzh%1r^W t=$_%Hm'<d-"Ob^.y`fvv&tP)p>QN)Y: y:p9A9Lz QqMAb0mf5.joRrq[/.zTM[.Д(^Ac[i1۾#MjXfM9diyO(t+{wiwwhmmDj>-vm2~PYy\'HpׂULxN-%Wa0xyH*HN64l{ݏccE^3T5GI93.1r_dҢꪡF J|tp S HچS !Qt:̤/tG0Zѐ:Qq GlYB?Jh@4XK].=k "vbϫ1*{XDo}kmήj~ !k'εڍ-Ot)(R8@Bݭļ˽LHS"ŵٜ71"깗DzP z{(> S9 uu?ii/ H .|X"(jv8ٍo ŐGS#SտCM9!&PO!R0Kz>t6}@DYׯqr,"s~{ JһV2gӓbq奣 bm"pd_8:~7N'G7w2=#򵳸=(em'Tg/b.Y9V|NyP Ɵ) vG5/>TMx2]Mۼ掟no/9'$3wi@NtYnܖwq lPEzȃ\ Y 2|\iO1ItsWuYx5_ݟ\񃽢֩.CGZ'zaaFg+1%듇t 4c&ϒn|;ehP{ٹ^րִm1UakEf>L?kcq?9#7N@ʕLҩжMA^ P3C۲*AI͋|jX.]ia6;=^QMK *Id3%b* 1WR9T/SuW1˘hH3K=)!pX5`U0uڽg'mwS=p,:JR&9mZYtfX`4i Tú0Շ?Pdglp%"Q1( s[bDoTTeTr-VNxJ w7БHmD3 }3quf F+ !Ixv$sl|Qm^T2F'#Ubb*m<ɌMV|c lgcs^3aׁ-ƃĝ>@JXdBW~άoީ 1lAWѪZޜU9_`%#Iu)i&~Ⰱ1"S/Ȅ*Ssa]N?x`oyBLv9"^}[Sq?h 2*fj& 882Z=u> 4♛U"/1Ĥ2#PlDaFD_,1h|/?ͼ9MT\a]̶j8i=XC, #Sbި_Bר^lAʪǢ7=+cn MU/n>HVg4E1ʞ` :Dٟpw{Epe L5r߉X^LtzaGK!pߥD{p$%b9ij.^' pRVq$ejF@&{(SEXJ.ܙL bL[ctTZrۀwCN68$ܱ#PֶxLw^!u^ ~;]:Zx.K|tL[ʰ4-)4Hj6rI/ocA> dw@b:2 3zףc/tcoKu snEDzE}} 3^1ڟ0׬WMiLjI2jS#&ϝJpW P Q)haU:qBz4=լK׭|[qy!zMfi/Ry=VmX"ˏLŬS ݤ*LlD;.QY}zʝC:3) ,Jm۪*.'ǝzgl&;)$E-ەNmDJBz9CIEh4l OzPܭß=s~x5ٶ=k|n7n[,l*s0N6qOwB֝DЁzx]d`i$4 莣Ҕ/i ߒW2Arڵ9 z6"F7p%`2<mUHO5JZq6#([$T1=w;m6k\?R3aZnC*qxmqrL^!g3@Bh3RUߟ_ SX#0 _<y:y|dGT6b%(T6VLmP{,  Sdş"REôCH`ڌ3'պiK 2!OvG"MMi*`vOĖ4T7N 8˜WУ;zKA:Ck'.q9 m%\'9V 2]ӷރ ,nkyz8|Jz<(Ma5*+]aTC谽͕[a)vujv k5  vW762@,&C>&蒬9<>QNڑF]}Z}iScu,F %!5vhVܡMڮB~T S |yn+| /7"9Ft?CQ0TN{_paDuߎF9UtkgW<&~brs 4d96R&**t)ZH䷽Iq +8n}Rְҥfũ#,yU=7,øUuUKCT*ĖT:5{퉟Gb%,̙ï) km$%*P2|tn6p'bv n?3}5/?Gb6PmŰ ^~gtzG <$]==& Q];d݉^}d!\+{5IKb7Y^pA$kn4Jō<;?7&kATix F@k*n?>LM e`l] %rHkO{l[nsqFMI(0E{DmtÓ]NE6x 4'ݚV lhLyN#+,tL̞(Ônt^-ba@x8'=YY%ZUfT\%v 7j|K7Tp} +R"pȿ̊cMYT&s"vѻ`Vb>Tuj՚f |.}o: 5x߆0H(ˌũP0AU"lTlus҆jDG$ŕ+H&쩌w Lü'xn>kO,ڬ@nr޼E,2p}Z$v4 ~-dBF&MfKC Z9yImŀr4ʏ@$ɕeCDCAG5{{!OWOJV4! 24idQVQ_96R:rV 25R^p CS݇ڟ?vg>#D< `xe?R*ꇸuދEa">l}2"j1 YNb%_F/ [a9-wǜ΍1(6JzkǠ]*e$#f:rijY3 Y fojJ_B&"eQHD5OĎKx D~.&kvϱ8vzc}RGX| _: %Loh8yXLF*$Юsa$o)"KQk/L$6'y_Iyu1'uWd)]GH?B97.ϝsm_lC <9 ĢXج|[ ȟ j /1F' n_Raq;TxWU(HT4 /{3F@=W]J!jg+@ːw3C'olUcj%)4[L+]B?zj#|w5ܣ/Q՞5-AsAgmT)&#ksْJ]Ntԋ̧.r;K1&/ SP17UqE4s*Y SUI% - >wQv[><F+kiG\+[ES0oNä T`/$>2U+N^,GJZ|@ \;&: eCY)ZQ%O hv[-@)9@m1fM×aͩOhh8Yk^1bKڼj)Mÿf`>oi>(}R;Gn`R /`W- 3ᩡec=j#w\"XxC(SkŘxgU~^]`k1ɗ Ub~ 72d ;o%N+ I7#xZЊ%M1!3gw>Ng aS=H,`/蟅BLl,l1yDn\4lj&YZ0Y>t)TLQ"ؾ[R5aC b'so〽d!IuN뾃VpR)22df:d~a(<;ed5_tqY7VF+Rn^Ӷ{JB1Kcz8k"El~gRBm]1@tU?YG-Z]ڏni<ۀ/sv=4~8K{Q9Y<<6S+sUILL?6`[vD$>)h3_ L)יj.S.wSҸg't6`b-_iXis?_ק[c6ҺYnn_Vyzɲn^.n.$c](ЫYݽ 3&JYY D̚tޟxi>Br᝽\7魶qE:1$ 6j Q9IjGd{jVf&f5X CP D*d\{Qm#0qoWfq 2WˠՍSS4ܦAfhh\AdxWt%}@7kF`?x,G %2lϸ<_u/YMx) 6_kMww%N**77 *.}mkGI_JFdS'N`Ynn|KJ gMћu)$.SP3/2-mۼ|\pm )z F4J Qc"_8WoTNS߾=_۬(<*}pA O (nTؘgDphk.ݰMLp-ly+KKpzAwIc3NΉuס gG-|寺~3wHv) 0'| 猍F & .N-+faFh\4Ork;制Y2D26\ "['1u9ZzUa*ZGjE؊»r:^ۄ!=#+v N (6#"mV& Ͻ [8@-OGS^T?_ @vFPNdy=B}Ǹg #g4Vei"ğB^:g1Sڇ㲉T"8<4 xR5 <ٿ(;(>BR^O_2qְA~3.C(_=3̆ǟ81*bu+['L}1Qk;u٨ ɣzhm$! X(I?㠖1mF[+Q>jփWlɊIJuバCV\˃N3G5\1I").Sٴ,z`=v''?fmLy]e繡_~MZcGe1~}j"q~,`>Hr_/XC奂篷pNJ{2.Uh)Xw 24>v39{pt }y_ wx?_L@&Eš zw͓ps aKk Cz ’ϊk=a=pFyn#3 l6 !QÕTyOIq>ZM5diN[Ԟ=hLÉI꧰1@pDzB)KS'MNII!Y&٪ tN0xS*5S;e]z8%!Dd2>*/n6i}}āR| 9Ao9/\Ev@9Aj&eRm%g1ieBp/|$l-cYV\tҖ{|/)Y[ 8];uS><7rUO7 a'ע mө'Zfbn^q88b!>pO632H3.pJUApWYHWp`CW*n}-U >gG􀗷cC"ZgWV+8424:> $YSr%q*'zg YMci,}⫆k[w.'=RDM@U n$2mm~qSf\@kuŦ<QkkdK;ŕT4$VP鉕Z10$@ېw$h௬c=sƱ .Y|z;߬9b5?'=Gy4}^L?b8yrJٟhY?;}Yy|Qqĥ+!3G"=a 9 +y5S 9J}Ԉ QG8#Y7鏂u _2$=[E0J@OzI{|g4ڷ2'p, 8#rZcILW>ՏT>)(šT 0!lQxUV*lG[Tf #*́ jH [HOPQ8sv{ٙ1~J!WK~+Z7z⋍~Z wWa%Xe샮BlN(30>rU׻qGrlOP"eˏq) "b _HںT F^`b75,{f^QCTW$Ik"#H&Qo%[V]rf 1mAcbdŅ"Xt$}<B1Vgh}_]ZYZi0}C^m +iP/ B~Vjٖ웟2PJ7DgCG3*q.OX؄(\Idz| Ap" ޡ/'X#@aQ\ ;0Ee=6/2ں힆"Ϧ1/N ƅ* #цG,wo0\, ,YRaUcp7iP=jsN 5[ߞS ,}Ca2>Jif I",.9>|u.bXfuFc@b? ԣcLRk}<y |n#igC.`)̅4{8|W Cud?L;0}zSѣH_Cm6uHwvR^)"Bp0F&,!й14*qз!6|6c`:Wd[^ۧ7̸SG@xxVi%ۥ4qm'NROoQ?QzME'K>z kATdoAdVy1CtFX2,GF5[%TSOo[ @`6s:j %Cp h, ^&%n 44ԂܖB)R9y,1Y#bJ9h #~.bW̌Ue~j*B9lseӺ IbAjGMcZ ޴?K)<{ `(HVG "-s9CIrb5>onD×^vzD7:1xraP9I?X޲ [hԞ"lq KcWۜs@sQB;SDV{OE,Nl32>VosP׌`z/ Uh ֒jt=S9l!R-Xw5} -NE$6UVZZ_`ZXh>Eul ;E Ad@v,BTn! r,_Ҫ+6w,$hbţ8S;#M}%f'S#E#wHLn < c2_ iB"bF5 YTL$ba4kǰWdq0!8sSѮ YMM| T7 +_|4 {u$EjFm9 y~x%^ęZv!\0l%aRls隂MZ63۶OeY=#\|wn(Uϣb_%9`qh̕$poZ{/_|栧dyG2OlZ}٢B$1yshÐZ旨zA>G0uFiÖS7K_P7cdnӘ=SZ'aB~$9KJ"`8?V=P5S({ R/V2{xՖ剑dhe>3ޛ?!o2,=qd(FԀ3mKU 8d0غ ^D~$E'OW#6j"劘ԔDsSaŌc/ȥ)2H~IM>ʊs)H3k,ٲʹCˏZi,) .@8`g?3T#0m.}-eh!;3nӤgHdy=|m*Q@fQ(!Wp(B#= "7Uʜ"dԷU׍ݒ wqpM?Ok;M…*$. v=~bv%` 0 ޕR^>dƭpPRxM%Uç+aUɵ \O`U-4HkKY~ ii]Vo,F=9q*K&%GBs~#w=^B`U6M=+^xnhw;M97rd>hX0- /9͞MĘi]Q[IAB큎tGȪv[/(L@J4DW;XGmbd5:|o-E5יp(tW:7@hZ;lKqpԭMBd*#:/^9=41:ʆojlmD ԰W > nIl;*@2vOB3(౒-Tbs~OHoњ@(΅EvTl1pE$^~!E/xew,l9?GC^h08W -cl¢kRUmM/Єp(fQ3!ˣ ƒN(g@W#?_?ظIJ @*v{45 Qذʹh$_)O>^:+H2.xiDOxۣȼ;J˓C'0qC[D7][klHN׬<UKnc 3tEmD`*Z:YQNPŀtɎer[@snJ:6ō/R"\y} xuokFRşJE e}oػ06/gʐau!^Ffͤ8J\J鷴e]_nn ˏt)ζoDauSa'"vuDg[D񓏌h{{ȽaxKD4}mm&lqKf[Y%P,5דlrTPFXtYe]!|IxRygo%z^R ;C_O#!u~ g^*kȑML h5wWZcɤPSTAz AT[.ilŀt@/dYbx[pVt2N`Kbg/f!u>G#09z)@,B)ڭ:v8 8U`R Ŭ[sřgg˟di*Jnd- bC3OJR\.|Q JW3,"{ (( Bȋ: $J6$)D61LPUd] T(xnYl.l3-UJ@\ݴZ3Sh.s]c?*?'oAӆhxۃoO[V\$I>ϼn"nb(p&M$VRhN1_\PCF;'f/K4I[wpZgR5@tTNʼn]ƐxU+?+&6soK\f =DPFŮEEOS>Қb~>믆|s7> _zd^8f#Y8\ɤEB SǨY#]\2@|P@X*Ѩ>հH"P) 5\ILVZ,4?pw%@ZRR!÷([wq 3CԆj\#d򅈡]:FK&Gp,rÞon"L:Zo!&hD9 N4gR̕KC wIs#|0u?Du"5Z\. 9@ղV|36 ،\ݿ6-HBD]ps}*忺cbr(lohVB.`||kj>U r!6PlGtB(œrQMnƯ<4^?9?jqE8N}k$dfsf~2r;IAMAjӵ*pdpa)3LbQN(/"8҅ /a%p9mU5bY-ۭ2JE=?]L k% U7٤W0V[_(|9 4R$uި@؍ѡ&m~bXR's lsf֭iN eo?pY~dU^!Zzfx |7-NlDu/40unz`>Eѹsmgf:yc/$i"kfΫZ`]b }\Zphh5~OxYM]36O8 qܫ,`?TA+N@IGB!W,J@ yO`iwU,؛NTlc.懙CB#:cOG(̫̀_*GPAkm a8ߘAs] \G xmg4@DPL/1)j 1Dhv|qRN+ΡOB8!cWp`t^0+tDwׇ%鉲0Cw0Fm־ kbNd.[Rf-*낝Y,\:* 89yі/IW1θ@-XW(Ԧ9,TvHM [E>,+a5ӊzݎ0<}(1Dؔ8W@$r:zV-N# M߈cvi7`hZiy=8* wm(Ze$7VV:te6X*`L/<6Oo x6a2NXL9q4CJgO&-l{Wl6ic'&;_.ύ+'X8='9i+]!,T؏DlN_d\hqKH,3@Q rk1e}}xvɏ%=àyzJʗ>g_ň#zNe)]m(wvI8gdk*b)G[1j[=}G ù\/Hst/JkV_y az¥+sgCy.i* F1)Y l|2ZK/$}~j:)K9 ȧmlhƜE24R!gh(.2}Mdm.W;r$Kº?Do Ӣe LǍ" E @4o.\;ibV&.GRq\G".Zz8? 3p6Cif|;|`&&u>h)atq1٘#.3; GhM"q=/yڙ\=ۻ4ԃ߆*jNk sVML'LZI<&%BZinlxeaT@KY;OND ')\a{R *Wy/%gi}%%uw%y7d'Ĭ"CЧp"$ka:2`<{$GEcS( B/64 $Gg&ds QO)'?Gc#MCNĺQ>K"V 6uZy6]nHJkC s`7jcѲc% 4 E%~ol e1v]W|G3(iGtLn n6%7v_bO;)@MO3W'>*~cOv ij9|Dލz T:a8?xM׶3OSJXbL%6@"fc xB`ջsK(d*NB [$n{izIT`3f"sU?xX:闛ʘKb3)l 7eU<³]X$93~>3oX "D!ǁܹ=@>BܱwW F&ۡIw/\TGD>rj6SCNP0!\s ^E'x#j_LTArCtO4sEs5ؗT fMmV=X I'GdYŲ6-jA]8jĠN[-" MF <+@9P-"DoBi>ԭ:mmکp~>s:qmRJ)A0@[WɹDYr A"Vu!uS4Ov.E# ?q+*.ټ}j&ߠrŽ-|lZ)l1XacB-~p}װQxZ܃gL`SڙxIju wBd'o% l6 ƒ BnqH* + ' AGUG]*M eZ Y(Q 5e޷PB? e~'z2NErn^20B!^;J{]=LL*??_>0/ߔȽqc'3'`IS(v -O'P!xdp8#sznk=pmYJ[W9hݮ:nhsIa)R(Ȓ|C [PWs)ջDžl-'nwQ-UvU l#;$pK>73c!U&4*_ ?\..x͊ݡPt/]`hؚ,V݄8Pv⷏C(9 ө-D>}7Wrꭧp1ބq6s Arg%|MF#`N0#dtA?+cD'H['"๗pū-؈Ve@ˑ ĝ[nrz.Ip~ɜJ8cp3d| }:sٵ 3;i'_F Qg/g1L^|l}?gC:*u)pk4lbdjv\wy ]hxs8JC4<$8͔m;pd t]ֻ).U:vK$tZ`JRAJ+#}(*RBU^0-AtYyB Yh/71t2f}uQ9H3P}<d;ZsN]O\=λ|X9[`O#=;rL "EGpѨXϧy&-{P.#hEhP"X  FiEա˲vhdZF0 xC42Й'Ό+d7FM#Ɂr+1={jBx=OVlgtcq.HBW%x %*ciy(<uڔ_ q:ɮkV"T ;1ƁC֮I.BZ֓ፉR.a ʹ}^55(R&)!%QFfP`1Ś \p.֛҇:/gyN+۳EhPlCУ3a_AM6/[7_c1Vǁ "_4x L=Z򋑬ܑ%{3HKe2% *t)j5 OꚕBؓo5p~˪t<*JIsu\\VNӯO ܷ صr7019ŎdӵᭆYǹL Z)&jz8N8{U:Z%SUwX۵}Ol PO)KNgG]+t9i_Kn'lSwF+dh$'c4Dm`Z;G#x& u1ż| rIM,?td,!,נ.̜de}]W#@1GfRҲ4MYöL}&zj߰r@|®YOc #D >Y{5Q)q_3xnAq7>^H |_Tޏ]a>{ S'?E܅+xk[%QaYR̒l ? |5sH~psҵ9yLVsoc^R .[dr'|9z 7Xk0uhz}x꠳;_!Sxٗ'oħgLن~0D=fJ $F%~ S̐DR<-]FqA#S]݉ΙY&f)4p9&!2^~$ꝶ؅\Wkޔ"+qrZ%PR, j񧍤>T񯠖_^cǐ(Ϊ;qoSNfi4 $G6$?Of5"Kp旭daYr" _cEa>'kFWV"~YwPg|, =G0 ~GM |5?R`nեlОymZO7({M€['a~Ks[-cxȋje2: Y_eNK\ˠK\lJ yh Zէ%* oRqBË:=!+K2[#;ibP1إ,[c P |vZ߼YLIuhos~=>+05̔tQo<;M5g.`} >7E"/1O _YWĊE~[I2^G'Y<ki4lPWM٥|g3ǭ[4Y_nHHFe e)('d봓M]g+dMٯ-{1]#]lsmKhb`ĩ/͎bdŞ|ڧ֏#Ƙf5Z}+w{¡ 'Pc1Uszww4!D<,dd`NLŚa`(f-_:tmfjvI t 8;w=zOmR(HDHSh1^QK?/TF?D3mGғʪS8s`RϪ61+_3Ҁ$4UT94F9X@Dz:ʫ -jHIQ2cnP|>Vɦ/sj t~ĎDg>9$*[SPMwKwr dz_mkPg&IbS1#BLxJBa'J{i.xYDc>N.3?;ʟX%͇f'4VI91ue\3K"RLN{²HʔAѺaG"F1"adȗ7 Ia-)w2@i!4ZrU#IԼΝý0h_EЊk) 7#];$oQRg(]t ]~~'i@վP̭@]99SMEK[\yw1 mHy+ y͢{$0lmKJ%S!6l}e[? 8./Kq1@Sb.MͶX)u=JZ+Ae[_|?,HtW87")Ն . 7 lՐ-aDE_I#gKr\tB^JtbW=HX}M#[]5 N4m=xyf֐['Fl'm:\r*p]C&P3-O H(깉lhlLlqi#]:ibl艂 C*Xu^g` E E@ P w e@[mF{aj^"E <8w3fxo\gWPizdR4 K|D&=>'US׊鴟]Zhhĭid,߿:EՑvq\mALXE}48Ȃ42;xƓBxvOf(uN!90hz޼UG΄p ͨk}"\RD(7ƓP<nxN/<=G++}.qJ2ώoͬnϚ^$헑qA=5(΁0 t:53 \_rҊqA4U൪q%B9?3g%)¬2,f{e{!*O.aijtV]? `4d>'l}s[7 kB/"#iݻ Gqn/D%ڤ{Ff7Cq>K%'s("Fv-xE'__$u]n(\ufG'\_#9E/}n؜P@"KX/>z9yc<҆25m2ZQqs& VWjH ʌyzSrm󽺩'U ϯ g;CM %@KMIׅu&7y װyE{KAoWKAspg]rC խo֯+`\ExMgF(SD(f깎꣺1]j}p:IfB N%8U̥ ?([  GDq=XS7=)i+.CAvͳ|y]7pg:)hHiq:8Zw*!+I[yBOѶ^n1O1k#w ?f})^3]:zC]UWҝFfu>?0Y*2y|`̰%lӈr/qS*֔+G1o[/ |mjv)i955&~/*ldr "tEbHh3Qf3,w EYsȹo筵nȞ2jm[򽊑vtw7ab4Ĕ[8Aec.Ot=ڪy.Ķx<ܾ>F6V?B@6aaȼد95FW|{;"f% 3Yq?|٩ot cL˻zJ+4|}0(ϛ'yE\);(I](IzKK6??zRH&큱0/k <* 16^ssi0ODFq5 a"KNg_ü[LN~0vB Ft pUJۧ:.pO[w^dDt[mL Fvbjbjmjy>z +s\\"N{N=d#gXD3_,f0L$I3TA?,5lKa\!- w;CWpiR qsH/`@'># {=W& 6 i.c)44&bN78q|A1X|ZܐC[LAnEM@eݗP3ߗEHoVSGY}z/$Zc^#!IX NB pl/QO:QOj;A7\6l={xu;Uve] v7+5yE2g7P_o`5^/0,%`,ewU9cւke`!Oۥ+QK "oײI /:EgAzB/*GHC|Z%O 6L༺zpCRO2= FZֵ ]i%?ܯBHy8]k NV'Q*afd[.1BLW ~&춤/wsA^Ѐ# J|3 f;:WD o j !b}ك8|LnH:D:Nȑݛ+h\FsmE`so6'C/35ur:*,7scr<Ɏwb!a$qӦ FnE$!K&$R[[‘{HH }[1a >O` XȟXڭA6UQMc#LٳT)AIyg%d0 (<>⬂ta;2H Gg8 n</t0ʇ3.̞ {iiĵk+gODhnpK.Px:J5\^-EhZ DZ(]Ì+{b~'mWzoYȜ1D}I m|Of~ UV(h>bZKK /n*ˬR|͘DOX SWO1W;|sjg72WPAԊ,ttB7sU\&؎h:]TS"u?yI B*cTa?A3m 3Z*ר[XJ߿[FGHp4M/ mVGTt_ϦYbpk 1.Ի"~UX2o'``&uPa:?KtOn讵?Kc0*HlX{ܫoW>R]D#J0HΧq rnvWoL.K/qtC ]@IPԷҥn\KogfئܞoX^Ml)pgju6$:9MSSʋQ:H-.|S6M g dDl_C afÁ糪==/ɎZ/m8xBR ^>ܯZۅ"ccB-ȭQŌ|=dc0 ߩ44'5adUl0M5ْ|$`U=PI!ݝJw&sl9}C}oa{i,sSSyiLJ:fS: ` jڷ,9W3L&Ut:fQ t0HSm?YZg]3k?FP=.K}=7V^4ehur.Z{3~;1|dD|l p3qdAPcQ"Z?{M-'9ܷ<)B܆!wBKH (욶g67-)p`Ctrj l$b@_늡-h#,&6RT vvީ3~Db^H-זvv)5@́נdZ\(-(-(*L2R&6;:P@Gۿk))PK[!bMW9ZVn1IjS) &x_Kl͠jg}9sVjǓQ ac[1`P(wb;/;k^,3`Hz ~hU "JNpMݟ QA:b'Byi\u}ɭ4'$8:u.@W]u& CtE|WE^e8ClVNˁ>D͝YD|Fo]Y80 " %[Y%u5B\v;yX[|e/iITtkVX/V|8O~:lb:": ?'GrfdL kq)YH$=bn*doM6OEo?ְP*4(@V%#Nd(%▄@hCN"$7RwX[k7rTTA&S |@a/fa<7\j!cj~M4"dP]4ԼCEO xU2~<J>)W-ЍAWuۻ3ǁ)nM~L \KhniG4ƒEor0sO2ZˆD 8*ћwχTɫSwʙ#2DjC+l27&LBJv7}3s@xSi'9JgU`Zu &U& z^[b ,05&,2Յo[z\Ӌ.D}lS}G(}orN&Ɉ_.Qϑ8ok0Q uGuQu&ۈb4+' G0U(>QɑEK`iAFl"ђเiś WbW99g_`&;E@N3R ވԙOo#Q,zXDK_79tgemp5(G3尺܌8 ©<6Ug_I.7ivZF4~h΄Z$L)hp(TmxoOΌ׸EثQz-aH]!=jle>%ω!xaԦrS'pYRzYY+ˁ9TgnQߕ´-~G|fx9*Kr#kDG'|i0Wֺ&J,8 Ƈt'M0o?(rb}>Ae4:\b%dl[p;޴@$֕9dPYDg~;T\c0z~ [8fE,y5FvA1]{M؝U T_Yb}i? A1Ƴ@3>+Tv@hJBu~6)[KldJЁ=g :@Nv"fڶ,cWO3^Y?F)%,W%{Q[W xWиi ugٟ {y[?<رAH Ǿ@dtҪ [2Mq︜!} 79b6sY,ˍ} 틇hEC'Udȍ ɏGrpl5nPSX^2AB|re# yB^b?0*q~7x.#5iB8l)gł9K/6,7mr9#zk#/Tc*,rWRāKo;?n`WĜ[OfjwM lQ6xa{Tm$2W W<~ܶ "E)J& 4`bd35)эf7Coc$΄nKUim|qe~ò<1L[^GC雳U`;[' j{O-fDz)ޓw:È.+JXJYI&w-D[ BdEӞ-ήYhj: { Th}ua X$cfAơo)-رՏ A[N& {Rna'#3,#)Ob?ݯrdo;TG`Ϸ$~w}≚>F@q3T0}恦͓>q&fo,P2Mg4cV~4RƨP gxd҃XK|~h6Ytș/,g5*'Hze\킷\X t$QRQɌ.D޾}EUa72XmcY**>ipҳo.{2?Gk(Y"w F`4.a ;~ ``BHԜhuЙ~Ad@|XGs~Kf 7 o֪aJɉbDUt~4e-A)1XIVwQjcwu9O)C"U€yuÖJ~*+%Z B`84.g/f RJBhp^jP7b+3L3N-[&$?[ظnqRV{~'{'yq̬HH!4M5 _Lʓީ҉ݳ} +]Mμp<2Z0Ko9 j*l)ȟ$J;כXZ" dwVX0[cJK1=/ă$X8HaS9yվ-`>ᡖaOUISs7[w*_}M_d7S0W`?v^Wp A!<3,;.Ks֘+k} ɰV~ ANG{@S\/+rmǍO*+w!jrNہA4#b<^{,iv:XTM_c KO]m7Da|3UԬ3mԏww1CchEzhXeZiGq}7sQavqhL6[2hzr þ}0&:럴9[Oa [ !ւyĚ%e/BKiU2)zs>iŜktRr= !(پ%()QOm ~_WPYeCܻgՊ[4Ԣ~޹ܭJL* _^!T<{k|ڑ0=wr;fAzUS X}kti(0)u373 PݙMxf8Qe5 c6 S]{lYrH*![;86l0FZKy F*}_ s6eLYqsj(bm{ Rb!.G3>`Vf[bvKs}] ~7tyRJlk]||',f3=D|IGDv`: 'OΩߙL_S1-z=G9iH6CeK_Cg<P?&?NBCï ң `_٭3*;d%S  +?Ukjm;x _RQ ƍ-=nQχfa/jjĺ8C|r"JC&^oeis.s_1A ҧI^ 6ph`W]h6(yeUOGx E{xQiixQP+tuFC p݆#zhG PvL苃 !Ʉ!AT_enB߭X{:~qWC?mqN86*OLzw!uY@q9/ap 뾻{2Ȓ&eQMH /}M#o-{4vW{yT2JQմZ#&N)3wN >3!v%`/do"Yi-@`scB_:@ᚈ %Yф\5,kc4JWcJj J4Iߍ6Qc>*P'PKv}L䧷&$z~44}tî)P7 Xy&֋RWf7lA4Pz }QlD<.l鋥9 yX`NDu <˨r#,6rIr ]^ YqOԉ/ ]}엌S Cڔp5. jeÛ&Cy_s5H$6B1@-qE=J n[v;>-2 <ac%hȟ_eo۽۸_FИJ'<-ƿPlh{ { Sf@}_hvˠX:$b*] ϬzUT`SE=س,6Bθ91oMe1$^s_!ȣ M}تˉv.!Oal?FygT5V;t GnJI[Y<̠SD“(׹semE0D]&]8q H{Z) Mry{&a.o*.xO9Qᜐ~%̪ AIv:H$&ҹ^M'`pb|@] M[р%k =YQ 8?_ϕ`B^V% {IҠm0>򁞯I_4} ELpp5x!"3z`f]KH/$@m|oxp~IJAA.Rάn`M!l˂)WlBo_p7崰e~*Wh]oWt"g6hsqjDe;&yim쐒DRȾڷaYsZ^R8įe{>@┚E sR'+Jt)+1NgÕ>r;x4EZyJ0Jn`jqPM/3"hjy-`n!!7|@aЩ9KxLL\RYhqPRL@.BHuvuϢoEΐUy&s CY-r~gb.8zC͔VĖs#m$|!m9=jSlϞȉ!PB#9]XIAK϶vM5i%:q 2|~BُgVvt\'0oջ`ulS pc;h,&?27rdJh Z# $>AF QG=jRK|dd.0$\4*d5'ƫě~(][bNh$5;q^.qI9rRd:T\&͉NU YYJ#㡈C:=d2`-G۲BRb|[]/z7r GY!} J8TΔ%ZL<9:QcٯgV0~%d `O 1\,Qsylě̜sK+KW"Co:y?!m0&n/ E?4]3 e!hpy1pT,SŠ&bn\igB j\PBRE6ՙ|D#aicx3go|2  'hPo"y\]uHM=fI}9l\u*ٞxk#-pԊȑ| ?E#æ!5ňZ)g)S)|{w&ކq1dwi "Fߑ>ݕe64$]ŶᛰC,+t&CWDh=$ .2k==ܗ7%RE،͚{$GLiȳ[R,c2"Gڞ&f m\.$,;'7r&9Z!no#(,퐎yz&jtَeKCPF mH &@Yb(0hv 8lY%'0? o~%@ _V_Pun#`76aM?0ЂIss0kZVxhKrzWFMn#9 PLu6 TNf8w'vL`~@@ n/[0tStATx[Ԧ?:)G .ixDžyL$¬*XOVPZ? :x) &×0 xئpOb9ַwRS `43ַf}qM(;gz0"ajXE ]4#)?kR%YTe7|K:WO[(=3VO˴@nq@:BF/کgx/ʥs..ύ3였^Y>mUxodT㺵yȨ|_nЁ=xmk^fmCZZ 0FFT?i-5HU5u8ifh=t*۴ tR:MAsqڛBY ='PRk,͂@і{)˙zblBc/?V!ؐ*|hL avn6(D^4F<6ߜ\5^! ۍX+QOn= @M0 _揠@fabCA^0ZnǓE^J!_0$&~6.H 4uϜX?ZU2˻ p^;'wJodNcD.t|f5i5#y ?7@QЗ>H,yPl,LcZ?']II]ha 03 l)Qm^p#`Ix/n|;I\!9֌,{LJ_m "uODTR|gIUex0,ۆ? `Ewv!|s/']-[ŏ&2DKñc/ݮ:4qr^P#QeLiTr4qƷ,;i$ C[NH u*ZZȖ5IŹG S-RgQw%DrL"GY䦠H@P[G ~Lsm`: o>fAWɫl!g^4un  iĞGgCdIԏ?(ʞykG6vS_DHvCs~4G#o@~_h-Z1vV9SO*1Ɍ.{yłqU L_&Wf0=R }ͫ;`\k+ kb.4z%MvhbF6%% C3'Xڮ}✺]&gU j$Zy졶[c}0?+Kf>5ZoXQ9)!wGm'*)|\w()8'G7>C66 ߡv`+1 u2N4LDBJ}8VY&9@ɂ^LNBmTʽ_t%/0[“lk9 ȟZBL`=Mleh?~C .vHm"o/QufE`;@wc(M=s1}\`(I~GC%JX CiXJ [A7*9@>twE{Kv[bO^qFHfjՃBC\%̾J_g.KN^}փ(Y LXǞQ, ֱ@YtŎ`n:D_X媬pA|sڗѧg P>;@\Iw%=ò*]ZSl̓'GirsbIIB\u%RnީT"GTB*PlH9lDE7< MAo})).1ZOi!kcPIF|TU%ouTF#H9o;[܈ kPZa,v&) "IqhٛҫvaW|q{]GP%Оk(uC!կqluK9sdudCwI + B[o8 XB.'^ 1,e99aaB4tM`"equS"WZz*mGJ@Tt:P!Vߜ~goA*:$a,""C\9B%#bK|w+zM]I VuڮQe2fH@ `%)%jl"%ސ1Y#ݰJ{jye[Ŕ\o~[Xҩ@`×c&s_*31K8`Wm}Q'odg{{qÆ3Xfc/+#zԂ#T)%8 >gTEyI -, _VHOp8rX\lUeG5wq'jA;ef9d{WBQ(sBH*GJG |UUϸM'I bT5LA2"q_ÎϬ5`7R H0;1xuyCE]KnaIngy6WPioe,~A5Bi#Gd9GJ'HS]}lF$/ >;0̾rG2]%zipbvBw{PTP+梲Ŵ_PaW*?w' ,x/QY! ;`sH(e˪v F|ߦQUϰk-٩t{uÀq6|dNݐ";:2+ZJ  Kp3e]G_NlIqsz <"&By; 97k^IctδR9Y딓C愫ypۥaװ҃yb`CneS%EinZJlk1sOXã uMK}*|c+@q#.2D|&F"[[𬒱JuZZ/%o&+s!-J cUn:E ./[TgGtA%7*?Ÿ~W !0RgјO!Lk(.cWG kQ'O#O9oq``9.k6ZAOV6.L+9~־jaZSatrf6yؤr"@ Hh! 2rmXd`wOuW2uCË<bܪp7v4GH\׹XUokOٓԄk+K)_uօXr]4kZqCO _(HvjWiga|:/˽M"[MG0:LɹŲ@)"P~{V̴Z^8Sz)<z p`ɹf-Z>("Xj;|(me M4>ď?˷k.twlkh431RI V1@cRhYM6Թ]E^'fJ~NKV-fV3ripF{ 0 I޹xV~*"ӱت = Vů[nY# .ȹn'*ni,n;nPpG6K VQz=!$"ų@Pތeu>º^⨖[^Rf{Iۺ-ϫ7|D]2"RQ~szd D][kJyőxZ"ޞV{7¬Zū;fa2 0Ï "A+gVX.N_Fm">(g~يƫ']oASѐCQ4nJ΄13#]6~ǜaVӎ,Dt?1CA4{gb7)tw5qkH-WT01;SphDF1&kc]x'7bCM>ηf i\Mqf4kv"8[B$( ~zE%&i9;Y! &>h .G BT3JQ382HaTtyirF:JCE;Pe/ u\K>Y pK6!ȵozH\9عRljWJLiR7:ߦ-,mζ0[{?IDB0eu&OdD~7ak3nnfo:; ozϣ`',`Xޜ͖YKSaދT-Þ>8+gO0!#+z9 M{ XT-xrǩ`GkF,L8~ՠ/٤n‹i#٧֢{ W2'gS CVO8wSzAa/{)#1l B!*0H! T[RiZ ە=w"J1h^/XkNV ŶJZAs!)ƙj\$޲SYR*8U#lk@&$9q܏*g?72TJ1~J~l~ DCC*P6%l/dU (4pfv9 drPR\5Uj<ҎX%h$OkOP1қ1QZ -n֔`')%&9:P-MEq<0oe~o*7㍃8 Dc14~']cibqVW&quYfMr2݁.2hFcvv@k=o6[>=R6R>x6d #:+"k^ʰwoOizʙR_X™9K>>c : jCT܋.į(!Mm<~_ͮvX JfSK6c\C\mI8ɽx5H/@vI->1k0.vsDg>+ęqD\" xi싎jCI5B &"UL^ИUD%iBH`Mu @|Dw&wZwq%-åR?I>qmn-Ib@e.?Lgo4a0pnj36RH{ =T{ nJSv1\q0zTR>bs޲=_3 jK=@hN^SKSljU xUp`gf~ɉ-{vsj;羶N-l+I,1o65bA'r%\}\hdqK7RAr=vۏq؟ى xRթ fbp~=$egkt.Ul;գ I{ h{l}\TpO_$Lo&ۧ{8 oZN$4/x@u|ݻ2eL+/_H~`mN6id6ѾK&Sz:$ȇz0G%AOQ)ww}Hg&^ܾIn #Cs_>0 便@~At&м1W~mPGԬFwk3w#qc +ɚy{Uu>Ka;GÅf\.\X@zbf 5bi4#991/&{6i~).nk. _,E3!5X/T]uQ}ÄV=9D|dO qH38"ܧ͡snDZ&41!']d4# }xߕ,#8-KǦ.D" ?RQ1|.jqk-uffdDA+l»6Ls=pHG/ vۋ5O<ۅuŃ&keZ"Э"UoX/WMѭkn$O^Er-v Y^"ؔsOA"5D[ /2'^ c\)PBE)N-`E,eᢛ—v)PWo^Ju9k=1coι[,y۫kHH#2%2|~6N,~`:{Q yϲ[fb #)R5 y ;R'߭30Iĺh ,.ٞs|6eJߙ{Kl xFilD/v b)x*Lʥ pLʿ s56v"r }*^0^|BmG"cC!A|__ؽIN5y-#/OE`: H]L6NJ}Y:ss.$;Mx+G6 θwm}C֝_ ym|IKE~*vnpmq5dj== kSۘ10aoF{ bX~xHGJ͇*2VlQѺIZ+Un P;:@ ޼&4bcezŗ6IJ%fk}\.rSՉU(%k'{#?Ii BOpv\lmPtH:ڈ!(΅[/VP*76:ݰ9n r D%5WKH?7ѶuB1ts}RBQR5R@t%cm e~>q{gXSsE䌶v;>mGI"0isu3GH5/ Ihz2ȝ7ע~_d.fs(VzUD%S;> Ga;mdUQmJ\BwmQN򅽭NHdѪYDF/uf'ﰡoY9[[1z9Cq2N`%0ޒ>_dz0ߜ;mj)f&e՟t)*%n+CU>PW`Q {X@Hr2/E=}&Ж `\Gn@L(52I2yB#8U 6Qe?ooc{9)\^wg:Sw9/, WxBrRnZ-S 2v4, 4ʂr}cv!|[(l)V8u%v^8dN{#A;R 5aԍ ^eD= :Z 昏,1٘MFaRlhT-8J m q$BgU;gCj· \ JL)Iw0aJf $XA91F[W7߿ʵJ YPO1i4JG|/$iĿ>f(OEBSl?ՊΤdg1d$Q4pUd I`;.jAAYe ~T*B$jJ Ԙ`{>Eh̋_$InZ:k S TP4Q~-X"a$ogW^? Ə0D!?sB1P@2[h$Ehxw*Cyz .ܞk;<ֳ@/#_SU)[6!鞻ȳۤ&BjWz;Q 3q"`H`L1A`bG3 F8MҊ?,X] 1b|/Nh=H"pG..])qLzCS-nD4qCE<b}M|YQA~;PUq"sW 36)KK7vpٻ P^*GfUI1[Mޒ6{$jBc܎]O"e}^SM8XxE䉿k"!!FSߺ;\V-"x݀ZG7O  _{Lۀ F e{XkѬgD*Zƈ炆Kj0J2|e0/;Ӈ~b5/L'CI %"iwrYϟ*#g3mU ُEC`9.!jC\.WP#.4ed/'w 6j)Ș6OWe/*6TÉ\G:hf"@iB,RE oװ! (Án++.fT;@N92h$ o(6{ys_Nn2{S*d [BF=z0p[GD6(W/"'(#Pz©Fuw +(qR[;yL\U?FDs?ic1}E۫FNdsBqRHkl8n'4sy:Z`@OKO TR񩍶@r ecb![Q DGFV+|rh63J w4S%̵탾.PwZi|(xi)pNaWG۰)~%{Z#}8^.OwR"2 | ^X~I̛ Isc`62я>_:)S zͿY꬀\x2.7 zI:a錂#)3y ,q2%Z_j )o1YHN|RR&̓b臬%OY*)|[z9c+չ$,vC7<M'\lJୗQE'2˙VYa6kF(I1vkݏt zEH8hqӖ/lxNS^iQ /N'N5lu0g Ԇh/ݿm#ՊxgtפT^wM{gfQT="WG I^K T.Pǀ;-q q˄ vХbJ޼XZ0k}A%k(,΢0< ,JGHh b Pжd{`Fo?z4":~7Ռ٫jyeuTxs6\dբYlNBm|lƼh!Ik֨/EQ<3ꉉSF! B]7{oܼAUCm=F1lRiBWR@j4,d,_7$D#AE0b3ﻳ!p9=G|,Ncw_X+ %U՗, Y-(lP}eZ,ߏwz!kdIr-F6Ύh(u4N}1ݫ}+{TNuJg5/ 'e/pA`<:7OޯJԟ%_5`= 6Zjr oΰt8zfc57hZDefX!R}\VCpPUkcBJzPKjo&Z!oU`;~Ejjs) +h*l8Ϯ|oQ[PsB ymxǞ%`#ĤHj y2==uYz:l"'_#gӹacm[;hUZ&S#iԘhc62]8/\WM{? ; NHA?>WMRU[ۀf?:=|ڝ \L J?1J_pOϒUqs;FMlLk ~Bc qE5h-4nuZ^2^x[)v:j:]g@,BN?!Ҿf dSu3gH)&b̷$κ(3?dP vr{^rCk=ĎJXx ?誙GY tX>Oޚ3<(O)IP^.0/.9B}4.?=i#ފ 䤎SU#k<80~I>ScVp+XtL\"_K._..& ` i;AuBIov<ƿ8ڠ&6!b$)U2XNOʈYLD`hQFmdXvDnzb_-0硨k&{l;q`R)nT4G[8i J-$`YQ?7 V)#{{Z#r{Yg X[,u@TJ)hb$+Jqm*7!(ҫwsd=Clp`|k$r7dG8n!x.O7 JaSwAd>MژZomop?CZPpݒ0&Utd/d@rECѩ+Ӻ3 hU6JDˁNPm'Dn =gt=L9=mqzk/@?~!u8r)۱8`mg0~h"#qb_.sz=|$uonZ ]CYUl£J9bfnOr/o.#$xXW<6Y֮pcq3~e^w>HR1Tp\n`J[9 ʩ/8ٸA#C+oEG_~KA9F( Ns2_ƶ5\K Qd |M5vN1XF*umA54m֡ f<2gy^ :.9#x-F+_Fm,L3tcMZw!)TԳm8)N/@LI+sN}+GLidʧ=8OJd B0}#,R<ۍ^Sx,PZLJ|Znvޱԁ6ko8'm?zs#%ސ؛Ԭ~b,B~^kI4kG98͵p=ùM%g/ nx<4ŗK˖HA'rI~FV_b*- 0ڍ_:@5x|xj=Z>B!9?F%YgFJ QBj4mVYߊ_}(3):E'؂> eY $pXOLKݽ?-=GcyΞX+')5цbxs\R S$nC]9qWg*BZ"CZsְ>&cKӤs֖_jJ  gN8d!~(*WmX2Ӡ& e`DrRTf~&LÕǍt7%% ypDBx7((kș%<+Ag+57Tb_&Cwrbgڞ&4{bh`&:G@6Ahl{ 3 j%jd״,wK": So{G΀)&'Y !yF{w .H(yf Å1Z 㺅i0xJ.4|!Lp FI8_(=}I= b4:rMi99cƹuPh#@s @CR=Zg+w7gܯK-+4RiBt@hT`gb?)%44;,=G8+Ɗ$,X]<]࿧K$E H?rvs$AրIb5~l.S1<4u]+,/P Wõ\yfJV:nQ%s/ӷĦ}rjeWwȵ>Mj'NCoEԏ;O}.OKw֖b͌[rAINyTAAi:|yz;ZgMF/Mk6\^`bJQh4?8 Z(&*+СV0pǤd\5ה, VαPOGzl{zBXv3Ԙ@K8 _Sl؃`Sƴ0h >Vtxs+_\ȯ8:~& sU. u׏3zp |jB-m'Fd0K* J^S5_ X31:~$.jY˘ؤsؘXG~{d5M SӧguN赦J axZSׂ1E<>$  f0)LTw|dX|F=ö^˅1.{~m;˖~r#iDK  1B96}I)n>H<\)fO$(X-ϵ]3K3@EϹ$p,uR"q lҙ ]4KmCIKMg}(̩-8N(_=H;D(է;捝x Ť&jlY j=1sXW>C@0d*|:J;80/nCWD;8X `gRR4"?%&N=X2('k ;A^u (dkՁd`6V'vāW19|9Izw,Vy+V5Z#z#6/ Tdo ~h7Eޔ&%Wq&Ha%7,0,9]ᲊ5GٕG۵ _zX.تg (^)kqc]SLyP`OF1 +6 v B´N!$. Q/|  _=˥>aF$|+Wh!8ӝ0bM_kRZɮs(0Z#8?j&550 j֚=:B h"HQ!0`%nv9?-qA{FG֐fQ_Լє3-/?1~usJrM[d| iPzf3gsfn' sjǫ)~ IvuK@|Wq 1آp" ׀P~7%Ŕ$u=ޥ^a|qjOt H^qoরCnŸY'-Ӕg)(Fqɹ(UImA}ٙ*2MetnG|5,Ao߃,BhBπ%lg@NU$xD³Zᘓ׏PQo|\iC (`Qմ\EÍF؟h=h{B7~F>"TINeW~Yo5m#f' v Gak큀~Z嘆mtG +JO8?&Iy<(_ 52fׂPȷ)z/E/uoHCY8Qql=9_8_qq E ҸLm#V^'WKs$Q,N`P%A_\dxYAPGu9(e*&SD08CSY4#(ˮ(9ݍh@;]AlE քւG T9~]Bﵜo =j+4OBo!T o u?2L9T?]GV'FR˳2^b}up|-қnVw0{=c=h cR.[#ah%ũ)) _ȝ-cMѠLJV1Zvgc4xHwN!)|ӂR6 37U3e^a`H 6xUxlD"p`sUG.o5,=x" 9׭HԨ~aϘA_ Puѱɍlc%HeN׬&1fD„Suwxnքs|[8s69S 9pLx+@y6 An3&P-^5jٙ&?DwJE@`J^h5#=Č Ehr8~3K](»ߔ{ΏIz N#@VL֐\GMӨdŻ7ka <[^6E`)b_С yoVlgzv%|)x@mnO.-/R =Գ+brH3cOễ1,&hYhYIFt&MƤoz+AHS%"/`piovrsX%#Q?>'Z.D9M`/U#.}Z #R'=VȈoCW}Q .Yvӏ}|؎P6 2B/ҩY֡YY֛'2RaBhd6gP3-w>q׌C}CZgHYh1bntYYU9#g)-NVS>r)UֆF1=tbU԰YS.5t!L6-b࡚%+I]O*Aȱ ]:8HdSdcF"m@X&D!1ԘHO0]b!|䅯sKhP<#$;`|W&OHilBwil6lN` &ҫ6[70W2@Pja@ݒܸR6W~EkH}/دꥏ\q7Agٞt!+N&HKƌ$N!1礋)xtX 4Ԅ {gaXi(pS/ nOEnmv;P9sNb lΧԪ2~ON9Gg `2(=_x)$>M;S؁@Y#هKqbkf_)-y=x*Ҋ3X#\I}Jic-dmKh}KN MߙXaiX0XD7k,¢4%#aA OW(tV1 EdOUN8.d:] was(&.p Asً=X)ze9a#Ɲŷ4AA (T:0`j NN\a~4cT13H(9羑S|;&c3^볋ad$>Smha|VJ3d m!.C~Hl'O>[E"'yd]P4ABuRy&kJQX |"B|Z7ۡR%IC l\/.aI'6t|R^UIJ3ʀvˡֻ>jՃ}p'NY8j/*z'A`ײ J׷B.`fMj3Z"Zo@?Ded%)|Jā4+!+_rN(!@!wU$Hl6JB%5 MǑ2Xy2]U<!b1ZӳAZbRnc;ҷ)2DK2Gnjo'6!8mB݅(,hDoB.Yhst%a6Q6C7Y)7֯kzg5[xƅtH-tp&.gz:7⅕7YP5c8v0f<kGxCsDɏ S*I+ɂ\$%_=`+4!a%i* kD-cUٚ8v-n;gD[>^'$!Sޮ43v:1u=TA1_{ 93CgC0C\iV }D2,)|R?r̀U^K3X1^䕻;h>mXc3LXbX|sa&{ `+6ϵLrU ɇ bLn)H;BXP>ne)9f15y]jkxar6< L.u]5Kf!KGMEVSF^uNnqe%A^ 5L/*y}r*׿L-0eUoM}Ao?>ˎю¿[XȎI˫$F _g&h*}#8WzDTE975SgՒHD=dsQ@?+q\ʘ.(FVk{9^/ gn%{u(!-LEn$.CZm%\Bȸ]]BՅ1. D: 25J0n"I{}ȢiL&G_'<+#> GU,xy7zz&}ge0ACu/C; *(sv r$1UuDP*{jMW*-+/9X9EX6B+\j\[B6W1{\bM͇}\ܱϡ0Kr//Ot98>ZRKq5-' 9 &چ uyMRlf_t')xbLWjNQSUJA#uf+m¢j bYr)͙gp/8[BEb5Jɳ<ϖ7+< 8mHDИ^.l mtQj%xxb'G'9dET\?g^^O?ޢI:M{x'ز-̊eo"4r#zˍ}{pc}KB:6r8ugbpx:.?+i3{+c}!Ûq~JӮ0nf$VybT_9<*9w>o0m]mx0{ Ii(IYjZV= J=w#ޟqk+Y {1'PO,B'k2L4k}Lc'̍9_"~H- ^<|I8bëպKu[[>84нύUoh:na2Hw^GBL.8HfvΤk artX1YGr)36p(1Xiz|4c?t〒3-MN2p_hˁ2DQD$XUk]$kF\&62m4さL τAἴQDZ&-yUWTjt} ZX ɡ6X SQ?`>o:-O"YwK}X<ߥ&s$m*Ʃ9vv2CnQ929Wť[RɣmJ)V=יђ4>GbKB` &{MNOyU]f;sS2fhX$$La> }&\XV7,Eq{ZgVz(,p#~HnS1E^sTqN {"I{œ"zlSWqm}Gր+lJ%`<0d1|ؒ.F舊?Ip㛌)V PiQIa}Z\*UVX_puʆe PNmAnhT¯ӗ(Lvw]Q7زUR[*}і彘Skҩ𡧓Q Uulݣ=I -TMOi щŘNܺٲ N 8d۹ gĔ\> F#s8_xmݤ:|smh^|Pn{@c`7 7%+w(tR⋊³nenyh7?PBBVU'OsiBPQ8ev6G+DhTlj8PEMQ=ba`T vQ(foD  6)2r׵%Q(74CC_,d%k,DvEl#YrΒU; 2 3>eE1l8Kځ^iTU@zڗvw$KSzfhfiŹZfik1:,> (DUxIrKq=1ap1fvgϛP"~+k](zg>eMQTb6mmʗ4s߮${!yJy(gxI ?a֡PR_֕>gcFz\qr>yeMx ltڞl.C.}iM[x rj^PKQi/a_)[ۀ؞rx- p4V4i A0{@E3^ۼoel!$QF٭(lyΊ 30:Ixzy2>`ϼYh?wЖέFho{C*hZAG0cLWDv .puIޙYϫ%lpiiHz-+[ Aچ>`L֎_h!"oJZchi'6|殇[ ŷ+qbsq| \?0aJzz4%72=lk\=y?8ԋL[O·`fnyVAT>[r悗=&dO0ҳhu)dh hV![޽݂B}n-DgPhdCڅJ >G1nնX36Yn\ާj_r iD>}րan"s8|L6&Xiĕ0'KXj8dGyk& 6hpl'BIu)EzjmhE-4k⭕LVRS%cY<  z1 Ilgy-R+FgBzȋyzKQMZ:?ŃmEqU&~+z=^m}͛\qF5W1}mkmg- \3_utl|buN0t" yMm(R~} E EWePi&qoo~U6Њ;q|^E๭]fn{Q\q%RޡZVf2dQESS3pcK\t**ā۔ƤmM &ϑnu/?UK+;0XLXv*BAC΁çk3/ |BlEDjO- :⧪; /04]tvs ZA0\sZg,w NC zlB΁4i;c!ei"3+W2Cgpb r8ؘjMR:71SX!Z/`C/L-,*B=nP' ! ?CZ7R K;nv9W 4A561g#+;XCi9.+Yv=Ƣm`Dž HiϏL7FO;߿Ŕ}n%},@nyDH`̐&Is(ce\{ שKmk9ԘvHֽ=[8ptXЬmS}>3i 7FC{B+@pNRypگRUnW3˿ˀ~C}8'OG#8\*GGO._1!0EccXy\@Vf>/_ ,,dx`E5Sviե  4DH+2TڛhVbm^\pKY]16eZڭm@"(&j*6km҂ :N B]Tx lXf OQF?ٱM[g7TRӨ!Lb\-Lkm,䦗7:l#Ydn5"Z-//rÏcj%v {B"ծ{=)SO @jUޤEN;ֶAx/F L#q :؍rz8@gYƀ(zZ R+vO\ 9I_0Ĵ8-Rz1A:)o|UxktLzJc*{@8!y Gr{` ěIli/("-4D2Vc;㦬֭Ye0?hFD=8'GcH^IgV@40qLïI;z^KZVrH l2v *q.0OUXy 3C|ٙi-hE:zxGEWH8 ]vf(źb*8$Hoj]\{~d_.;v:Ûc$D{?ČܚKk+)%;⸁=Zݤo% ֒0JѻJ_NoV#=g@6.vpHxU|\~C8RQM5 L}Os c5N2x'q#ROr:_tn࣒٘ 5'_|qA~gޗpZMIM[c gt7NJ.ыmح=K)x,5 e<ꎪ Yaַsc&`Vֱmeĩ&>rY6M* P0gΩvwO=&OC "Ae'4T{t"N]07-^;V^}Wᓪ,|;N~1@j;E^hZš:b8tngo˹k}E2`)M5DQ^*<fW^fJ8X n" $SMRR-EPZ(!wqұ>-y}IzTT")MfF5wQz ₄NsT{bCB5[3V{M6"2}}ёe!O>sdP\ldV/Xp%T~%`3'P$r5i|Z 9`4ćot?d(*PjQ]$$Fq%/Dhk&%>H7!!ݨZ:c"'FJ+RЛ|,f͹OeOL`t. Ia0m5ֳs.KSs//$wT2 +(?hga )8/6Ko,@)DHH>UwaVܔ uޢ{iOE1Rn_BƯ25v{~RE^ ݏ)?,ǟ$5_nJ6]-\bXᐶf2Ok˷E[=3n7w$lm{ }wwƮ/=>?Zx{jKM"g :!7fn@k8cnpVH ^Ø`| ve&^^#R/kPejg|,V@'^54h'g $]>w$x0`vvM{IRrhR307֍Be( nYm%xkcƬnżKgyd Xhn,\v>[o'oC-}xMfpQ$FWr 8򆔼8dׂ砊t6մWOͯeԹ(xL~4 q e>)H Dt;AN Х/ K'>n8w?,xdzp01A]sw}qM~Ҽ ;W^q ;dϏ"%k]26 %E47BïtU)>J3N^+5NH8n-vM5SFRf'1ڸր{tm+ ְ#㛳WuhLW!DvVO"`0ta>;R<<[b eyV HƼK7飿,Pm!{,Es#H܌)RɶR?Bi/kZ@=F)c{OTer5ḠGOA-u"BҔ7|=$$ X.6:Rȣvi!#(4lQ2[M+dd{| ٢/J݌@?gj>*;3 EEnH 'Tr(Z0X<1B4j`V|~otHmrWٙsCon1e2B3䮺ᦚv6m]9mFէơUzJHUS'Ӡs=vz%Dk)Nmn3*).A }č׶0PGD]kܤ`:|p@8T1nNq4mU26p-_ ݚ}O8<1 Bh<)8[mK)lWzSwĮ,g$A(uLJ6!FQ`8>/ )x='NKXuu? EsFNP%<׃TnQ Z GqOPcџI ۗKm28PV:ƈڷ܍ wӀMf|q8]ԅR1gl'CR|_:P]ª'(%+rO҄[z&,`y`z}ViT (:v&/E4Ty!~emGDZA8$#aWi\Ly)knɓ^6ti.NПr;EEV3Ĭ,ET&[ >]tN$ӼXA}&ËCv4v3{"4@f.iGP+feR7WYkFG$YDS8ա# 3Albʳ8C6W-9{iZ@FKwi cngމ}J[ȧ_G{MlZ d#mM}_haeJy(Jx eTwrSz:n:@(GR!iFшXٵwO^pV)Iپyf(x]QIis/r [`ۃ:b=;VGҞ|\ Zq"͍ͬ>h٭@tZl 7xY%G ;\a8.r=;xC_x S u2lû $&NyBWNWujTAܻNMкwH!='Pꟽ:}uCc*wьc8}@QG\-9IST컣xF[-?$yl*\<͎s%D- 2&Ej|dhDP>fA$*/y 13ʹW,9PV!CGe7q(^3 lI;ѽتD߅Mmko~ ׫J4bK~V~S.L'l3;l/uM2NVNƬ2@> nǪ  '\!̬A"%Jl}oC '/6&M:Z.g%o0shOи؊Än V3_͘SKJ?,sϩrM]ea2n+7ت,=b3(jpPĀx{OES]D9˚^l5\7| @ؼ|)8IjQO5w؊]w[CV 3-XVοPq;Rs :z҄`qXʧf!UFQ:yA,(HgOE`sP!3mHSEŎaHLa-b$Jr?<.%}9c=ɶ 7jzU@ xbOlz7P$o(rE/ƻ%Ssd77-HXG:֧U ꫪq`E/":!#a%|窣~|@/BIPTR[ 2vT$M -H哠JW@p_b;{,8!VA rV$<*Eόz:AMz9]q̖ @1Sbuʆ}fYNFԟ,:R?2wّ{f7^ʼUiDVG*ַi?|u]䈍yV8E9΃&_IŜo5m,epv $ xF_FU[\):q= (bxS8}G`fS)Y#J4K!ܼ5:\Qo굹dx&/{6(Froiuv^Daky:TSN1syAj{F:ǹbՌ!  +4?> k[Pr7"H[FNxPhw[h1+-vD^Rw"^vrDțSKF,#S=Et*p$m划jKkʱdimҥAZ;e!Xq1[+FN'e*?Q8nŏ>YjAmyÜOj mϛ|/tm-PzP $( _IR=cCF %|†UQ.Iv=ũz:'95w+۴@hd`lX"2R.Pġ|zLr `]L[0\9gx.Fν͑UY9w*Z`Yrҕ46l q+ž c u)^ Isu坟r&gSr!q.`|9aEc W9nSTD!.ajZ;+dVk[ Z @wezĀPWe,7WvYz @*]0a_77H'].^hĠ/u s+nttpf3L>QF6_(7r[zY)5w"0 ًA )O""--(oּ9G5ʉ\x!6 职02Y&[[8NMc؉HxmE")(F3̞ "U:x'ݴQ]5҈FxA2bb懌Rh)=FS"i=X%AȽWWU]q~pW&EHƸ% rrA6|ct}#G= otLzrb~tz/k٪{fݵ\1bPD_-䏆HISκ;AjYoY 0yא]?`o\;]^{'B9oh20*1wm]#!THm 5 %-·nT={H X$NcwKPt1(ъz[G*OGŁ+*fؠD|SF"f{9!J&l* Uũ=땃j]ҪOQ :_HՄ#7F ]J}*܉JMR)/M5YoIȓKdD–#~t`mKZ|?b /qrӹ%igm7Y{Z%7z<(-c|12@[_tG5rV!.&{ńYTG'_ǎtG?.cRK;Qn O/2ͫKMJ"C֊jojX3v]di‘ *yؐb&crG *T0D#o(;{6ݧN`g-w+p]^w_e[,Gߙ`洘)Ulk_w n@3G`g!ʁ? rs6#rGrM̝b?x|a\q0aYt շ[H+\v%L?OuAܹpJ"JO`BVEycqy9y wu3絯$dW}lt4X<[H%`0ШuM^##lddDq9#:LVMcSe<غ[u _3VOѵ9&bU~R{vEtwnn)J敿)+eN쾧F"B#jZ;jgͅ]D9z)o-Nv[Xu+hHo^Acw+QD UV~d qԡe@^bK!|"+TMYdM9-0uլ:TsH强LGgQSk Sd]Kn⠫W*k#MqF\>Y-En ichQ n9Nɍ(%Zksږ,W9?{e͙H%k9FS5rF#'3ѧdŠ7=jfh8b2~&e'<*>ă1k5b~{MZ 鯇@lA93N$`?g"&([u n9_ szy癃U1xODM +.,Ј{)>Ɯ ΥZ,uς;Z\z(.or>VˢWO9cҢLķZcD x1yZd 1 :px]ʯu;9Oa1Ȼo+̦Զ]@oK$9J}XoIyiiLk_;|Xv;|xR-w|(]\_,WDL3#PTH p3) g8ba%|gH@d E<\ @ƞH*|쮰#UE6iҍW:R;BL4Тu$,6Y8 .Mm+#2l.?VW2 mRƝE3+ҔEfcyI QN t#1ua2s"i#uxief쌬{Nȁ]jjI~MPS, 1^Va&hVig9}BeC\"0΁BUjH$8dl! kOad >®]wxZikh_#¹ sʾN r3LO}E%I(!@;Ec# tBM2dK}pxdG w>/Ůe@Y؍rjDe _K3=G1j[ M &d332s,]f2rVm =:g1r;H $5{ڿ'"w$M} F qr]ao(a R}ѕ* \~9,דfz*~RSΪ8]?Ǥ;u7ӃVXZs @8R+&TaR?;Xng8P߯%3̮%c9>}MW6(0 ߻X '79IVfeoCpݺ/7vQRƎйRIvYY3>)5ĐG)7$vC04^ogw,$>tEqH`$fÛ2gnheLX Kz'irbX Ѻ\PI0\gسD@fEh ->́;˯(zdӎT]$tQtv"xoS0hNǢSUW0&AuzK|,jrօ23wS}刏ڠ\ s1/f[K"Ah' K%r@LZS)d,zS+(WVXtRnǿw m$pʄgPG[puлj̚RUs4&N:}FxW9m{nDԛ&[J@0pL,qp~5& 9w'7a,W!)ʛ:a_B@0+ްZ-xX, z";x`5G>r,1B 3|"I{V`ϠH`_8^h_^42"/\@h+'4,h~RH3rXR/xNJ47y5tq脣8}qQfjԶfϻBo +rV CD`cu7Dޜzθ7$;!;D5y&<^`,-2dƢ)zLm͸|94-zVGk4ݸl X S Õ!>}m{_A4s@nlRQn(î4婂"I)Wօ+ +Nke3Ξų=f1󢚕/4#;,YOTq<g*P-KD8HR\cvhJ)7RZ [z 3mȳ(.mQV0)Emg(Mh[h&Έ%2{a'1z*Qa؂W{1R^Tܿ̂L.(s/*S&e*o ,Is.g 7yF51@R%`}Yٌc ƹnY qSDTh7ȱ2Ny `?1Ű֏yɮwx}PzEgnw7=̺p+feˣ_[ ЍN5 1}9ަ ZO<\`UүާzL6߰QM޺C^o2$P#̀r@^a K+b{T+QK^ꭾ,P:yX\h!&ysXYs 2N*\ #+ؼ }9F򆶢~V[>wݖ{0@UuSfRp|o”TZPv' Λ! LgNUIŐD JVes5"%`h~s҉UYv<ֻ;M. YDX_V^w4)Մv@G灮~3eG jU'eA7&LHK]ɦ`-72^ ,1^іTAb*:coCЗ\^&زadGڢä?R`Rkڶˉk h cZQk|:V-׏ VO}Z5IdNyGgAPWKuca.M3hۙ-UO=T lAO_#D*՞/1֙Z\x2zW.'Ϯ2V!!2w˄ϳiʤ@-F&E)qaJ+/ܐ2+-X經:M;Pd\LWm[j hw>mdb5 |*U glGŜd!%)ܤ=pFpD`k^X]#A!"i]\ک.ƠUٸ}$kAG=字P3g>*̃Ux3iyИ<\Dl~OSKUΜFr77EпJMFfķw:Mxz#ECc TG+Dзqgh*ޚk*H9c-L+H8]P:-~q&|uO^IO!7fUO2gM+&ߖ?d\1_Ncv^i|% Im(㔉@oCi Wq8 >S,b'_e-Zs Z΂0zԾ}MB}HIG,?|fvkBE{lu78c"Z¶CKz[A> nL]G{:^(p< PM ".Iw@B-}wvup%J1 q:9P3rr맛ngFSJ{1d%Ӹ,[m{|,-oY y+Bpħ^]i-cc82X]珞>Rr'ĴW>/.,fؠ= j8cteO { ?;&z 7ܯؔMF=tdv ZMB-eg({N[,"~wz:^5[BɡqvWJ7R I>6G-<! `S5"R={8mkWl}-v zڂF3'0e,~'TgORFȒcW#-a,qRILNS- J͊2oT}Kqq}r_Պ:pgq<{Wl̻K3t/* ,||rf&,BNzq eM_UMy& M8o.Lf#$67zꭋӂ.:yLAVr`M1;>_+J" Mn}u\FG:ieFlկh,IJ| ȗuv2js3(쩷`ޘg $s!1Wːe nғ8FWMM6e&>ŮF<a1EQ 2k VoIW'7.WP"3'o͎dמO='w>aD5ѵ0Y6Oy(n1_u'[T]ɠ@1Գ۪á~MTjt+,W@@ ŅziSJV9ᤱlw;I"H9W,$\(]eH-W^* WJWĚvcw'9o^Zi7-WԤ8#rqVrdm${yvl~vǴŏǁ.܅ʻe3 < iv-PdJ>M;+D̲&ߡHs+˙av鏙e:Iq/.iY ɼgM $ =gTh7-.@e'#iУ)z.B#sכҨ؛uwy{N+G-kVyڤN8S,pKWqE)CJ%W V-L֪N$fgOΚدj`B2mXFKahSOVj9P>7Ӈc9Fm{ 7m8gB]k}ahq@0 鱺'?w_I)dO5Rx6Wsg^ BKvӇpaJړO'?_av 5s?%1u!x0 ;>lm8=;4 b}P,QS2CN:_B2B;ˇd%ܿxJ0eX䘇$eќӜ&(_\N Ӓ~[ }!o26櫱 nM\rƠx+BG1[#[C[Y5K4i@'qog̙6ѮpR:x׉=xgc"eɼ.bZ|fVxPzUx/qQX&F$KF@ҳ/jfgSKZIiP2t5 ;?TB:gVp{  'FF~D!<[}xDv/, zkJHβxbӗy 6vT:= ྲԵIGN%؄UW Vj:0=N6}o l@Y!X8g~0G2)*_ny4 $S'V#cZ3ъ4 &9تK$: ,ټ%FҰ,cϊ{]s[C 751zlϞRI⮬ 7v GQu3>QE/4:KXMfA ~TY’p Dʘ<Aף+kYp'6F -d :LlXp'qXZKtUˠ><Ǚ K;A 4I!u6 4ڲ(=r3|O)jNG^j6#]Մ&&F_qsLAF C Q;T[+J(&G+_:` MPj]ʿ0dH1Oّ/$VC}7\z7={TcțzfQD}QN֐ :I˯*h "!n 0Eϋo›EH=_ik,E"D)}ƌx[A(gu^A$iZ'^Z|.3 ~>QcW=_'SR䒐-M"`r04'&`UUrЭpx+`ސyTPβb6va%1cF<} je،0nʬG<3p5gm.gӯpvTn8ڿ QXݖ񏑚8w!&_-G"ݔ1R!M!.<+o"M8?K.ȳ`91;^ tw4a&Z8gmϤI`\#*l' B=98a Jl e%x'%BmCD5dI0ƚ}Z&ؑр0X3,Y~b֢xA5r_⹺fr?n:ⰟiY"uSWҝ<1F^$Zn\V!k/*cRl2ogniYk#ap)n`ȱH˜\AKݖ{tvX=(\ƓwX$?vKKq Qt%h3LdD9~Gsq?os-:k+gxv(ZMHE:<%t7\))XGݑCZi4ҔT +>*':N P扮HsJm/|y3C3+*`DPƷT6nF 0.?ՀՈSYU yՊw 3}Q< W[[1'H~U ,F$'G\CȲ#VGSLtZ2,0`0oavBHo!Yxk ;g!9nDzdРHZc!jpSpgz*j۔21=͏yA_}|6c"bWߏYSޘDҕ#Ui x 6PϗؾL*t 9!2@ mr٫ ]_}Y e[7Y{?=?bW_7tW>^ #s~-1H-H!'6@[byx˔ `Vi$ ZӜ"m,ЕC78EGW}v#لTeр nvVl]ڣs#7z@~e9G`F=YcM\`-CdLfiGjVMb^Y@8fM-K-Za(B|NB置mֻ+`J }Q V RŗDg[ILiAqzG>s ݀T`A+?k{_v^'يB=C-ag&[F3TFcTbGnG #8FS 3;b65.^q{NDR+U^|  K6o[Ivx,!AAbueW'{ c2Muw'WJ__0;fq '$ΌXtxFx [ؗz{+mɼˠ6Æd+Ld.?Zc9&[NΟ-^tg߳9puc筘Ww+mp*b#ۗą3ǐvPs)F5䷺G d꫉~+$/_J^ .y?>h`păԹğ_p) ͙]KΜ [o[ Udn x=c_v˧R(/Hv/UqWRHn[ˌXrùЦjֳ((ӖQodAI4ҰծҲ _N,=f@%~ȨY/4m_#b)CX!F}A.,svbɣ $cKSb}d.IRf<{{SE;2(E;mH.q)a/\ͧq3N d]uhT\!0V+( K=q'd^TץU$0Xu$5 &ci}YtbjD-pȢJNSZrZ!Ӟ=V5 ._;&f@i]ȓFi;@{˕DZ? &.*uE.NO΃NK/jSUsu 5xa=%/mҩqh7,/zxx x/ѿ< gw+×4~ 0*7}ɸ 8S>S&EC)s7@ȴ!է,Zs&ri(1@+6 9_N 9laN}g Dԗȶokgm2W 'QHk[ P-gڿ DBP&4 /p^Ŭ2H|rug'ӌiZl'΢Ej, :Iމ-FIi Ki{Q!w>|\f!2qN9>fv~3@qa yB;] Ra*#=E6B!Q)mB6KQk4 QqM,U{8)xq.R0e7*iy1(O[{*tbNH/:<ѿcC7[̡-lSXsQ-W>S%9g.qܺlFCE]^!`ʫxx 8rjp@{QP`X _Ӗ(r .8:rF/7Zhnk~ApS⒳&οYQ9pNh@0vffv*c&Ͽ* K|z}j`]ؖ)ĚXiW HyıW.2OtHkf:o^zf*,kVw$ 'MZqcN rJf&v. L|k=|d0Je!DbWpmr-MN*zų|q9Hẑ9`oلȞyAkcxĚ9&L7)ڵIozؼܭTw* (rZ0ZBb\)sHI0WZmT[Iʖ݂A׿ )G T8ۄ:ӯLUpHuxa!}RfRYn6pfլV8>^@ r _LP"M_W2 Pm e%e!S㢆t\dDof&*~bi'y $}ԢCa~]KXa)eD1<2oҹgj#1oA,~6d3l _Maۥc4\l3 gH$keMn$jGũ"{IJ!aϧc1B|Z-W%L|ar3|A㚏!RS0דth˚3pTR̾+^QrH4H&xc 0ɴmWAq3C@`MfKHyK! +pkm]5̴S3L1cڵRj>"`Z·Ywe>Ё!"W\\Wp6&?x/kSG1rwUQ;mz<ck(j, x@W7 'mOԢINEUJIXx<'JMpigs=g:{(Zv9dgFH޷1{FH =.Gbr21 l`(ʓҐ;զ-p@g˥-E7EqQ@Ӊ7/;ɓCg'$dzSR# {.Zd #{#eVd(ayzd {vo$RBj9N,B*ibɻoPzOӞ>T^WwReH[qTR;AgMQ+EMwH5ݚp Qؿ:$(t=֌\6"ਟ_q?NЭc˜F t]2}ЏDVݚ5R$Q}Fn{#w@i6DN'e&۸I$FuUMAlJDie`3oOĀA^~XJN96kf I/ί菛h{B u qw#pwZ'A_ 90V3-v?&6鴨ҟɨ^N59O4DJ-eI8rpFHsȮO*Ԏ_rawTz Iѳ0A=S֠"j5[ՁOU BhXOzo4]`FuIJqP0w2)ތ)&i{9ʿJeuj{/DU#lĖߐDikn=o䣔ſ4ez.O8[1w#O9dyT_Y˃RJ5ȯv+R)J B9o3ʞQ*@ҝ[g} 68լrNѹmk4ߌy*P S4$tGuG I7U4ҊN՘Qc =/ R5Ac4e)A߻x$/1Ei 88T#jUz?5z&Neg`Dk7nTϒ_=KU@s|cQR$C \bƠX%C@T;~<2/β1!դD=vG 6cfCa  "1^925jRK&]s9P1^R'a`vO0RnZ~Ae|rN .7$P>Ol fO^9-V6ĨN[w:S+'f 1yR2i|`h I.?pԙƴż1!p^ n 9HT2Tt\'X;@M%ڀ-*Jz;*ܜZb)*B5RwBPGuCƒ$֝h2oRLTKu!)".t>}cӰ[ڋINmVc1X;~W]T$ӷ 3DY -8lʤpOC<8JjۿBu󈃭Ԣ{w 7bVVM#Pʳzmv]ab0++|ńS_p2nm+XSa[&mFs'yz=GUq 6խg&>EY] :CU$Q^e$ s82 tT28?uϻ㕔SOY|<[Zć/+C0~l\`FM6P26H!4M:qE2.Pj}:Q0 dR aVi&JjlPaF(.QnP}D\/,(FyqwWl9{g-m7e?wJ9-y]_8y8+bqS -ufV.,Mubǐ%QAP:I/g<䕈ɢ/TC?\x;Z%\4ր4(\R J94/\sGC {y`qfK014{>XO }4XE ^/=L-4=@`߻4 I~n$S4q@BOVXfJ!ЯVCXꝋ͂MgS,»*fap0r ^).HtA6`,au >[mDؖ0 'C販 r]T$܅\rt%'v")2>}վwS) uFpĮTAx}ܤqqG9iyO.t5nR}n$NB5ȏaalzWx/ hG"+f KBpeq`)=gD|n%tBJ(WEp1N(($)h]xt8Rir=lOXy87!2O o&>NʐM#eh:~'6) 0iѷp[9L)Ut(MSwT`ঘѮ7$Ԗ5Esz"ftWqD#8 _sQH ~b%°/ w#)Y;Єyܜ5DƆ´-ijR;]NݿP*bs-4x\~yRϖ>Ty)H,iDž9 wxqR΄O݆9#Yw5fRT]T7zׇDh,ʀ } )N,!qCEtva!$/6%kBK4I~oH].qO|9*+M2q7(i5,?%Exeސuev 'h,+9ڤG}ϱ(ʓ2ˆ8Q(#bBhȬG O:6F^pueMtV%B@WK3&1nL_2.@1@w.H2S pQXuP MU D7A@00Ztz96&h:"a" ^CGS 48ob/AU! }Ǘ2 J'Gel7L_t&Rs'<#2Q^(_ [7P-vt:#/AoXDCOoT4L` (pX/1.V|ʶB0ƺɾdp\;mxlO/g$\˙i^cӾG }9qfq]et&bM\Ңb M? K.cJhWn`ƹ8 VqrJ 3fX^mޡLڲ7p'Cso^Cdʼ]W`웦_n ը T2sIá^ GLjE/g;& 6 -tYm|pVOa;{%N^K:*d3Ago$<'CuДD"@ek{A5yqj}݈>JV+e[ߦkaJ&X\V`Rw2O5=©9F W:G`\8h%O3!u_rqv}S4h+kl 5DE-~AER|1k>HAo+ƾ]sN$却=KftcA$qZ><$ֆuGb/:A8 3ɜ. 7:+#18EsAwgH,PM淙hy9VXҎ讑]!RpN&(7ҢS֙QÕ2]#k)\fT:l;$|U,|lW[&V[S`m53 UdԿzf2)8/ ȁX]]y~xx_NNhܞs7/ ]Z_X9+RL˘/H(BGL+ ?=2B1 v\ TCݺN0m -$/JYH"Wu&No̲e* DeCRM?߅AnܤP8pz}SpV,57Z6] A:U6%MQУU) )Vƍh ԃ$T&'.|v]Ŀ'@v_'/z.盠۽xIA_nᆒyg7J(COoDE5͠0F9 YϚ=-1/%+-T+Ur3u7=F:E>9IrD{rJ-&ERpQy}Hx@nN-=-Gd_} !1]zNM, $1$3btZ5#c<-#$ki:Z=|DhD5oީf1zHH PXZLѱjYU$U͛k?{~7>/oO.pUN!qH@Юc5]XM8'e)6ž!0P4u4{`0.1d~aK8Q9ǚG++]Z~.l.'CitOinփ,ŽW@"E塗_L*/s?Tŗ oY! |=5A4;/-;0ehYáCA6?tY6"Kx하Hd)H"ͱ9P͉:^l(VI7hY*/P=M Cd=^Pc!ic,W}}0v08rz(Z,F>ы2)WpJ>!.x݉bUpunw62c\Fk~ZC.]У}e@bwՄuazRHŔz.U[Etvw A]3r^ 쬮x<<Uj3;̨VZyc(;# >+<񁩲T's=+Yg?2&^56mӋ)qXjDQ-uBkR8]ڏp25fq8.$ꨗ-.\f23;1H=VPZ[gȄp~`^aǣg2д񉏭2foUAKRZ2l`%LfD-rטW EcMEشAj* F4i f*pi0`VT?-11ꎅiܪ{phi5Rl߃Ḻ{_r F0@2:Qa kj}W,(͇jdKЫeB$@i%+}Xxp(ޢ m1d?8Ja^u]Ȝ2p%C+epƎ nXU?$J8!@)njPb&>4G @WhQKJcv(tA&)؆VWv݃i&Ypey-EO؊>G\Cʮ}FP2ş~lfo+`ade 3[2 {!oL6DG9 E AL훕v`NH1:b(milE 8hVICsx6m䄩})O0gzy!2)kX5QH"4Uzh/ cs!x{o~T&&tiZ'vW tJ`|g9ɒObBƪqe,jQ4Dzhte]9Bf|Iٕf^ӌJZEVw-ΞR v<}7 \e+MeB !T(6wVA$>?f̈Jx)%WP:/+JH:YV/Kңelq?0&=Y]ݭ'$R.# Xsj6Ty{7rV Ɩ^ؘ1>ō '`dû*#+efl8Ze랍<($.X DÍ e2y33ۮv-i邶ɸ<@"&%X[oZ`ч{"a+ Վ:tK1ôR-H`zT)$JJ,mLha)Vԟ<BA(_9#^o;-nߕj[ 0݆‡^kQ`*h3JWPO5(d(\yeD#RsS'zq /(.A|T˸T Uhc,,lh~(ډ8BN|JA>S+mC"4;F{t|;@_獡nj]-M4Gvt$z7v;UgLs߹yV?fs?T{Gku5PP5OΎkv&R[:ߴ@:!~/*C_xT3<2i/pp`z0FR<`O(ji'Z ̥3(Wu$fƙذwQ[K< "|>7ـkYOUEk !Z%WhmD,. a큼XE|_b8\T)M$ųTwm{Ð+,2WBoTtO -'.Si+ /,!$wM泊,nn օ ;f3&J=C-i_Y9쪤`d"Q9ߖmx6CTE 7)J'cK OHW$wF<l&dQk2$mRɬʦkvUjUaDAzܭhEۥĩ>ޞ:pvÿW`$G&O6Q8XziR/F}a"hcUbcChF)i.VЦ³#ihYύrz7#$~S浵[]&fxg0Y׾aL}Ev RHZ5Xik3L\ْ&ҺvE1|7˥j> vu>A.}2 "#JO=]T\bhC#9^4~ōI]Jv I2 Jr$BȦv~erހBH4$ހ0T_!OCfM2.!0 zΊpI`mF&  ZKN!b Au 11 e^?y%e&Ț-Ln`9YL @s8ߛ=? (5EHyFnC6"4ydچ_uV8삆|z@ú4=:$dšօ^X/Hinfr0xWIM!~/і;`38:xGUcԩV Oo;U~ /Ö32)O%n'?PPVOcP_B*< cQG U@1Oy^ŴpZ&s2ȢT+nn"s\]HY]g>agP2gbWDwoT} G@Jry(ЯuӴ)Z}K_p(I ,3 (]6 BЈ;+bZXLn+1 .=SHT!L(JI߃I&ϛO7v$#Q08\T;ڊ!֮LZo q9PiⱘhOZ2wݶO0Rw, ԦɎ=fʯ%_-lZ=)zf=an\I ,7$gn@Y+t^.;Ef) 5hl^ʮΤD B5dHaѩa')pp陱jr5Z(>.DrhO5yP}2) Z M2OHdv刺.w!& wmg ?3N.+[&2_Fssˎ]Zܴu/_yѮ% :{RPszGZ} Йd91"m0Y{u:8B40jfYc D)<}崼7 -^uB' mǹAә1CB6[hj?T%ܺiS{(a}2ac>UE|z4[;IOԞGIr| NvIbo oe`B _h6Ad7GXPK>2iu/Ӄ׻im$gTAjEk/}d鮟'0+nn ln_ :Oxp2hm&ݟ//JUi8d(Ρ@sOU˥b\Է}zڠ/qm֯ꨫM\t|ʥmw^Egw1;2DTm S2:.WIsp=YA_fd!Uv1tQq8~Rg߸FM{Mx5 C`s/:$0kb}ox=  u)N<=|h|M^IYnZtSs3RP#[A* [mľI/;jtJG"pn3:TQ@!vse 9@~Dk-I Ҏ X]~]L ݟԳ}Tjpㅂ#gi/?L0Y"h9Ŏ-X'&#ZVd).M zu5_ C\’@z iavOHݒw/l@ŽOEMBDNJE"nYwJ\l: Beت#:yQM!ntC8_$9| \TQ^ыp^{&BJRf|CJ37aBt ܑ+\>Ȏ tS )*ohV ah-_(8[@g{vpU0)M>F5”`;rռ٣: ț= DZ^1ԟJF}Gܒly$XBjMLRQɞU⹧<sj{$H#@kȝCDT" ޝsʃZ3LJo=B!,pb)Azhk*-$ha,NdvHeÚ9C AzS䈪LfvˆsJ6ό q:Y`aGv/WPǖ $NM"c>y@V*}Aǿ(DX(vp ˜vxg_xWP! ?)5XQԃRРB!'s9+Uv"*>: }Lp@E+ ZpLϮƘ,~BE{POl=0Y"`rU;&I_y#WcItu@%i@)?=>b ϯtG3zc@`IYn V쀌אt|{֩$,v"SvԄ@dJbw 2 ?8O)ʀr}27PI)fT?"ʂSf#D( L)5k:Y/VG_T@EW ]H=L[Btn%ֲ![:6̫lDnk=gLCӝsFަ0 &w]KQKB|:^80Pś׫8]/3}gC +0ُiDxemu90ka+{9NIfz m!Nu]]ΧN"eW)MW6fY p ›Q+x)GյOx7M3وsW;h i{N%gT\e3:;M3yq/V׌7z6[hF"ƗjYƃ:~$ Z>la{!!(12{p3JƒL |[j9Le+=]@ѻʳ'vRUQj2r{Wv ADB-+24sn >X"BU-${rVFi.ЄW!. G VeHy;^LAFXUܠ2(E! 05wBvoCM@ FD9>IT]ek8gm%# v|Jj ?=/9H\HLo9cs:?H$ƻ4;:(Ý ozkbȂ'U$|R,D_=޲ԵQ3Xm*%`MKpPd|EtًiH)jRhZmV諑Y߈~eV8_4tv}X)̒%S+z ዷ1!H 4!s1}; @ZO|;L΀PlKQ0$5f"Joze[*nu0i8rB`gU v3ljPtf ٌ^N/`0 w%t:)© ANlLwMd,&0PѷWnzidkQrʖ-Pq πrUO L]Y(-_H,U IУ;SxE;F %l+s2\A,'ﲘ?d;ͩ >x&*r*݃i6&"r, qNjr9@d-'=~f;m1T>gxZkQA5yBnhr'2Y#KƗ3 g@t| 3_t4/E?Xã;_9,ӀI_Oow0||y-ᩑgCL%v5qې-{az ϘW ކ \B^bnU3|?t<"MI!WNs $X %ٺN%JT&[,hеY Cz|[y(~[a./$_t}#KfD5KKצnI-bs{l8` HZnq\刖-qeq2{uq 8q.]ϼj0~_DžtXaga/cߌ~8lJr"7_eZA8Kë@ 4%uԳMm3Re\@MJFٗ/5}h 1Ք_:,"%hF`lUeZ mi5 0c!?>΋n[A ﻼezbAZ>|'OF \S-m@zbcyq{0wk2ڭʘq+صOS*o7ʹyT: dqؽyM#,n |;,O{!f|3h}(<КVǯ h`Snp 5vY>͞'u8MA.w~>mDQm'!&+c748XE:/JjKr_3"W'cyex"ؤ=i4XW-;&J M"?ܖc(93JU8]Zv.v8]~c7.amk2ӁSRcLR乫 G}wҗ`WïwGɈc\9xv+c62q>j>1iȾQ CҒ\H6gA~Gy?fr>E2_u2/GA/ӗrmECdM<Ӈ 1힖zFeNp}/Aw'mN%h1[/?P4*2 ISE-o/jƞj覬^.;&tPhq8eQ+!9N6q l{RXdĈQ<-c[O9mGBL2Y$r \e*Q!![;n,%>6g[/`%q,/qc>XeCfiIs3 ?Qpz- r3lN [ Ŵ>B)e [1X5jysc_'|;N(OS)/KޗEvoq-[#gs kedQUv-[:^/Z}ot@zdM7,x.YvQJO, Hy{y[is +4@m!ΆW񩅉oi} vu3 "; S-VΩP*)GojN?v=棒itA#i$C7Bk\o\܋LuR D1 dh?0f9ڇ-wW6v0?(/zAb- nze}:NbDŽyQ֕Di$"ꌲۋtUu6aYU[M_pFq$ Ϻ¤Q)$ LM{@EB!/q~3}PoUf[,J obYy4F 3LF}އVy/iZ&Wtj`T]PI[O;t 'k~QieI\Fe4uܺ,~ jzEêN!X? ]\6Udy0$NX>27_cEP/j/_A.׀'z_EW[BƧ_°, 'DLt˃m:F[iVD1Ҝ#nU~^&dJ}XVJq5Y*ڠj9e(YqB # ԔAq1ĞNLh!P֘sK 4coS俩"2 eD\z@ୢiXӻZA 4I'e˵`D9L`F:aS6ՙ|q{ 5- cr=ѹ<6#70s`e.0n:%BF}ot-BU- f^P ɕ- _5FhYߍ/$f7S8n,"R]OqOF2$( [qV0̫$sxXGT׊3GZ75||vY/QʚU1XEPn[\_|(cؐ m[CbEuS˲[@=#0VOZnG /&;+%<@C>ҟʔ[~aN-UKvDlyIՔ(GP gtUKkSDSfX&`G\3 ]y8bӽX:cG׵po6Й~~JdT??f5[tNYd~4j coPxsRJ@Z{!AcEPPKmi 7*k eٹ.$Ƙ~痼|xj/U3"I!?`dFzc~+}R&L\.Lp}l'3 A+c&w=_uLNhbVxTCFTi+JY@>CN@Pw+FR܏]!s%QLzLMzW]b|b\o]5;;@C=⅞I>K bѰ+Sc2ւ00[qn$\&2l)U Sϟ݀eDmnDhIƝ@Ha)Q'˂7&mZ]VLx3=~v&C4Mϔie&uK!n*,ZkE-zA ;\DI$qwWN!_7`v$j>UJgi w a F?3  ;NBf&"z)0_>dɉv ĈCQ_ N}};=2\OCWGZRna;y6'nl^i Cz2JR5et\pzZ Q d_wŮUXcg# qXdkYqF&{9plG?)̋ #(-p2سQs\}!rZ@ފUsԐhnE+tKNZ@s&%s u:h&ŽU뽘"_: ]^slpO6s4 RZvἕ\AfJt±]l_e`2rЯ~}/ K+pU'U`q zg%FQ -g2qN$A}W#'~劫Oˆ!mT 6)㔑Ї,I%\Xҍp-d̍OEFo4;\Qu&u앯kN7fmh>NBvǾ__]p{q2lڑ[wcN9/F&lQ a,5nt~yA]k3 e3 lЯ& 1)Eɶ? 0*2K-`]$%A̲3l~rP84QH~y:\Qvʞ [O4 wT%9PgVI * :+D;aswbtHKBb{jgѤhM|Mj!0k؎sS>(m7Wu?B♴!]e>O`;~Vii]n82G8/fj452>ɋY'5LY[\<𥢯,Y@8M.O&w{e\'1FDm#LyRQċcuECQͬvog.T9DӁE[ͭ5<" g7f&}#}|ד`E( I_X+ctSpwŒ4,“jwv[@6:]~<P$.[M,9#ӿg 3&XBr8i2{}ze|W_yHj+e{hB1+dg>e*|bvÍͥG~GP64V?N8:bbGL3vx6+EԆ]ʑUnm{B4`ET1ϔu-W`å0;ncmVCUa<|!`ʭ0f|-׿ޠ0}:D~r `Tlͩiwb9TC.jxr2k~,I f:lzeS})bՒA"V ܷk[ ر@wQʳd@iuoK-Q*~ /Ce6ER`@֛pE[0bDgO.K թ {5Br̓K)[_ѮߍԜ8<]q׎A`X%WǓȖ8jvfY|s}ClZCJ8}oMt𸅻i񗋄6iN{C; 0 ]ܽGJ$gH{3sDāui^tcs/I-e yZ"#,J:sO.ܽ/W<WMr,fGaJr:ҲI*1*]XWZ,n\Y$BY3}qLoo 0& TxtMd~OeIHU )C=9GHДlՁy1he OiEv]̼'1 a{S)a3 E@ DGuRX{^ lidwu`HAi⏏τ*F/NtHVUIL׸Sc6oqrm?uCk3A80tGnJns~9?S_ׄuY,anZ'$aj$vVۄZO>s r|{v)%TYwAe71Xb]bN^ "J%m1l)"&5kn'ݨXAdt"V̅MxXX< j4A#bݛfC[),9䰺@Ҥx&`YdDr#L\J[hb$ uꥇFe+=47gB!6D荤d8jgI=4Ry^4|ڪX EЏtAcۥx.]Z1\*Z9LNF)'6^etP )˯~F1"}AZ4tC$ 1_}劏Sx-~X$T;j@?tjPq2BC8}փaKǞZ:uBxHHQC@d2<ɶW.o=nDs-ۭw]xO3,/ c±C2!4j,YW&lߏKsN]x&!.UTBН\ZJ\5EaUhtcD^`']Sŝ$d^뜲Y S,MiubDͲh9t9'RiOz>#O(6 C),'-Mr~<1=K&<=c>tpVខ+*ڋ]>;'=./gKL9gɠ<<$3QH  uH:NR|a?ԑLz:VmxW(k.BqTw9كN>;$E0R~5v1N y~ֆ,?VWؼ6_0Ƽ?.j-_g/˫uVg`Hl(5nt2 ђ@!d6a\lC!D6:v֊@yؚ3@ߖVhɏB23}nGn,bw%Qnj=EP!94XaegP֓Oli0;22t6Ӵ:eHσ"oτk.=d0Γzޫ$kLj޷o r,P$vgE߸ѡ~a|M*.A2EMĚ p~VU]Y4f/m>Rnnጼ)A€ٜqϕ5 MS,\=4()>@HW?eu`g/X`0_cet? >4<}lW.=NPF[=)ËDї]NeM6 %}WovGU|dq/N(QQiyjCP/oOUV,t 0&w>>9h_=Lt Il*fA߫8 4@JK/)d$[^Tf2! Q@+/oT&bspEA˷Q.Ow(\u~M)L/moG^QYZ/B-C/O3O`UxΜz-#3΁bX:sPk_@Ag 9ѾgAD|o*[f-n9.x3Mv9Db>,9{ d؀*k),D"W0]R}ɻ25ԑ雤|m/mg4+:@_@?a h->l}%FtQxTňxoUm}r$]ϱD{VK‰W`zR}x RP\ @a٘HG]%Ћ1#$VG`eQXXDQNH_ĉHtx/|Nю7ۿ\qO3 0l䓷x't-}o-4'm_8n`"Zpg`?+׫>qjvcH 4$xÞvV.ѽ5g<y]65V'"tm8~Y]|powHgX؏$;x;/]l F.me.}\=pn&6!f$S{bXqJ)+[8R#L2@|w\+[mE"#d\+k-`*4/8i֮奦ASmHWO܄f;.УUC5vS1j!5i,'MQBίyzA}"H=rα_u~ԣGJ7AMI}PTȻޟ#u\u φGpPy?&҆]L%1Xi8țhk,jM%ѯmQ+ a淲;/ 0]˙q m8q8)F^$a'T+څ(,hλ׃%RhK ȩkǀ'[j3r]{rsiR#VpUﯙؕ'2gHjs{vn=*[e3t~%APYv1.G$14~[Pdv E[>eOZ4F\9LH+DA\iΤy \-rf$M0fX㈳+Ųk68E}l#_o+$l8Hĵe 8F z z\ɫ@")Z~ &f0~MXskIԊuэ]]%êOd30u?z? ZNȍ9cqyMxN$7 Zѫuenid֠CHZɉ Skf^۫\cxl?aNRW Hc6BQhmZ +l8k?:n[ql?c!Z 1{,Ah@ip@Q& dGߙ+7D2He{D!% o0Om,Y@P~l"?`oG@(>$r?%o󆖾 ).Ih=z;99:}2κ+ZM=‚Z!foF{hs~hQb`sh,;RA[q*oed.Ψ<3Ŀ|*F䱢a<}Bğ3O tyM!a bqo>eh6GF χhĴOEwB!!7^,0z jS׫]"HaWzhm‘w#Tx]۝*^>h Rrhi^Q՜x?Cu?<ލ8,.]W9odwm<;=t1Տ\~%$a'@{ZIrt]J\q#*5H8W3#ϒF{ .{9s\q׽uŋxxL= L wo*aVZvcvsօyFٮĻ.XdΓ࣯鶗t8A<^Q#Jd.XӒv-# ~|Z`6N* _ϹڇYUOTBnB*:2pPF"ø*>T6VinʦӀOq~ )=o]MJ=ED\0C .hC=tRB IURdz~ؙ{tr"K6|:-6_6|2"A#L HObMܕv (S'z ukBU58㦆od~"kYWT1)oo>Htr~U'I*k{:;pv%T Ͻߦuø"#2?k0 _VUmqfA2NŨkOuX7j!leIx8@-.kZ=p? Z T9ԨzkC1qdBa]fdAL;Ee"fɁ)z{MJJ7s*g%y8-K|mBx[))ѽ#54tb3Gޯw4?p5.Ȫ=m-AaL6g+u iLF?2c:79|w^XweGqWnǂР<%e¡&1Ǡ$0HU}p 4P d{|Pyťɠk7fzYqarZz%J{D uKߏҁ 0_(. M; rHLI9x62xb4khZs.zuօ?Hђ׃^EW.UZWYGNNh}봛_*_8kel0F 0nccnpȵS 1>;M,O$ pf .nyДQDӞ`";QM\ጽY w| @`WE!76@4y^_KFjRqh^PN={;Z5/Ts#c_`o8*[NC ܊bCk&4zxN=`~ 8fޕKCA"%"]!8>ԉܢo$!0oJ.WQIcxc*k?9Dˠi`kĪI|[9X9dZ\ =qG!@8_["|!(5@?D޹d0а??C{ʐMVce sU6x0 { "+}0`CL1]+@1~L8I$Hl< [)EnxLBI ^>l*ɓ+gF6xw;Ţ.}߾t@5U!DX=A _C iә&tr"wJ> } M4@tH;`Ɂ!m/:-q:`MNMJ֯1 ]TW:*io"y&K!8}r.7R@gLz% y[H`;99fo0H$ r[hC+UϲƱuSaYثx@/h˸o҃;kToWYFCd2A!hyV+cuD} yq5~{/'[>{3[ Ƀk4 ?fjw>5L1AAD8KItp-h{jczBГ3m-V/᭓:# H&kƄ:'Oq] v6~Ml"ٚlqڮaXMiiP "g̝(X.drld)?ۺ7Y̲fR#1D_V\}gy6݄yI3씔ml=kB#E]w48ՏЬ,( N Q*4^YDi5uhעG'n;bA.uLcBtV 1fܣ\:ެ)?|&uD/j#KPKaQ֥XzpLO;mpgƲbJ[F`?Ul3`Tzg2;d0ht2~ν+tce8X@]5)0/1}1;1՘`| 9g 3TYY%͏ʷya0'R0m 13u[Y|I,Wr]8l{ BM}oЮ^Y׺G(W0;bs"Y |#-| 3B-SOE֛"+ËYu^z,ٞK4C% ]ԼQ,.` B K1G1RcLlK@fIgc5'y 3yPq_(nC҃(Ag)ҭd-ItU8ú X ʴ8 AAD`_ԕ 4$}(Ð [uׁ'| 5tZFk pbFCG[fP@-/8[`1a 28V7܈Jw: }`Aϩ,wEh[.zS=yт< BХ eS  hGiwb&RsV-*a߀ VaYye (ӗD(n,M8ojJQ32f X}R^J~"Ü%qz/[|O*OA(hV%W#})Iqt戦cwZ.%<>Ylraw<&b\!Sꚭ %d('Mwtܐů"yϘ:78* 5tniV/_ *5Ax{c(Dw}թ[ʼnoNܗ5E +ޓn{ [:TV,Oz2E, sQNj9j;[|?&8 *Wg^>~;L=" OnGHRSgh *K ZQQ$5H@`=-_{ɷ,q=yAQWW&3ȸ{6+rSx1}̱J&/ͶSyf3O/4f1~lƐ1ϫtlrVw0 ;"WBQoq{ 4^q[j_`s>try/iqW.KL> {O9Ƣ/_&ۉ[Qǻ<a@/ 8׫ 99 OެIӰ,0Op14%,(G6~t Hy"^s@m^RێFMPCaLfO޸=H_!eE +6)J¶CbxfNr(KOȂp6#Dd<;=ƊiZe A,x-㯚>Z 4Fc_i2nP!cT_oVzvy7oǭ8肽 #׾od8vXkeM̪F,UsTӽaφ3weEr} 2\$-mQblmH]/حA.Dy yj\X&H,'JH(F!$/Si*ʢۦ!h󢘔OL`ޫm$iľR!GdtX\ۃZwK,BdG͞h*_}}K" 6kwjQÇ 2rAF47-+BS&r|/iP 䡿E/?t|Δ0nLI4 iٜ\b#v|bNٙetK`J~Tf LfiW]%w:3 FE#bu>H$eZ 'IɁGIdjƉ ;O4"L;J@c}eXQv?zVR>&ř)>e,dOIWf{*rd;R»( ۃUV$.uiΫk= V[)?2+(O#ꛎmV{;;(~)m{i6T \ܘ8ϗ̤Ye(j iW(2Zj@3a" Y!9Il˕|8&%1\;cVՖg9't0]<Ty|!j_s2O0{_H ([oWe|sTOp/e#(|r+…N Xh8ִFŘ%(Pr 2bxcDShhZ'Et?Q"/gIl5 +G\ uXu >8#n9 y-]$# FS^ggJNQ;hѷ .A&L+s?L_ uUD__Ηb$,LYk-oĐ\GbI2 vJ)D}EijF[R14r ;'|;2|)Ou:~FAE*b$3yߒcNm;͎ *=m E1lPQuEZ|>Ow,2dOEaWr_wbdio/[tYZE7gD_ЫDU<ҧ/l-)D@}/ ӂCFHXAC}Uӿᬤ C=2Ap=,by;oi/2_/oLQMhs@<`r"6~0 F_iy?Y%|T5YM2ϣ{%IiN7ϜPGk 9vŎzt*s=t&jTϫ%'L-@ΖfFSeܳؖ-譠ǁe?'?\ϭi'bsQTg~aԆz&Uv$sW1h5XoEOäδ6v UhDe87LPY~P9 7-vc2c;ڠOӤ1 )U`_Ru]Dn J&ݐ2&2]mJuoXȊ;?(r"E@bY"t¯0'[aוshNv z%DphR |L,ܚs2FIS(hV7\5z@q[5gYWpѮIRO.Q(!C%,A1ΧLE| R\ݞMci]W>oMAp ^%%g w.ڠ7erɘZ\k'Og-Z~eQ(0ʫf+;>8!;+0N K|= x 6OןS~F{ssZJ"RpًimJ=]B)-mڣEAnAAlwQ6[4ࡁnKif>EAk;$79~(5ۂ\dBKfmQOJ"FyYCЏ=\"H/WycBQ `ڌ:7ԧ`^e_Ym@7M},GX|wוW*t W5;׻^c߹dYll'Aǻ6^$ȟ#~E8ᮇ}3jMyEVF+2W\.KO"fͨV5t¶:y[NJ\HB~[[7?b"pînjw(v"bmjPf3[УⵆԼJ3Ț,2xx@^pUʸ-q(9W>&VUD;y fť4?ZȗC;˭@,Jhfc%;bj}X;And jV`yc(֭(Sa+ ub7,0A8mйi{͸Y@vIM _3Ӆx6i!kNj;}Xu1m0&rfV|KI2p/!^ ]um+Cv>xJˤ]Hcb~D9!FU\$NI ݹS=r^ñ/(B6\|'>ql)ki(ka>|e@ˤM `tsTH~B"l*ɀSwV SusׯO%v0舞.3Z^^}=~GP 2+Pc^|VT&bJYnoڹhRo堿ʺ\uUz^f^>5DLQ pYWiB}v[SCCR3V.&S/ F`LkFr3DtiҍC, is:ozfww3 Hڽ(sqR߮7CO8rK\u^ I)v gJZWu&?*Qآw#U@*Ҷri/|:3~Zmm2x$!(gw7dCfktEWy̸N/aNr`+؟XbZu2v~?+t&wBݭ@S5$6݃zEt8=祡:Uw#TLd>ZJy#\"h$TM72{r)=}Ա9I\6?ZG0H: >f䍐J^]@3 qbLT o g_?">I7Ǟv`K[{#pX gdh吸Z vIvct'l5 ؏ikZ kɳI?bD0thbW3x @R'{rR;@&>Q+qȋ]ĥ'A;mQm3:UNvF RdIZ]qh_1Amϯ(ʽg5 oucZd <:y^Ԅ}' [D\EF`fӝrӆ1KRAdވg`f˂Uľz l?;'U nc$7R(\ΐ3XO`:q9mbmWÒʖD~ۖx=~Oئ0d6_ uOJ^_&WIeTc+T.K3"2t"2~M*88OwրYHkVj#18xrN/ {}|x:9f+&21&eߔG Q儯y R oo`w)A{(PJ>z/ EI:+ %rx@XGOzfi.tGU .kFʲS>}>Fa]߼删gXdpmjo@*! ?Tu>3l#An-!]/%#%YQ7GlOśé0hK8yJʐ!wӽ6TzTFPbNK5{k>k/*$' :0Yp]a"VBv "8aWAH>J1l=( pqGxЃ9T@m^*npb͛hy(ӽrl&28{ :,3[̻~S  -lbVtʓ44jf`pe-Qu+v&5 aw"ڣB}+E@6k\>I~z@_8<ߵZ#Щ#9X^4dtj1ՒIasG_ֆuv®w ^$u,^O$ 2τ:w8fg-ʧ3>!X6K6dcITLO26q~*0ϧA޽U1P)wu]@fQB5;oWMErec1a# #s|.jpzHFp͕${ퟡ1q:|@cOz Nl^j~gR#ۻ@7pE7A+^_ w~ c:_m-|C#>ٓtwjqOÇRiutF$D081:Bd^ysjjIo2&z[+VݬδSR~x) "ผJPћx`flI?42h1)ɜWPcCq6Rd,g5Aء0^B`%^#: :p ;F$ NPYB!߷mZvȸ(guK3fBσYUGB!nסdQxld(ϏE9~gdWq"a-7=ٿ(!=Ug!JW I՝YҺZۢ_+vmIXC3ˀs06ѳ0#@RΡ8'!^rfU:wq1/ ˵ާ\4CcBDr#sRgn ‰wmJ*TI% B^xJeS03_}.M] WH>ǾmU4lRoWw;Bŏ2M ,y'yط9e^ ze{2F ZuIϺ.y%(&LA؜{LƉvM[юklD8aI+Gb׬6(V!U=4l94U,# f42j5ZJdn vBY%g~@_E@"%s⬄YtgtJVrkwTLu bv >򸐻;̌$:,(e[,nB:Ńp=6: 8 b%E|[C. CQ I:ҵVy E#acKЮ i5 *VS 2k\,woQ&a f=qe;W5Vfu@_~a40]RJ1*Ó$@n?2[S|W'vXuek\AyS?.hIǗpj&ծnp\3xcoF 1'iʥ@>NItUa92Z7AH0"3GՀiCż}%XU_ⲣA jnkDȡ9J剨<=Ά@HҎ|oT6]xÎ) xɩÒ:NA.㹅D!b] ;6rׁy+1jyХ.?K&:E*MIo{c$ϏczpD({_k1ubޑOm5ǂMzޟ 1|x=S~.}%2c_`? Vl*Yf' 5Ë?"f췗'-8^JCDcI 2bRŀ]\cpQj-^RwҦsK*ɎY[J(Tryɂƴ#+~Ν;usz1w(:1](lq'KKa]Tr{|ӟIAB4@_Nb.Fw}Rx!JaoXw17᷋fpPo +/CX|I/nlXX k+`屠 ,#;}#- + 7>tG8 }äfTs#tẼYF^]FԷ7a&#*WF6%vW6O'A-py%!~p_r8Q|N]IHnkon%a:zQ/ERcԊF!3%k `w31p%(\*G*Zl&E\>PBe4{0S\xq>sԤAĄ,pO^Lp9daO-Ӵ9$}kqHAGx-Lqy:@;Z |CͰ*ntPǓ~3 )aV&d~KcŤ/ yHPY5Gy1[oό&S^d3ue/sȖ%:׌q'w[i4 X@iͷi V"x&82BXo@v/ng}D`Vm);߭ Dm2-%]H8>~C!P5w3Ǭ/2 \R{zaJgkԺ7ld,9r Ndn5E?PĈI]`EgXFFzd / ɃX2M|:xŴe@76 J./ n8gZἓ,bd fԘhb&X,F$JʁƱ>A%C٩.+>沿,.#=|L wD0ע0au"cWT-?ᨏyvCSeV r7g) bu16X k2[_g>-؄"sTް^_3 _ ׳`8 S%/PRc!gpU\\e @XCZk&Sr7pB_csOܦtAvy8\iKTk;O@p$W-sпȊ@U߈I$7w7gfAj-:)'߉lIh 3n>&]n*戆GPu X:Ódo,^`|D?y^+z*ۚ*Ш$:,NB٢& s!,Ǐ~,GPjB! 'lJ7ari#k HܛZBgZtĺ_l@1Y[BE {1%QRP_CXEZ# Tt-XGGXJkif<ٚ1鋫@Ag>v${=Ϗ\#?x(J*u($Uڈ5>zɪ fīk0T 9)t+nhK$ܨʺ Q˱b-AkdH"9g`*G d}٥vPjc+?X)-4GW{ėH9moF }ZWVtja彮IFnEwp4ZٸqHnk S0,D K;]2"pƻnVHuɁ0AKe%ogݴ9{ ,|~b+3'vë! P[3t4 ;% Tzqo]>#:3}Ӿ\ۊFДx"e 7r\#Mz2tN("T@Im.>#6gSb m[^(E25*ἙE V" ƥ6"a/* ;1n{YrZOfQIfoc響ZO TE+KV7q/? 9[X?઎ںgGc9H20o]"Mddбw᪌=@_Ie H+eAjhdnָc܈:l/~{MƒحS~hDF5S_S R4L[X |獸 ,8,/(~lNd$+°8ځ|clR)QrwdɩFVY)"XOFcv~ QZb# @,7  鳀k7'VjgEՠx /0<2m lDca\e< |luZIWE]I8 gNF*]> VܺNTBYa- fDbe÷ܷJx4QrI>QPI{tkK󬄅˰J*n;"wn3= !yn GIrqt5V&dn2./,Uhnd,c5kf:z34 ҉hVDaP 1JCm ׬pXv)0R!;B$sA8H䤮R/@FmLǶkJP~gYCX la!e[k̴Gjq)%Lr\F0͕]!oS$bJ?vaG08>%L"\Բ Tޗ*|q̢5ø./tf֩>w;6С{2)׻\wVm/[{ٿV"lg|se~ڎ9{HGǚ\HkLq-t4a o][Kr[t, 8[5(NQ6˶\NavGe&p@ Ik¦ >XQ TOEPGu9AQkI+?q J\A>WrOVp$1:T?g7Ѐ^"Faw9Γ}Foˎf#ܕ F >gL!%Q*ޚk~7L(ISKv'[1uLeG7ʄTllmy}h >Hz,2RAntVۉmwcGuץib/?9ЯxyˌsSaCUIn[תx5k&k>swi>{ Sh|4vTʇk]A`8piƆHxQs-e="ǽXf!1jQ3ECw=܉cE t8fw24iMAؑi6ȊK1 bN.]{,eŶycyF nR{kQGiQx[1Йem,:¦jU͕}W^YPBגktKBCd{1:nEP3@ Yadٞşo)(!#w\/v3h>B*/1/曣VH sJ]DFQ$?_3lЫDWDG yY+|ݍ=3 0k + gEw/D:>4wYٷWLP~ tXi>QD}4h1:1bL~{GAYaf֨s"{GeVϽI^R/ۈݐ!(hMFO%.=øV| N a7WU`QJ(. j5m TsMQ5aFPL 4G.p+: Y~mu+m!d({Q5;~c2ο.xq՗ϢyQ']Bގ/8)*kP_:5pXdF*ZOlOKgz:?B{Cm&75-w]nA%9$:) G3%:'̫xدubk57^.<+@&?xHham]=6¨:+dpF w MUyJZtkIvSx΍}H!cGd/I&QJ}̮.;sqЧZ!Rj﷐e.aJYhCgv ňw7yoEH\6zUKy&fb7yr7p0fʩli~wx<猢}vkMb [1P HDz2[(/~lE+pԤtM#6GpKLq"57@)q.ǎg-?֨BWףBC<ѝ=0Q0.CH?J_ av,=Pr%k蓎> \dR$o"bqә;ٸY) &`Hy0&/ WBhM#`I܊;ö>c`^#H&l A m<#awJ} P WZضlMS)dBUwEA- LEUt< i '6حX1C՘n݇E4uovW98qtEY/.fPB| n:̐B|}E)Î1~la)Zr=fmav^-u7Pڅ󅉋3^_ א5%OEx#¦3]וȲ&jp+*=o+7Y %Hȉ_V (FR9h͠ՓP^S"^LyM,h|X08){ " 0Wza\EX1eΤ\mߎVa֒V ^ѳIw9T)x5ede*T|:/ 'V%0GP L0n8 XF_TIU+ UR7>Ɯ' M-ZHra D.6 NFCgc =bk 9QǴGF'>y1 {5b/ZC1;T ݿJ|)ﰜf>QZCDn)^Ѐm)8fE(s4*-TΡ縍1 !IRA}mt)eGBOYyvڇR]9)P&(*b/:ro `@Q$wwT7ꙝbW ֪ϟV_ QiQl${I.}`vs{ HVE"VJlD?g7 }l`Fx`_Wx zucZ軤 rYy٥]QHAmt.Id yM/۔LYP XYK 9}8m<.R*aj>,L"߸\ %ע#Ƀ6E@CIJd{ }dep{lwW7эgPæ*UY ER+{u V5EM $50e(8DhRzk=>3` aN%H6%X(7yX]Mwob8a~A<5(gT8ߦTմp2zO.ݦ$t{PƚV&B@ k4f%t/n-z9#`F(M'k[' jDR;Do=VYw\lCfG2 ^mEuxKϰ̼|"[N*W vNpt]o|Q!OwJeTyӿ#φG`ڰIf4so7$EL1q{ B`vO`ʪSY@E-rC }rZXvU%!@MĘq36ڐMiMfMϾtw]1/"406WN W@KLŒx:L[v5cf*kH7e&o&y\t7fiY2?;@'+LүJ3UpNx;eȎָbZJ2Yݚ1%ßvblb7hkr H$Bsu-?#A~)NpH}rɖ4S M?qjXiP9C{-$ @0"Us%R%EfXDDD,n:O|5>6qU}i(Hqb;4($@ x+c\Pal.Xf- Yu@TU*e$*2X\uҳ/hW ̦h˭}SV.e-aGz$C* &b#X<0?,z%8-$1/.m vZg՝0dt}m KƥO b7ؒF ; cXGZ 8 =ȐkЊm{e&3FޢuYk !k+U[ל#>@0l)?)#'3iycDҢ57,1@6d>ΡDs2Ht!g(H\bHT5B-6Nmp^Ǝ;QQVcNbAұG<(?5au7>T^9*a$_U(t{72G)@CqD mZZ]>],-JGvX7WPG1eea׻Bkҧ:xջ\?An@iK@\q*]rk͠8^W7J1H!eġ2(c]FC~#IJvCIkD爎6wزD`mF^/]:?d>%h]8%T=nZٮ01+kp]S9s({<Ϫw\mk %E Q_~pt U^-VIQFUxAhGѓ&-VڥMUb$FՈ#ᎎhV+Z$_Y3^#CzRA;P8UZ`1=UU%~G)C[̲Z2ڌ9RrC%>T&sq~Cn/puVs{83`gJ쾙Lg Kc{!0J% s΋[.kY"Hj i5APc /s/8I K 5z#gQ 6fDڟ}ĵ)x?m @ ΐ6:mK"(|Wv!>NQfˬ=ns,h1 "tKqbzezvXs.6>>A.y]F[x ?J.PVGg{~VokxGW56DppRrAØE" O2%YqWb}T0GaPE B<._w48@ Фx,><ȩn *e?]9V$Rkm4&ʨgіɄ 8 _qCFIñN]*0ȄL,]Vev- X;` ےrLUJ|"\ϲQ'eSնXMZ$*AꋶqÀor9/H+Mx_ˣF&4]AJQw!6'ى0*+|(1`#X`${VfK^#sY~LK֙ƨ[$`AGxP1?^,xj-ɽ#`j=}1 n`սW~2u{[ebaw7`7X$s倪ZDFӂG+=A囊8 VJ}\`X t]dv{W{ \2mvwOWI,%V$zdG` itJ}gNR9Q58|T Db۴Lk*N;_B)#Fүi҆K^,lOFz6:ྥqXQ(a2ZjȉC@ FO_ 3KE|t+i`3 z{~+7 @VYkاCs]CmQ3PR8adK$ ^GP _ާF>3ƈv74REe3AjqeY:B43*"'ZGn{2~ ; -E7,'czwMQY5a\ ֔c-˥>Xl""ߓӬ?7BۓYJںϦ3P>7Y1P^=!*oƸy5ěha928+UϒssQmą8^-m?#~M(k?u~T3{6 rQZ< ;` Yh)GX$bGHCN|&ѶڞA  ?.22(y`*?<Þk˼b+)>>7xq HxأaM߼@HYr$]{9 Q+kF|"L7/RL5F3}J>A}ҝe'WP{N`}n.&>ž@tKBPÖ&'%JX$iTrZM_R7#$Iuꙓ^ 3cӶ&6fδr8&6jV ZSɬӘhxa#n*b_g1$07m]vOps 3ﲘZQ #'eI=!EI9`FҮB:cbwf֩aG3;|N{G7yi}/tydWÂH:rDۊj%bDG3hn5i \.p {h[Hwr nُrտ>+6krYkz ښсGaԊ!y' ?͚Sϵr>B Ca5dWمYl(!Y %oؕam=Ĭ`w$' rtw` ׮%3rL-f :ZP 0"aoh抱$I 5p\uGXĶ~"5 {O˹lrjBv2OTztM8N[O8t`'[a@+m vHuoC,*g@C5Yҍ~K*0%c1ՂX_dӂ+N*n.]CgQHB.ꚼq,eDQࣳ:r*OÓ^jx.;U ClceҪ XaSkbGV;[y-pS"'zZ IT:(U9MzCDFB N{tjuF?&E ~%u"<AN[?-#C`uE{՟-YAðQPP@(OXz~LW'A?=uxh3~b{o+,of ]hmm$>.}.QpP~B\t0ϪS\MA0[dYtH[v(з$Sa]dC)zUʬyD1of-,h, ݑUF u ?l{ '}֨1 P*_ FQ>g2jLe tZ7PמMD=q0su!R4n  򼀔1OAVϲs{(?{}Ȯy.%* 3s\-]G|l1}baBAc2Mt_| U L+rmuiẹ ?4rjFSu8=mv Un4?:w򩑼ߐ#۬ 6&`<(UQ۠?p`/M"auaJ.N'y[#ց1V herIg*h5Lz 9h:i?E\ {[蚰2g8P< rmknvTzgF1#T{,?M_MQWtjp y}/s̀LԔ?[u`5B+Ճ;/(~u5cBdSdMjC$=A 2&wZ!4a G/5Ǿ.Z袛d~BQ"\;DvEL:,{ h9/J=R"psp.c'e=\~zx0;ctH׶yv˸n}q琄ո RٮGhџY.vN&OY5> #j?:R&cNA {!f7RX.UGKaš9h.L t&4]_5;#s;fkÌ cx(w4}lω섶 _6L6CYBIR(PԠ' b8H 2h?Oyb[SVؘ6)ffS_O\^??eɬUX@ ->3L靼 Q~hDiT ܪRx~ k) 07k3q)1dl0&x0jvpҝ>1ez?`}SZ]|1f#q2>12^9#yh0q@/Ͽ& #EpAmnBӟ~Jbe( ´z:~G2iH>b65/@ C\72s*$.FV )M}[VT+6MUkJ7@kE*kNDOXLU~tH%$@S>Jt#{)8&lJq Iau%~]}tyY4@:j)Db @*c<5/32j=b MoKTO@G6J  Ơ$KpUEsi %=P١Eí{7^9t.3t8V8~(uàbGd),?ڗ[C&j[/wsɤ46]3sN\ڗ+PkЎSwٸ1Ԭ庀V1&^'(o|KCj L PQ._mSઋ/klzr~CyUVf'QL 5[MI>1lp<ӟƒܔ?bn+t,q?TdIAf = Mǹv`Ad.6c P_^,JQDso5`:˞Kvc&?CZ Nv?"Utw؋U6Њ!;s~vD9h>^]k/R y|Cpqgb!G X{13W-ѣTcI-"Fxk|OG70*"B]fYiQ(3SO@tb>wU ~z~fƵ:rj־jirAIf[zsi[DZlwGb`7(}{=xg#b~iþM&Tsۥ@}>~j&< {&Qw3U fȝ tL>>m[Ie|oGLOHO?"DE/Ѱk^|A:uph$$Ux +v=~i1uOfELEƩ[\cjڻY'ZxbZgs(0ݿcb; tYU ;}2^c_[)s&bRu|Bs?46cp"%ԁ4ϲ(Uhդwĸ)kKJ+ ` CJS"20: M\Aeަ<-Q(ЖC.MP(QSj1!|MH$+Β}Z,XlsTn6Q|ɺgy{?{v]26f=5C5^`On% KSRZp| ,h֓ DT6}}Q}X ?I%1+YG%Xa/!7|R@d^?B$#i+X^L|QHnHiW.1ua TE}pl˥™ӡ *C˷y8FV$){ybcGs`JQ]ץ"D+6AM~qNLiz^@ڷ*u hd" -Ar77/M;g畂=4=xTF࢒V Zc ;0_*tߔq4$%]__Гümrx)PNѧ>) 9@|Xu~Mb055jT9~N*9NӷN3+|٫N˝ }Pziy鄻rbMDqI֙#;&'H̐_F>^Piޡ_7 ^j/rK̦ rœa9K q{Eҽ^迁gn5|->,AdQ mņ{ m9X݄3!@]yمzJw(Rb!A!&|ѕ~ nݥaѩti]E#'AhI@.MtɌw( dc[o(HDIf[x`d/dSϭR ,d;EIeN3.]0wPcmkgX.: bUDBB\Fjj?]vWj/:iF)85~8n{Kfi7[z˽Ϟ ܝ7y-\qvCޗ][37P^Ct6X׼Zg[Y eCs<}#".fp HpvCJxRQ  HsDQ[l}jdQw :v;ffOZ ez;7&8CMiO62TN}/ jSFS=njrxJz:IJ:Y5T)-K*[1`{Ε;EX eC Ω!Qzhɾ| ߌm|i h4;Ι/ǟ`,[84%|퇖#A)8&(H5Q >8WL[|\X!n)3|JrJHb!@葖lժN bt+ y_Kp ٪X}: >2;Vf*Uay᫷PjJ/6JM%̳|#R:nZyX嫀n'@ r!ځ=ɓ/8S5x/z_fK[{M@M U P!0 QxZ h7tzEJ74}ʐ$bGKBҫOeoP/ &" f2)#Ʀ"){hottwozdLA_-k_"%I(Z8:#b@‰dY.NUiTi;W!,//e;y~%,fCBSJ <&H,o5PiilD"9~Oqqyˆb g`j% '22U8 +ep=>FxP{S1o޷ؾJם64 YI9+8c\:gɌaLiwrk%ae+tG:DŚ>-m".9o98mJ^l&Hg o8AU u=rҲѯRRЎjw&m7ٕܿ\}̩J?pQas3a23'Ywt#\1|u2I߄?Yj)}qq ,t9ިbY)}h< Fd{sm q-eO5t>P{!zDO/XYeSԄ$BPRT"{?.P!M`6hh vo)Y qLrf /"B n}SiHРp>Ղb:2aqLµˈЃ`̉X״m2N y0[ /Q+OMϠ&MK4i$+)B>伦P4VDX7}/ڤ`v٢h}MxBP7c0*jHeEVuL]Id#/k} ,ʞ>?ID@1N6QȀr217&Mjh7]@0=mJo]a`Q]mPx7  u4N^D)yhɸ׳E{݆6PP5+1Jglkw H'foH;NnL ]*< tLcqtuEp. YJ Ղ [[Y_\c=x$ȲJzAI=+DDRI%tLCs/c:K~)7!Ck]'< 9j :JH'G,xMܙ@?H3XgpJwko.h㞃9rNqؒn0Bj!5NF-Ȩ>*ɜ ґqDYUA֙}JiSN w["vI>D?sbo929 u$Sg@,!~ҨifQS Wك̦k~WJpXݗ&3:>/_qF ac,ro ,"(Xg߬*4ǽ߂_vC8.Ѕ7A)qT4B,43&VXrU/LS 'sNqROWʴ~a iƩ)0X(aEUPkz=vl9'G8n2|0>P-r309fU,{RwX"`s'&rJl RD'czvpɡ>t8Jh4*i|4Md=@>˔O[$r-bZm'K!u`:c-i\2s6a" BcQppXfb!/rfXWw[ .3uA:L=j( J yWhK=B R %CnefR ֩I6/~AWoBRS_.PˣMv& dJ K+ ;оZҮG(,Z#-C;ȵQFyڝ"H^.1qYH-q=@YeY zQ#;^#|1q{)ݸ$`"$*|foV kE,ofQ#Vav١0̏ykVcLEkĜrZv~m]LMpľ'tu01)Z^p=n-/Oo?y*WOQl#8Ͼi׿:o)gA[TKM9 P*r05T%wãuƁt}udw|Sx-~4=4ae #L߽7#w3b\lO+y/ญmRR#Y@0$4gNs&+UhW(4njy$Dz% aMgaw\(2" 9f<`'T[ܕXP]H/?D(8R\ Oe{ybǸQ;{u:>{UK\%L/f]A Ay`1>hWӁ,{gI+&+ #GW?$ewEͪ'ˤmk4 po5$HB"B&QmvV uT d%d} SǼvsrzOu"q{î >+ĆzwފMnņ@]Kh{S;} )0/Wj{|5Ʒđۡ\Sy(𛂻OoquO}~$;oeWŌjj vQJ݀J/-^2}/O'N'M T01a/ mdМ!fJS4\:ݍEnz>B,MM]Ap m0͚ՁV^_ Yء=0BMn%hwֹsӃ W֘{sAI,S}8a{yJM^P&Dw|-oMwIݳVoj Wfȼ&Ȱ.0A!߶ʹl0G(m̥kCVS,p1z>{䵷5lflcV܄i&ƭ.n)|yE%>ip `yR@OtDaQ%S}"l%kAx ;F1fCtz)*7jXИ7-L,3ư@tVrm׫qW5J59>7v$Y:Y~F QahMHNȻSz?iv<=#Fڥ}>G]R*a)I;xѾj?S(B*eakpF)>]aGP׃.ӡV.1o*% 9CTX)KPikܢ 8dtږ8Y|͸iw1B [ 2f *2n}%.K]7e nfm TLtnʷ[ e:@G%Z*3H˒ DbE)+{'\%) =Y"N(0-?CuX:TxӴ|dnjgp)i cf &5;I\@q^>,/iʏOaH#e-ׇa_*Ya^$$ "[lKybK`^3i,_߱R V YZ