samba-libs-python-32bit-4.9.5+git.477.8163dd03413-3.61.1 >  A a4p9|ۨ./ZK֑Ŝ,gbu_N(d+Ukh5TdP3d081~1.M/{ѭK9(Ccq7f$mt9Z/<=1zX%*`&t"b7Wg-j@'pCܫVhE~3Il-lrPR-/`GSt6^jY']=Sh/gZq,LK{PJZJ^'Sݾk ^:ۖ8>p>}`?}Pd4 ; ^ !8>ET` f l x   *\htPP~P(89H:">wGwHwIwXxYx\x`]xl^xbxcy{dyezfzlzuzvz$w{Tx{`y{le}}} }LCsamba-libs-python-32bit4.9.5+git.477.8163dd034133.61.1Python2 dependencies of samba-libsDependencies of samba-libs that require python2.asheep05 SUSE Linux Enterprise 15SUSE LLC GPL-3.0-or-laterhttps://www.suse.com/Development/Libraries/C and C++https://www.samba.org/linuxx86_64/sbin/ldconfigIEtAaaa09b8a7f4ba0944f7a7775df2c9adbc0250a94d471b5ede933b77a36dc3d8816317e3196aebcbc3f9dc37be520eda7bb49764dcb6d276f270d7f6500aa006d6b9rootrootrootrootrootrootsamba-4.9.5+git.477.8163dd03413-3.61.1.src.rpmlibsamba-net-samba4.solibsamba-net-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libsamba-python-samba4.solibsamba-python-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)samba-libs-python-32bitsamba-libs-python-32bit(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /bin/shlibMESSAGING-samba4.solibMESSAGING-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libcli-cldap-samba4.solibcli-cldap-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libcli-ldap-common-samba4.solibcli-ldap-common-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libcli-ldap-samba4.solibcli-ldap-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libcliauth-samba4.solibcliauth-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libdcerpc-binding.so.0libdcerpc-binding.so.0(DCERPC_BINDING_0.0.1)libdcerpc-samba-samba4.solibdcerpc-samba-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libdcerpc.so.0libdcerpc.so.0(DCERPC_0.0.1)libevents-samba4.solibevents-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libgenrand-samba4.solibgenrand-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libgensec-samba4.solibgensec-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libldb.so.1libldb.so.1(LDB_0.9.10)libldbsamba-samba4.solibldbsamba-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libndr-samba-samba4.solibndr-samba-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libndr-standard.so.0libndr-standard.so.0(NDR_STANDARD_0.0.1)libndr.so.0libndr.so.0(NDR_0.0.1)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpytalloc-util.so.2libpytalloc-util.so.2(PYTALLOC_UTIL_2.0.6)libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.6)libpytalloc-util.so.2(PYTALLOC_UTIL_2.1.9)libpython2.7.so.1.0libsamba-credentials.so.0libsamba-credentials.so.0(SAMBA_CREDENTIALS_0.0.1)libsamba-debug-samba4.solibsamba-debug-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libsamba-errors.so.1libsamba-errors.so.1(SAMBA_ERRORS_1)libsamba-hostconfig.so.0libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)libsamba-python-samba4.solibsamba-python-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libsamba-security-samba4.solibsamba-security-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libsamba-sockets-samba4.solibsamba-sockets-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libsamba-util.so.0libsamba-util.so.0(SAMBA_UTIL_0.0.1)libsamdb-common-samba4.solibsamdb-common-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libsamdb.so.0libsamdb.so.0(SAMDB_0.0.1)libserver-role-samba4.solibserver-role-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libsmbpasswdparser-samba4.solibsmbpasswdparser-samba4.so(SAMBA_4.9.5_GIT.477.8163DD034133.61.1_SUSE_OS15.0_I386)libtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtevent-util.so.0libtevent-util.so.0(TEVENT_UTIL_0.0.1)libtevent.so.0libtevent.so.0(TEVENT_0.9.9)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.1a@@a@``v@`]`P`_@__d@__ @^^@^^2^1^^t@^s^^Y^.^@]]@]]@]@]@]nU]_@]J@]:\ڭ\\@\ \N\e\e\}@\o@\\\\\4\ @[[@[[%@[@[ @[[t[#@[[Q@[Q@[\[[[{[z@[r@[ @[WZZZZZZ`@Z@Z@ZZ@ZZ}@Z'Z@ZOZ@Z ,@Z@YY@Yo@Yo@Yo@Y@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USanopower@suse.comscabrero@suse.descabrero@suse.denopower@suse.comdmulder@suse.comnopower@suse.comnopower@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comnopower@suse.comscabrero@suse.descabrero@suse.denopower@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.denopower@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comnopower@suse.comdmulder@suse.comdmulder@suse.comddiss@suse.comscabrero@suse.dedmulder@suse.comddiss@suse.comnopower@suse.comjengelh@inai.dedmulder@suse.comscabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comscabrero@suse.dedmulder@suse.comscabrero@suse.dedmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- The username map [script] advice from CVE-2020-25717 advisory note has undesired side effects for the local nt token. Fallback to a SID/UID based mapping if the name based lookup fails; (bsc#1192849); (bso#14901).- CVE-2016-2124: Don't fallback to non spnego authentication if kerberos is required; (bsc#1014440); (bso#12444); - CVE-2020-25717: A user in an AD Domain could become root on domain members; (bsc#1192284); (bso#14556);- s3-libads: Do not turn on canonicalization flag. Fixes a regression changing the computer account password; (bsc#1185089); (bso#14155);- CVE-2021-20254 Buffer overrun in sids_to_unixids(); (bso#14571); (bsc#1184677).- s3-libads: use dns name to open a ldap session; (bso#13124); (bsc#1184310).- CVE-2020-27840: samba: Unauthenticated remote heap corruption via bad DNs; (bso#14595); (bsc#1183572). - CVE-2021-20277: samba: out of bounds read in ldb_handler_fold; (bso#14655); (bsc#1183574).- Avoid free'ing our own pointer in memcache when memcache_trim attempts to reduce cache size; (bso#14625); (bnc#1179156).- Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469).- CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); - CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); - CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434);- CVE-2020-1472: Unauthenticated domain takeover via netlogon ("ZeroLogon"). + s3:rpc_server/netlogon: Protect netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579); (bso#14497); + s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations; (bsc#1176579); (bso#14497); + s4 torture rpc: repeated bytes in client challenge; (bsc#1176579); (bso#14497); + libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no"; (bsc#1176579); (bso#14497);- Add obsoletes to libsmbldap2 package to fix upgrades from previous versions; (bsc#1172810);- Fix net command unable to negotiate SMB2; (bsc#1174120);- CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359).- CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159]. - CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). - CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161).- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);- Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437);- CVE-2020-10704: samba: Stack overflow in AD DC (C)LDAP server; (bso#14334); (bsc#1169851).- Fix spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106); (bsc#1169473);- Fix CLI tools still printing "Unable to initialize messaging context" messages; (bso#13925); (bsc#1167070). - Do print mkdir failure message on error debug level when initializing messaging; (bso#13823); (bsc#1167070).- Fix domain join when the machine account does not exists; (bso#14007); (bsc#1161389);- Fix pam_winbind with krb5_auth or wbinfo -K for users of trusted domains/forests; (bso#14124); (bsc#1160490);- Prefer principal over DOMAIN/username for NTLM; (bso#13861); (bsc#1143499);- CVE-2019-14902: Replication of ACLs down subtree on AD Directory is not automatic; (bso#12497); (bsc#1160850). - CVE-2019-19344: Fix server crash with dns zone scavenging = yes; (bso#14050); (bsc#1160852). - CVE-2019-14907: server-side crash after charset conversion failure (eg during NTLMSSP processing); (bso#14208); (bsc#1160888).- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).- Print command %J substitution issue; (bso#13745); (bsc#1158551);- CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). - CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598); - CVE-2019-10218: Client code can return filenames containing path separators; (bso#14071); (bsc#1144902);- CVE-2019-14833: samba: Accent with "check script password" Samba AD DC check password script does not receive the full password; (bso#12438); (bsc#1154289).- Fix broken username/password authentication with CUPS and smbspool; (bsc#1152143); (bso#14128).- Fix auth problems when printing via smbspool backend with kerberos; (bnc#1148539); (bso#13832).- CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267).- Prepare for use future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).- CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815).- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183).- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).- MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698)- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2./bin/sh4.9.5+git.477.8163dd03413-3.61.14.9.5+git.477.8163dd03413-3.61.1sambalibsamba-net-samba4.solibsamba-python-samba4.so/usr/lib//usr/lib/samba/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:22188/SUSE_SLE-15-SP1_Update/0fd69e6561deead06e5b941ed67576f5-samba.SUSE_SLE-15-SP1_Updatecpioxz5x86_64-suse-linuxdirectoryELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=7d7da3bde578af067e1389dd4180fc147a440e8a, strippedELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=25abd07dd80b628b86259f1e34a9ba213953a44c, strippedHHPPRRCRRIRR(R R3R"RR7R$RKRAR&R/R1R+R*R9R;R=R RER5RGRRR RR?RRRRRRR'R6RR.R!R4R RRR@RDRR8R:R%RHR2RRRR#RBR R R0RRRFRJR)R-RPPR/R=RR3R5RRRRRRRGR+R,R*R4RRRȘֆ  4P|AT4<"7ʊ DOQ XI-)uHylpye"M{њT5̳G$ %Za/ؓ۶o 8XԹ$068O1r.6y)VwQgG-'Ro 0߷2!@ey)q]1]\vSF;ho 2o&uX>{ DQ2jɘڰъl$"#G!R_^{ r3b'IW>ogJ R{Iְ,iCLj:mXr 0#O,--gF.$r+}IG zX,ᕛ{kȑ6-b%˅75G{'6;6U+~-`,&;- U"jM)L3o:Roi[X0cƀ־憷x81G .yp<-xps#s5&@7hD&~9=a!0 ?\pı_T6NN~Ѭ,;zB&]h,"<U X5'2]PИ[.7c\ Nͯ:;?؏4uU5ǯ^˰"~BI;+&f#y({͠;Z0B15V I;^",~rUB.pU{7a>,DJ'>p4R $X*LVTL'ÛUDC.xuEs!A^~0"7*JTZ&`Y1^]SFwnjN5 k U7-drv!z rn?x{TvQS/hڽj0&<ܫyͧR i%/Be+j:~Z.~`4>uZH!xwM;?s<Ύ;~H,ZMBT5vǼr!̆0#9p&Pګv6FfK p< !.-47!R t}@d&e@3פblӞa9+R!xW4VQ9dٱuL4;fQ;醵~I"znc|GWUa䠴$*3pzf6'"= \U[FW!VZq}V{8,Y؞3ş>ŷo1 ϫEA5'#fr3WY1_6iP njil VL1y{F 5(ql%Ɵ3EF_Ut#L4*4;޲|M!s?X`a(v>ZnLVx`oF;A\px/!7% ~!,7p'?#;_Tsx>pj)4mҡ q疲bmZ 6`H<BS8ss#ǥв t"WEܵ]ss3bTC1zl~!;&uwLOi܋0@$3cC Bc[{ߙCiv]fcۅJxۃ҃EΧ*=QZ਴_ZӦC@"XH_6-oFsh$jbڢ뵍ҵ]8~]j&K9)⟬dXBⴇ<= )G7I1wEu3Ġ@an`2NzlaǸXI9[GdCo^LJx[0ڭ*L?-5edا- \7bPDTnNj1bNp{:I.i M$H?Xcӿ8{w y"q!BгSILYmN"PL鳎٣&X2 ۛ`HۃzlP5Um^Y9#v !wqḎ|[M(/B)<Žw^#5 v yh]QGf.<#N( lʜz"} 5 ]^,ۋe7)4F:9T:l\i r;~3YI2yn^zD1"NrV+(⁸i.n`5}3e7kM8MiE|$YnZo"ډeH3ss@#ޢ?嚛Q ?⧹O3PH]s D&ïK8iǵ܆e`u@D:\?okL穡pQKRkM ύPY Q_zs uz ﭑ罞Uφåw^ %D_A RKu G 1WUjVɼ:dz{HdKZ圠ⱰB#-~oL+qYY̘MJEUnɀp3.E֌*lC W~KBtB}cpێF%j.{qP E9wbK~pg ,x#ͩ9zjY 6~' db`VAc7fM(2;hE ޝ XT$"s9mdr'Yd>_4fgh%j֙遡y~ToSH [lfR;Jr8PI Wvgg?1pǭFcUt}f cX\RuU]V!E0MS"-tk̃,4w(/k.cLȰ"-u4#ʜe[>\?uV'ʨT׻*9^42ƗQ2#U.Өa(TGyX]Uj}f)-7& RATAy:MEjfd@"5^X=yv1ud;<ʟXW/" ÖGk17(? 2PR56z% D nI?zebOI! O cMoQ\dqhHd8$Bd^#Wa )u! h!Ǔ"d]E)]tJ})p'hcW]hmZ7̋P:`}c(43m3 PoId ^׏1xoht_:'70vg~SY<9*jbR@"tg& }Q.2)ߟm&=)x#Ue2]~1yMF4)T:L۹U9h']%nTSl\~0.(f2S.쪸fQ9s%O뎩XS#i_g,w PPiib:⃠*Cr >JH#k3atӥUfPfS%@|[U}LDmF)7gPժ0Ə;K.q`v#eJ0ۘ:]Ds;?S]N̴x5 2xgYꪨlL^SN#;l麺 914X=UrBI黸W? *o}/5V'e״F_} (0tM'kp|KY.|K-[8ۭ8}KuAh%:!Aɝt5՜7.I0:m\{EbœnT(B Gx}W/7-t7O>ƨp Dh0c:0 bC-keNX1Dډp1n˗/ŜsI> tUϭ8˳><?ΜЌ] wxAJ+j`c-&\T`F }u_>Tf"]a}ioN?ZhA#%LRw64偦1 ~ G02 5KYaY>rK g~v0Uusn%}(N\z s`%nLrkVA)>"CBU$ #<Ew m} 磅$-laIDMVbLr$j"aVo/~?Sp+c!r-%D}w6lc=GAl1XŻk>80?y{b\ZۜwрAsEJB$N3y`ͼAey2*&e^!qka7X~gp [ί,Q~<5<({(*tJS)=ǣs|tBUVd-Ghй zI|m#gD>iB'8|ؘGE$$\Ʌ 0 Q`&@)yrh:1&iS8Ẇk*qS06, sB^9&? k: f0̿Զd4.;%T#_M}C&MTj"4{t\BIj?HM*k`9|8$ )C_}Q/1عvl@44B',Q? x=qOܿ"a䂼1#CT{ޟuEPG@hV[2` Z| ^ȡ er#  Xzvi"tN^c4x :؛Ĉ#_*z~'/xBdAcC8hW3AiԒcl[$"=&H8K#JAԾg2MVq,\&}\9R7_!7o!UXqM1 dipa{_2 w\}kR>;<6[{mdkiyO@tJK3#yf~nGftroSk&XapedDa֤y\sK?>e0I=X`J'D =m Ό@x+T?!o$@>iS{~ۤ# h&k'b^FB}Pa ""6xZT'iƄnDƨ @ΙV#@2Q{ΠяTj Y:zɬ,yۯvøkj?&n/^cK /cٖӟ(i_npahLͤD,qs?Z ԏڃRe5.ؾ>δ5J>⬮ձbH|J?8c\;ok*s>zل=A;U"ʳWBv1c32!K}R2&q/Ud kG4i"TG(ڡ^<1Ew0# }Q Kk6M} js#JJdEV(]A*'hl9fw 4?ƶQj/J0xdb6>z-YOF @+0.ɩ"͏fw,WzY}ACj:˗ckq[948g>q&# r@9rj- ^^ǥ K(߲\в@t)t:A1/2-_lzȴAKtp[j_PvdOq~},v9{r@T 4,: C@^`D~Rm9*j[k9?ן {VXEՐ8La>4bc򍏺)?:y %}(MT(\M2~ oq;ʹzjSsw)™YEUubAE&ɧ+CġpqwrI]٭#֭Ȱ% sYa#{?=9gi+Ir_̻,{ǍEg ->-Ay7;0$G11gVr-J<䗓.UV#V=& ^j"tooi'# .|je%Ml1fdL=hh*^V%u ^S}w]ަ0{c:τ@<0< a*DM$ +cFVr5+G/P<0?ψ_'w@3/hTQbIed"jnD @̰'F~'>|w5cSOu)YxaXɼNd 6`g%flƌoZB( aZ22@V]"`j[ߵ>.*W異--q~jx&O]@7싈 "lQX?gYRCxNqUB&^0fjɓY6eýIwMQd7z(wgp ;M Azѻcm1ahx  *{>ROPqkdKX3b*6)Z;ERW,51#֬CWOӦ|xI ["U \Mqx=F7~L(iLԱk#-11,$R؛Vx.oWĈH5= @Ƌ|8j h%yZUF<%A%ޟxJ5M;O 1=N+SVlmecpf[Ό$en3&5nٛƯBL^ ,<_:k3"wC IDҊϥwuxBe!5Mlߓxb|u^!ZW vX='Zoᖕ˅u&+SCnqOg$ m2U<]! xM* 8F5( {aAayZ_)݆1x`&,Hl=&O8 RU'f렲ɅKI iyns\1ɱ6ǡu!,)\^#=M7Rϒ3HSoud jVV?^Rlk4K,t,iR`,IA^si(0هۿoNJf_򱭨PYҜx̿]Q#0'.^>"%-!\[36YmFyr1yd]!ӾϘJU~4$SKdh Kf-0H'wl{m"ѻP3BŧѤlRd)"U{}bzH[`Qo7Q1rڈ_oih÷Xˡ;eӑf3{_}eʂBarObT)`r4w6Hd#~Q 3t#b]-;qGu_-x}$vpJE_MJySY,[HAbgg\zSN L'\.=HhOΛcz\.;FڡP?(цS1aj~"8v]s T5SƧ|*\4{`(<'D@bɭV T2?@5L>\z,TΈ׉4lKj*s}M~|$~w]$^9Jh r`V0l`z*O:HB` ũ0P - rIIt]ŗ5Yr}V-Щ1N.LHg.X \Wl1N>=P7IRB'S1h ! y%U=.xqvu'kl&fTB΂Nyun>01'u(i jKRɺ,r9-@mOUi'1'Amz!6 -05M*!Hћr§BD=Kdz넄`V(ty42U$}OLiUc_jL ly2) }0X[oym͋!dgs:,ZY+>,}_Ic"Q!UV݌f(q nyK‰ AGg4e*T I|\g)$W+y(3 _Ftڬ*W2<}W#Д |J/¯n9Bށm/^1\~{tq{ mSDZc foԆ\=웨T̤%D&(q'QGi<#e'thtyZS[RhPHEҔheU#ƞ8s@\o^^Ҿ֜Iר?)ڐGj-w+˨E:[kjW ic:v#qRh̀p ^N}Wf'X5G#Ba 'ی|txآ;9MJN>S{̆ NMzM=5elz^=\Cq2QuձJ~&< `wC}U?mTxGiDעP?%QC,H 2 5?#upa.}hB+[_"_Ko!54 t-!)[oĹI3+ZO}*f.)n~`Ox$iˤ9EOϖ3ϐ#m6("LrnQ ZYЁme5v L/;|n( #K7De, Z/}+4{APt:%&ChmmFM E+M==ͻe,d74QG 7GJ\@/+yHZooӑ571.b4íp_̹LjE3-Y>t+=?x ;w-_2 ]u;RaCk NkbV:S"adRSX0Ę8Qx@J-(7L gx܍MMt⻌趂EZg x{1` 3" Рf_Yg/OI2p %?bȂxz:ƘN.;ߎ 4K' Iemov~Eq‘ult*^4S+Ac{ɓI43,|.pĢSe}"rSrB Dx{ۏAjn5bi#;ҥ^8`+leuCtI) Ag:tĐ2>.,d3(e6PM[@5EK Kȯ:*36=Dh]෯4(Ѐ,(o :=l)9),J]:Y3 k scfN|C[Ș>U1:i:j $1=v+;Nـ[U0O"z+໔ŭcXG*[IX=e@JBl/{ WPwipO)֝$ ʖJ0g0suȴP|pG#Sh8s J\ Vu,M0BIm,dm)^$yM9xtmxv.M ܤxu>k^O"Syej~nOHA1+WҤ;IVyV:`h58J—3+𹳫/. b7|󂂛D ,\˲KjVOK g*ᆊAs.077 w1 JMdVjΪHJ(7u W-!@iWa5x4tX\jM_Rl~np&ͽRuGdY'n?WDC7I}Pe9VpTUH P7.x4*90nP>O$B@p xn0z=o/ C,:;mlFdx|:Kg]nO*f+ԮnQ,}.G7ݱ~ސil=pT{ p ?-~.{w<\~*d ^JTjhPIQp o#8 0Rȏ$ܓ8_YH(׳u_[7ONNdV)qUϓFV^Hg2w \dS[uFj->x֒2rgFXEeخRJCGHw_k ( 6Da+(.7_Vսb;wgdJkl Md5c[:`|GE/@'gY'Mu_7>>4qs=첊MZӸ1- 7:|ʼbi bfjC&+͂ N44jz!ux{]{J=6uC˷KTJ%*" * L9TyxԐZ~_U n4h+>yݰ%peoBGz;VG l[= +g_ɍ9'# Ghg`3?L̓QgNәIȆZl q͸C~aVvVbtPkR6Ew [uO^|8=i).8Ž˻q]X]?hzn4Zq$2yQF)YnbGjizEx{fsRiofNwgp9p$Ab ϸ+ٱfLЈ,aOݕ3(*x n^Ď2 86zkq<- 3Kj #sn80pO@i¢$ Tl@\ "=x;58 Vd=vɻlA0(E (K^M ,:d;sI5 j2.KNQ3'-=z*؟B0"B yخ#p7ڂZAgBȈj|&J\em搳 k]2D3^Tu6 6n!D$Z?$ZlnuNkϥ{_L-ϑ 8+R5QBHQv/BhC}^ J `M6q_<:vnt7-Rhs] lnNfc52I} xqErAs:"vĒ޿ @ 5$Où^P'Jͧl)KiLpDijܻeĪV'ZHR*4+=}`@ڝԯ)Vɍ;'ȶTȪq֪aM 7OCy{6Դӝq@| s]T˄z-D ⌁Ĵ3dnmf,Ύ$!E$^i2Ƙ6eT]@c8X^׏t!C*'73YZ[Eێ ݫݥL QM~ h)ιKsR߅wL7ޙ rK|I@h֖z!90XUWM96k,V|#$p}$t#G l{Yz=y͂1B0c'3l8ݏ WdS'rNQ$u׾u(GqYX!|^>wv|c|1K$?Γ}NzN Ęv Σ_oš ;f$JGz)"D,\ϲUBe(/@inQ9sAݏNΝ7uʋS).:?Puk@`uGIgY(sWkSF "9lDBMS)Xoڮ<"=pY~~{Ph=e=3俨G`-jKh)(ے:vل7(Lq؂3>AF\Ϙuq25y`N*o2~(8 Oe%`aj?zԕ$j>Z{9*߭2wy̿IS=_&`NL!1U-|C^Eeݬ'7̱hYb-=eC^i5P;2-ۥMJv8&5UPv#TyaF"yM9J&Y4S#TL!(@bOBɕ g'uȦ{ 2ΪxLXOё\6jQK~]YMOC$qeAD=LCJ1㜠sI=S]mi:y7o4t Y7i#V/_ 12 ̘GVZr['H޲\ȄA:l#_`IZ ĥn ;oC9T#b%v+p^w6dkE*nms>carL=/[F"c<}5&2nzR5ʽvT0o;C񐖆ɗۜiA{],|2#7` mڙ{坅e !Cf.LPU )ϊ;]LP Csm 쟯##ϗR0(Iʕ3/PNq2P)K5t\ԂfƎ\Q$|Iig鰴~O#Th k(jV٧ rhgL-ꃘ-O5yFc9S&KKCg9՘hw(p*bϲ#D̞G@вś]U1L3 v+٦f=݈!~EU޽ߴ!-EFS>ZYL/F1jK ҵFN (18`RK(%l(k#tc Ji<+^+RvGK~.C_ U,!ϣ|-nґ>Dp/Rϰ@VxkLp@^:5^BRݵ0?HՠU`؁8fPtWbmcg~R'ߨvtfI2 3iµU^_"E [(N,4U_+0CM]g A.q3>esyfҝ{ 'D[[F`jqNgÐ%1/_V'ϰ9. 8b`BbJ\.(C5<ჰ cQHT`8;Hy1_}ZAcs).bNݕ+??) $4S#:~ٓ<&=H`E7d}E70t8rlU@ʧ9ӵPw;o*F? *HyQᶌ osbUJ{B3N Yk̒ͽt0t䅭M #SL ʔ#]IF..{a_H~Qf[PnZ;34\v~EY"rhf|=8ypp\x,aJ1L P8)&P+÷ t{W 4ȗ2fȑy,ڿ&"KuRu&(VvHa7eihm' aZ~Z0X(:cUOQuu[z\SGU|nHW$Oۇ!C K$[43Pp^9-KjiYW}UDRZI|KuFD$/?뛔yXƢD:47NP7>8tp`@#9_8FVFn>N ;VS3]'L k<;SQi-*eCDWe^?QTR4-ccdg5 I<, 1Q,磩2CɘFrn޹ڶ8pG4d-Zw˗EKkyLM "`vQݎ~Lb2g ,60a UT> +RArwk|rC1i l˽0Wa/3BsOK\Dts M[$@?N韠39IwO4ҧ lb3ңۉ2At!NL_ ̧IauMnUsLo 5Sb0Kw5+頨M)$p |Tt&Ƽ(%n:bnm\~sti3C%2:cUw܊2Jti}/ %ũ(r1= TIt(ZB?s68\/oxOu(Z̻?L+Eu=(W Ub@25u9 # ;/v0]T#>tb֏eh˴? )+jyA\;^NEVc< p>㼾@ޔYZᳬ0`?}tkIT:Xl{>:6+ʖ"|.VotHXRyU)oX&qIYqFbĖ~"j*ˊtrpYy']\Kա;b[1q;SYt #0r)S x"^{FD [&c9iЦGIsg^pvxW& aD;Ƴӧ9}h/>W@msxX` ) M{!ȀrtgJMfAu!vcKY^8䮜f` R?&uSs1K9'H~+Xm7,d?^9 0z,:af է3j#I S\՗ ĉ!i'v4N¿q.ث6U_xXƎ9:+TlMQW!ꢈH9ꆱ}@Wl#@yYyqV Χ,ԴHK\-K2^:v4qFԺ>-X]=br۬El.WE˺)D5p7 }FSŋ_әE2V\ HXD.չBH#"ErE yYcxʢ~I"GK3բ\B3.'` c`>kdQ۞y8tx,ʄvoZ,Pkn$ޑFNP)c1?Mœ%KÕѾxAO34|,\=[ZvdpjHӾg+޾䞥|ѫ?>"'NZ>%(WS;ɧث#j֑cf*}+`{Agؕ8"|!ϐkV[}zø%M,z&+X(4{hF$uHX6R*J=H-6|m-J@CS rw\yb6gk`6z_iyOxy >s%gW^7Rm-|l=C؊ܨ2\,l `uU<(nn8QئFǠ#H%KX!aZZg_,iAMCO 5?}eדpCH@9R Vs@C>[WxV;@NyP ƀDa ̼%.|CЈ4E%xLu2{S{J8jN $b8Q2^:4BPe3N?GO9 Gey'ꮐk۴PB- Urnx{jk}/13^߽hi:mO݅,GzҿVfd\z{F'/δ$ zI"/'`\_L_(̠|"|LUyq޻tAtP ҂؈ t;4;ܔƱ(rP f;nJ(M%rơ62ͅ′  kڷ_W^ ;'\utPx v?ԕPMЌwѢS_yPR >VKJc4TP+N8iW^$݊/M pUM%!UnU2-Y l4TLSY$ϡ`Bo]CZ.rփ8Kg#ls@)q.,o ݏNF}cI;*]]ynr@k҃w}!W]N׿2aݛ|/h]~c fLDM›<1aX O=]JZ2E*~08|rG¨jUJunN")ךisjӬs3,fJlڅnwTb ϲB]~&À@3_6՝-yM8UeX U謪A!;L-)ar9>5fnD-r?{Yk/KG#,OƸptGK̹\,M=U$^=Njep 0`pv x m˘s|v+"8|Β"ngD2]g3'ɾSTCP)冹B@a! s6 ٟL:#þlB[:l>m4lNۖ l5/@^ v.J%1_`5.<.Ep )_H'' m#j{!#|ՂG-ZApI`y[4>M`@Oơbge y0oFF=ޯQI\vDz;dGQΤ !2:IYwmsbɖpP2|"M5O;ISkAr{#JۯhDɩa}]WTMY  љr Rb:B%]An,n,6mZHgQUeѹ G)tAh@z=?QOTz@3>Bv4Ӗ i:REB~ $Sү' ? HIDŸu-bR8\Y+94s;sK:w=-WH >:b8kGVe;un}7otgx`>A5CxN} w$W`*;n$4GG'j?S8f :? H+S1n',d.H-RY=qّS a6zXpbwsVxVI1ZΨQ 4?:mWcp5'4Ѽ]x\B\2{))Ro2ݕw#>Q + x=V5\ qm2z|'q4c |EVMvU6ؖG= Y*aWqIQok'MapV%VetD_A ¯`H@5n ;/}Yx$i%*9"Tڏ*۝M!mdDOkFQ6!Uc qΨ'{Ed-(<ڕ܂!_KNhnczW1D|!m6+Y٥&7> LI8xH]z_s$#Qݾp4|NPѫrאCek)soaACH49~f1Wkص3U9Y0o!,Ңh`R"2UF_BZ}hC=yo51Y,bgz}djw.<l/ɠKUk *:tB}Pו&[m_irDF]=]$>ƫZa.Fes6X9q۾!+2f;y*^QRKx1Q\#8`?v @]6^z Y A  ?};\Rk6@6 ܣiBүuL mqO d}^*56Y!ш̗ NTroW94$×ꭈ4tq3wdx̏3 V.wHMWqG 0*'􃷉(W3ZmK- sӉK珠^ K|9sF.`nLm,;+.| Wqy՝vpr&6n9ǁ6 -Lj>+ZO hiiF!Pc0K [yP΅q܆8-8V`IiC B%ڦ~8G`L}(4?hί}3~ |!—wa Lxvu\ы)_y]=7IQ^H?py][ƾMK4BIzdd0numd=9OŬŷ:@Bx@r+&>ᣗcɎj7S,%g%C P?G4nY1Z{;{7<P..>|CO]c:()F^`mY3N*[w\>`\$ zSsJ!>ŀg8W|2L,B ΀v0 ֥8/V@6J "+N$D SDDi[x`5$J+fEpü$P=2Hb: S|a&Bm~5q\?q3ЂB@"vgh` [*L<3?>)r̂Oz)&AW^=[9-\%4#lC,yqo( -I5KHK⳯Zy]!I92 套,3E@Vk9f{OyMjps6͝(JţKko.Qkzc~S&e,✜A O*AF x^\HVa4r ގ`g[4Vd?IQ OrV׮JП$ɯȉݾGs`JϤgUs(28kbLέT,Z^'"p ~7#1Ln~ GOiFȊ\!o:7ή~nY4aX Ch;XШA|  @&5z\Kŝ2Ω8@2hG3ژL; j7;P`қ;cQ5?"Rh j`Ap'o;@bRn{:R#E Oq7DKQu;,:>DK|èD*ɴ†R.4P|YGb pZyJ<3CEE0soxѧ},9}DQ_3:pwHn&fv0D% )9fǮ= 1>Z2* K~:Af=XrQفha KxWx|xG4-Dl>"#ڑ;mCH54 X^5^UqB}++J {xRC (& atGb3/ΜǗXr eQl޻ ^ r8j7Oi*eTl [%prE*7r34ɷH,>PK'Np+ru*}z2=7б'*t< DA$ Xa5R|GFX'1!C&P榖كZJY3B -OǭGtv?|;:_lk1u\ˁ9y2ݏO2tjnĘ3K]Lá\y[HG}÷,$8!TqTEFi6R^Rhտus-54bv✁Ρ]:9ǞʺU%v9$2 *0|⢘H2)ѯ2*-W*FJNL_+bi{j€3 #8rxF4&v"owڐ6E1PSBNtQ.@(Nd7esKɳN'8`poIDIY(QA l5W3oL`#՞JəK[>ſt@2~o|@ 텨wӰi9զ<@j-H 9ʫ@Qm}3e{/eWph 9NoaqDM7zg*$L߸ןe8dE=\!i(+ϻw,LYDdx|aAz;'ꯅK?-:r^M"vg% \#`Z0=}+,a#Ж\P&ًh jB`g5U:T}6KGHOE_0ǁۚ~Tv@K@޾]Ø_N~}|M*Pw` ^i@$Cm p(wȤ}E5fiSEU6 llH2K_(q3EphJ#B̭t $mljbd℉s>O8NܧH |#.o 9 躷-=g%#ϙFshh@kH/>'witG}f*gƖf||NkdnM)XtJˆ¨R?1 蠌.i4 nM5tă`-* OfCsPALd` /HfJ@Qk|PFhAP)?R%u^>u$54;|!gVrs|C7 ''E A$7 _™%7G }P9=2D|+inC*' ފSl<-QJAEF-aGw<ŵ=:XcĔabN.PYZc)aܭpohT̔8=#7Z+tɟK|Ai2jް?1 Ŏ|=6J>DENSY±؃b-;V`5YDV [,`S'1X?^;ږ6y%Bd6Qϻ -9?n4t5{S!ptVPj/?x2KRո&olr_;*NXkMУY)8E ΟJ] iػbh58+ a)Q৘OF,- WDt ngECW,f{@5KD9ց y! M瓳r.FP4Ik9"(El#mwt& =.f`n2j/7{$Q!Fj)AwSui9v$D,3!~F gPGTt;~UɤvxŤ>mC l(<-B^%vr9_*-D9cre6`t'Sfbu!DKXh g^T08)ea# gAoVPG v$X"8ls_d~mE_it\ +ĸ~B\*ԍWe&B3[c+{11cP b`A?{:jvrAo|>fh kJ"L=6Y[!fFPxʾ.ؚfa*v 8B7Ijh B6qFB^ÄZSbur a cLo3%/]z(L iWG{Nb⢝JMkΟnf 5ih?*4wW$fRZ:OYdC?c?W#US`"jͨ)IlK $I.ؾb\и}.z8F})&7N'kJ$ 1YZ6}"?+r@!aƲw"߾MO UƒUye>~]6u_!&t7#AS#+YȊ-vQtWaq鿔3O-6B RjPt.C"rxKMW:mjE4h-pWFff24v{Cob+q2VecPao Xx p<WZ wV#| k6f͏h ;ꛇpay%$0 /&) ZN#̣zNVP3ؽ.<~>!3kr f 6Jby(ByO mAƞLFz_ jldJʎ# v{p[z$Z+clGm,ʹrzʾV|zA:z[s$vaxOJtmrİ!ڬj+~M {HkzvoR{ya7ug-=G+c׉K߶}'>iTQ#o WG;K#%LC \pݛH&:ZrfEG7Odb6o&:l jT@ VCP.+~E,* 6_JIoO<Ӛ9Ȥu͒M? 2@KP;2Z%vF(ORFQ"lc[zt3* ӭCô W.{^%(FF|o)浘_!RPI$lcca.<'׹Tֿ\j-7i+wIySU*k̓ga(lUUT 6rMk|;Y!'r.fu<2bMB՞,p )%k}'ۦ8uhOԃrp_hlO|kpθlv]-yXfPA*=|\.BMۏB!x yt4+`1qFєba-˿g-9ܼl9{4jyd{,Yqg^˜ΐHïї.!ј^e}2dtT^RGLI~&6N2@۵ٌF~ 5(nb@n??\'cMh jC+u3sW'hXR"]nS;@np9w8e=_JOv~思qQl_wB$*[@TԪk )M88Dfo[U,X9C5=]&I4ɱudגϚ&?*+ +@T>M?ea >0urHz|x" #^tZ\aQeʰ Ӏ2޾Ŋ(+A"aLݸD T-c}BI=a忠Ųk Kh&8^/Ig?CB}4`ZBb_$ 48zoalRV_`#G))6 Ol,7@gT0duH/B|-ȴr|Dj~7JI"ܷ qs@^ <εqTOꈒuLo SlVጨ SQԡd՜ zpr]22-б9 Y_BeLEơH ?%M6f{LWؓye$[80S4XC^rxL~AdeOw}jBD+]/p3q)GAG3sX/}ŏhkYPoyekc?sƀ5P{vΦQ$6l@;Avأ)G^棯W~.al+xYG̓c^-jO Ch" oWx)98 (r&yal{lB}%&R"~!f4d-w^b3 q`Gh|*r%p9~ |ؼ CfN:/z˹(]XMvN튁C4@R<S xz097AGy\`uf]{:ڭq!|S*,O]8X&RECQ >, @Vô*z%9L'-Wv Yz2HR0%ŗ j7vUyvH݊^y.c38P>%ϴ~^`&*߇%n]J\ Z$p06)Z fM^<7TRD`02vz垶 qaeSk|)AzqL@׸)\e_!-mI&TŴ&<>6w󋚻=zǛsExGw?ru3Qs6_L]>8S=3?]OJQz2-עGWd+vzW51ib "^$/ q0e.sd @F_4*JD;)TC_}iz߃ ?E뛑_`EHHD& x BO ![mStmc<-[1`lIq]ft[jQ–h[8&N0t랢<aELT@2'>!cę <6a?Zaj$0Λ 9Y>` ~{,@bqpyJdyCt-7)2?XcJUSQ㩚-F{{xiSsY~2|NcUtW*W8)Lcpz퓮:j X!(u\?t#ӧLwg]( p!8ouk}b&28 s eo؁'dv CtC˝1Rz Q'!"^%m 'sN KzzU/ W>|Ven7=n3"!,3*̞i&'3drOϣ5Uv0c/%]϶==t^`F_o YY &s;,\3^-f`J4Wi=A}yT:o'>,ޗ±t‹hH]hLKHr-Fv'vsjF6ŀpTZ3_G#Ta46gH7 y^O.Bnr3zIs_αICٜq+\P{3)ʷo:͹o;@ 1(e],d,=!j9?T^ z>/A߁{%ڻ{=?΋Ѐ[ˊp!xY_gr64G%V/~<2+@y&vzGΛHB s1e{rX \3Ql7R?qQ4oVz,fۂ[ҁ\NV͔"Ndt[|aR+ %vD)u1g]"8 !89qgl(>ʓY "b_fTGPJTrGO<_RNx[V֨0+1+qug7Z/t Mqݥ,j&:r痮Ty[+ʲb8[v@ 3u(CPWe12 (2XBM &%ZP@[ F&k[a6L%aA' HH;ۀlg[3[쁬\@K17 *IRxV _-ui\1:dB"V^(Pd?xPO{ؔ{EoL+{->ۦ!P>Xe[9DChAN{T;v`4v-0x³sج[8Q-N 6x>qLda)(<]A#jG~6q"3bᄍ12j7E6TO2zGVGlJVz&Rأ>]1vrkfY-BNPff)ue⿋;KHi ޳Ȋb2̾RnOÞ_UK.]Dg"wwF{@k['|DJQL f@vo*ucT{+p jY9fV-uiH5A> 86Y!5,Vk p,-R7K!7ZRذy^m/WS͂JKd3>` u8 JҪĉ_l}'`#7ęC"p=X`u?d!LUL+^'!i'`MܥVDRnj[{?8WW " )qHuUvN(03Un+ DxKQR0BHA"9Y ? s٫$W4ls)\ 3q+TQE(i±M;4 DJWPp`XΙ5ƌEhKO5~m*0"/w}|k,̷72̱s2= [&sLB?pУzYCm0 a <O;Ov* ٤P񮏩HOj(*. b=*PtJDaeFdLJFη`ӷy5|̝\ׅj_k_B< ?k}e.=;dY0azEz{QOʋä6) !L_}Htb[9ݮ-sӵ\|q*(=^ojO ՘Ҁ/P\=^38tU%!Rzwj,%ہ$8aǙ$R숲8hqXDUMhRg,`wj+<%.P$ 9SM_Gr֐ &,f~>ǽGM-] W-Ι ,Ul3holOъ?]h~^]8xٝuL[I+n͘?gѵmnQ.H725<7(ҲdXP j}Uq?AB&%$g@nTrOrΰvi;SXcq*7< fr%Zdq3K;G_YR< #Dv.U^"/*w G/`wKՓGJGU\|-y{|;[v? VyGX_o \y؈(DP6=x5.k%܁)8(4!DZf~t88,#]alZ7rA^_P-ci9ƀ^4/ S2M5;ɛgYTG"|\Rby]⌒1Mɫ^$wFhu.B*r|.eiYN]vXpBA_lea!*s/*takx={[U'w]/Lړ2%JlEImʂߴ ?4ޱ-`iБ_pѤ?M[׼wՑz[My{7և!}k}l(ѿtX /Aqc_ 3B?+(ωؠꞵl㔔wg/5'U@ 搧Zb=_8oJ<8pNJ8v 7&'Wg6թ80Y:"4z{a5{p&S=Rݛ=_r>&Hw[=Ԧ>쭡{[JƏ`0 f5uV>[#:HfІ/3ͣޡ 9嚣ΕivUD&6Z-_r3ӻсfܶX\!|}r ۱:kAg|[4hXDv)bRRP6uh ɉ]/hD~j*[$\O5B*Ld Dse @?h fkǫQhCחYK,ь)qU9s-LZ{C]0+ EC .z7<45:󚘤iδٍOߓ}ltt|̤[5!<'ʇvδ#IdnIbMa%X?ߐ-&W"kv*6DDi< ;JuaI Id%sÝ3ʖ|&̆M u=t0Ʈ nAJXuM=՜U-/:cP80]2)c6qy-eBTI< PFC\N"JbteҎO `gp 2W5٪- MOϻ&g Uz/U:@@i ̮hѭ>F|l{?:+]WڦH , >tHz6^Y,, v~lj[ Y"bY",J};Z|+Nz " j뇇rQxoEE<_Vߦ~|,oNWz zC&dQvm$U,Q1FOѷo̾*(`xYF%U-}IY熊ўujnr{{/ZCaI%6SÂi hq}E ietj~kL]R?1a߂B/ yY?ERȉyʷʆZLtZk2G'Pc_kb&Y~ciAJd3W-xSUEVSHJr}G˖ӥ27K!EmCȃn R-8Rk'vJd[Jta[yU[NLB (A?Š*7OT>#Ħ\Fe#WiLx#O-ë֤VZDc0((M-zQ֔+AA bD9餡<92ILx׎kZ,f5`]M:yO>P1746*$+;ߔ0vGtj2‡X 60q^O͹SgٖN?zh&JO@5"!CgcD>tw}8;(xϨ[>r vq2bE,T}ValQdLӷBh|뷪$AI#3Aq cm6LQ5GWX Brn9q%Я}ﵝD=@rM/}eȍ><ɥŗ` gPT/x65ujՃ3ΟB7D%|%z3g ^f7&› C`߻N7G%G;7>,RJTVT8.4tL3xd^@:\N#237F`wԭZF)#JۊbZH|ɷU?;K`bJPD\ڻV@R${]n"- C^laRKE^tNQ^T1oxHLԻGT(yPL=G^wooLOTyk^d1 !.0~ NĐ]hyo[zECu?1QX G,-*8;c#.aJP4mxu]̩Hм{h[y7/O񷎙Zʈ&Y?,/_U=V' eP=m'S Pu@tm9/*r ՝ҝ?~o\xÌL$cBQ 2q<" t,IJSh'5xJ1]0 GkrXUi-sL1ItZJD'^Olh͠TNHc6Gr0 .v8a8[ȱ  :;"4IِGyInުRyh!*:,^q"y a)fғx r ~ uwXsڜS|F3{NfLlTc}}Tc |kan^y H;.>*:&%*DAu@`|5WR\j-7 f(ʠD#w~1WsFCZKjm߫^\X.uPkT: Kn0p%^  $*\H}dB~O]$vyCڵ7ǜC¯㱊~J}ڐE@Bh2y5>J@mYh@%̾O ]Om֢Vsl'ֈmtC:HFðF1d 2iݹ8bJe0gYhK 埲9{LW葡7('Jգ->BRj2XД(Y"y7 z ||嚿zyo\6BDUm(ՇV+HOg5z'@]V^p z)C <"}< j}[S(Y͇pX(a"ڞ,iΠ2tN)-tKzD޶z*_*W)`bm&/mL]5Q24E u(kߠ&v5fdFɡC  qU\H!͓,{ EhmHEt]ݰN+}^)X!mw##y%ug"F<2#htʫQp]g3efK /$litզX={AgbgŮ&A?~:+"Qd1a^rhz:<4َ}NyB_# `$ɏH?9*@Wxꃗ{ ϽfPC`وwLExI * A+KA"pmVbZҾۂPK\2@!9L l(i|ʊtNF+h魡z#XF]%MlO6LXJKzlO_s e5uv>,se91E&Caa&Ժ΃ܹ3nxA:&zbրgű7+hac8"~7}3JBW9A}XMrh\ xJ]Tt \h4x-eٻ]q{4S2P1#TMIcL>QB\* Po L(֚rXŗԟp)RS%}^RFqOlѣ%NqE븏 ^-P] ׹VAg6ZUfC&.!N%]mMn쐽 ,apg)4*1Y(ECހ5'jt)E1m%Y,Fu>i$-+ߙ2E;pn'{ =[}Sʐ .Jq~b+|"HS ·嚎q@D*HIٳTB] $ <*2p# e[*IohSApw_K0ѻjdMC.Hy`` I owTo6=_|?$MsX(y#!@s|m+K'b^ؗt=ZLK ?Sl.b}%BHnem(2i;\'i^j+}ZZJ@u Žg 9&8?L|k8C LO)J?GZ#A3HQ\_:D }^$;ɁDg1?H~ B"|R-yAS3^im 3v7p=aEA)ac6d.Mu^IBDN)I̎2wh՜:T#eѺ6 /W:uv?z0G$ħv`Iu@\X,rm P0i"@|$I$ak?2GYL][NF;ׅggga ܣܟd4wJK Wu)(׀? De0suX(\A5&mRʡe?[^ EEE=4U5T(O;uyȟ[]X\}sTEL(JwbƯCqTG(IG/$rH5*XtEOybhSؓ,u09<83i4/…MAn#,VTxzys]LT' }Lѩyn EgM7VDאʞNՒ 2UpcfJbCo[G7C C#t6jo#Fbѩ6~ !B鞱|P"jL\fgfQTs,~ d,C@hc_Ubӛ[cDo%~q_I WF;CN[N.z*:1. i@};\N$U@1˹5lވ1cٵyP BFk5Tm$.8] bWWl%!fg< 4=H*=J$Y.q]y3p)j>~jUU`8 o8竓v[(:X 2U4uW5(-4 &oc;T͇z<..D=U( KV8 6QP4) ;M9Kcj@-d 2=*Nnx55­S] w^Zi;/ܬ!6?B2<-Atc!&W(C|4r'9_H-Khg}тy|'0 PM\Ʃ' kߦP=pfLвI7]^C}/֫?Zg[^VN zyE'l4[siXO/]?Ořny*4|șg"OVVM2X?agh EyYNxP_ډ˹ }Qsr.#:Z wS2Cv[Bd<9gb rބ|(QܡA!t3]TcёJHR?ile4_`Lkx!_HqBAu(RrKϮDyl=vPoӰ0m_opbaOamR0E܄E @:7[wȺ;ggQN+DH-2طHYAxA;.'C;~,~vЧ2taT:A?tmN]LVk1 KλYHġb}[:0s-b71 Br}_k?J=Uc% {% r$ 1dNUItGLy+MMf1/4\L6#Q-0!\Ս 2-j2+윏cN5x*"!"I F~['36GaZ;BU 3f,؊NAV*ۥ2r !\R"iu a[6` q-r?9=9:f)HN3Y&Cvqd)57qRD~q32sa:||94nѢ濤g2A&]w5yQW ᵎЪ?HaO]cVg%k9D'thVGa[eoM=f%U8Q ݻlzR ]<͛P:b+ZN\ vC}FR}!kU,obf^O ֩;Ѡ?_6ɸ1Iu fb3##Q|]y&4n717=q 9 I4lNr "C-Яԗ~ bRRG〫-TbQv2P ((scVv*~uHNyXQ7M:Dp l$5E9Y x9Ka+oT\6F&bT#~5(%k| DZDGu>'s(0vn8p#32ɓd4Ÿ:gߛ"*k.x n:"5@a*ʫ]2bPVW˚ZvYyAσ6UߛQL}d/wLQdny6 ɩIf c RyemaR둻.ϥ3"|p魌aV>u 3mjY E՛Y)l$kܷDf[)2*wd8ihCaU陮 iFIq5W3P/GR~#\y ݂@d%OsfeKi@C!;7!nPy|ϼi{!-Җ)BɄidHc!Y+$DeއL1T~ơs &dkeDVP:(!8=Ƭ\)/u+5AGj3?fVFK,~XΠxuI\%P'QiY"8НR"}#~;$heh_6F4 ɭ1*Ygl `1`%X]{F:mOr߇YIrmԏ}!6s޷b$k7n @ Tfh`Wy)տ``tB+l&flT/St&n1:&Փ8k}]R28l]0?燮 NZiJ0Yöĥ:boy̓ID0* ,[éNx{r&*WzuB DrX5=?LS8'7>A)P'E'.5D$!S|2t mdVՕJN^cWR26Υ,J ׬ Z|*NHy.8im Od.6)`K)Ąf 02qmMMw U 9T/%bOKKqzt`KX_0_fhu>.~Sf=%~$D#EK|٭by|(Ptm!*)YN"ߑWF |; 3oK~{|sO /`UJ0 M<9hS7z4t.3lxxT Վh*}'!R%pbjE [,ӹPǏZF/7{uӪq wq' V2x<X\bcpLr\`|bTh-$ L:PPs4OI3z$"k=[S ƒLNG~Jm鼟.?̓x&G/92j7p\H)s%HuLB1E0:ΰp'"٧[/9VZ9 =6h{mQ}drU8zy^Ӈ! uٝye4>r˃}L.i= FUO0.tJƢGt{r gpzgjT3 *l|>fL$_lV>X/ptd@ntQ-F*Ƣe8I4 ;/}[iYu;e}'w`@5VcOfѶ%ۀm+Õ)esġq1]#6'ek_xTe,v/]$6Չ+29mm,TQ&W-ϨNE?iԧMՇC)LmFnEd ;{#fX`Sr` c A6 jSlJ9"宛pޚ٭MU4`?aFnֳ WLLNcXm9/_h-575t?Q9~9x)c>< tt~a lGyLNzwNx_8{1 {;4ѓ*lԈ0k+p KnfF*I1EtjpH Ve0Fı"z@9m# ~lRM4<>KWK $K8+셹E;?skו?apxj6"` N zwȗ Շ 8U$=!.MHQ< +1*"GTB0t=htfB=W phڱxUN, ]k$c,vRTR?-L;2qzL:o_Xef"oq_D9vؐI%|bOXԶEVS:RP0hV2*yzUu [NH496%,ʯ]%=*ԤOGd1vV", KC`2QrNؿ_U/71pG>KrE#C46;cxֳȨ>faDr)>CBr%.}WoÉ,Pd[GL|n/Qs(:Xz ~/7f{D>qL;X@y1 O;H~ =I<25aD+tUMZ[p YV.ƯȠqȵ$["[b .Z.j전߱y4i9P@EYI-r\@m%ZMuƭ` 5=d4Am3{.I0D #כ<uoKoz~;GZISLA)" < P*)oU`ёz֒V_t CWx=HWK&f0N1g !#liq5dmjm|=An iab:2J㧎2fǥl`֭-ahx@Ц, gC0O?Aq/QSG[4z FTjJË-ؕ9?Z w 17, ?ɘ)0 955db-+E5 %"H93A?#^͞4!X7 !OIaU)2OȔi>-35ՙApnFSjZv"Wmǎ|M'!5M /PMcqE 4iH-V$AŰsF_b ϻk WG*8xWZ6ZI[eyB)Jw93S"ZKj^Q(z\&ސ_!x_+u W'Uֹc܃m{cF :~wm'+] vz< _~1 1J7Ԡ֟C"VsY rq%ǐwE$uǓO397A'^;;)I{jk_O$vzfw1+aygw%S f+Sc놐w㥪z xɸi )5hH /! } ǐSҀq_8ldUWM}a-+oCFz.G D\$'nKhOpiq9= 󝎬87Õ f6j9 zR̼u즇ekegPj_Z 9iY-d)v*?~OyaSL>R#⻎X/.󮑜e+4WXx/_X?fO_Tc\|'@9DzL۽, "~Cj\[I&睃Y{Ȕ' I.WH((_"]5g]fKz}؂aP2b:9i9Zg0/Qc!Ny-$q[/&e٠c)?xʯ?wBoQw'f.㜾&|/̵:u#*00;{Z(.6zy"FP=RBK,>T"da DG'c7'&TP;ɒQf^Һ)žmqHoF$,l XbbF~*D3NUm~lyk҄$YS+%Ԑzve'SZ'Lެ*Uxc~'4TxҰZT{qax;p>-Zl mߦ]6Ϫrτ%RrBj y@u} b_Pi8UV>4TzMxYU~Vt'f[V2 1I`)[)䵂?-{]0"y;gr`lT0CꇴF~D ޸%/RGB -IƦE*Ln/4gF+1L qw 9[%OoDY-v"mU|9GY?7Fuvi};Y%GY I ^7}[ 6LեStǢ$Y] Q^{ c0=:46rMx- q%1Hͭ͞G%!Oebgڡ*0)8F"$WCލ̝fú] }3&?;<^VUtz3kHo׉i'XSJwWk] 3]ᔤM 1l쓔߅ ?Y,1) $yٛA;->-Ef`In6}n׍tJ"O}'6#F`w+gn(^ۺi&ӧo(͖w[ u[9Y &`(,k=JFzB\fUWI"c-Nw-IC}Cv~2bڷ;OH(O ٵ*$mpƣ9ÃR 'j/wD7p=P Du;~A|yFd%[򼆞$x_3ehx(}5aFk"U3*÷?}ReKYm|Ķ* D Fhck!ΦkzThYV׺LدjY`jD1u~ʳaC}&NMO̓w.{;`0i9/pd.6~IRAMLDU[g<~q.d% WB]x1!C)A)v))T#iLWP4FW!htҜc&2kcU5Iلx>!( @.Vx\z$Rȧo}0N~/dk Z*ރឰ+wPZOP}3x9~8SeaŎ(|\0_-1ex I"M"N1Pmc@^5O箇o~h/-QKJ#$R䜄moko ~}r%UĈ4]CḰ;Y2co]I+tu/bk$PMpj ֲ%4x⾸EwHf&hAg֦9 0ԀU@rR=twz_T>wCܣP 6:}B {،q3hdɚLQ+ e0u~eMV 6tt꧘og\_U>SzgJ/OqYSngWRPzcK){ ;H3V ٬[ƍp[2%"_qGYWJ/.Dr?j;$*W$2Kw)[Q#\ʅ\{ʘ\,!cbύ(| +! &|Y,zy`E+d#c =Qul"^0WϞմP'8B:t} }GI*ٯ<.z:gx35u ީlbH%e0JTk.`#LmT.NsbU6zAcBgz7pP\Z?8Z/"S:F)R GBmy4i(H7;gKz4!;ϻ\jx- 6﯐MjǙːBJn_^2)N"jRv}h7W.ݖ15%aӎb5"AF9ة>; 8U_␼N30;XɶIVs#`ziזQ_J bfmN: S46$ ~ WP;쳨ˎBs[QT:ubtUz6T /"085]<˔fU0o_LW[ _c5nS[[WŜiZiQ摐 y9s.@&G,C!^Y DsΪ8iI8G@~{pyAGdz1ݑI@Fwǀ:xF?o+׺Es:+pR~cé*t"Q@c8* c.{;2]jhvШv*0=>/{ˍ/KZ7Kf.χ<"E+N\G?1_E4ý0$ *},'7ڀ6Dbt3ue&9^y ((m9ȟ&S3QɉKtM(ZDEH*L&xh 4\b7@M!ȺxPR ( QIv  ^E-*hŢ`lB(u:ô6xWX%JEB:iHt)ӄ]*||H}hć}ĀB-BI NdKC:n`IbE^{&܌.eTgZɪ4/,TEFt xT+<@0:.55T. +Uœ{~JfΈ\KeEn]OUThso|h,IQ4߫K}HR#S;#:R WTH +O>"/z^E 2_C^ӑ[,`KC mMFمMj_=al#1M[9 ~K k\̉ ²".#Qwbhl s Z3ڃ-D+pZy9P_ sk@7ºY)Л=n|8^$Z \^_ ZE2PVr!r9i r&PS&{ɤ[bDCKHH/nh*yT{@s7 z3EK]!z9x⏶5Y@{aGxc(2X$S-Bb5Ui3>:$ mk[zx>E#.&\!pav0Z_Tď ̰Vm7 +Fwp/;QTGD~di_,ƥX:= k;|f~UJvF5 xrHNM H1*(ui~Z=h/w}+▩nO?ʼnVUQNB(/DO$BZ)zJG' y#|(ٍ:^%`vkedCo,>M,FK`RϢIיcMu/պ)';< 8]_=c(2vH~r\SSƕ84_7nz`a;$ng)ۋ/r9>CD̳'4Zv gPKð@'ʳjW,%=7e~ڛ៎un2 ѾEP*ΜTKvpCv =-H~]lT3ċ{=Vjϑw9Dw&] 1kZ@z9RPvl4Բz~Uv,dr ̛fУ'ݞ˭` 3lmTV)i + ߡy j-i!+c$͡e=̰Xv>8պ [c2}(h-'<fc.l_m<? kbybB̒{IMdI:[ŦCCwX}צ_yePaa8~)xwEHV9cK$֗ ' *`5NZXW7o:P4l{xϛҼl# lidɩ @BEy*5̶t?\12_}ū8"-d u?~2)OWks"8RFB/c{O]L[:KYKdN7KI!u:RMjS%F?..dRv ^#7xdJzT~YNM O+iDa6 @#hF+I[2N#m^v(c5P$^AQ Q_a.e.d a9݀~]c d(ߩFGk+6x"ibZ\l'ggAIY솀*q1Nr9\2:01)'W@ꭏ59@]-W,Đ\tv*X[qSm·K]NYC$] 1Ax%t}ʵ <[8c2QoN;\!Q*EoVb ~N.+#vϫi`|>Tᤜ5x{tSP+ ࣈfF53xVFi|˳N6u@?,,k~QxxNlNwUN~6MP=8`քSwd ^q2ú+@搸mN ]M w7We:T$usVB&8NVL9P[7HNW<]dʻa$N[5-0%D G@R+}>f$` SҞ\f `vB$r•0Q+Q D}ET|py$¸b2PVNrXF(egB-䃯m\BegZח$hl ށ8$%D)hX!r.5tv1@Q3b,Alkܭ񮈟Vt_s^sgDVָ^$Hfj%»QV5cX) am61{h #%H ׳#6Ami̯rࢣ&(f(صMjz>7Ek.ţKZ:[AASU +FmDL3[%y͞{n/'>M]{j; tAzdZBRfTzP/x1S6Y1<%h$&$R|gi(mdE;u[M)"ewr ՄBr?Y憚 #;&Zou0}DGꘙAAI1ow&4K^^QB; x/P3s$ɑTFẠ,R +kN+iU*R4'k%pojsvl1* ߺbȁ~h+ʔ7劢+\K?4{g<$meljw5B>5qM,4tÄXFF) vTy Z {9`D* xTͥ5jF > \z\8AF/bF'9Z_(L>k/>D$@yߙSZNQ"`ʨq6?ѓi)(c(@d^SiG|h0Ss^ܩÔ>F,&pi4Z +P12y|ZW `jhn>K.]u!8YTmifAOiHTΫ=h̰0$׾6Q~p2A@V-ZC+(_IJ%O1yX,W9ZcC)d ~<#`ma~4 א]a/y-U XωqluU%7wmbKŎy+uOd:G0>9a۱ݝÅ'`0PP!٤JPYT5_rS*:&y0r*Pɰױ@o~!0j;6}UrNd&^%AF=:aa:4ݪ5!F4/ Ǚhk.?{|H7>s XwXO̐_OXi ڎ*0ㄈ:=\5d!/ş%%꫚=,=A$- %|`Jz]i=2r`oPB>XkO5ۯ? 6 J7y O Ln侼8;iua=q Kp8r1LR7>:6^&2NM#pɊ1_ȴwrځz3]pfnRWs2{ic- `D0p/)"zߔ/ǿE~6$Z( B)q=* sȹ[i؞N SZl2%)RY,P⫈`z긷q.C_.fRpVO΃cl2'gk,C۷z"ʭ'tM0di> RijBiN&dIAIe+k# |KL r 4_'XjGE. ! ?{[q|a Fc}ѓ=j6ւ@nT{}A rqF%6̣V *MRq}8zz+AK&O[zs64 qw@7#Н/VNĈ }C#uضqK1:U *S鑘Փ'n6e*kk傁~dXt^q\X38N{RHV2(s9:Pq?a+wˠ;Sg_35.zPB.l{iZ%;Qa4li%e>Ƭb[pv6"u^͸SvjڰEP?*&,U{T!Yrބz2h("hno;9GjzU s,%*lAߣckѴ;#"E4q y[镡}Em^JQJ׎y/BJaĺ?e3o> (%X$8UZF[> \ nq)`1jNI=wsp~[+,0ư2VR!A7Rgzxj(l7 TD*Ns5dks׹/ၼK8u7=%c۰ *nao? `qP:#Q3|cj*g{$fP *8GgJI3$R_7x:n }q'+1O'artS l{ʫ30"b rDr -shk4Hw)ފԧ#`DqB0+gdy!Dwh<b:t 'UP΂υUt.vX"it8'*)`a^H콲$҆q6zhɭ*Sy0)zP[]']?ZH߿F7Ub̧d\R|zntr~_5s1EU*-V7b3,!oL*{NjϧB_( =^۳, M_Aoo8!( K7ͻN@Btĺ]Nna2%9DKc/RpZat qɔ>KP.aFa^XXʰFV=ăܾӉG$ ö**+>wgۻD{"O(9k}rz%CbPJQ]5\$fANʲ[$DEØ8/רe@ݵ@i>g " G#^[e.Y#ʳHf8`4K*EzX3]6?ߜU+9?%oj";d>,x?aSH9k~7UJ @|9ڼ|1#>x}xP_9,"9hD_h@^hŗMε|9 Y蛮Hv[0J[ޡuC v!;a_+jNv: ~BȷL_Nھ6#2;݉#l¹b\=U*ȅϬ8q@"hgdy*Yz{L 7v?Zgg:MnjV>Li,2-:" +zZi/FQ뮒p?xTТ'´nK9BJK}¦JnSTQMggJjPipqyý ulJk DpفH9]ݿc4E!؃fXnƂn,{͛>èhWdWK<.m s3GM?ۗebxtP:R$&YoZt"a) zpC slf$|=(&6B7Р> .SpOjkjPWfn$Ps/82O^:)tG&"XM֨6 2%= wdѹE\}& մ(s7*W:Dv(]}ߞ4IbyQ|&I&Y{œ?wvʷ*K3uO]&SD@K^ӄH-+x"6a5Pt fAE4G*H< r;zL lM|{5o%i=s;;\~h hU#7/Z-HYpmaib3ϼjX4 F VHvDZ;A/Kܪ͊ٴg㣈4(0Ogp{zOB>^·$17D8qWsΟSDYa萯sAX Ĩ δI1O\!דC:uLkYw[oDe_C뼮: uU~yut*aZ 5 E]ɺqSv3` [")WжC~ }  X%74> B9t9HKML/hԝe`w.0U#{@ TP  })Q'fiu1cs2 ~2[n-̈́맥(]94trT:N ܲb!ȋ,Lة8ɾ'B=9'c/"%v/4J=.ش EtD O󌴩kǶ# Mɛ( 1ԖHR'sgsљP{5ʰpH]xvg}l>ZDvE,|_؈dl24u+.EuT5U#H/֮=.͛C}~[BЍj4#GK71b{L>#P"{ŒKv_?f؁yu@'"-7:q'~akpI0ut(&k9ڱJF>zYp@y^1/?q]Q% QLF 9c},4x% Vz+:0)<NwLPjGͺ;ΛSTYt0Њ>[ B呖 cR)[VEQy.>~P᱄?jnOXxeA%FhOyͶL>(a"֭ܿ6)kI( Oe7@FO9BI/&Fw`Q3υ;ױ1't$ ([j[.bÀ@^Bn,TXyË,Jަ8 #b oe?Rl:ow(iMMWDDۤ3Nt$k%ewrq< d=!iQF9 >4& *y:1X?MB>dbsd/\$3<Շ'Bww({zoMln{VF,|"J^e]T 8GtRz9"&spZWwe-C׼!=U'hc~31#n=[G@m:_20gL۸ϼݿƬ(ϿWUfxC֞:@FsR5HW{5" 2^7H)BjEYBtuޅ6X/n.LI jRE%71q]V%c%ƙ$Η:9+T&rK YS\f$gh(޶/#^a-6!uϒ -X+~ C=X#3TZkm%69.2>} p͜A0bBg['̑WZr3JB.~`]z(\..mjtc|%q맅1i6ZJMiPճ_Wv)> \hI2wkin>Lrse? ʷs'M#ۊ#1ZƉS85gd}A˄ BBC'EVP8I}ĞQnzg8o "IU}b xɱS?h t\w)'PSa>޽B9IXԎ?9BƟe5^`O>Oc1n3Y'M'z%44,&i]I+oTYg:J!tB = рFkI4BN5bZ hN,sn RO4_}tі(rTX7 :nsY<.;н& ^[*"K~BŠ'e(X.?֝ҟE2ss/p8}ri&{HE nB;d󗪒{̥Kdd 4{X"T`OJgK- ^dq9^dž _2Mӱ]I63ҹX8kȞ] n|cqw~$4t-k1~/5h S:/<=so%+Tj?:`цӉvs+_\.gr+$.]6t W]1+}N[k1wev'3[=d9"hhlӈrQ(-]ldЖ̗Ue&pQBꥊɡDhoJ󬛾ܿOEIh@):k{IWu_鏅>JA@?Rҧc\xn bzwQl`[!]~v2G(Xa ᔖ`{(]V62EQԛ'β1 ٖVוi& s;RZv~XCm' $,?ӱ - S7 D*? *ft2|rm`,gϛtyBDeeCiI ʾkHZ3 - bcT@gpssI*`Nt=9` R@~;*yTzHq_bd{=G4wqO,c(}I&7t܀#nApR,:+eSnQ/B4CT~1?,MD9D=@oELZ{g:~E/\^3w4})FNS`dbNJmdke@l*2G D[&~r'bySkaЌCgVS ]orލvebu^2Yќeha愺Xw+7|ʳ|ζ3 oEVԫGG>8 Tkr̤AӳyOMXb /tgjixc{}#ߖq@&ռ|at$}#@Xâ*lB6;CƂ91%ϐea!y>C׸txQnThӴ_!ǩ 5(tΤ%%!S[*VF졑јSʡ jC < Qsf%(OǷ2W;1;֜4X\#xxl{0[㯳H3'y$ 7· i{+$u.Z|RLGJLX&4t rM|Y] a ;ncBp-&y۲wmTyyJmql˳PP;E;܋e)x5'G('3nE$ٱCU$!T{rM(9BOoU_|Lk[AǧS (qBjQ0ݮdk(O Z`>-ũ}ѐr?>1+ߧ)F27RZdկ}PdH)dcZ"ߧۧKi5RTF Qի=6 k}x!.Ar6wq"GQfd%Ѕ o?F%yWڀPo3AcFk-ѿO$px~HY2 暄[g +ԁCr CQ;BJēklʠtLčqVN38-C~m#fktu㣘`}i8֫[ X ܸJ񮵍I[녨3Ԭtzx%0$i:aLUpE$&nAc>NOZ 6Uxx)+of#x[#sZkH 7[>LWz' Pv4j UqGf͍o %7Xv)Kh伓ܘ|H{F$5[oe(\a[ _ƍ 2o^PˡӃ,[n`tU4/)^a~w6:5XښZJ)(~e)جFKA1@rf'@`$}CVI( ldڱOYmhޜu.smBIMQGۚuc\1Т{;.׬.:ڹ:ŏ?ͫuو_.^0tm^W:$ cFJurg%7mY$T&Sc3]ro755.l{hyU02Rá=?XYP{v3)XB$u=vnB3j0 }krƖ@:4R/Y#S2N8`RvFo}X6H>5("Z"7'P;Q< a,mHǞqF%Ƚ]Fub瑝v7lXu('_WB& o#oh\O:lڜf,`jqlH`Cwt d5-ԄY*osۛq,p@2ZmTVɴ_t-9Zgl)fi;# ot'=Sq# ill-/n !$+ZAp0'Luf=do|ފf|j(?)3ɳrQk @ՎJ)xϸN$=D@3ߢAS|K 5ǨWϹN,@5t$H=m)u3{'{xsf\ N4[qgބ,2p 3em``Jt 0yBo+'G~XDvG#䮗ی2s cgBv{WoY~*`R˘ в4(z 10,ۼBum!feݹngj:gAd 'q`CI' y(cuמT(s o:9Cy6R)U~-=#3 u֙C=CT yj=ݒ)j-7_t%8t|jd䍰FiN,)pZʢ{*0,(.Re)|t/ؽ[gmSQ˔+|~ vI=%)g 0THWz~1qk0[ W-]ٷF˻Jnkۻh_zx()pF{7pW2)jv8vZT} leP^tYFGpx[G+#b+G8h$oiδak)I6KK( Vڛi h=V@Zxnv_uJ .=/;a%*DzNomo˶\9\Z)n8b"7X;-Edj17\L:CE:{A\ s{M%v%HWs0,H{ v6a؜nsbm{LxcI;E˝@CxI]{KrlQc;\XrAX#L*y)a[O;kPTˁ }II)|fJyC)&w[Ӈfw"_hr rZ|S6a> pK]Y:KG>1Fg[ %:2M hldExF41yϚ)1"[ lU'9gRR -&1>I˾2zr(x,t"m^ȺتI&0xh]RG5К^re]rE8gu!z("ՙx)kܻ "f H@vNj+4& PjH;jԴԱy981صߺ:j7?wL̖cf@?=ɺ(sès `9LE%(=vP߰2%iAy7*c xG6ƏF,Hd */^l3>5$~ǀfp / 0sDKƥaM~~ײhGn׬`63BМ'(C2}\0G̰R]E?%.!'ezC銷^1a^h7}.XvUHjL%]a%t  [Hם 6IePXEj*sLy+~AiftIA+mɞ!2O߅.V_"Z|Q…3u5`Zu4s1m}tb~ "~0 9"b!m'Ϫ\¤`oĸ3dQO #w4tkk4D ¡T8Dܔ& %b# BMp*zy$GRn?4FFK8Z2FAe/F?"m"vd?rLȾi;Nxsbg𼤩lCc? D'ict1jPP6}RY'B{Oޤ"נֈM0SGvhK*m N^D(W}_~4^l)]/:brjaSs #ۥˋ4,/ (hz]V4VnKF+H\<ЇV{xעŤ@W$>Q;ӷ4۹|1<䷚˾^|ČMSWWy!<4wF)tD?Ew`Z1!ZZ Iw~o=1n+Hg;^oCql "7E.JMBu v(b80zg}aI10 sJk0%FRpN7K(^z'"9 G-݌ _1$(־CwuK<.oNJdsf!#Ý|ϑ_Miγn&(Ot9Cg-`<]6%Q2ϧ_@Xؗt8Qp))~udfY{W)F-˙7erj[TCn򳜜Kt (ka| xMY:R@փm{;4'#Y~^NFd(?~ |X3>Yp g)S~tT6I G̓e ]'CtB\7$l]$C~f~YEzdV#HZR)/,=PI8-s {tC!=KDyƁ䫄-`OSqOf>6rcj|]Ida 8d4:C<.Q$~asӳG8a2ڹC.>@KgWK" >I3K79]ոr],oA>^TAAGZ:F? St1xBHy5wֱ)D<~cW7+_㵐F- 2MwP9Z) E9!79|4[t׹J?ޫ$xNjsqfE&Vr8)wRorb#FYBg)4<,Q垥' `UEyxXi*ֱq!ȃX}mϬGH!mZfMZ=IDO*76IL]:.td~!s1Qa w5xʃV_i mGi'O]%IRVdˏp>WBCj++3sQ<:zg/@WU{|Fe܅?t]- uv5)fI'5aq4F>PJ<:r LD%[fx"Goы NfVE0{kyV4vÅ%߳ 9҆2FW҇]8`۪(b^hM~RF]Uʷ}M=5ҁEw NhJ=Wfhlyw$1 CV;qB[wb@  H@?iޞܫkQ"wCn&%.3n!@Ƨ;Ozv-ʄWo Fߖ|Z^|Y<@'ы?C 9ƒY)%'3^Qf゚!#*ɷ͗{9A"K ]_)< }1t+'ϗ6[ @){!}qOd7Ơ1!|`!2Ъdڇ&J&?U V#y?!yUb* H'h`R#Nwl5(z_5wˣv:8 i`'f&bH/'{G @t;Wx&%O1T0]$%(:7FV^2k$t'Dl1#M͑k}$t0!yT ojex9Gu,tXKƯ큺 3]`AZYD~4S IZ ٛt?<֭e眞>Qmo/-!$d);B8r|%:Y*nRh-}:7|]?. zD݈tMx[d"-) ]qzJ2RTX»H 6Ӛ F=QVewNm_=y{PuH~ޘѿYt{6bq%@BZ}79(PpnDQOl$g eraFxӳ-TIX:|&[M|CSMvE"p4V4"vCTcrSU\`(T}q^R8| (+ k;j/(fyf~LwX]>n5ԯE`.aN\r={S!,L }{O6M`?LoN*.܇/α7.EC:ӥ b.o*mTBD9k7CG0-+|҉9!7,H+uS8 4f3Hn2a ,U L '6t6}g`]=}! ~>kEaG$j[J%x[9%5p?;gż}s[Suن$i/s

k!}kU#gfBs_pE.|.DeRpi0|toq L-\5UMG"W(PahZ$5Y  VJ 2o/9d~|iDRS7' [\-+fR YS L8%ʌȌ2Z%z~{Fy,Bdn|i;K"Whp nF-1׏5$aoԓL&Was&f*Y®Y, _P<;_;uL .0W7ʬDDPvhg_7#;, g;Ѡ^ #~6@ ahr,4Q ߔ9izNh7S'4&. !m6l77$]ݼIbBOTQ>?MѨw;Tmըөɂ0GG{z6ddpN5ero1A43&\$ĨP|s@uC+njYl" eK;M^K "WZJU6ǮY'+~ZUeXX$"`Brl8]`x)|ͮqWHeѥg F!@+mkswBJ,]Њi1z5|1sD' " +5sj- (+nde(xڔK=Qc [|% 9R2]0 =956_ȴk -RK{jqGT<$aFxpy(Yve8bLȚ_#1Qd^zmAEՒXY :K܎>W"(%U٪ X#XSF̙F)EbyϨPS,z]xĽkf>@ΦTF8L&J\l[ #tkRK?a_0lkaC.8sԪ7+틚~J6q*>B4(H|*P,?,6ͧAET?E:pOO 0؄i16dk!2 J3 ؑ.]JR97oDt[)r4=bt]'սW(cb-q/$-?%qf'v}Tc߶-4&ᛔ0x{o s VBݓp/:];}>|P̣3uM)6NpC#'J4f liȑ+**=dܞ:PY>J4ƫ[gs%w FKf)RQڕf\Ohh ?*| Z+x1;n)!̆i G9&[Ti)?Bz?BVFO(ER,ؘ ._P]tQ/jH\p/C`90@Z! _UљFݓ6[ڧnTj*DfTA6kd*t IVl9T6ѐKC|Bp:-iT]DܓAmX$?jr],q6?>6jl\ݸWN1yb-OcYA915J,q}j9|Ə^wWg fY 㮠Y:9h[;,1`ÀXoۙ3 8s2rdv<+8`"׾B_XJ/ l.6[C^< hlC7nf(<4IY1 x)Jx@\pgLȺ`;MA.l{io 4 D}%CRg@%S%AwC*0=ԫ?qVkG&ulT=]*d`(MiNa g^ YZ