������samba-python3-4.15.13+git.710.7032820fcd-150400.3.34.2��������������������������������������������<���>�������,���������������������������������������������������`�����ep9|��ك���m9XO6_q^HXoUMcI�`>܅Diߴ6[șW=qr(�O�4�tA{DJm1C�o+k�1��bD/�W> e]�?�^��߳5�҄`��\�)�NιJ�ԓ
��MwH!V@&�z(^�4/��tB�@Os�MZ8buz ѱ쫂�@I[rPz�(�0ut�9V�RF/���>��������������������>��L���?������<�������d����������������������������������������������������+���������� ���9���������� ���Q�������������������������������������������������������������������������������������6��������������G���������� ���]��������������z���������������������������������������������������������0������ �������x������
���������������������P�������������{������
������}X����������������������������������������P������������������������������������������@����������������������������������(��������������8������$�������9������`�������:������k�������F�������������G������������H������x������I��������������X��������������Y��������������\��������������]������ ������^������(
�������b������+�������c������,R�������d������,�������e������,�������f������,�������l������,�������u������,������v������3���L���w������[������x������bd������y������h���z���z����������������������������������������������������������8����C�samba-python3�4.15.13+git.710.7032820fcd�150400.3.34.2�Samba Python3 libraries�The samba-python3 package contains the Python libraries needed by programs
that use SMB, RPC and other Samba provided protocols in Python3 programs.���eh04-armsrv1��r#SUSE Linux Enterprise 15�SUSE LLC �GPL-3.0-or-later�https://www.suse.com/�Development/Libraries/Python�https://www.samba.org/�linux�aarch64��������2z��
���`���h���h���[���:������������������!H���8�������8��4���/��P��H����A@��c8��
@�����Q0��-���I�����!����`��!`���������?P���P����1��
�����`��P��0���������������-��.x� ���7���P��o�� +��7��;��H���p�� ����������Sd��p���O����x��@���/���\��P��
���������������2������'���h��#v���*������Vx��
p��o��� ,�����.��������,��n��0-��W��6���M������`�����$��%D������9������
���8������&���S��e ��y���k��+�������ؔ����%���4��Q��[h����m��
N�����@���9���c�������/?���������$���E��l��]���������p���x��������
������
)���������0��H������/�������f���0���0��� ��
����'�� >���X�����!0������
H��`d���������h.�����a��3l�������|��������������3�����L����������)��
���������_���M��������������u��w��
������
m������M���;��I|���������X�����������e��
���������������1�������
j��~��@������C�� o��y���n�� ���(���������q��Q_�����9/��S������
��
������t��3��I���k���(��������
;��.��#������������}������#�� ��J�������WA�����i��B�������|������������ l�����6��&�������
��8g��(@��)1��c��u�����#����k��Z����a��},�������s��
���U��/g�����������#O���u���f�������K�������2���������F����������������Y�� *��
���P���L�� ������W��4O��"����U���������
����9�������S��1���Y�����/���b�������������@�������h��,��a�� ��
�������������L���������������R��?��T]�������������u������t��4w��*��m!���1����������,��1t��b2������~������}������������������������U����g��*4�����>��^��m��
>��
������#o���������Ke��%����������"����� N�������u��������3�������g��������0������N���i���j����������������������x���xA큤큤큤A큤큤A큤큤A큤큤A큤큤A큤A큤큤A큤큤큤큤A큤A큤A큤A큤A큤A큤A큤A큤A큤큤������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ee\reeee\re\re\reee\ree\reeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\re\re\re\re\reeeascabrero@suse.de�scabrero@suse.de�scabrero@suse.de�nopower@suse.com�nopower@suse.com�nopower@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�nopower@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�ddiss@suse.com�nopower@suse.com�dmulder@suse.com�dmulder@suse.com�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�dimstar@opensuse.org�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�nopower@suse.com�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�nopower@suse.com�scabrero@suse.de�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�scabrero@suse.de�scabrero@suse.de�nopower@suse.com�nopower@suse.com�nopower@suse.com�dmulder@suse.com�scabrero@suse.de�nopower@suse.com�ddiss@suse.com�nopower@suse.com�nopower@suse.com�jmcdonough@suse.com�nopower@suse.com�nopower@suse.com�jmcdonough@suse.com�nopower@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�nopower@suse.com�jmcdonough@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�nopower@suse.com�ddiss@suse.com�ddiss@suse.com�nopower@suse.com�nopower@suse.com�ddiss@suse.com�nopower@suse.com�dmulder@suse.com�dmulder@suse.com�ddiss@suse.com�scabrero@suse.de�dmulder@suse.com�ddiss@suse.com�nopower@suse.com�jengelh@inai.de�dmulder@suse.com�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�dmulder@suse.com�dmulder@suse.com�jmcdonough@suse.com�dmulder@suse.com�scabrero@suse.de�dmulder@suse.com�scabrero@suse.de�dmulder@suse.com�dmulder@suse.com�vcizek@suse.com�dmulder@suse.com�dmulder@suse.com�nopower@suse.com�scabrero@suse.de�jmcdonough@suse.com�scabrero@suse.de�aaptel@suse.com�jengelh@inai.de�dimstar@opensuse.org�dmulder@suse.com�jmcdonough@suse.com�david.mulder@suse.com�jmcdonough@suse.com�aaptel@suse.com�dmulder@suse.com�scabrero@suse.com�scabrero@suse.com�kukuk@suse.de�david.mulder@suse.com�scabrero@suse.com�rbrown@suse.com�dmulder@suse.com�scabrero@suse.com�dimstar@opensuse.org�scabrero@suse.com�aaptel@suse.com�nopower@suse.com�nopower@suse.com�aaptel@suse.com�ddiss@suse.com�dmulder@suse.com�ddiss@suse.com�dmulder@suse.com�ddiss@suse.com�ddiss@suse.com�nopower@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�dmulder@suse.com�nopower@suse.com�jmcdonough@suse.com�aaptel@suse.com�kukuk@suse.com�kukuk@suse.de�nopower@suse.com�aaptel@suse.com�dmulder@suse.com�ddiss@suse.com�dmulder@suse.com�ddiss@suse.com�jmcdonough@suse.com�nopower@suse.com�nopower@suse.com�nopower@suse.com�nopower@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�nopower@suse.com�nopower@suse.com�ddiss@suse.com�jmcdonough@suse.com�ddiss@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�nopower@suse.com�lmuelle@suse.com�lmuelle@suse.com�jmcdonough@suse.com�nopower@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�nopower@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�tchvatal@suse.com�lmuelle@suse.com�nopower@suse.com�crrodriguez@opensuse.org�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�noel.power@suse.com�ddiss@suse.com�ddiss@suse.com�lmuelle@suse.com�ddiss@suse.com�lmuelle@suse.com�lmuelle@suse.com�nopower@suse.com�ddiss@suse.com�ddiss@suse.com�lmuelle@suse.com�lmuelle@suse.com�ddiss@suse.com�lmuelle@suse.com�mpluskal@suse.com�lmuelle@suse.com�nopower@suse.de�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�lmuelle@suse.de�nopower@suse.de�lmuelle@suse.com�nopower@suse.de�ddiss@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�- Add "net offlinejoin composeodj" command; (bsc#1214076);�- CVE-2023-4091: samba: Client can truncate file with read-only
permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
"GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
(bsc#1215908); (bso#15424).�- Move libcluster-samba4.so from samba-libs to samba-client-libs;
(bsc#1213940);�- secure channel faulty since Windows 10/11 update 07/2023;
(bso#15418); (bsc#1213384).�- CVE-2022-2127: lm_resp_len not checked properly in
winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
(bso#15388); (bsc#1213171).�- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be
deleted by unprivileged authenticated users; (bso#15276);
(bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
be discovered; (bso#15270); (bsc#1209485).�- Prevent use after free of messaging_ctdb_fde_ev structs;
(bso#15293); (bsc#1207416).�- CVE-2022-38023 Additional patches for the PDC role's netlogon
server; (bso#15240); (bsc#1206504);�- CVE-2021-20251: samba: Bad password count not incremented
atomically; (bso#14611); (bsc#1206546).�- Update to 4.15.13
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237); (bsc#1205385);
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
possible against Samba AD DC; (bso#15231); (bsc#1205386);
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240); (bsc#1206504);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
* The KDC logic arround msDs-supportedEncryptionTypes differs
from Windows; (bso#13135);
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
(bso#15197);
- Adjust the systemd drop-in file for named service; (bsc#1201689);
* Paths are additive so do not repeat paths from named.service
* Prefix the samba DLZ directory with "-" to ignore this path
if it does not exists�- Install a systemd drop-in file for named service to allow
read/write access to the DLZ directory; (bsc#1201689);�- Update to 4.15.12
* CVE-2022-42898: samba: heimdal: Samba buffer overflow
vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
* Allow rebuild of Centos 8 images after move to vault for
Samba 4.15; (bso#15193).
* CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
(bso#15134); (bsc#1204254)�- Update to 4.15.10
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128);
(bsc#1200102).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Spotlight RPC service returns wrong response when Spotlight
is disabled on a share; (bso#15086).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)") at
../../lib/util/fault.c:197; (bso#15161).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* rpcclient can crash using setuserinfo(2); (bso#15124).
* Samba fails to build with glibc 2.36 caused by including
in libreplace; (bso#15132).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* samba-tool domain join segfault when joining a samba ad
domain; (bso#15078).
- Update to 4.15.9
* CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
* CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).�- CVE-2022-1615: Do not ignore errors in random number generation;
(bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
(bso#14833); (bsc#1202803);�- Fix Use after free when iterating
smbd_server_connection->connections after tree disconnect
failure; (bso#15128); (bsc#1200102).�- CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).�- Update to 4.15.8
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);�- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).�- Revert NIS support removal; (bsc#1199247);�- Use requires_eq macro to require the libldb2 version available at
samba-dsdb-modules build time; (bsc#1199362);�- Add missing samba-client requirement to samba-winbind package;
(bsc#1198255);�- Update to 4.15.7
* Share and server swapped in smbget password prompt; (bso#14831);
* Durable handles won't reconnect if the leased file is written
to; (bso#15022);
* rmdir silently fails if directory contains unreadable files and
hide unreadable is yes; (bso#15023);
* SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
on renamed file handle; (bso#15038);
* vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
(bso#14957);
* shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
(bso#15035);
* PAM Kerberos authentication incorrectly fails with a clock skew
error; (bso#15046);
* username map - samba erroneously applies unix group memberships
to user account entries; (bso#15041);
* NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
in SMBC_server_internal; (bso#14983);
* Simple bind doesn't work against an RODC (with non-preloaded users);
(bso#13879);
* Crash of winbind on RODC; (bso#14641);
* uncached logon on RODC always fails once; (bso#14865);
* KVNO off by 100000; (bso#14951);
* LDAP simple binds should honour "old password allowed period";
(bso#15001);
* wbinfo -a doesn't work reliable with upn names; (bso#15003);
* Simple bind doesn't work against an RODC (with non-preloaded
users); (bso#13879);
* Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
* Regression: create krb5 conf = yes doesn't work with a single KDC;
(bso#15016);�- Add provides to samba-client-libs package to fix upgrades from
previous versions; (bsc#1197995);�- Add missing samba-libs requirement to samba-winbind package;
(bsc#1198255);�- Update to 4.15.6
* Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
* Samba does not response STATUS_INVALID_PARAMETER when opening 2
objects with same lease key; (bso#14737);
* NT error code is not set when overwriting a file during rename
in libsmbclient; (bso#14938);
* Fix ldap simple bind with TLS auditing; (bso#14996);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674);
* Problem when winbind renews Kerberos; (bso#14979);
(bsc#1196224);
* pam_winbind will not allow gdm login if password about to
expire; (bso#8691);
* virusfilter_vfs_openat: Not scanned: Directory or special file;
(bso#14971);
* DFS fix for AIX broken; (bso#13631);
* Solaris and AIX acl modules: wrong function arguments;
(bso#14974);
* Function aixacl_sys_acl_get_file not declared / coredump;
(bso#7239);
* Regression: Samba 4.15.2 on macOS segfaults intermittently
during strcpy in tdbsam_getsampwnam; (bso#14900);
* Fix a use-after-free in SMB1 server; (bso#14989);
* smb2_signing_decrypt_pdu() may not decrypt with
gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
(bso#14968);
* Changing the machine password against an RODC likely destroys
the domain join; (bso#14984);
* authsam_make_user_info_dc() steals memory from its struct
ldb_message *msg argument; (bso#14993);
* Use Heimdal 8.0 (pre) rather than an earlier snapshot;
(bso#14995);
* Samba autorid fails to map AD users if id rangesize fits in the
id range only once; (bso#14967);�- Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files.�- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
(bsc#1080338).�- Fix ntlm authentications with "winbind use default domain = yes";
(bso#13126); (bsc#1173429); (bsc#1196308).�- Fix samba-ad-dc status warning notification message by disabling
systemd notifications in bgqd; (bsc#1195896); (bso#14947).�- libldb version mismatch in Samba dsdb component; (bsc#1118508);�- Update to 4.15.5
* CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
outside target of a symlink exists; (bso#14911);
(bsc#1193690).
* CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
module; (bso#14914); (bsc#1194859).
* CVE-2022-0336: Re-adding an SPN skips subsequent SPN
conflict checks; bso#14950); (bsc#1195048).�- CVE-2021-44141: Information leak via symlinks of existance of
files or directories outside of the exported share; (bso#14911);
(bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution; (bso#14914);
(bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
account can impersonate arbitrary services; (bso#14950);
(bsc#1195048);�- Update to 4.15.4
* Duplicate SMB file_ids leading to Windows client cache
poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication
using KDE/Gnome; (bso#14935);
* smbclient -L doesn't set "client max protocol" to NT1 before
calling the "Reconnecting with SMB1 for workgroup listing"
path; (bso#14939);
* Cross device copy of the crossrename module always fails;
(bso#14940);
* symlinkat function from VFS cap module always fails with an
error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* "smbd --build-options" no longer works without an smb.conf file;
(bso#14945);�- Use pkgconfig(krb5) as dependency for the -devel package: allow
OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
package has an automatic dependency due to linkage on
libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
requires samba-client-libs, which in turn requires krb5
libraries. Samba-libs itself has no need for krb5 (but get it
indirectly anyway).�- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these
public libraries changed its version (bsc#1192684). The devel
packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
- Update the symlink create by samba-dsdb-modules to private samba
ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
/usr/lib64/ldb2/modules/ldb/samba�- Update to 4.15.3
* Recursive directory delete with veto files is broken in 4.15.0;
(bso#14878);
* A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory;
(bso#14879);
* SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
uninitialized in rmdir_internals(); (bso#14892);
* MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
* The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token; (bso#14901); (bsc#1192849);
* User with multiple spaces (eg FredNurk) become
un-deletable; (bso#14902);
* Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
* smbXsrv_client_global record validation leads to crash if existing
record points at non-existing process; (bso#14882);
* Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
(bso#14890);
* Samba process doesn't log to logfile; (bso#14897);
* set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
triggers locking.tdb assert; (bso#14907);
* Kerberos authentication on standalone server in MIT realm broken;
(bso#14922);
* Segmentation fault when joining the domain; (bso#14923);
* Support for ROLE_IPA_DC is incomplete; (bso#14903);
* rpcclient cannot connect to ncacn_ip_tcp services anymore;
(bso#14767);
* winexe crashes since 4.15.0 after popt parsing; (bso#14893);
* net ads status -P broken in a clustered environment; (bso#14908);
* Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
smbd_smb2_ioctl_send; (bso#14788);
* winbindd doesn't start when "allow trusted domains" is off;
(bso#14899);
* smbclient login without password using '-N' fails with
NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883);
* A schannel client incorrectly detects a downgrade connecting to
an AES only server; (bso#14912);
* Possible null pointer dereference in winbind; (bso#14921);
* Fix -k legacy option for client tools like smbclient, rpcclient,
net, etc.; (bso#14846);
* Add Debian 11 CI bootstrap support; (bso#14872);
* Crash in recycle_unlink_internal(); (bso#14888);�- Fix dependency problem upgrading from libndr0 to libndr2 and
from libsamba-credentials0 to libsamba-credentials1;
(bsc#1192684);�- Fix regression introduced by CVE-2020-25717 patches, winbindd
does not start when 'allow trusted domains' is off; (bso#14899);
- Update to 4.15.2
* CVE-2016-2124: SMB1 client connections can be downgraded to
plaintext authentication; (bso#12444); (bsc#1014440);
* CVE-2020-25717: A user on the domain can become root on domain
members; (bso#14556); (bsc#1192284);
* CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
tickets issued by an RODC; (bso#14558); (bsc#1192246);
* CVE-2020-25719: Samba AD DC did not always rely on the SID and
PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
* CVE-2020-25721: Kerberos acceptors need easy access to stable
AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
* CVE-2020-25722: Samba AD DC did not do suffienct access and
conformance checking of data stored; (bso#14564);
(bsc#1192283);
* CVE-2021-3738: Use after free in Samba AD DC RPC server;
(bso#14468); (bsc#1192215);
* CVE-2021-23192: Subsequent DCE/RPC fragment injection
vulnerability; (bso#14875); (bsc#1192214);
- Update to 4.15.1
* vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
* Log clutter from filename_convert_internal; (bso#14685);
* MacOSX compilation fixes; (bso#14862);
* rodc_rwdc test flaps; (bso#14868);
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal; (bso#14642);
* Python ldb.msg_diff() memory handling failure; (bso#14836);
* "in" operator on ldb.Message is case sensitive; (bso#14845);
* Release LDB 2.4.1 for Samba 4.15.1; (bso#14848);
* samldb_krbtgtnumber_available() looks for incorrect string;
(bso#14854);
* Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871);
* Allow special chars like "@" in samAccountName when generating
the salt; (bso#14874);
* Correctly ignore comments in CTDB public addresses file;
(bso#14826);
* Fix transit path validation; (bso#12998);
* Fix that child winbindd logs to log.winbindd instead of
log.wb-; (bso#14852);
* SMB3 cancel requests should only include the MID together with
AsyncID when AES-128-GMAC is used; (bso#14855);
* Prepare to operate with MIT krb5 >= 1.20; (bso#14870);
* Heimdal prefers RC4 over AES for machine accounts; (bso#14864);�- Enable samba-tool without ad dc.�- Adjust spec to use pam macros; (bsc#1191046).�- Adjust spec for size
* allow some Recommends instead Requires to be configured
for cifs-utils, samba-libs-python3 & samba-gpupdate;
(bsc#1182847).
* remove fam, undocumented and unneeded.�- Add missing build dependency on bison when building with the
embedded Heimdal Kerberos�- Update to 4.15.0
* Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
* VFS layer modernized.
* Add the ability to set allow/deny lists for zone transfer clients
in Bind DLZ plugin
* Server multi-channel support no longer experimental
* Improved command line user experience, unifying the options in
different commands
* Winbindd no longer scans trusted domains on startup and will use
enterprise principals by default.
* The net utility is now able to support the offline domain join feature
* New options for 'samba-tool dns zoneoptions' for aging control
and to mark old records as static or dynamic
* DNS tombstones are now deleted as appropriate and use a consistent
timestamp format
* The 'samba-tool dns update' command validates and rejects now malformed
IPv4 and IPv6 addresses
* The 'samba-tool domain backup' command correctly takes out locks
against concurrent modification during backup when using the LMDB
backend
* TruACL support has been removed
* NIS support has been removed�- Fix 'net rpc' authentication when using the machine account;
(bsc#1189017); (bso#14796);�- Fix dependency problem upgrading from libndr0 to libndr1;
(bsc#1189875);
- Fix dependency problem upgrading from libsmbldap0 to libsmbldap2;
(bsc#1189875);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
to replication delay; (bsc#1188727);
- Add Certificate Auto Enrollment Policy; (jsc#SLE-18456).
- Update to 4.13.10
* s3: smbd: Ensure POSIX default ACL is mapped into returned
Windows ACL for directory handles; (bso#14708);
* Take a copy to make sure we don't reference free'd memory; (bso#14721);
* s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722);
* s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
change_file_owner_to_parent() error path; (bso#14736);
* samba-tool: Give better error information when the
'domain backup restore' fails with a duplicate SID; (bso#14575);
* smbd: Correctly initialize close timestamp fields; (bso#14714);
* Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740);
* ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
* gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750);
* smbXsrv_{open,session,tcon}: Protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752);
* samba-tool domain backup offline doesn't work against bind DLZ
backend; (bso#14027);
* netcmd: Use next_free_rid() function to calculate a SID for
restoring a backup; (bso#14669);
- Update to 4.13.9
* s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696);
* Add documentation for dsdb_group_audit and dsdb_group_json_audit
to "log level", synchronise "log level" in smb.conf with the code; (bso#14689);
* Fix smbd panic when two clients open same file; (bso#14672);
* Fix memory leak in the RPC server; (bso#14675);
* s3: smbd: Fix deferred renames; (bso#14679);
* s3-iremotewinspool: Set the per-request memory context; (bso#14675);
* rpc_server3: Fix a memleak for internal pipes; (bso#14675);
* third_party: Update socket_wrapper to version 1.3.2; (bso#11899);
* third_party: Update socket_wrapper to version 1.3.3; (bso#14639);
* idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
conflict; (bso#14663);
* Fix the build on OmniOS; (bso#14288);
- Update to 4.13.8
* CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571
- Update to 4.13.7
* Release with dependency on ldb version 2.2.1.�- CVE-2021-20254 Buffer overrun in sids_to_unixids();
(bnc#14571); (bsc#1184677).�- Fix offline domain backup not possible using lmdb version >= 0.9.26;
(bso#14676);
- Require libldb >= 2.2.1; (bsc#1183572); (bsc#1183574);
- Update to 4.13.6
* CVE-2020-27840: samba: Unauthenticated remote heap corruption
via bad DNs; (bso#14595); (bsc#1183572).
* CVE-2021-20277: samba: out of bounds read in ldb_handler_fold;
(bso#14655); (bsc#1183574).
- Update to 4.13.5
* s3:modules:vfs_virusfilter: Recent talloc changes cause infinite
start-up failure; (bso#14634);
* s3: libsmb: Add missing cli_tdis() in error path if encryption setup
failed on temp proxy connection; (bso#13992);
* smbd: In conn_force_tdis_done() when forcing a connection closed force
a full reload of services; (bso#14604);
* dbcheck: Check Deleted Objects and reduce noise in reports about
expired tombstones (bso#14593);
* s3: Fix fcntl waf configure check; (bso#14503);
* s3/auth: Implement "winbind:ignore domains"; (bso#14602);
* smbd: Use fsp->conn->session_info for the initial delete-on-close
token; (bso#14617);
* s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path;
(bso#14648);
* classicupgrade: Treat old never expires value right; (bso#14624);
* g_lock: Fix uninitalized variable reads; (bso#14636);
* s3:pysmbd: Fix fd leak in py_smbd_create_file(); (bso#13898);
* lib:util: Avoid free'ing our own pointer; (bso#14625);
* HEIMDAL: krb5_storage_free(NULL) should work; (bso#12505);�- Spec file fixes around systemd and requires; (bsc#1182830);
- Align systemd service unit files with upstream provided ones.�- Update to 4.13.4
* Work around special SMB2 IOCTL response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Temporary DFS share setup doesn't set case parameters in the same
way as a regular share definition does; (bso#14612);
* lib: Avoid declaring zero-length VLAs in various messaging functions;
(bso#14605);
* Do not create an empty DB when accessing a sam.ldb; (bso#14579);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Temporary DFS share setup doesn't set case parameters in the same way
as a regular share definition does; (bso#14612);
* vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
(bso#14607);
* The cache directory for the user gencache should be created recursively;
(bso#14601);
* Be more flexible with repository names in CentOS 8 test environments;
(bso#14594);�- Uninstalling samba-client: Failed to disable unit, cifs.service
does not exists; (bsc#1180388);�- Update to 4.13.3
+ libcli: smb2: Never print length if smb2_signing_key_valid() fails for
crypto blob; (bso#14210);
+ s3: modules: gluster. Fix the error I made in preventing talloc leaks
from a function; (bso#14486);
+ s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
via TALLOC_FREE(); (bso#14515);
+ s3: spoolss: Make parameters in call to user_ok_token() match all other
uses; (bso#14568);
+ s3: smbd: Quiet log messages from usershares for an unknown share;
(bso#14590);
+ samba process does not honor max log size; (bso#14248);
+ vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
(bso#14587);
+ s3-libads: Pass timeout to open_socket_out in ms; (bso#13124);
+ s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
+ smbclient: Fix recursive mget; (bso#14517);
+ clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
+ manpages/vfs_glusterfs: Mention silent skipping of write-behind
translator; (bso#14486);
+ vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573);
+ interface: Fix if_index is not parsed correctly; (bso#14514);�- Update to 4.13.2
+ s3: modules: vfs_glusterfs: Fix leak of char **lines onto
mem_ctx on return; (bso#14486);
+ RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
(bso#14471);
+ smb.conf.5: Add clarification how configuration changes reflected
by Samba; (bso#14538);
+ daemons: Report status to systemd even when running in foreground;
(bso#14552);
+ DNS Resolver: Support both dnspython before and after 2.0.0;
(bso#14553);
+ s3-vfs_glusterfs: Refuse connection when write-behind xlator is
present; (bso#14486);
+ provision: Add support for BIND 9.16.x; (bso#14487);
+ ctdb-common: Avoid aliasing errors during code optimization;
(bso#14537);
+ libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
+ docs: Fix default value of spoolss:architecture; (bso#14522);
+ winbind: Fix a memleak; (bso#14388);
+ s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
+ docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs; (bso#14486);
+ nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
+ vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
+ third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
+ examples:auth: Do not install example plugin; (bso#14550);
+ ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
+ RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
(bso#14471);�- Adjust smbcacls '--propagate-inheritance' feature to align with
upstream; (bsc#1178469).�- Update to samba 4.13.1
+ CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
easily crafted records; (bsc#1177613); (bso#14472);
+ CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994);
(bso#14436);
+ CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify;
(bsc#1173902); (bso#14434);
- Adjust systemd tmpfiles.d configuration, use /run/samba instead of
/var/run/samba; (bsc#1177355);�- Fix vfs_ceph query_directory regression; (bso#14519)
- Drop liburing-devel for SLE15-SP2; (bsc#1177245)�- Register CTDB recovery lock holder with ceph-mgr
- Add liburing-devel dependency�- Update to samba 4.13.0
+ Require Python 3.6
+ Move wide links functionality into VFS module
+ Deprecate NT4-like 'classic' Samba domain controllers
+ Deprecate SMBv1 only protocol options
+ Remove deprecated "ldap ssl ads" option
+ Unify asynchronous DCE-RPC server; (jsc#SES-645)
+ Replay multichannel lease break requests; (bso#11897); (jsc#SES-655)
+ Drop internal byteorder.h header from util-devel package
+ Remove final code for the AD DC LDAP backend
+ Add AD DC Group Policy Scripts
+ Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399)
+ Fix %U substitutions if it contains a domain name; (bso#14467)
+ Fix krb5.conf creation for 'net ads join'; (bso#14479)
+ Fix build problem if libbsd-dev is not installed; (bso#14482)
+ Toggle vfs_snapper using "--with-shared-modules"; (bso#14437)
+ Fix idmap_ad RFC4511 response handling; (bso#14465)
+ Fix panic in get_lease_type(); (bso#14428)�- Update to samba 4.11.13
+ CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
(bso#14497);
+ CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
"server require schannel:WORKSTATION$ = no" about unsecure configurations;
(bsc#1176579); (bso#14497);
+ CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
challenge; (bsc#1176579); (bso#14497);
+ CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
(bsc#1176579); (bso#14497);
- Update to samba 4.11.12
+ s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403);
+ dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work
on RHEL7; (bso#14424);
+ dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450);
+ lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL;
(bso#14426);
+ s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
+ lib/util: do not install "test_util_paths"; (bso#14370);
+ lib:util: Fix smbclient -l basename dir; (bso#14345);
+ s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
+ util: Allow symlinks in directory_create_or_exist; (bso#14166);
+ docs: Fix documentation for require_membership_of of pam_winbind;
(bso#14358);
+ s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal;
(bso#14425);�- Add obsoletes to libsmbldap2 package to fix upgrades from previous
versions; (bsc#1172810);�- Fix net command unable to negotiate SMB2; (bsc#1174120);�- Update to samba 4.11.11
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined; (bso#14364); (bsc#1173159]
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use
several seconds of CPU each; (bso#14378); (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV; (bso#14402); (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to
AD DC nbt_server; (bso#14417); (bsc#1173359).
- Update to samba 4.11.10
+ Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols in any file name;
(bso#14374).
+ vfs_shadow_copy2 doesn't fail case looking in
snapdirseverywhere mode; (bso#14350)
+ ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr;
(bso#14413).
+ Malicous SMB1 server can crash libsmbclient; (bso#14366)
+ winbindd: Fix a use-after-free when winbind clients exit;
(bso#14382)
+ ldb: Bump version to 2.0.11, LMDB databases can grow without
bounds. (bso#14330)
- Update to samba 4.11.9
+ nmblib: Avoid undefined behaviour in handle_name_ptrs();
(bso#14242).
+ 'samba-tool group' commands do not handle group names with
special chars correctly; (bso#14296).
+ smbd: avoid calling vfs_file_id_from_sbuf() if statinfo
is not valid; (bso#14237).
+ Missing check for DMAPI offline status in async DOS
attributes; (bso#14293).
+ smbd: Ignore set NTACL requests which contain
S-1-5-88 NFS ACEs; (bso#14307).
+ vfs_recycle: Prevent flooding the log if we're called on
non-existant paths; (bso#14316)
+ smbd mistakenly updates a file's write-time on close;
(bso#14320).
+ RPC handles cannot be differentiated in source3 RPC server;
(bso#14359).
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313).
+ nsswitch: Fix use-after-free causing segfault in
_pam_delete_cred; (bso#14327).
+ Fix fruit:time machine max size on arm; (bso#13622)
+ CTDB recovery corner cases can cause record resurrection
and node banning; (bso#14294).
+ ctdb: Fix a memleak; (bso#14348).
+ libsmb: Don't try to find posix stat info in SMBC_getatr().
+ ctdb-tcp: Move free of inbound queue to TCP restart;
(bso#14295); (bsc#1162680).
+ s3/librpc/crypto: Fix double free with unresolved
credential cache; (bso#14344); (bsc#1169095)
+ s3:libads: Fix ads_get_upn(); (bso#14336).
+ CTDB recovery corner cases can cause record resurrection
and node banning; (bso#14294)
+ Starting ctdb node that was powered off hard before
results in recovery loop; (bso#14295); (bsc#1162680).
+ ctdb-recoverd: Avoid dereferencing NULL rec->nodemap;
(bso#14324)
- Update to samba 4.11.8
+ CVE-2020-10700: Use-after-free in Samba AD DC LDAP
Server with ASQ; (bso#14331); (bsc#1169850);
+ CVE-2020-10704: LDAP Denial of Service (stack overflow)
in Samba AD DC; (bso#14334); (bsc#1169851);
- Update to samba 4.11.7
+ s3: lib: nmblib. Clean up and harden nmb packet
processing; (bso#14239).
+ s3: VFS: full_audit. Use system session_info if called
from a temporary share definition; (bso#14283)
+ dsdb: Correctly handle memory in objectclass_attrs;
(bso#14258).
+ ldb: version 2.0.9, Samba 4.11 and later give incorrect
results for SCOPE_ONE searches; (bso#14270)
+ auth: Fix CIDs 1458418 and 1458420 Null pointer
dereferences; (bso#14247).
+ smbd: Handle EINTR from open(2) properly; (bso#14285)
+ winbind member (source3) fails local SAM auth with empty
domain name; (bso#14247)
+ winbindd: Handling missing idmap in getgrgid(); (bso#14265).
+ lib:util: Log mkdir error on correct debug levels;
(bso#14253).
+ wafsamba: Do not use 'rU' as the 'U' is deprecated in
Python 3.9; (bso#14266).
+ ctdb-tcp: Make error handling for outbound connection
consistent; (bso#14274).
- Update to samba 4.11.6
+ pygpo: Use correct method flags; (bso#14209).
+ vfs_ceph_snapshots: Fix root relative path handling;
(bso#14216); (bsc#1141320).
+ Avoiding bad call flags with python 3.8, using METH_NOARGS
instead of zero; (bso#14209).
+ source4/utils/oLschema2ldif: Include stdint.h before
cmocka.h; (bso#14218).
+ docs-xml/winbindnssinfo: Clarify interaction with
idmap_ad etc; (bso#14122).
+ smbd: Fix the build with clang; (bso#14251).
+ upgradedns: Ensure lmdb lock files linked; (bso#14199).
+ s3: VFS: glusterfs: Reset nlinks for symlink entries during
readdir; (bso#14182).
+ smbc_stat() doesn't return the correct st_mode and also
the uid/gid is not filled (SMBv1) file; (bso#14101).
+ librpc: Fix string length checking in
ndr_pull_charset_to_null(); (bso#14219).
+ ctdb-scripts: Strip square brackets when gathering
connection info; (bso#14227).�- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);�- Installing: samba - samba-ad-dc.service does not exist and unit
not found; (bsc#1171437);�- Fix samba_winbind package is installing python3-base without
python3 package; (bsc#1169521);�- Require libldb2 >= 2.0.10 after security release.�- CVE-2020-10704: LDAP Denial of Service (stack overflow) in
Samba AD DC; (bso#14334); (bsc#1169851);
- CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with
ASQ; (bso#14331); (bsc#1169850);�- Fix smbclient crash with double free (with unresolved krb5
credential cache); (bso#14344); (bsc#1169095).�- Starting ctdb node that was powered off hard before results
in recovery loop; (bso#14295); (bsc#1162680).�- CTDB doesn't retry outgoing connections on bind (and some other)
failures; (bso#14274); (bsc#1162680).�- Revert: Allow idmap_rid to have primary group other than
"Domain Users"; (bsc#1087931).�- Fix nmbstatus not reporting detailed information about workgroups;
(bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);�- Update to samab 4.11.5
+ CVE-2019-14902: Replication of ACLs down subtree on
AD Directory is not automatic; (bso#12497); (bsc#1160850).
+ CVE-2019-19344: Fix server crash with
dns zone scavenging = yes; (bso#14050); (bsc#1160852).
+ CVE-2019-14907: server-side crash after charset conversion
failure (eg during NTLMSSP processing); (bso#14208);
(bsc#1160888).
- Update to samba 4.11.4
+ Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
(bso#14161).
+ Ensure we don't call cli_RNetShareEnum() on an SMB1
connection; (bso#14174).
+ NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx; (bso#14176).
+ SMB2 - Ensure we use the correct session_id if encrypting
an interim response; (bso#14189).
+ Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
+ printing: Fix %J substition; (bso#13745).
+ Remove now unneeded call to cmdline_messaging_context();
(bso#13925).
+ Fix incomplete conversion of former parametric options;
(bso#14069).
+ Fix sync dosmode fallback in async dosmode codepath;
(bso#14070).
+ vfs_fruit returns capped resource fork length; (bso#14171).
+ libnet_join: Add SPNs for additional-dns-hostnames entries;
(bso#14116).
+ smbd: Increase a debug level; (bso#14211).
+ Prevent azure ad connect from reporting discovery errors
reference-value-not-ldap-conformant; (bso#14153).
+ krb5_plugin: Fix developer build with newer heimdal system
library; (bso#14179).
+ replace: Only link libnsl and libsocket if required;
(bso#14168);
+ ctdb: Incoming queue can be orphaned causing communication;
breakdown; (bso#14175).
+ ldb: Release ldb 2.0.8. Cross-compile will not take
cross-answers or cross-execute; (bso#13846).
+ heimdal-build: Avoid hard-coded /usr/include/heimdal in
asn1_compile-generated code; (bso#13856).�- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).�- Update to samba 4.11.3
+ CVE-2019-14861: DNSServer RPC server crash, an authenticated user
can crash the DCE/RPC DNS management server by creating records
with matching the zone name; (bso#14138); (bsc#1158108).
+ CVE-2019-14870: DelegationNotAllowed not being enforced, the
DelegationNotAllowed Kerberos feature restriction was not being
applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC; (bso#14187); (bsc#1158109).�- CVE-2019-14861: DNSServer RPC server crash, an authenticated user
can crash the DCE/RPC DNS management server by creating records
with matching the zone name; (bso#14138); (bsc#1158108).
- CVE-2019-14870: DelegationNotAllowed not being enforced, the
DelegationNotAllowed Kerberos feature restriction was not being
applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC; (bso#14187); (bsc#1158109).�- Update to samba 4.11.2
+ CVE-2019-10218: Client code can return filenames containing
path separators; (bsc#1144902); (bso#14071).
+ CVE-2019-14833: Samba AD DC check password script does not
receive the full password; (bso#12438).
+ CVE-2019-14847: User with "get changes" permission can crash
AD DC LDAP server via dirsync; (bso#14040).
- Fixes from 4.11.1
+ Overlinking libreplace against librt and pthread against every
binary or library causes issues; (bso#14140);
+ kpasswd fails when built with MIT Kerberos; (bso#14155);
+ Fix spnego fallback from kerberos to ntlmssp in smbd server;
(bso#14106);
+ Stale file handle error when using mkstemp on a share; (bso#14137);
+ non-AES schannel broken; (bso#14134);
+ Joining Active Directory should not use SAMR to set the password;
(bso#13884);
+ smbclient can blunder into the SMB1 specific cli_RNetShareEnum()
call on an SMB2 connection; (bso#14152);
+ Deleted records can be resurrected during recovery; (bso#14147);
+ getpwnam and getpwuid need to return data for ID_TYPE_BOTH group;
(bso#14141);
+ winbind does not list forest trusts with additional trust
attributes; (bso#14130);
+ fault report points to outdated documentation; (bso#14139);
+ pam_winbind with krb5_auth or wbinfo -K doesn't work for users of
trusted domains/forests; (bso#14124);
+ classicupgrade results in uncaught exception - a bytes-like object
is required, not 'str'; (bso#14136);
+ pod2man is not longer required, stop checking at build time;
(bso#14131);
+ Exit code of ctdb nodestatus should not be influenced by deleted
nodes; (bso#14129);
+ username/password authentication doesn't work with CUPS and
smbspool; (bso#14128);
+ smbc_readdirplus() is incompatible with smbc_telldir() and
smbc_lseekdir(); (bso#14094);�- CVE-2019-14847: User with "get changes" permission can
crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598);
- CVE-2019-10218: Client code can return filenames containing path
separators; (bso#14071); (bsc#1144902);�- CVE-2019-14833: samba: Accent with "check script password"
Samba AD DC check password script does not receive the full
password; (bso#12438); (bsc#1154289).�- Update to samba 4.11.0
+ For details on all items see WHATSNEW.txt in samba-doc
package
+ Python2 runtime support removed; python 3.4 or later required
+ Security improvements:
- SMB1 disabled by default
- lanman and plaintext authentication deprecated
- winbind: PAM_AUTH and NTLM_AUTH events logged
- GnuTLS 3.2 required; system FIPS mode setting honored
+ CephFS Snapshot integration, exposed as previous file
versions
+ ctdb changes:
- onnode -o option removed
- ctdbd logs when using more than 90% of a CPU thread
- CTDB_MONITOR_SWAP_USAGE variable removed
+ AD Domain controller improvements:
- Upgrade AD databse format
- BIND9_FLATFILE deprecated
- default process model chagned to prefork
- bind9 dns operation duration logging
- Default schema updated to 2012_R2; function level is
unchanged
- many performance improvements
+ Configuration webserver support removed�- Fix broken username/password authentication with CUPS and
smbspool; (bsc#1152143); (bso#14128).�- Fix auth problems when printing via smbspool backend with kerberos;
(bnc#1148539); (bso#13832).�- Update to samba 4.10.8
+ CVE-2019-10197: user escape from share path definition;
(bso#14035); (bsc#1141267);�- Fix build on newer systems by modifying samba.spec to use
consistent non-relative paths for pammodules in configure line
and specification of pam_winbind.so library to package.�- Update to samba 4.10.7
+ Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module; (bso#14010).
+ build: Allow build when '--disable-gnutls' is set; (bso#13844)
+ samba-tool: Add 'import samba.drs_utils' to fsmo.py;
(bso#13973).
+ Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade; (bso#14008).
+ s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
+ join: Use a specific attribute order for the DsAddEntry
nTDSDSA object; (bso#14046).
+ vfs_catia: Pass stat info to synthetic_smb_fname();
(bso#14015).
+ lookup_name: Allow own domain lookup when flags == 0;
(bso#14091).
+ s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
(bso#13932).
+ DEBUGC and DEBUGADDC doesn't print into a class specific log
file; (bso#13915).
+ Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto"; (bso#13949).
+ dbcheck: Fallback to the default tombstoneLifetime of 180 days;
(bso#13967).
+ dnsProperty fails to decode values from older Windows versions;
(bso#13969).
+ samba-tool: Use only one LDAP modify for dns partition fsmo
role transfer; (bso#13973).
+ third_party: Update waf to version 2.0.17; (bso#13960).
+ netcmd: Allow 'drs replicate --local' to create partitions;
(bso#14051).
+ ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).�- CVE-2019-10197: user escape from share path definition;
(bso#14035); (bsc#1141267).�- Prepare for use future use of kernel keyrings, modify
/etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).�- Update samba-winbind script to work with systemd; (bsc#1132739);
- Drop samba dhcpcd hook scripts
- Update to samba 4.10.6
+ s3: winbind: Fix crash when invoking winbind idmap scripts;
(bso#13956).
+ smbd does not correctly parse arguments passed to dfree and quota
scripts; (bso#13964).
+ samba-tool dns: use bytes for inet_ntop; (bso#13965).
+ samba-tool domain provision: Fix --interactive module in python3;
(bso#13828).
+ ldb_kv: Skip @ records early in a search full scan; (bso#13893).
+ docs: Improve documentation of "lanman auth" and "ntlm auth"
connection; (bso#13981).
+ python/ntacls: Use correct "state directory" smb.conf option instead
of "state dir"; (bso#14002).
+ registry: Add a missing include; (bso#13840).
+ Fix SMB guest authentication; (bso#13944).
+ AppleDouble conversion breaks Resourceforks; (bso#13958).
+ vfs_fruit makes direct use of syscalls like mmap() and pread();
(bso#13968).
+ s3:mdssvc: Fix flex compilation error; (bso#13987).
+ s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872).
+ dsdb:samdb: schemainfo update with relax control; (bso#13799).
+ s3:util: Move static file_pload() function to lib/util; (bso#13964).
+ smbd: Fix a panic; (bso#13957).
+ ldap server: Generate correct referral schemes; (bso#12478).
+ s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value;
(bso#13941).
+ s4 dsdb: Fix use after free in samldb_rename_search_base_callback;
(bso#13942).
+ dsdb/repl: we need to replicate the whole schema before we can apply it;
(bso#12204).
+ ldb: Release ldb 1.5.5; (bso#12478).
+ Schema replication fails if link crosses chunk boundary backwards;
(bso#13713).
+ 'samba-tool domain schemaupgrade' uses relax control and skips the
schemaInfo update provision; (bso#13799).
+ dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)]
..."; (bso#13916).
+ python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to
get the ACL; (bso#13917).
+ s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary;
(bso#13947).
+ Using Kerberos credentials to print using spoolss doesn't work;
(bso#13939).
+ wafsamba: Use native waf timer; (bso#13998).
+ ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).�- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
+ CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
in DnssrvOperation2; (bso#13922); (bsc#1137815).
+ CVE-2019-12436 dsdb/paged_results: Ignore successful results
without messages; (bso#13951); (bsc#1137816).
- Update to samba-4.10.4
+ s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938).
+ py/provision: Fix for Python 2.6; (bso#13882).
+ netcmd: Fix 'passwordsettings --max-pwd-age' command;
(bso#13873).
+ s3-libnet_join: 'net ads join' to child domain fails when
using "-U admin@forestroot"; (bso#13861).
+ vfs_ceph: Explicitly enable libcephfs POSIX ACL support;
(bso#13896); (bsc#1130245).
+ vfs_ceph: Fix cephwrap_flistxattr() debug message;
(bso#13940); (bsc#1134697).
+ ctdb-common: Avoid race between fd and signal events;
(bso#13895).
+ ctdb-common: Fix memory leak in run_proc; (bso#13943).
+ lib: Initialize getline() arguments; (bso#13892).
+ winbind: Fix overlapping id ranges; (bco#13903).
+ lib util debug: Increase format buffer to 4KiB; (bso#13902).
+ nsswitch pam_winbind: Fix Asan use after free; (bso#13927).
+ s4 lib socket: Ensure address string owned by parent struct;
(bso#13929).
+ s3 rpc_client: Fix Asan stack use after scope; (bso#13936).
+ s3:smbd: Handle IO_REPARSE_TAG_DFS in
SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097).
+ smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344).
+ smb2_sesssetup: avoid STATUS_PENDING responses for session setup;
(bso#12845).
+ smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698).
+ smb2_sesssetup: avoid STATUS_PENDING responses for session
setup; (bso#13796).
+ dbcheck: Fix the err_empty_attribute() check; (bso#13843).
+ vfs_snapper: Drop unneeded fstat handler; (bso#13858).
+ vfs_default: Fix vfswrap_offload_write_send()
NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862).
+ smb2_server: Grant all 8192 credits to clients; (bso#13863).
+ smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling;
(bso#13919).
+ s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872).
+ s3: modules: ceph: Use current working directory instead of
share path; (bso#13918); (bsc#1134452).
+ winbind: Use domain name from lsa query for sid_to_name cache
entry; (bso#13831).
+ memcache: Increase size of default memcache to 512k;
(bso#13865).
+ docs: Update smbclient manpage for "--max-protocol";
(bso#13857).
+ s3:utils: If share is NULL in smbcacls, don't print it;
(bso#13937).
+ s3:smbspool: Fix regression printing with Kerberos credentials;
(bso#13939).
+ ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
which is incompatible with systemd; (bso#13860).
+ ctdb-daemon: Revert "We can not assume that just because we
could complete a TCP handshake"; (bso#13888).
+ ctdb-daemon: Never use 0 as a client ID; (bso#13930).
+ ctdb-common: Fix memory leak; (bso#13943).
+ s3:debug: Enable logging for early startup failures;
(bso#13904)
- Update to samba-4.10.3
+ CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
checksum; (bso#13685); (bsc#1134024).�- CVE-2019-12435: zone operations can crash rpc server;
(bso#13922); (bsc#1137815).�- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
- Add ceph_snapshots VFS module; (jsc#SES-183).�- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).�- Update to samba-4.10.2:
+ CVE-2019-3870 (World writable files in
Samba AD DC private/ dir); (bso#13834).
+ CVE-2019-3880 (Save registry file outside share as
unprivileged user); (bso#13851).
+ py/kcc_utils: py2.6 compatibility; (bso#13837).
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
(bso#13869).
+ regfio: Improve handling of malformed registry hive files;
(bso#13840).
+ ctdb-version: Simplify version string usage; (bso#13789).
+ lib: Make fd_load work for non-regular files; (bso#13859).
+ dbcheck: in the middle of the tombstone garbage collection
causes replication failures,
dbcheck: add --selftest-check-expired-tombstones cmdline
option; (bso#13816).
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854).
+ acl_read: Fix regression for empty lists; (bso#13836).
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
+ s3:client: Fix printing via smbspool backend with kerberos
auth; (bso#13832).
+ s4:librpc: Fix installation of Samba; (bso#13847).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
(bso#13793).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:waf: Fix the detection of makdev() macro on Linux;
(bso#13853).
* ctdb-build: Drop creation of .distversion in tarball;
(bso#13789).
* ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838).
- Update to samba-4.10.1:
+ py/kcc_utils: py2.6 compatibility; (bso#13837);
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
+ regfio: Improve handling of malformed registry hive files; (bso#13840);
+ ctdb-version: Simplify version string usage; (bso#13789);
+ lib: Make fd_load work for non-regular files; (bso#13859);
+ dbcheck in the middle of the tombstone garbage collection causes
replication failures, dbcheck: add --selftest-check-expired-tombstones
cmdline option; (bso#13816);
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854);
+ acl_read: Fix regression for empty lists; (bso#13836);
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
+ s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
+ s4:librpc: Fix installation of Samba; (bso#13847);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
+ ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
+ ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
+ s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s4/scripting/bin: Open unicode files with utf8 encoding and write
+ unicode string.
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
+ passdb: Update ABI to 0.27.2.
+ lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
+ lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);�- MacOS credit accounting breaks with async SESSION SETUP;
(bsc#1125601); (bso#13796).
- Mac OS X SMB2 implmenetation sees Input/output error or Resource
temporarily unavailable and drops connection; (bso#13698)�- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).�- CVE-2019-3880: Save registry file outside share as unprivileged
user; (bso#13851); (bsc#1131060 ).�- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0);
(bso#13834); (bsc#1130703);�- Update to samba-4.9.5
+ audit_logging: Remove debug log header and JSON Authentication:
prefix; (bso#13714);
+ Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760);
+ s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso#
CID: 1433607; (bso#11495);
+ smbd: uid: Don't crash if 'force group' is added to an existing
share connection; (bso#13690);
+ s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
code; (bso#13770);
+ s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803);
+ s3:utils/smbget fix recursive download with empty source
directories; (bso#13199);
+ samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716);
+ s3:libsmb: cli_smb2_list() can sometimes fail initially on a
connection; (bso#13736);
+ join: Throw CommandError instead of Exception for simple errors; (bso#13747);
+ ldb: Avoid inefficient one-level searches; (bso#13762);
+ s3: libsmb: use smb2cli_conn_max_trans_size() in
cli_smb2_list(); (bso#13736);
+ tldap: Avoid use after free errors; (bso#13776);
+ Fix idmap xid2sid cache churn; (bso#13802);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s3-smbd: Avoid assuming fsp is always intact after close_file
call; (bso#13720);
+ s3-vfs-fruit: Add close call; (bso#13725);
+ s3-smbd: Use fruit:model string for mDNS registration; (bso#13746);
+ s3-vfs: add glusterfs_fuse vfs module; (bso#13774);
+ printing: Check lp_load_printers() prior to pcap cache update; (bso#13766);
+ vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
ftruncate and fallocate; (bso#13807);
+ lib/audit_logging: Actually create talloc; (bso#13737);
+ netcmd/user: python[3]-gpgme unsupported and replaced by
python[3]-gpg; (bso#13728);
+ dns: Changing onelevel search for wildcard to subtree; (bso#13738);
+ samba-tool: Don't print backtrace on simple DNS errors; (bso#13721);
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ ctdb: Print locks latency in machinereadable stats; (bso#13742);
+ messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786);
+ audit_logging: auth_json_audit required auth_json; (bso#13715);
+ man pages: Document prefork process model; (bso#13765);
+ CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773);
+ s3:auth: ignore create_builtin_guests() failing without a valid
idmap configuration; (bso#13697);
+ s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
without trusts; (bso#13722);
+ s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
is not available; (bso#13723);
+ s4:server: Add support for 'smbcontrol samba shutdown' and
'smbcontrol debug/debuglevel'; (bso#13752);
+ Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616);
+ vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330);
+ s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774);
+ notifyd: Fix SIGBUS on sparc; (bso#13704);
+ waf: Check for libnscd; (bso#13787);
+ s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770);
+ lib/util: Count a trailing line that doesn't end in a newline; (bso#13717);
+ Recovery lock bug fixes; (bso#13800);
+ s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726);
+ s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727);
+ vfs_fileid: Fix get_connectpath_ino; (bso#13741);
+ vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);�- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).�- Fix update-apparmor-samba-profile script after apparmor switched
to using named profiles. The change is backwards compatible;
(bsc#1126377);�- LoadParm().load_default() fails with "Unable to load default file";
(bsc#1089758);�- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);�- Update to samba-4.9.4
+ libcli/smb: Don't overwrite status code; (bso#9175).
+ wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
+ Session setup reauth fails to sign response; (bso#13661).
+ vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
+ vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing; (bso#13688).
+ Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
+ CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
+ s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
+ PEP8: fix E231: missing whitespace after ','.
+ winbindd: Fix crash when taking profiles;(bso#13629)
+ CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression; (bso#13600)
+ 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
+ CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
+ lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
+ ctdb-daemon: Exit with error if a database directory does not
exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498).�- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.�- Remove python2 build dependency from samba-libs; (bsc#1116900);�- Update update-apparmor-samba-profile script to ignore the shares's
paths containing substitution variables in any place, not only at the
beginning of the path.�- Update to samba-4.9.3
+ CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server; (bso#13600); (bsc#1116319);
+ CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
(bsc#1116320);
+ CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
(bso#13674); (bsc#1116322);
+ CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
(bso#13669); (bsc#1116321);
+ CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported); (bso#13678); (bsc#1116324);
+ CVE-2018-16857: Bad password count in AD DC not always effective;
window; (bso#13683); (bsc#1116323);�- Update to samba-4.9.2
+ dsdb: Add comments explaining the limitations of our current backlink
behaviour; (bso#13418);
+ Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
+ testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
(bso#13465);
+ Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
+ File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
+ Enabling vfs_fruit looses FinderInfo; (bso#13649);
+ Cancelling of SMB2 aio reads and writes returns wrong error
NT_STATUS_INTERNAL_ERROR; (bso#13667);
+ Fix CTDB recovery record resurrection from inactive nodes and simplify
vacuuming; (bso#13641);
+ examples: Fix the smb2mount build; (bso#13465);
+ libtevent: Fix build due to missing open_memstream on Illiumos;
(bso#13629);
+ winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
+ dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
(bso#13653);
+ Extended DN SID component missing for member after switching group
membership; (bso#13418);
+ Return STATUS_SESSION_EXPIRED error encrypted, if the request was
encrypted; (bso#13624);
+ python: Allow forced signing via smb.SMB(); (bso#13621);
+ lib:socket: If returning early, set ifaces; (bso#13665);
+ ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
encoded unicode; (bso#13616);
+ smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
(bso#13673);
+ waf: Add -fstack-clash-protection; (bso#13601);
+ winbind: Fix segfault if an invalid passdb backend is configured;
(bso#13668);
+ Fix bugs in CTDB event handling; (bso#13659);
+ Misbehaving nodes are sometimes not banned; (bso#13670);�- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);�- winbind requires latest version of libtevent-util0 to start�- Backport latest gpo code from master
+ Read policy from local gpt cache
+ Offline policy application
+ Make group policy extensible via register/unregister gpext
+ gpext's run via a process_group_policy method�- Enable profiling data collection�- Change samba-kdc package name to samba-ad-dc
- Move samba-ad-dc.service to the samba-ad-dc package�- Update to samba-4.9.1
+ s3: nmbd: Stop nmbd network announce storm; (bso#13620);
+ s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds;
(bso#13597);
+ CTDB recovery lock has some race conditions; (bso#13617);
+ s3-rpc_client: Advertise Windows 7 client info; (bso#13597);
+ ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);�- Tumbleweed doesn't define the sle_version macro, so we must
include a check for suse_version also. Otherwise python3 is
disabled on Tumbleweed.�- Update to samba-4.9.0
+ samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
needed; (bso#13605);
+ wafsamba: Fix 'make -j'; (bso#13606);�- Update to samba-4.9.0rc5
+ s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
returns absolute pathnames; (bso#13565);
+ s3: util: Do not take over stderr when there is no log file; (bso#13578);
+ Durable Reconnect fails because cookie.allow_reconnect is not
set; (bso#13549);
+ krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
+ vfs_fruit: Don't unlink the main file; (bso#13441);
+ smbd: Fix a memleak in async search ask sharemode; (bso#13602);
+ Fix Samba GPO issue when Trust is enabled; (bso#11517);
+ samba-tool: Add "virtualKerberosSalt" attribute to
'user getpassword/syncpasswords'; (bso#13539);
+ Fix CTDB configuration issues; (bso#13589);
+ ctdbd logs an error until it can successfully connect to
eventd; (bso#13592);�- Update to samba-4.9.0rc4
+ s3: smbd: Ensure get_real_filename() copes with empty
pathnames; (bso#13585);
+ samba domain backup online/rename commands force user to specify
password on CLI; (bso#13566);
+ wafsamba/samba_abi: Always hide ABI symbols which must be
local; (bso#13579);
+ Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
+ Fix memory and resource leaks; (bso#13567);
+ python: Fix print in dns_invalid.py; (bso#13580);
+ Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
+ Fix CTDB configuration issues; (bso#13589);
+ s3: vfs: time_audit: fix handling of token_blob in
smb_time_audit_offload_read_recv(); (bso#13568);�- Add missing zlib-devel dependency which was previously pulled in
by libopenssl-devel�- Update to samba-4.9.0rc3+git.22.3fff23ae36e
+ CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers; (bso#13453);
+ CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
+ CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user; (bso#13552);
+ CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches; (bso#13434);
+ ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
+ CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth"; (bso#13360);
+ s3-tldap: do not install test_tldap; (bso#13529);
+ ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
+ CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr(); (bso#13374);
+ ctdb-eventd: Fix CID 1438155; (bso#13554);
+ Fix CIDs 1438243, (Unchecked return value) 1438244
(Unsigned compared against 0), 1438245 (Dereference before null check) and
1438246 (Unchecked return value); (bso#13553);
+ ctdb: Fix a cut&paste error; (bso#13554);
+ systemd: Only start smb when network interfaces are up; (bso#13559);
+ Fix quotas don't work with SMB2; (bso#13553);
+ s3/smbd: Ensure quota code is only called when quota support
detected; (bso#13563);
+ s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
+ s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
+ Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);�- Update to samba-4.9.0rc2+git.21.a1069afb007
+ s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
+ s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
(bso#13535);
+ samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
+ s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
+ Fix portability issues on freebsd; (bso#13520);
+ DNS wildcard search does not handle multiple labels correctly; (bso#13536);
+ samba-tool domain trust: Fix trust compatibility to Windows
Server 1709 and FreeIPA; (bso#13308);
+ Fix portability issues on freebsd; (bso#13520);
+ ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
+ ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
option; (bso#13546);
+ ctdb-doc: Provide an example script for migrating old
configuration; (bso#13550);
+ ctdb-event: Implement event tool "script list" command; (bso#13551);�- Update to samba-4.8.4+git.37.a7a861d7982;
+ CVE-2018-1139: Weak authentication protocol allowed;
(bsc#1095048); (bsc#13360);
+ CVE-2018-1140: Denial of Service Attack on DNS and LDAP server;
(bsc#1095056); (bso#13466); (bso#13374);
+ CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient; (bsc#1103411); (bso#13453);
+ CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
(bsc#1103414); (bso#13552);
+ CVE-2018-10919: Confidential attribute disclosure from the AD
LDAP server; (bsc#1095057); (bso#13434);
+ s3:winbind: winbind normalize names' doesn't work for users;
(bso#12851);
+ winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
+ s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
+ samdb: Fix building Samba with gcc 8.1; (bso#13437);
+ s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440);
+ smbd: Flush dfree memcache on service reload; (bso#13446);
+ ldb: Save a copy of the index result before calling the
+ lib/util: No Backtrace given by Samba's AD DC by default;
(bso#13454).
+ s3: smbd: printing: Re-implement delete-on-close semantics for
print files missing since 3.5.x; (bso#13457).
+ python: Fix talloc frame use in make_simple_acl(); (bso#13474).
+ krb5_wrap: Fix keep_old_entries logic for older Kerberos
libraries;(bso#13478).
+ krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
(bso#13480).�- Add missing package descriptions; (bsc#1093864);
- Fix dependency issue between samba-python and samba-kdc; (bsc#1062876);
- Call update-apparmor-samba-profile when running samba-ad-dc;
(bsc#1092099);�- Update to 4.8.2
+ After update to 4.8.0 DC failed with "Failed to find our own
NTDS Settings objectGUID" (bso#13335).
+ fix incorrect reporting of stream dos attributes on a
directory (bso#13380).
+ vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412).
+ vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425)
+ vfs_ceph: Fix memory leak; (bso#13424).
+ libsmbclient: Fix hard-coded connection error return of
ETIMEDOUT; (bso#13419).
+ s4-lsa: Fix use-after-free in LSA server; (bso#13420).
+ winbindd: Do re-connect if the RPC call fails in the passdb
case; (bso#13430).
+ cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416).
+ cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
unclean process shutdown; (bso#13414).
+ ctdb-client: Remove ununsed functions from old client code;
(bso#13411).
+ printing: Return the same error code as windows does on upload
failures; (bso#13395).
+ nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
privileged pipe is not accessable; (bso#13400).
+ s4:lsa_lookup: remove TALLOC_FREE(state) after all
dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420).
+ rpc_server: Fix NetSessEnum with stale sessions; (bso#13407).
+ s3:smbspool: Fix cmdline argument handling; (bso#13417).�- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
we don't own it here; (bso#13244);
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
support fdopendir(); (bso#13270);
+ Round-tripping ACL get/set through vfs_fruit will increase the number of
ACE entries without limit; (bso#13319);
+ s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
issues; (bso#13347);
+ s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
delete access; (bso#13358);
+ s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
+ s3: smbd: Unix extensions attempts to change wrong field in fchown call;
(bso#13375);
+ ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
(bso#13337);
+ Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ winbindd: Recover loss of netlogon secure channel in case the peer DC is
rebooted; (bso#13332);
+ s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
+ ctdb-client: Fix bugs in client code; (bso#13356);
+ ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
(bso#13359);
+ s3: lib: messages: Don't use the result of sec_init() before calling
sec_init(); (bso#13368);
+ libads: Fix the build '--without-ads'; (bso#13273);
+ winbind: Keep "force_reauth" in invalidate_cm_connection, add
'smbcontrol disconnect-dc'; (bso#13332);
+ vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
+ dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
+ rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
+ smbclient: Fix notify; (bso#13382);
+ Fix smbd panic if the client-supplied channel sequence number wraps;
(bso#13215);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ lib/util: Remove unused '#include ' from tests/tfork.c;
(bso#13342);
+ Fix build errors with cc from developerstudio 12.5 on Solaris;
(bso#13343);
+ Fix the picky-developer build on FreeBSD 11; (bso#13344);
+ s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
+ lib:replace: Fix linking when libtirpc-devel overwrites system headers;
(bso#13341);
+ winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
query; (bso#13312);
+ s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
+ Allow AESNI to be used on all processor supporting AESNI; (bso#13302);�- Use new foreground execution flags for systemd samba daemons;
(bsc#1088574); (bsc#1071090); (bsc#1065551);
+ Add %post scriptlet to clear old sysconfig flags
- Update vendor-files to commit 880b3e7.
+ Set samba sysconfig template variables to ""
+ Add required daemon flags directly to systemd unit�- Specfile cleanup
+ Remove %if..%endif guards which don't affect the build
+ Remove redundant %clean section
+ Replace old $RPM_* shell vars with macros�- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in
place of systemd and systemd-devel: Allow OBS to optimize the
workload by allowing the usage of the 'build-optimized' systemd
packages.�- Enable building samba with python3, and create a samba-python3 package.�- Update to 4.8
+ New GUID Index mode in sam.ldb for the AD DC
+ GPO support for samba KDC
+ Time machine support with vfs_fruit
+ Encrypted secrets
+ AD Replication visualization
+ Improved trust support
- ability to not scan global trust list
- AD external trusts have limited support
- verbose trusted domain listing
+ VirusFilter VFS module
+ NT4-style replication removed
+ vfs_aio_linux removed�- Disable samba-pidl package, due to the removal of dependency
perl-Parse-Yapp; (bsc#1085150);�- Update to 4.7.6;
+ CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
(bso#11343); (bsc#1081741);
+ CVE-2018-1057: Authenticated users can change other users' password;
(bso#13272); (bsc#1081024).�- Disable python until full python3 port is done; (bsc#1082139);
+ Remove contents of package samba-python
+ Remove contents of package libsamba-policy0
+ Remove contents of package libsamba-policy-devel
+ Remove library libsamba-python-samba4.so from samba-libs package
+ Remove library libsamba-net-samba4.so from samba-libs package
+ Remove smbtorture binary and manpage from samba-test�- samba fails to build with glibc2.27; (bsc#1081042);�- Update to 4.7.5; (bsc#1080545);
+ smbd tries to release not leased oplock during oplock II downgrade;
(bso#13193);
+ Fix copying file with empty FinderInfo from Windows client to Samba share
with fruit; (bso#13181);
+ build: Deal with recent glibc sunrpc header removal; (bso#10976);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
(bsc#1075206);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ ctdb-recovery-helper: Deregister message handler in error paths;
(bso#13188);
+ samba: Only use async signal-safe functions in signal handler; (bso#13240);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ repl_meta_data: Fix linked attribute corruption on databases
with unsorted links on expunge. dbcheck: Add functionality to fix the
corrupt database; (bso#13228);
+ Fix smbd panic when chdir returns error during exit; (bso#13189);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
(bso#13176);�- Update to 4.7.4; (bsc#1080545);
+ s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
+ s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv(); (bso#13171);
+ s3: libsmb: Fix reversing of oldname/newname paths when creating a
reparse point symlink on Windows from smbclient; (bso#13172);
+ Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
+ repl_meta_data: Allow delete of an object with dangling backlinks;
(bso#13095);
+ s4:samba: Fix default to be running samba as a deamon; (bso#13129);
+ Performance regression in DNS server with introduction of DNS wildcard,
ldb: Release 1.2.3; (bso#13191);
+ vfs_zfsacl: Fix compilation error; (bso#6133);
+ "smb encrypt" setting changes are not fully applied until full smbd
restart; (bso#13051);
+ winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
+ vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
+ winbindd: Dependency on trusted-domain list in winbindd in critical auth
codepath; (bso#13173);
+ repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
+ ctdb: sock_daemon leaks memory; (bso#13153);
+ TCP tickles not getting synchronised on CTDB restart; (bso#13154);
+ winbindd: winbind parent and child share a ctdb connection; (bso#13150);
+ pthreadpool: Fix deadlock; (bso#13170);
+ pthreadpool: Fix starvation after fork; (bso#13179);
+ messaging: Always register the unique id; (bso#13180);
+ s4/smbd: set the process group; (bso#13129);
+ Fix broken linked attribute handling; (bso#13095);
+ The KDC on an RWDC doesn't send error replies in some situations;
(bso#13132);
+ libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
+ g_lock conflict detection broken when processing stale entries;
(bso#13195);
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
sessions; (bso#13197);
+ s3:libads: net ads keytab list fails with "Key table name malformed";
(bso#13166); (bsc#1067700);
+ Fix crash in pthreadpool thread after failure from pthread_create;
(bso#13170);
+ s4:samba: Allow samba daemon to run in foreground; (bso#13129);
(bsc#1065551);
+ third_party: Link the aesni-intel library with "-z noexecstack";
(bso#13174);
+ vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
options; (bso#13125);�- Re-enable usage of libnsl (did got lost with glibc change)
- Use TI-RPC (sunrpc is deprecated and will be removed soon from
glibc)�- smbc_opendir should not return EEXIST with invalid login credentials;
(bnc#1065868).�- Update to 4.7.3; (bsc#1069666);
+ Non-smbd processes using kernel oplocks can hang smbd;
(bso#13121);
+ python: use communicate to fix Popen deadlock; (bso#13127);
+ smbd on disk file corruption bug under heavy threaded load;
(bso#13130);
+ tevent: version 0.9.34; (bso#13130);
+ s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
+ CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
(bsc#1060427);(bso#13041);
+ CVE-2017-15275: s3: smbd: Chain code can return uninitialized
memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.�- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)�- samba-tool requires samba-python; (bnc#1067771).�- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
+ Fix exporting subdirs with shadow_copy2; (bso#13091);
+ Currently if getwd() fails after a chdir(), we panic; (bso#13027);
+ Ensure default SMB_VFS_GETWD() call can't return a partially completed
struct smb_filename; (bso#13068);
+ sys_getwd() can leak memory or possibly return the wrong errno on older
systems; (bso#13069);
+ smbclient doesn't correctly canonicalize all local names before use;
(bso#13093);
+ Fix broken linked attribute handling; (bso#13095);
+ Missing LDAP query escapes in DNS rpc server; (bso#12994);
+ Link to -lbsd when building replace.c by hand; (bso#13087);
+ Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
(bso#6133);
+ Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
(bso#7909);
+ Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
(bso#7933);
+ Missing assignment in sl_pack_float; (bso#12991);
+ Wrong Samba access checks when changing DOS attributes; (bso#12995);
+ samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
+ groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
+ Enabling vfs_fruit results in loss of Finder tags and other xattrs;
(bso#13076);
+ man pages: Properly ident lists; (bso#9613);
+ smb.conf.5: Sort parameters alphabetically; (bso#13081);
+ Fix GUID string format on GetPrinter info; (bso#12993);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ CTDB starts consuming memory if there are dead nodes in the cluster;
(bso#13056);
+ ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
+ libgpo doesn't sort the GPOs in the correct order; (bso#13046);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ vfs_catia: Fix a potential memleak; (bso#13090);
+ Fix file change notification for renames; (bso#12903);
+ Samba DNS server does not honour wildcards; (bso#12952);
+ Can't change password in samba from a Windows client if Samba runs on
IPv6 only interface; (bso#13079);
+ vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
+ Apple client can't cope with SMB2 async replies when creating symlinks;
(bso#13047);
+ s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
+ Fix ntstatus_gen.h generation on 32bit; (bso#13099);
+ Fix a double free in vfs_gluster_getwd(); (bso#13100);
+ Fix resouce leaks and pointer issues; (bso#13101);
+ vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);�- Add samba-kdc to baselibs.conf.
- Do not wrap samba-kdc's package definition into if/endif: the
package won't be generated simply based on the fact that there is
no files section for the package. Allows the source validator to
ensure samba-kdc is a built package.�- Update to 4.7.0;
+ Whole DB read locks: Improved LDAP and replication consistency;
(bso#12858).
+ Samba AD with MIT Kerberos
+ Dynamic RPC port range: Default range changed from "1024-1300" to
"49152-65535".
+ Authentication and Authorization audit support: New auth_audit debug
class.
+ Multi-process LDAP Server: The LDAP server in the AD DC now honours
the process model used for the rest of the 'samba' process.
+ Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
+ Additional password hashes stored in supplementalCredentials.
+ Improvements to DNS during Active Directory domain join.
+ Significant AD performance and replication improvements.
+ Query record for open file or directory.
+ Removal of lpcfg_register_defaults_hook().
+ Change of loadable module interface.
+ SHA256 LDAPS Certificates: The self-signed certificate generated for use
on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
self-signature.
+ CTDB no longer allows mixed minor versions in a cluster.
+ CTDB now ignores hints from Samba about TDB flags when attaching to
databases.
+ New configuration variable CTDB_NFS_CHECKS_DIR.
+ The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
+ The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
+ The example NFS Ganesha call-out has been improved.
+ A new "replicated" database type is available.�- CVE-2017-12163: Prevent client short SMB1 write from
writing server memory to file; (bso#13020); (bsc#1058624).�- CVE-2017-12150: Some code path don't enforce smb signing,
when they should; (bso#12997); (bsc#1058622).�- CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects; (bso#12996); (bsc#1058565).�- Clean specfile assuming SUSE-only system and product >=SLE11
+ %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version}
are always undefined
+ %{_vendor} is "suse" and %{suse_version} is at least 1100�- Update to 4.6.7; (bsc#1054017)
+ Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392).
+ smbcacls can fail against a directory on Windows using SMB2.; (bso#12937).
+ vfs_ceph provides inconsistent directory listings; (bso#12911).
+ Misused talloc context can cause a user to crash their smbd by chaining
SMB1 commands.; (bso#12836).
+ Use-after free can crash libsmbclient code.; (bso#12927).
+ Server exit with active AIO can crash.; (bso#12925).
+ Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910).
+ fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs;
(bso#12898).
+ vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897).
+ smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for
authentication; (bso#12886).
+ finder sidebar showing question mark instead of icon when using ip to
connect with vfs_fruit; (bso#12840).
+ Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes
from AD.; (bso#12720).
+ KCC run at selftest startup can fail spuriously due to a race;
(bso#12869).
+ winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for
the remote change; (bso#12782).
+ rpc_pipe_client memory leaks due to long term memory context passed to
rpc_pipe_open_interface(); (bso#12890).
+ CVE-2017-2619 breaks accessing previous versions of directories with
snapshots in subdirectories of the share; (bso#12885).
+ dns_name_equal doing OOB read; (bso#12813).
+ replica_sync tests flap; (bso#12753).
+ Selftest should not call 'net cache flush' and wipe important winbind
entries; (bso#12868).
+ Old Samba versions don't support using recent ldb versions (>=1.1.30);
(bso#12859).
+ pam_winbind fails with kerberos method = secrets and keytab; (bso#10490).
+ race starting winbindd against posixacl test; (bso#12843).
+ Crash in the reentrant smbd_smb2_create_send() if the something fails in
the subsequent try; (bso#12832).
+ spnego.c passes the wrong argument order to gensec_update_ev() for the
FALLBACK case; (bso#12788).
+ Clients with SMB3 support can't connect with
"server max protocol = SMB2_02"; (bso#12772).
+ A log message of samb-tool user syncpasswords reverses string arguments in
a debug message "Call Popen[...".; (bso#12768).
+ The smb tarmode tests kills the share dir contents; (bso#12867).
+ Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862).
+ CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860).
+ manpage/index.html lists links not in alphabetical order; (bso#12854).
+ smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831).
+ If a record is locked in a database, then recovery does not complete;
(bso#12857).
+ debug_locks.sh script does not log any information; (bso#12856).
+ SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport
after error; (bso#12852).
+ smbclient can't parse DOMAIN+username if a different winbind separator is
used; (bso#12849).
+ Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845).
+ Related requests with TreeConnect fail with NETWORK_NAME_DELETED;
(bso#12844).
+ cli->server_os not filled correctly; (bso#12779).
+ REGRESSION: smbclient doesn't print the session setup anymore;
(bso#12824).
+ smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for
FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808).
+ CTDB NFS call-out failures do not cause event failures; (bso#12837).
+ net command fails due to incorrectly return code; (bso#12828).
+ Fix building Samba with GCC 7.1; (bso#12827).�- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again;
(bsc#1048339).�- fix cephwrap_chdir(); (bsc#1048790).
- Update to 4.6.6
+ CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation;
(bsc#1048278).�- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).�- Fix inconsistent ctdb socket path; (bsc#1048352).
- Fix non-admin cephx authentication; (bsc#1048387).�- Update to 4.6.5; (bsc#1040157)
+ Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
startup; (bso#12814).
+ vfs_expand_msdfs tries to open the remote address as a file path;
(bso#12687).
+ PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
(bso#12798).
+ With clustering get update_num_read_oplocks failed and PANIC:
num_share_modes == 1 assertion failure; (bso#11844).
+ contend_level2_oplocks_begin_default oplock optimisation doesn't carry
over to leases; (bso#12766).
+ `ctdb nodestatus` incorrectly displays status for all nodes with wrong
exit code; (bso#12802).
+ CTDB can spin hard on revoking readonly delegations if a node becomes
disconnected; (bso#12697).
+ Printing a share mode entry with leases can crash in the ndr code;
(bso#12793).
+ Fix flakey unit tests for eventd; (bso#12792).
+ CTDB daemon crashes if built with clang; (bso#12770).
+ smbcacls fails if no password is specified; (bso#12765).
+ idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
+ samba-tool user syncpasswords doesn't trigger the script when a user gets
removed; (bso#12767).
+ systemd: fix detection of libsystemd; (bso#12764).
+ Notify subsystem only maps first inotify mask to Windows notify filter;
(bso#12760).
+ Allow passing trusted domain password as plain-text to PASSDB layer;
(bso#12751).
+ Can't case-rename files with vfs_fruit; (bso#12749).
+ wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
+ vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562).
+ Ordering of notify responses broken; (bso#12756).�- s3: libsmb: Fix error where short name length was read as 2
bytes, should be 1; (bso#11822); (bsc#1042419).�- Revert explicit winbind %{version}-%{release} dependency.
+ The ABI has stabilized since (bsc#936909), so remove to fix cross-media
dependencies; (bsc#1037899).�- Fix CVE-2017-7494 remote code execution from a writable share;
(bso#12780); (bsc#1038231).�- Update to 4.6.3; (bsc#1036011)
+ s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
from shares with GlusterFS backend; (bso#12743).
+ Fix for Solaris C compiler; (bso#12559).
+ s3: locking: Update oplock optimization for the leases era; (bso#12628).
+ Make the Solaris C compiler happy; (bso#12693).
+ s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes; (bso#12695).
+ Fix buffer overflow caused by wrong use of getgroups; (bso#12747).
+ lib: debug: Avoid negative array access; (bso#12746).
+ cleanupdb: Fix a memory read error; (bso#12748).
+ streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY; (bso#7537).
+ winbindd: idmap_autorid allocates ids for unknown SIDs from other
backends; (bso#11961).
+ vfs_fruit: Resource fork open request with
flags=O_CREAT|O_RDONLY; (bso#12565).
+ manpages/vfs_fruit: Document global options; (bso#12615).
+ lib/pthreadpool: Fix a memory leak; (bso#12624).
+ Lookup-domain for well-known SIDs on a DC; (bso#12727).
+ winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728).
+ winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729).
+ credentials_krb5: use gss_acquire_cred for client-side GSSAPI
use case; (bso#12611).
+ lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690).
+ ctdb-readonly: Avoid a tight loop waiting for revoke to
complete; (bso#12697).
+ ctdb_event monitor command crashes if event is not specified;
(bso#12723).
+ ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733).
+ smbd: Fix smb1 findfirst with DFS; (bso#12558).
+ smbd: Do an early exit on negprot failure; (bso#12610).
+ winbindd: Fix substitution for 'template homedir'; (bso#12699).
+ s4:kdc: Disable principal based autodetected referral detection;
(bso#12554).
+ idmap_autorid: Allocate new domain range if the callers knows
the sid is valid; (bso#12613).
+ LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724).
+ PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
trusted domain; (bso#12725).
+ rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731).
+ winbindd: Fix password policy for pam authentication; (bso#12725).
+ s3:gse: Correctly handle external trusts with MIT; (bso#12554).
+ auth/credentials: Always set the realm if we set the principal
from the ccache; (bso#12611).
+ replace: Include sysmacros.h; (bso#12686).
+ s3:vfs_expand_msdfs: Do not open the remote address as a file;
(bso#12687).
+ s3:libsmb: Only print error message if kerberos use is forced;
(bso#12704).
+ winbindd: Child process crashes when kerberos-authenticating
a user with wrong password; (bso#12708).
+ vfs_fruit: Office document opens as read-only on macOS due to
CNID semantics; (bso#12715).
+ vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
fragmented; (bso#12737).�- Generate and update vendor-files tarball from Git
+ SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).�- Generate source tarball directly from Git using OBS tar_scm
+ use version string derived from parent Git tag and commit hash
- remove obsolete vendor-files/tools/package-data version ID
+ explicitly generate ctdb manpages, needed without "make dist"�- Update to 4.6.2
+ remove bso#12721 patches now upstream�- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
+ x86-64 and aarch64�- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).�- Build and install the html man pages (bsc#1021907).�- Fix CVE-2017-2619 regression with "follow symlinks = no";
(bso#12721).�- Update to 4.6.1
+ symlink race permits opening files outside share directory;
CVE-2017-2619; (bso#12496); (bsc#1027147)
+ testparm checks for valid idmap parameters
+ add new krb client encryption types
+ support for printer driver upload from windows 10
+ inherit owner = 'unix only' for improved quota support
+ improved CTDB event support
+ new primary group support for idmap_ad
+ idmap_hash deprecated
+ mvxattr added to recursively rename extended attributes�- Remove chkconfig requirements for systemd systems�- Don't call insserv if systemd is used�- Fix check if we need to require insserv�- async_req: make async_connect_send() "reentrant";
(bso#12105); (bsc#1024416).�- Force usage of ncurses6-config thru NCURSES_CONFIG env var;
(bsc#1023847).�- add missing patch for libnss_wins segfault; (bsc#995730).�- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).�- Document "winbind: ignore domains" parameter; (bsc#1019416).�- Add base Samba dependency to samba-ceph package.�- Update to 4.5.3
+ Heap-based Buffer Overflow Remote Code Execution Vulnerability;
CVE-2016-2123; (bso#12409); (bsc#1014437).
+ Don't send delegated credentials to all servers; CVE-2016-2125;
(bso#12445); (bsc#1014441).
+ denial of service due to a client triggered crash in the winbindd
parent process; CVE-2016-2126; (bso#12446); (bsc#1014442).
- 4.5.1 and 4.5.2 updates
+ various streams vfs fixes
+ various printing fixes
+ ntlm_auth: do not map explicitly empty domain
+ various stability fixes in smbd
+ match file compression ReFS behavior�- Add missing ldb module directory; (bnc#1012092).�- s3/client: obey 'disable netbios' smb.conf param, don't
connect via NBT port; (bsc#1009085); (bso#12418).�- Include vfstest in samba-test; (bsc#1001203).�- s3/winbindd: using default domain with user@domain.com format
fails; (bsc#997833).�- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).�- Update to 4.5.0
+ NTLM1 Authentication disabled by default
+ SMB2.1 leases enabled by default
+ Support for OFD locks
+ ctdb tool rewritten
+ Added shadow copy snapshot prefix parameter�- Fix illegal memory access after memory has been deleted;
(bso#11836); (bsc#975299).�- Prevent core, make sure response->extra_data.data is always
cleared out; (bsc#993692).�- Don't package man pages for VFS modules that aren't built;
(boo#993707).�- Fix population of ctdb sysconfig after source merge; (bsc#981566).�- Enable vfs_ceph builds for Factory (x86-64)
+ Package as samba-ceph to avoid Ceph dependency in base package.�- Update to 4.4.5
+ Prevent client-side SMB2 signing downgrade; CVE-2016-2119;
(bso#11860); (bsc#986869).�- Remove obsolete syslog.target; (bsc#983938).�- Honor smb.conf socket options in winbind; (bsc#975131).�- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).�- Update to 4.4.4
+ SMB3 multichannel: Add implementation of missing channel sequence
number verification; (bso#11809).
+ smbd:close: Only remove kernel share modes if they had been
taken at open; (bso#11919).
+ notifyd: Prevent NULL deref segfault in notifyd_peer_destructor;
(bso#11930).
+ s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796).
+ Fix case sensitivity issues over SMB2 or above; (bso#11438).
+ s3:smbd: Fix anonymous authentication if signing is mandatory.
(bso#11910)
+ Fix NTLM Authentication issue with squid; (bso#11914).
+ pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530).
+ Fix memory leak in share mode locking; (bso#11934).�- Update to 4.4.3
+ Various post-badlock regressions; (bso#11841); (bso#11850);
(bso#11858); (bso#11870); (bso#11872).
+ Only allow idmap_hash for default idmap config (bso#11786).
+ smbd: Avoid large reads beyond EOF; (bso#11878).
+ vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set; (bso#11806).
+ libads: Record session expiry for spnego sasl binds; (bso#11852).�- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849);
(bsc#975962); (bsc#979268), (bsc#977669).�- Revert shared library packaging to comply with SLPP�- Update to 4.4.2
+ A man-in-the-middle can downgrade NTLMSSP authentication;
CVE-2016-2110; (bso#11688); (bsc#973031).
+ Domain controller netlogon member computer can be spoofed;
CVE-2016-2111; (bso#11749); (bsc#973032).
+ LDAP conenctions vulnerable to downgrade and MITM attack;
CVE-2016-2112; (bso#11644); (bsc#973033).
+ TLS certificate validation missing; CVE-2016-2113; (bso#11752);
(bsc#973034).
+ Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
(bso#11756); (bsc#973036).
+ "Badlock" DCERPC impersonation of authenticated account possible;
CVE-2016-2118; (bso#11804); (bsc#971965).
+ DCERPC server and client vulnerable to DOS and MITM attacks;
CVE-2015-5370; (bso#11344); (bsc#936862).�- Fix samba.tests.messaging test and prevent potential tdb corruption
by removing obsolete now invalid tdb_close call; (bsc#974629).�- Obsolete libsmbclient from libsmbclient0 while not providing it;
(bsc#972197).�- Update to 4.4.0.
+ Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
CVE-2016-0771.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; (bso#11648); CVE-2015-7560.
+ Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
with no ACL support; (bso#10489).
+ docs: Add example for domain logins to smbspool man page; (bso#11643).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
+ winbindd: Return trust parameters when listing trusts; (bso#11691).
+ ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
+ Crypto.Cipher.ARC4 is not available on some platforms, fallback to
M2Crypto.RC4.RC4 then; (bso#11699).
+ s3:utils/smbget: Set default blocksize; (bso#11700).
+ Streamline 'smbget' options with the rest of the Samba utils; (bso#11700).
+ s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
+ ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719).
+ lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
+ smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
+ smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ docs: Add manpage for cifsdd; (bso#11730).
+ param: Fix str_list_v3 to accept ; again; (bso#11732).
+ lib/socket: Fix improper use of default interface speed; (bso#11734).
+ lib:socket: Fix CID 1350009: Fix illegal memory accesses
(BUFFER_SIZE_WARNING); (bso#11735).
+ libcli: Fix debug message, print sid string for new_ace trustee;
(bso#11738).
+ Fix installation path of Samba helper binaries; (bso#11739).
+ Fix memory leak in loadparm; (bso#11740).
+ tevent: version 0.9.28: Fix memory leak when old signal action restored;
(bso#11742).
+ smbd: Ignore SVHDX create context; (bso#11753).
+ Fix net join; (bso#11755).
+ s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
(bso#11755).
+ passdb: Add linefeed to debug message; (bso#11763).
+ s3:utils/smbget: Fix option parsing; (bso#11767).
+ libnet: Make Kerberos domain join site-aware; (bso#11769).
+ Reset TCP Connections during IP failover; (bso#11770).
+ ldb: Version 1.1.26; (bso#11772).
+ s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
+ vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
+ mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
+ "trustdom_list_done: Got invalid trustdom response" message should be
avoided; (bso#11782).
+ Mismatch between local and remote attribute ids lets replication fail with
custom schema; (bso#11783).
+ Quota is not supported on Solaris 10; (bso#11788).
+ Talloc: Version 2.1.6; (bso#11789).
+ smbd: Enable multi-channel if 'server multi channel support = yes' in the
config; (bso#11796).
+ build: Fix build when '--without-quota' specified; (bso#11798).
+ lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
+ Access based share enum: handle permission set in configuration files;
(bso#8093).
+ See also WHATSNEW.txt from the samba-doc package.�- Update to 4.3.6.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; CVE-2015-7560; (bso#11648); (bsc#968222).
+ Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
(bso#11128); (bso#11686); (bsc#968223).�- Upgrade on-disk FSRVP server state to new version; (bsc#924519).�- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).�- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).�- Obsolete no longer existing samba-32bit package; (bsc#967625).�- Update to 4.3.5.
+ s3:utils/smbget: Fix recursive download; (bso#6482).
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
with no ACL support; (bso#10489).
+ s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
(bso#11400).
+ vfs_shadow_copy2: Fix case where snapshots are outside the share;
(bso#11580).
+ smbclient: Query disk usage relative to current directory; (bso#11662).
+ winbindd: Handle expired sessions correctly; (bso#11670).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ smbcacls: Fix uninitialized variable; (bso#11682).
+ s3:smbd: Ignore initial allocation size for directory creation;
(bso#11684).
+ s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
+ s3-parm: Clean up defaults when removing global parameters; (bso#11693).
+ Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ ctdb: Remove error messages after kernel security update; CVE-2015-8543;
(bso#11705).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";
(bso#11719).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ param: Fix str_list_v3 to accept ";" again; (bso#11732).�- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).�- Simplify shared library packaging; (bsc#966956).�- Enable clustering (CTDB) support; (bsc#966271).�- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
(bsc#964023).�- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).�- Remove autoconf build-time requirement.�- Update to 4.3.4.
+ vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
+ Crash: Bad talloc magic value - access after free; (bso#11394).
+ Copying files with vfs_fruit fails when using vfs_streams_xattr without
stream prefix and type suffix; (bso#11466).
+ samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
(bso#11613).
+ Fix a typo in the smb.conf manpage, explanation of idmap config;
(bso#11619).
+ Correctly initialize the list head when keeping a list of primary followed
by DFS connections; (bso#11624).
+ Reduce the memory footprint of empty string options; (bso#11625).
+ lib/async_req: Do not install async_connect_send_test; (bso#11639).
+ Fix typos in man vfs_gpfs; (bso#11641).
+ Make "hide dot files" option work with "store dos attributes = yes";
(bso#11645).
+ Fix a corner case of the symlink verification; (bso#11647); (bnc#960249).
+ Do not disable "store dos attributes" on-the-fly; (bso#11649).
+ Update lastLogon and lastLogonTimestamp; (bso#11659).�- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).�- Update to 4.3.3.
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).�- Update to 4.3.2.
+ vfs_gpfs: Re-enable share modes; (bso#11243).
+ dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
+ s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
type of zero; (bso#11452).
+ Add libreplace dependency to texpect, fixes a linking error on Solaris;
(bso#11511).
+ s4: Fix linking of 'smbtorture' on Solaris; (bso#11512).
+ s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
+ Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins;
(bso#11563).
+ async_req: Fix non-blocking connect(); (bso#11564).
+ auth: gensec: Fix a memory leak; (bso#11565).
+ lib: util: Make non-critical message a warning; (bso#11566).
+ Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
(bnc#949022).
+ smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
+ ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
+ s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
(bso#11581).
+ s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
+ manpage: Correct small typo error; (bso#11584).
+ s3: smbd: If EAs are turned off on a share don't allow an SMB2 create
containing them; (bso#11589).
+ Backport some valgrind fixes from upstream master; (bso#11597).
+ auth: Consistent handling of well-known alias as primary gid; (bso#11608).
+ winbind: Fix crash on invalid idmap configs; (bso#11612).
+ s3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
+ Changing log level of two entries to DBG_NOTICE; (bso#9912).�- Ensure samlogon fallback requests are rerouted after kerberos failure;
(bnc#953382); (bnc#953972).�- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems.�- Remove redundant configure options while adding with-relro.�- Relocate the lockdir to the /var/lib/samba/lock directory.�- Cleanup and enhance the pidl sub package.�- Require renamed python-ldb-devel and python-talloc-devel at build-time.
- Requires python-ldb and python-talloc from the python subpackage.�- Update to 4.3.1.
+ s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
Windows; (bso#10252).
+ nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
+ smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
+ kerberos: Make sure we only use prompter type when available;
winbind: Fix 100% loop; (bso#11038).
+ source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
+ s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
(bso#11316).
+ s3: smbd: Fix mkdir race condition; (bso#11486).
+ pam_winbind: Fix a segfault if initialization fails; (bso#11502).
+ s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
+ s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related
subdirs; (bso#11515).
+ s3: smbd: Fix opening/creating :stream files on the root share directory;
(bso#11522).
+ lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
+ net: Fix a crash with 'net ads keytab create'; (bso#11528).
+ s3: smbd: Fix a crash in unix_convert(); (bso#11535).
+ s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix
(bso#11522); (bso#11535).
+ vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
+ vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
+ s3:locking: Initialize lease pointer in share_mode_traverse_fn();
(bso#11549).
+ s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
+ s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
+ s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
is incorrect; (bso#11555).�- Fix 100% CPU in winbindd when logging in with "user must change password on
next logon"; (bso#11038).�- Relocate the tmpfiles.d directory to the client package; (bnc#947552).�- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf
instead; (bnc#942716).�- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).�- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).�- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
systems; (bnc#945013).�- Update to 4.3.0.
+ Samba "map to guest = Bad uid" doesn't work; (bso#9862).
+ revert LDAP extended rule 1.2.840.113556.1.4.1941
LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493).
+ No objectClass found in replPropertyMetaData on ordinary objects
(non-deleted); (bso#10973).
+ Stream names with colon don't work with fruit:encoding = native;
(bso#11278).
+ NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291).
+ tevent_fd needs to be destroyed before closing the fd; (bso#11316).
+ "force group" with local group not working; (bso#11320).
+ strsep is not available on Solaris; (bso#11359).
+ smbtorture does not build when configured --with-system-mitkrb5;
(bso#11411).
+ Build with GPFS support is broken; (bso#11421).
+ Build broken with --disable-python; (bso#11424).
+ net share allowedusers crashes; (bso#11426).
+ nmbd incorrectly matches netbios names as own name; (bso#11427).
+ Python bindings don't check integer types; (bso#11429).
+ Python bindings don't check array sizes; (bso#11430).
+ CTDB's eventscript error handling is broken; (bso#11431).
+ Fix crash in nested ctdb banning; (bso#11432).
+ Cannot build ctdbpmda; (bso#11434).
+ samba-tool uncaught exception error; (bso#11436).
+ Crash in notify_remove caused by change notify = no; (bso#11444).
+ Poor SMB3 encryption performance with AES-GCM; (bso#11451).
+ Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451).
+ fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455).
+ --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and
install; (bso#11458).
+ xid2sid gives inconsistent results; (bso#11464).
+ ctdb: Fix the build on FreeBSD 10.1; (bso#11465).
+ Handling of 0 byte resource fork stream; (bso#11467).
+ AD samr GetGroupsForUser fails for users with "()" in their name;
(bso#11488).�- Configure with --bundled-libraries=NONE; (bso#11458).�- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).�- Remove libiniparser-devel build-time requirement.�- Update to 4.2.3.
+ s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).
+ s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).
+ winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).
+ Logon via MS Remote Desktop hangs; (bso#11061).
+ s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).
+ tevent: Add a note to tevent_add_fd(); (bso#11141).
+ s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).
+ s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).
+ smbd: Fix a use-after-free; (bso#11218); (bnc#919309).
+ s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;
(bso#11245).
+ s3:smb2: Add padding to last command in compound requests; (bso#11277).
+ Add IPv6 support to ADS client side LDAP connects; (bso#11281).
+ Add IPv6 support for determining FQDN during ADS join; (bso#11282).
+ s3: IPv6 enabled DNS connections for ADS client; (bso#11283).
+ Fix invalid write in ctdb_lock_context_destructor; (bso#11293).
+ Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).
+ vfs_fruit: Add option "veto_appledouble"; (bso#11305).
+ tstream: Make socketpair nonblocking; (bso#11312).
+ idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).
+ Group creation: Add msSFU30Name only when --nis-domain was given;
(bso#11315).
+ tevent_fd needs to be destroyed before closing the fd; (bso#11316).
+ Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared";
(bso#11319).
+ smbd/trans2: Add a useful diagnostic for files with bad encoding;
(bso#11323).
+ Change sharesec output back to previous format; (bso#11324).
+ Robust mutex support broken in 1.3.5; (bso#11326).
+ Kerberos auth info3 should contain resource group ids available from
pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info
exists in PAC; (bso#11328); (bnc#912457).
+ s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).
+ tevent: Fix CID 1035381 Unchecked return value; (bso#11330).
+ tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).
+ s3: smbd: Use separate flag to track become_root()/unbecome_root() state;
(bso#11339).
+ s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).
+ pidl: Make the compilation of PIDL producing the same results if the
content hasn't change; (bso#11356).
+ winbindd: Disconnect child process if request is cancelled at main
process; (bso#11358).
+ vfs_fruit: Check offset and length for AFP_AfpInfo read requests;
(bso#11363).
+ docs: Overhaul the description of "smb encrypt" to include SMB3
encryption; (bso#11366).
+ s3:auth_domain: Fix talloc problem in connect_to_domain_password_server();
(bso#11367).
+ ncacn_http: Fix GNUism; (bso#11371).�- Disable rpath usage; (bnc#902421).�- Make the winbind package depend on the matching libwbclient version and
vice versa; (bnc#936909).�- Backport changes to use resource group sids obtained from pac logon_info;
(bso#11328); (bnc#912457).�- Order winbind.service Before and Want nss-user-lookup target.�- Remove fam-devel build-time dependency for post-6 RHEL systems.�- Update to 4.2.2.
+ s3:smbXsrv: refactor duplicate code into
smbXsrv_session_clear_and_logoff(); (bso#11182).
+ gencache: don't fail gencache_stabilize if there were records to delete;
(bso#11260).
+ s3: libsmbclient: After getting attribute server, ensure main srv pointer
is still valid; (bso#11186).
+ s4: rpc: Refactor dcesrv_alter() function into setup and send steps;
(bso#11236).
+ s3: smbd: Incorrect file size returned in the response of
"FILE_SUPERSEDE Create"; (bso#11240).
+ Mangled names do not work with acl_xattr; (bso#11249).
+ nmbd rewrites browse.dat when not required; (bso#11254).
+ vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;
(bso#11213).
+ s3:smbd: Add missing tevent_req_nterror; (bso#11224).
+ vfs: kernel_flock and named streams; (bso#11243).
+ vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).
+ s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses
are used; (bso#11284).
+ ctdb: check for talloc_asprintf() failure; (bso#11201).
+ spoolss: purge the printer name cache on name change; (bso#11210);
(bnc#901813).
+ CTDB statd-callout does not scale; (bso#11204).
+ vfs_fruit: also map characters below 0x20; (bso#11221).
+ ctdb: Coverity fix for CID 1291643; (bso#11201).
+ Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).
+ Fix terminate connection behavior for asynchronous endpoint with PUSH
notification flavors; (bso#11226).
+ ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).
+ ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).
+ SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the
directory is deleted; (bso#11257).
+ s3:winbindd: make sure we remove pending io requests before closing client
sockets; (bso#11141); (bnc#931854).
+ Fix panic triggered by smbd_smb2_request_notify_done() ->
smbXsrv_session_find_channel() in smbd; (bso#11182).
+ 'sharesec' output no longer matches input format; (bso#11237).
+ waf: Fix systemd detection; (bso#11200).
+ CTDB: Fix portability issues; (bso#11202).
+ CTDB: Fix some IPv6-related issues; (bso#11203).
+ CTDB statd-callout does not scale; (bso#11204).
+ 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you
enter invalid values; (bso#11234).
+ libads: record service ticket endtime for sealed ldap connections;
(bso#11267).
+ lib/util: Include DEBUG macro in internal header files before samba_util.h;
(bso#11033).�- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).�- Remove the independently built libraries ldb, talloc, tdn, and tevent and
the post-10.3 renamed libsmbclient from baselibs.conf.�- Drop redundant doc attribute from man pages.�- Update to 4.2.1.
+ s3:winbind:grent: Don't stop group enumeration when a group has no gid;
(bso#8905).
+ Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).
+ s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with
servers that don't send the 2 unused fields; (bso#10016).
+ build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).
+ waf: Fix the build on openbsd; (bso#10476).
+ s3: client: "client use spnego principal = yes" code checks wrong name;
(bso#10888).
+ spoolss: Retrieve published printer GUID if not in registry; (bso#11018).
+ s3: lib: libsmbclient: If reusing a server struct, check every cli->timout
miliseconds if it's still valid before use; (bso#11079).
+ vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).
+ backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).
+ replace: Remove superfluous check for gcrypt header; (bso#11135).
+ Backport subunit changes; (bso#11137).
+ libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with
implementation; (bso#11140).
+ s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).
+ talloc: Version 2.1.2; (bso#11144).
+ Update libwbclient version to 0.12; (bso#11149).
+ brlock: Use 0 instead of empty initializer list; (bso#11153).
+ s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164).
+ docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169);
(bnc#913304).
+ s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev
fails in the SMB1 case; (bso#11173).
+ backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).
+ Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).
+ s3: libsmbclient: Add missing talloc stackframe; (bso#11177).
+ s4-process_model: Do not close random fds while forking; (bso#11180).
+ s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).�- Prevent samba package updates from disabling samba kerberos printing.�- Add sparse file support for samba; (fate#318424).�- Purge printer name cache on spoolss SetPrinter change; (bso#11210);
(bnc#901813).�- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).�- Simplify libxslt build requirement and README.SUSE install.
- Remove no longer required cleanup steps while populating the build root.�- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169);
(bnc#913304).�- Update to 4.2.0.
+ smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).
+ pam_winbind: fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Make 'profiles' work again; (bso#9629).
+ s3:smb2_server: protect against integer wrap with
"smb2 max credits = 65535"; (bso#9702).
+ Make validate_ldb of String(Generalized-Time) accept millisecond format
".000Z"; (bso#9810).
+ Use -R linker flag on Solaris, not -rpath; (bso#10112).
+ vfs: Add glusterfs manpage; (bso#10240).
+ Make 'smbclient' use cached creds; (bso#10279).
+ pdb: Fix build issues with shared modules; (bso#10355).
+ s4-dns: Add support for BIND 9.10; (bso#10620).
+ idmap: Return the correct id type to *id_to_sid methods; (bso#10720).
+ printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).
+ Don't build vfs_snapper on FreeBSD; (bso#10834).
+ nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
+ idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
+ s3: smb2cli: query info return length check was reversed; (bso#10848).
+ s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).
+ lib: uid_wrapper: Fix setgroups and syscall detection on a system without
native uid_wrapper library; (bso#10851).
+ winbind3: Fix pwent variable substitution; (bso#10852).
+ Improve samba-regedit; (bso#10859).
+ registry: Don't leave dangling transactions; (bso#10860).
+ Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).
+ build: Do not install 'texpect' binary anymore; (bso#10862).
+ Fix testparm to show hidden share defaults; (bso#10864).
+ libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1
max=PROTOCOL_SMB2_02; (bso#10866).
+ Integrate CTDB into top-level Samba build; (bso#10892).
+ samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).
+ s3-nmbd: Fix netbios name truncation; (bso#10896).
+ spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
+ Fix smbclient loops doing a directory listing against Mac OS X 10 server
with a non-wildcard path; (bso#10904).
+ Fix print job enumeration; (bso#10905); (bnc#898031).
+ samba-tool: Create NIS enabled users and unixHomeDirectory attribute;
(bso#10909).
+ Add support for SMB2 leases; (bso#10911).
+ btrfs: Don't leak opened directory handle; (bso#10918).
+ s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
+ s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
+ pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
+ s3-keytab: fix keytab array NULL termination; (bso#10933).
+ s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).
+ Cleanup add_string_to_array and usage; (bso#10942).
+ dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).
+ Fix RootDSE search with extended dn control; (bso#10949).
+ Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952).
+ libcli/smb: only force signing of smb2 session setups when binding a new
session; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ socket_wrapper: Add missing prototype check for eventfd; (bso#10965).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ vfs_streams_xattr: Check stream type; (bso#10971).
+ s3: smbd: Fix *allocate* calls to follow POSIX error return convention;
(bso#10982).
+ vfs_fruit: Add support for AAPL; (bso#10983).
+ Fix spoolss IDL response marshalling when returning error without clearing
info; (bso#10984).
+ dsdb-samldb: Check for extended access rights before we allow changes to
userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
+ Fix IPv6 support in CTDB; (bso#10996).
+ ctdb-daemon: Use correct tdb flags when enabling robust mutex support;
(bso#11000).
+ vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).
+ s3-util: Fix authentication with long hostnames; (bso#11008).
+ ctdb-build: Fix build without xsltproc; (bso#11014).
+ packaging: Include CTDB man pages in the tarball; (bso#11014).
+ pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;
(bso#11016).
+ Make Sharepoint search show user documents; (bso#11022).
+ nss_wrapper: check for nss.h; (bso#11026).
+ Enable mutexes in gencache_notrans.tdb; (bso#11032).
+ tdb_wrap: Make mutexes easier to use; (bso#11032).
+ lib/util: Avoid collision which alread defined consumer DEBUG macro;
(bso#11033).
+ winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).
+ s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).
+ vfs_fruit: Fix base_fsp name conversion; (bso#11039).
+ vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).
+ Fix authentication using Kerberos (not AD); (bso#11044).
+ net: Fix sam addgroupmem; (bso#11051).
+ vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);
(bnc#913238).
+ cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).
+ utils: Fix 'net time' segfault; (bso#11058).
+ libsmb: Provide authinfo domain for encrypted session referrals;
(bso#11059).
+ s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).
+ vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).
+ vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).
+ vfs_glusterfs: Implement AIO support; (bso#11069).
+ s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).
+ s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer;
(bso#11077); CVE-2015-0240; (bnc#917376).
+ vfs: Add a brief vfs_ceph manpage; (bso#11088).
+ s3: smbclient: Allinfo leaves the file handle open; (bso#11094).
+ Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;
(bso#11097).
+ debug: Set close-on-exec for the main log file FD; (bso#11100).
+ s3: smbd: leases - losen paranoia check. Stat opens can grant leases;
(bso#11102).
+ s3: smbd: SMB2 close. If a file has delete on close, store the return info
before deleting; (bso#11104).
+ doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).
+ snprintf: Try to support %j; (bso#11119).
+ ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).
+ doc-xml: Add 'sharesec' reference to 'access based share enum';
(bso#11127).�- Update to 4.2.0rc5.
+ Ensure we don't call talloc_free on an uninitialized pointer;
CVE-2015-0240; (bso#11077); (bnc#917376).�- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).�- Fix tdb_store_flag_to_ntdb() gcc5 build failure.�- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).�- Update to 4.1.16.
+ dsdb-samldb: Check for extended access rights before we allow changes to
userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).�- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.�- Fix libsmbclient DFS referral handling.
+ Reuse connections derived from DFS referrals; (bso#10123); (fate#316512).
+ Set domain/workgroup based on authentication callback value; (bso#11059).�- Update to 4.2.0rc4.
- Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and
libhttp to the libs package; (boo#913547).
- Rename libpdb packages to libsamba-passdb.
- Drop libsmbsharemodes packages.�- Enable avahi support on post-12.2 systems.�- Update to 4.1.15.
+ pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Fix profiles tool; (bso#9629).
+ s3-lib: Do not require a password with --use-ccache; (bso#10279).
+ s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
(bso#10949).
+ s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
+ s3:smb2_server: Allow reauthentication without signing; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
convention; (bso#10982).
+ Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
'supported_extensions'; (bso#11006).
+ idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
(bso#11006).
+ winbind: Retry LogonControl RPC in ping-dc after session expiration;
(bso#11034).�- yast2-samba-client should be able to specify osName and osVer on
AD domain join; (bnc#873922).�- Lookup FSRVP share snums at runtime rather than storing them persistently;
(bnc#908627).�- Specify soft dependency for network-online.target in Winbind systemd service
file; (bnc#889175).�- Fix spoolss error response marshalling; (bso#10984).�- Update to 4.1.14.
+ pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/
Tools/perl.py back to upstream state; (bso#10472).
+ s4-dns: Add support for BIND 9.10; (bso#10620).
+ nmbd fails to accept "--piddir" option; (bso#10711).
+ nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
+ S3: source3/smbd/process.c::srv_send_smb() returns true on the error path;
(bso#10880).
+ vfs_glusterfs: Remove "integer fd" code and store the glfs pointers;
(bso#10889).
+ s3-nmbd: Fix netbios name truncation; (bso#10896).
+ spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
+ s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904).
+ spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905).
+ s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
+ s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
+ pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
+ s3-keytab: Fix keytab array NULL termination; (bso#10933).
+ Cleanup add_string_to_array and usage; (bso#10942).�- Remove and cleanup shares and registry state associated with
externally deleted snaphots exposed as shadow copies; (bnc#876312).�- Use the upstream tar ball, as signature verification is now able to handle
compressed archives.�- Fix leak when closing file descriptor returned from dirfd; (bso#10918).�- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
+ Fix handling of bad EnumJobs levels; (bso#10898).�- Remove dependency on gpg-offline as signature checking is implemented in the
source validator.�- Update to 4.1.13.
+ s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984).
+ s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984).
+ s3-libads: Add all machine account principals to the keytab; (bso#9985).
+ s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to
be NULL. Ensure this is safe with modern AD-DCs; (bso#10717).
+ Fix unstrcpy; (bso#10735).
+ pthreadpool: Slightly serialize jobs; (bso#10779).
+ s3: smbd: streams - Ensure share mode validation ignores internal opens
(op_mid == 0); (bso#10797).
+ s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809).
+ vfs_media_harmony: Fix a crash bug; (bso#10813).
+ docs: Mention incompatibility between kernel oplocks and streams_xattr;
(bso#10814).
+ nmbd: Send waiting status to systemd; (bso#10816).
+ libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL;
(bso#10817).
+ nsswitch: Skip groups we were not able to map; (bso#10824).
+ s3-winbindd: Use correct realm for trusted domains in idmap child;
(bso#10826).
+ s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830).
+ s3: lib: Signal handling - ensure smbrun and change password code save and
restore existing SIGCHLD handlers; (bso#10831).
+ idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
+ s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call;
(bso#10838).
+ s3: smb2cli: Query info return length check was reversed; (bso#10848).
+ registry: Don't leave dangling transactions; (bso#10860).�- Update to 4.2.0rc2.�h04-armsrv1 1703082665������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ���
�����������
��������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0���1���2���3���4���5���6���7���8���9���:���;���<���=���>���?���@���A���B���C���D���E���F���G���H���I���J���K���L���M���N���O���P���Q���R���S���T���U���V���W���X���Y���Z���[���\���]���^���_���`���a���b���c���d���e���f���g���h���i���j���k���l���m���n���o���p���q���r���s���t���u���v���w���x���y���z���{���|���}���~������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ ���
�����������
��������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0���1���2���3���4���5���6���7���8���9���:���;���<���=���>���?���@���A���B���C���D���E���F���G���H���I���J���K���L���M���N���O���P���Q���R���S���T���U���V���W���X���Y���Z���[���\���]���^���_���`���a���b���c���d���e���f���g���h���i���j���k���l���m���n���o���p���q���r���s���t���u���v���w���x���y���z���{���|���}���~��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������4.15.13+git.710.7032820fcd-150400.3.34.2�4.15.13+git.710.7032820fcd-150400.3.34.2�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ��� �����������
���
���
���
���
���
���
���
���
���
���
���
���
���
�����������������������������������������������������������������������
���
���
���
���
���
���������������������������������������������������������������������������������������
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���������������
���
���
���
���
���
���
���
���
���
���
���
���
�����������������������
�������������������������������������������������������������������������������������������������������������������
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
�������������������������������������������������������������������������������������������������������������������������������������������������������
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
����������������������������������������������������������������samba�__init__.py�_glue.cpython-36m-aarch64-linux-gnu.so�_ldb.cpython-36m-aarch64-linux-gnu.so�auth.cpython-36m-aarch64-linux-gnu.so�auth_util.py�colour.py�common.py�credentials.cpython-36m-aarch64-linux-gnu.so�crypto.cpython-36m-aarch64-linux-gnu.so�dbchecker.py�dcerpc�__init__.py�atsvc.cpython-36m-aarch64-linux-gnu.so�auth.cpython-36m-aarch64-linux-gnu.so�base.cpython-36m-aarch64-linux-gnu.so�dcerpc.cpython-36m-aarch64-linux-gnu.so�dfs.cpython-36m-aarch64-linux-gnu.so�dns.cpython-36m-aarch64-linux-gnu.so�dnsp.cpython-36m-aarch64-linux-gnu.so�dnsserver.cpython-36m-aarch64-linux-gnu.so�drsblobs.cpython-36m-aarch64-linux-gnu.so�drsuapi.cpython-36m-aarch64-linux-gnu.so�echo.cpython-36m-aarch64-linux-gnu.so�epmapper.cpython-36m-aarch64-linux-gnu.so�idmap.cpython-36m-aarch64-linux-gnu.so�initshutdown.cpython-36m-aarch64-linux-gnu.so�irpc.cpython-36m-aarch64-linux-gnu.so�krb5ccache.cpython-36m-aarch64-linux-gnu.so�krb5pac.cpython-36m-aarch64-linux-gnu.so�lsa.cpython-36m-aarch64-linux-gnu.so�mdssvc.cpython-36m-aarch64-linux-gnu.so�messaging.cpython-36m-aarch64-linux-gnu.so�mgmt.cpython-36m-aarch64-linux-gnu.so�misc.cpython-36m-aarch64-linux-gnu.so�nbt.cpython-36m-aarch64-linux-gnu.so�netlogon.cpython-36m-aarch64-linux-gnu.so�ntlmssp.cpython-36m-aarch64-linux-gnu.so�preg.cpython-36m-aarch64-linux-gnu.so�samr.cpython-36m-aarch64-linux-gnu.so�security.cpython-36m-aarch64-linux-gnu.so�server_id.cpython-36m-aarch64-linux-gnu.so�smb_acl.cpython-36m-aarch64-linux-gnu.so�spoolss.cpython-36m-aarch64-linux-gnu.so�srvsvc.cpython-36m-aarch64-linux-gnu.so�svcctl.cpython-36m-aarch64-linux-gnu.so�unixinfo.cpython-36m-aarch64-linux-gnu.so�winbind.cpython-36m-aarch64-linux-gnu.so�windows_event_ids.cpython-36m-aarch64-linux-gnu.so�winreg.cpython-36m-aarch64-linux-gnu.so�winspool.cpython-36m-aarch64-linux-gnu.so�witness.cpython-36m-aarch64-linux-gnu.so�wkssvc.cpython-36m-aarch64-linux-gnu.so�xattr.cpython-36m-aarch64-linux-gnu.so�dckeytab.cpython-36m-aarch64-linux-gnu.so�descriptor.py�dnsresolver.py�dnsserver.py�domain_update.py�drs_utils.py�dsdb.cpython-36m-aarch64-linux-gnu.so�dsdb_dns.cpython-36m-aarch64-linux-gnu.so�emulate�__init__.py�traffic.py�traffic_packets.py�forest_update.py�gensec.cpython-36m-aarch64-linux-gnu.so�getopt.py�gp_cert_auto_enroll_ext.py�gp_ext_loader.py�gp_gnome_settings_ext.py�gp_msgs_ext.py�gp_parse�__init__.py�gp_aas.py�gp_csv.py�gp_inf.py�gp_ini.py�gp_pol.py�gp_scripts_ext.py�gp_sec_ext.py�gp_smb_conf_ext.py�gp_sudoers_ext.py�gpclass.py�gpo.cpython-36m-aarch64-linux-gnu.so�graph.py�hostconfig.py�idmap.py�join.py�kcc�__init__.py�debug.py�graph.py�graph_utils.py�kcc_utils.py�ldif_import_export.py�logger.py�mdb_util.py�messaging.cpython-36m-aarch64-linux-gnu.so�ms_display_specifiers.py�ms_forest_updates_markdown.py�ms_schema.py�ms_schema_markdown.py�ndr.py�net.cpython-36m-aarch64-linux-gnu.so�net_s3.cpython-36m-aarch64-linux-gnu.so�netbios.cpython-36m-aarch64-linux-gnu.so�netcmd�__init__.py�common.py�computer.py�contact.py�dbcheck.py�delegation.py�dns.py�domain.py�domain_backup.py�drs.py�dsacl.py�forest.py�fsmo.py�gpo.py�group.py�ldapcmp.py�main.py�nettime.py�ntacl.py�ou.py�processes.py�pso.py�rodc.py�schema.py�sites.py�spn.py�testparm.py�user.py�visualize.py�ntacls.py�ntstatus.cpython-36m-aarch64-linux-gnu.so�param.cpython-36m-aarch64-linux-gnu.so�policy.cpython-36m-aarch64-linux-gnu.so�posix_eadb.cpython-36m-aarch64-linux-gnu.so�provision�__init__.py�backend.py�common.py�kerberos.py�kerberos_implementation.py�sambadns.py�registry.cpython-36m-aarch64-linux-gnu.so�remove_dc.py�samba3�__init__.py�libsmb_samba_cwrapper.cpython-36m-aarch64-linux-gnu.so�libsmb_samba_internal.py�mdscli.cpython-36m-aarch64-linux-gnu.so�param.cpython-36m-aarch64-linux-gnu.so�passdb.cpython-36m-aarch64-linux-gnu.so�smbd.cpython-36m-aarch64-linux-gnu.so�samdb.py�schema.py�sd_utils.py�security.cpython-36m-aarch64-linux-gnu.so�sites.py�subnets.py�subunit�__init__.py�run.py�tdb_util.py�tests�__init__.py�audit_log_base.py�audit_log_dsdb.py�audit_log_pass_change.py�auth.py�auth_log.py�auth_log_base.py�auth_log_ncalrpc.py�auth_log_netlogon.py�auth_log_netlogon_bad_creds.py�auth_log_pass_change.py�auth_log_samlogon.py�auth_log_winbind.py�blackbox�__init__.py�bug13653.py�check_output.py�downgradedatabase.py�mdsearch.py�ndrdump.py�netads_json.py�samba_dnsupdate.py�smbcacls.py�smbcacls_basic.py�smbcacls_dfs_propagate_inherit.py�smbcacls_propagate_inhertance.py�smbcontrol.py�smbcontrol_process.py�traffic_learner.py�traffic_replay.py�traffic_summary.py�common.py�complex_expressions.py�core.py�cred_opt.py�credentials.py�dcerpc�__init__.py�array.py�bare.py�binding.py�createtrustrelax.py�dnsserver.py�integer.py�lsa.py�mdssvc.py�misc.py�raw_protocol.py�raw_testcase.py�registry.py�rpc_talloc.py�rpcecho.py�sam.py�samr_change_password.py�srvsvc.py�string_tests.py�testrpc.py�unix.py�dckeytab.py�dns.py�dns_aging.py�dns_base.py�dns_forwarder.py�dns_forwarder_helpers�server.py�dns_invalid.py�dns_packet.py�dns_tkey.py�dns_wildcard.py�docs.py�domain_backup.py�domain_backup_offline.py�dsdb.py�dsdb_api.py�dsdb_dns.py�dsdb_lock.py�dsdb_schema_attributes.py�emulate�__init__.py�traffic.py�traffic_packet.py�encrypted_secrets.py�gensec.py�get_opt.py�getdcname.py�glue.py�gpo.py�gpo_member.py�graph.py�group_audit.py�hostconfig.py�imports.py�join.py�kcc�__init__.py�graph.py�graph_utils.py�kcc_utils.py�ldif_import_export.py�krb5�alias_tests.py�as_canonicalization_tests.py�as_req_tests.py�compatability_tests.py�etype_tests.py�fast_tests.py�kcrypto.py�kdc_base_test.py�kdc_tests.py�kdc_tgs_tests.py�kpasswd_tests.py�lockout_tests.py�ms_kile_client_principal_lookup_tests.py�raw_testcase.py�rfc4120_constants.py�rfc4120_pyasn1.py�rodc_tests.py�s4u_tests.py�salt_tests.py�simple_tests.py�spn_tests.py�test_ccache.py�test_idmap_nss.py�test_ldap.py�test_min_domain_uid.py�test_rpc.py�test_smb.py�xrealm_tests.py�krb5_credentials.py�ldap_raw.py�ldap_referrals.py�ldap_spn.py�ldap_upn_sam_account.py�libsmb.py�loadparm.py�lsa_string.py�messaging.py�ndr.py�net_join.py�net_join_no_spnego.py�netbios.py�netcmd.py�netlogonsvc.py�ntacls.py�ntacls_backup.py�ntlm_auth.py�ntlm_auth_base.py�ntlm_auth_default_domain.py�ntlm_auth_krb5.py�ntlmdisabled.py�pam_winbind.py�pam_winbind_chauthtok.py�pam_winbind_warn_pwd_expire.py�param.py�password_hash.py�password_hash_fl2003.py�password_hash_fl2008.py�password_hash_gpgme.py�password_hash_ldap.py�password_quality.py�password_test.py�policy.py�posixacl.py�prefork_restart.py�process_limits.py�provision.py�pso.py�py_credentials.py�registry.py�s3_net_join.py�s3idmapdb.py�s3param.py�s3passdb.py�s3registry.py�s3windb.py�samba3sam.py�samba_tool�__init__.py�base.py�computer.py�contact.py�demote.py�dnscmd.py�drs_clone_dc_data_lmdb_size.py�dsacl.py�forest.py�fsmo.py�gpo.py�gpo_exts.py�group.py�help.py�join.py�join_lmdb_size.py�ntacl.py�ou.py�passwordsettings.py�processes.py�promote_dc_lmdb_size.py�provision_lmdb_size.py�provision_password_check.py�provision_userPassword_crypt.py�rodc.py�schema.py�sites.py�timecmd.py�user.py�user_check_password_script.py�user_virtualCryptSHA.py�user_virtualCryptSHA_base.py�user_virtualCryptSHA_gpg.py�user_virtualCryptSHA_userPassword.py�user_wdigest.py�visualize.py�visualize_drs.py�samba_upgradedns_lmdb.py�samdb.py�samdb_api.py�sddl.py�security.py�segfault.py�smb-notify.py�smb.py�smbd_base.py�smbd_fuzztest.py�source.py�strings.py�subunitrun.py�tdb_util.py�upgrade.py�upgradeprovision.py�upgradeprovisionneeddc.py�usage.py�xattr.py�trust_utils.py�upgrade.py�upgradehelpers.py�uptodateness.py�vgp_access_ext.py�vgp_files_ext.py�vgp_issue_ext.py�vgp_motd_ext.py�vgp_openssh_ext.py�vgp_startup_scripts_ext.py�vgp_sudoers_ext.py�vgp_symlink_ext.py�werror.cpython-36m-aarch64-linux-gnu.so�xattr.py�xattr_native.cpython-36m-aarch64-linux-gnu.so�xattr_tdb.cpython-36m-aarch64-linux-gnu.so�/usr/lib64/python3.6/site-packages/�/usr/lib64/python3.6/site-packages/samba/�/usr/lib64/python3.6/site-packages/samba/dcerpc/�/usr/lib64/python3.6/site-packages/samba/emulate/�/usr/lib64/python3.6/site-packages/samba/gp_parse/�/usr/lib64/python3.6/site-packages/samba/kcc/�/usr/lib64/python3.6/site-packages/samba/netcmd/�/usr/lib64/python3.6/site-packages/samba/provision/�/usr/lib64/python3.6/site-packages/samba/samba3/�/usr/lib64/python3.6/site-packages/samba/subunit/�/usr/lib64/python3.6/site-packages/samba/tests/�/usr/lib64/python3.6/site-packages/samba/tests/blackbox/�/usr/lib64/python3.6/site-packages/samba/tests/dcerpc/�/usr/lib64/python3.6/site-packages/samba/tests/dns_forwarder_helpers/�/usr/lib64/python3.6/site-packages/samba/tests/emulate/�/usr/lib64/python3.6/site-packages/samba/tests/kcc/�/usr/lib64/python3.6/site-packages/samba/tests/krb5/�/usr/lib64/python3.6/site-packages/samba/tests/samba_tool/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:31907/SUSE_SLE-15-SP4_Update/625f171e9af34d04e78337ab8ddad37d-samba.SUSE_SLE-15-SP4_Update�drpm�xz�5�aarch64-suse-linux����������������������������������������������������������������� ���
�����������
��������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0�����������������������1���2�������3���4�����������5�����������������������������������������������������������������������6���4���������������������������������������������������7�������������������4���8���9���:���������������������������������������������������������������;���������������������������������������������������;�����������<���=���>���?�����������������������3�������@���������������A�������B���C���D���E���������������F���������������������������������������������������������������������������������������3�������������������;���������������������������������������������������4�������������������G�������4�������������������4�������������������������������4���4���4�������������������������������������������������������������������������������4���������������3���������������������������������������H�������������������������������������������������������������������������������������������������������3�������������������������������������������������������������������4���4���������������4���4���������������������������������������������������������������������������������������4�����������;�����������������������������������������������������������3���������������������������������������������������������������;���������������������������������������������������������������������������4���4���������������������������4���4���������������������������������������4�������������������������������������������������������I�������J���Kdirectory�Python script, ASCII text executable�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9107432b97f349778c654f0932a370716024a4f1, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6229af559c4433a1e0f21b8e7f364a6e0b7a8c51, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6b94a6eebc3ed86d6c8759b227e963dcd0bf8569, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=df604fd383b0faf3d7c610d80a8f641b40c297de, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=dd42a355aef1a6c19739a835cf90b09c47c5cc28, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=310995d5a3850295b5f5bb8803bf48c94e8b0aa0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ff394530954548d52ef96897aa166bdcb349a0f9, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=35ed0e265a685ce881390c33677ee02a6791e0b0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c838a0ea63c26a51082ea369756b37bcdd4eb5c1, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2668e764c4d71bb165e6b1f15355f6ae57d6b1cc, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b3c7f2f6e27f512ddd26ed0f7409d3bf09b902da, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=99b58bbb2f6d118e222c9db128c965af2b88b4eb, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2046c5fd9153a572d4273035487fd3cec357407f, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=641bef0789895ca562875c004f31957484fdfbc8, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=54334e6ae607d8228944c348d41a5faf914434e4, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9104002d1688a7aaba1683d8cf6bcd1fd0d1c50a, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f3b266dca5a43f10f6d825a93ee0f06b562adf74, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5d207e064344d3301204f15a39a55d862eb2d92e, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=70b853154b627de328ac60f80b39d03886a8a081, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ef01d247b9dcb32308c85cbb783d9bae9bdc5c0e, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7347f0d8e809f4741a28fdc42a3216a1fd03f75b, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=bbe4ec170f375b0535eb24e7dd1749cb17a302f5, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=720ceca91524f97d027273c05333a812323c4a29, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=942a09d7e0d8c959f67ff0d99087ab4412c6db31, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=aa50dc059d827822b2e5a0ea0fde0ac5d5f43cc3, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=406a31e3fe74f7dec9cf67a8cc22a527061793cc, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e483d743c47d6b73c6fffeef4c4b11e0dc9aa02d, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ed252d8410cc8eacf2e49bb4ec681f4d7d448b60, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a41e01fd4e307a5555cbc1bf84f0d96842dcbfad, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=65b227a3a8a18955dd62772a335a599f2f9f6c87, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=47224324b05ac742e207ebb62abf9893edde2276, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a34b0c5ffe805ccec2a4fc926ec1f98cac321cac, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=108d738495489c7dde276d5d25ea37197639245b, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3f317c668f7f3735817c25a6266095f4f259b37a, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0a18695ee32574bcbcf7da445e67c792f665ceb5, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ff49c4b1ae29b1c9e41f52d80256ac8b32dd4f81, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=432f884c77bbe13ddf8db936fd5fe54194a36f1b, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3749ded90c7285dbdbb24a1c87f4a9203d555259, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7e07dee5d1aa53ac4846b948824cae733bfbb2b0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=29384133fdea9d08b61dda6b5f2b20ea2e632e85, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2cb9b4f60b2f000c0b137525c26d3c897183fbd0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5e138202b71acc93e4d431b897042f9c960d44ae, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b41f0a08b3e30c551161ea85a85cbfa7e40cb12d, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e714cd8c2a50840ad996489729702a819a74766c, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8305a52e892dcdee40e99704c83d75a5765ea555, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d9ee13d2afc931beec267228db472bbcd697aaaf, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f4e25af1b1827a6733f667d0f82bf869c524a2bf, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=015cbb4436c4e561321c92e83619c81515282e79, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8a983e67f5e25b4eaf28d6c563fc5f017d531ba6, stripped�ASCII text�Python script, UTF-8 Unicode text executable�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=564195a34fbf1e8bc75661da94bf611e4fd7f73d, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=74bb6772cc35fe9e12d1fb41fcaa0cf23198859a, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=04e952024f7effbb8a725c91ca4f5bf177b38c66, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4341913e2bb9967ae7c30034a9165304592a898e, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=110386468e46a4403f79bc7cc50510f3f18fda8e, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b324b9fd1e4db49da2fdc288bc8290d833677db3, stripped�Python script, ASCII text executable, with very long lines�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c3e2e13292272d5d0f26f4c14bf418e88e35f48a, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=afbeef854dfad6111450e443b82c560f6f30078c, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=740381ed08e894945a2969a2ad8122f05759fc47, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=598918e99b0ee161b8d6d34c622817cc21fda10b, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=025f28facf9376881f2c3d7f3b8286e535e1c31c, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=15fd18abb62b93b81f90703013c61c3dffb1624f, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=85b7ac2feea57fa2dd6c17c940004691fbfa85b0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=74dc31874b9e01124a2d046cfacc2fcce6c49e32, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=620530185c73e758ca779384db43fdacd51f3d85, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=fe62cbf147d1b9494e0d8950c6fff338613cf78f, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5fc7e1480ef8eac902cce525c3dcbc560225ef25, stripped�UTF-8 Unicode text�Python script, UTF-8 Unicode text executable, with escape sequences�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=26c912a11131c9a263107b8bacb7120a2e95d3f5, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=211759af406dc21147f044f7890b691b024d6cb4, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=47fc5fd9692e1b07c5db708e0e9cfeacfcb5af3c, stripped���������������������B���k���l���m���n���������������������������������������3���J���`���~��������������������������.���G���X���n���������������������������������8���O���e�����������������������������0���1���2���3���4���5���S�������h���i���j���k���l����������������������������������������������������������������������������������������������������������������������� ���L�������Z���[���\���]���^���_���`���a���b���c���d���e���f���g���h���i���j���k���l���m���n���o���p���q���r���s���t���u���v���w���x���|���������������������������������������������������������$���=���V���W���X���Y���f���g�������h���i���j�������k���l���m���n���o���p���q���r���s���t���u���v���w�������x���y���z���{���|���}���~�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ���
�����������
������������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0���1���2���3���4���5���6���7���8���9���:���;���<���=���>���?���@���A���B���C���D���E���F���G���H���I���J���K���L���M���N���O���P���Q���R���S���T���U���V���W���X���Y���]���^���h���������������-���)�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������!�������������������������������������������������������������������������������)���C�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������&�����������
�����������������������
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
����R��R��R��R���R��sR��3R��\R��^R���R��R��R��WR��R��R��]R��2R��rR��kR��R���R���R��R��>R���R���R��oR�� R��uR���R��eR��dR���R��R��DR���R��R��R��jR��hR��gR��R��R��/R��BR��qR��CR��pR��R��tR��
R��R��R��R��nR���R��.R���R���R��kR��=R��R��cR��AR��fR���R���R��R��>R���R���R��oR�� R��uR���R��eR��dR���R��R���R��R��R��jR��hR��gR��R��R��/R��qR��pR��R��tR��
R��R��R��R��nR���R��.R���R���R��kR��=R��R��cR��fR���R���R��R��R��R��R��>R���R��oR��uR���R���R��R��hR��gR��R��R��qR��pR��tR��R��R��nR���R��kR��=R��R��fR���R���R��R���R��R���R���R��R��8R��7R���R��R��R��6R��kR���R���R��R��R��R��uR���R���R��R��hR��gR��VR��[R��XR��%R��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R��R���R���R��XR��R��hR��gR��RR��WR��R��R��QR��kR��R��fR���R���R��R��R��5R��hR��gR��oR��3R��uR��)R���R���R��sR��#R��R��XR��R��WR��nR��tR��R��4R��R��(R��rR��"R��2R��kR��R��fR���R���R��R��R���R���R��XR��R��hR��iR��gR��R��TR��WR��R��R��SR��kR��R��fR���R���R��R��VR���R���R��uR��R��hR��iR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R���R��hR��iR��gR��R���R��R��XR��PR��R��WR��R��R��OR��kR��R��fR���R���R��R���R��hR��iR��gR��R���R��R��XR��PR��R��WR��R��R��OR��kR��R��fR���R���R��R���R���R��uR��R��hR��iR��gR��RR��%R��[R��XR��R��$R��R��WR��QR��tR��kR��R��fR���R���R��R��R���R���R��uR��XR��R��hR��iR��gR��RR��R��WR��R��QR��tR��R��kR��R��fR���R���R��R��R��R��R���R���R��uR��R��hR��iR��gR��#R��ZR��[R��XR��RR��R��"R��QR��R��WR��R��tR��R��kR��R��R��fR���R���R��R��VR��uR���R���R��R��hR��iR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R���R���R��R��hR��iR��gR��%R��RR��[R��XR��R��R��WR��QR��R��$R��kR��R��fR���R���R��R���R��RR���R��XR��R��hR��gR��QR��WR��kR��R��fR���R���R��R��VR���R��%R���R��uR��R��hR��gR��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R��R���R��R���R��uR��R��hR��iR��gR��TR��#R��ZR��[R��XR��R��SR��R��WR��tR��"R��R��R��kR��R��R��fR���R���R��R��R���R���R��XR��R��hR��iR��gR��R��RR��QR��R��WR��R��kR��R��fR���R���R��R���R��hR��iR��gR��R��R��XR��NR���R��R��MR��R��WR��R��kR��R��fR���R���R��R��uR���R���R��R��hR��iR��gR��%R��[R��XR��R��VR��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R��R���R���R��R��hR��gR��#R��RR��ZR��[R��XR��R��"R��QR��R��WR��R��kR��R��R��fR���R���R��R��R���R���R��XR��R��hR��gR��TR��WR��SR��R��kR��R��fR���R���R��R���R���R��uR��R��hR��gR��)R��RR��[R��XR��R��R��(R��WR��QR��tR��kR��R��fR���R���R��R��R���R��uR��hR��iR��gR��R���R��R��YR��XR��R��WR��tR��R��kR��R��fR���R���R��R���R��hR��iR��gR��R��R��XR��PR���R��R��OR��R��WR��R��kR��R��fR���R���R��R��R��uR��R���R��iR��gR��hR��[R��XR��%R���R��R��VR��$R��R��WR��UR��tR��R��kR��R��fR���R���R��R��R���R���R��XR��R��hR��iR��gR��RR��R��QR��R��WR��R��kR��R��fR���R���R��R���R���R��XR��R��TR��hR��gR��R��WR��R��SR��kR��R��fR���R���R��R��uR���R���R��R��hR��iR��gR��%R��[R��XR��R��VR��R��$R��UR��WR��tR��kR��R��fR���R���R��R���R��uR��R��hR��iR��gR��R��XR��R���R��R��WR��R��R��tR��R��kR��R��fR���R���R��R���R��gR��hR���R��XR��VR��R��WR��UR��kR��R��fR���R���R��R���R��R��hR��iR��gR��R���R��R��kR��R��fR���R���R��R��R��uR��R���R��iR��gR��hR��[R��XR��%R���R��R��VR��$R��R��WR��UR��tR��R��kR��R��fR���R���R��R���R���R��VR��uR��R��hR��iR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R���R���R��uR��R��hR��gR��VR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��uR��R��RR��R���R���R��R��hR��gR��#R��ZR��[R��XR��R��"R��QR��R��WR��R��tR��kR��R��R��fR���R���R��R��R��uR��R���R��iR��gR��hR��[R��XR��TR��%R��'R���R��R��VR��$R��&R��R��WR��UR��SR��tR��R��kR��R��fR���R���R��R���R��kR���R��R���R���R��VR��uR��R��hR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��TR��R��R���R���R��R��uR��hR��iR��gR��#R��ZR��[R��XR��R��WR��"R��R��tR��R��SR��kR��R��R��fR���R���R��R��R��R���R��R���R��uR��RR��R��hR��iR��gR��#R��ZR��[R��XR��R��"R��QR��R��WR��R��tR��R��kR��R��R��fR���R���R��R���R���R��uR��VR��R��hR��iR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R���R���R��XR��R��hR��iR��gR��R��RR��QR��R��WR��R��kR��R��fR���R���R��R��>R��R���R��
R���R��sR���R��uR��@R���R��rR��tR���R��?R��kR��=R��R���R���R��R��R��R��R��R��R��R��dR��R��1R���R��-R��DR���R��R��uR��R��BR��XR��R��R��R��,R��WR��R��tR��CR��R��0R��kR��R��cR��AR���R���R��R��R��R���R��hR��uR��R���R��+R��dR��eR��R��*R��tR��R��kR��R��cR��fR���R���R��R��R��R��R��R��uR��jR��gR��hR��R��wR��R���R���R��R��5R��4R��vR��R��tR��R��kR��R��fR���R���R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��uR��R��R��sR��R���R��qR���R��:R��R��hR��gR��R���R��oR��uR���R��R��R��R���R��jR��hR��gR��bR��R���R��R��R��qR��JR��pR��R��tR��R��R��nR���R��IR���R��kR��aR��=R��R��R��fR���R���R��R��R��uR��gR��hR��R��R���R��sR��R���R��R��R��#R��RR��ZR��XR��"R��QR��R��WR��R��tR��R��rR��kR��R��R��fR���R���R��R��hR��gR���R��R��R��wR��R��vR��kR��R��fR���R��R��R��uR��R��gR��hR���R���R��sR��R��R��R��{R��zR��R��R��rR��tR��R��R��kR��R��fR���R���R��R��hR��jR��bR��R��R��uR���R��sR���R��R��R��R��R��R��rR��R��R��tR��kR��aR��R��fR���R���R��R��R��R��R��R���R��uR��hR��jR���R��R��tR��fR��kR���R���R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R���R��kR���R��R��R��bR���R��R���R��kR��aR��R���R���R��R��wR��R��R��R��!R���R��oR���R��nR��R��R��vR�� R��kR��R���R���G:XPɮk�08����utf-8�afa03a16b25847bf82ef365761bb84489cc2634d0d373c83b19d5c7639f96d89���������?���� ����7zXZ��
���!�����t/�{]�"��k%m2_�f4p��DJ�4j.�Zi�j,l��o}�{��'g��t�>||e$
��s�V��_oih�uQ5G�-�th5]Y2)Tz`v۶pj�Z.�#_s��{bw�oY>HA�pڣ=��@
t T>/8�瘀=:lI�
=|
�7�9t�7�U�5&Ihyejl�h�Dt'[E5%P;�8Jܜ|"#�y�$,?\S!I$,-;�w�-x
vf7D lvJPAi|zV\�el�Z?cEPY�L{0q�܁���1@kohL@F;!5�-H$MsY�hgֆrj֣�5[M�/N�68�[ �\�NIG;%U/~;;f'�p!�-}!6hv;L�|�8{k0c�5@-]�#lzj[ l_#x8��t ]��K'joA�t�J�b`!
N`Y�lv+0oc�*6.y�C�ˋ�&�M67'nŒDŽ�ø��4q�M"!�K
SYW6���V>nϵD2��'t���%A�ώ�и M# r]l�W�%ty0ww�O[�pSzU3�h�^���05�]Z&)aP;;Q�ŋ�
c;&IJ`7Ty?�^'lCEHkB?7b`мlV}�ϼ%^Õ.tV¯۸0Roj�%0�J�% og5�X?�R'W �yR7~��vA�S%@�x|��moP��)a]7A aI�A5"^d6u�aWAh_�:`[�]y�7�KDfwD�h$Ow�?0S,݀�(7�,�Y�r�-B/�Ū��Aq>/R�Woׂ$n F͚@2�8cQ�}<.�s�Yȍrb,(0�9wL@�w�P�ݎMtu{渰E`L[^Xr2W!,t
Y�o<$W~%�Kq�Bչ,�Ȃ�{.&GxԫHn�0o%%,ofO(l`�5T�2�q]H0!( Gnc)�5�,�$h�}hOtV睇�=1N�Q�#(�k��Jnӈz7
.nZτqc̭6f['���+i]2/���d�8�liӠ8+G8��=hS�p\InZm��A�L:~*�̰�`L=�**}�Wba��?"�@q� BJ9fgH�x�d
�Π�P�0�ӕF�es�c�է a�t�C_�-eѓ0-マлVw4:��cyX#!�}įblV�}�*rUwP]iGV_1Yr6�n�̭V.ݻ�7S�p�6)z[�)]h|]-�r7*:#)߃^Կvrי�lMOWq�zyh5+TT�NC�X.�b~Z�+ {A |�aҳ!���=$>9ܢ5Ђ1�fC}1u�I껭3cF?|
��W�OyT�sW�$MSt��KWdڏ(FE/@'��WS5ԡоԴp{��ZgHk"~Y;�,&#B�w�\WO�whj*
CSM?*}�
r�bZ��Zf�NJrh�S!7C(F�'32�xI�5q#i&!�OeKXxjp1,y7KMx)��-��I$�P��DO6ݔ�Gms�xLzy��
5®&$nSd땣;=�szc@"ɞ�Jj$K�=�AH"PgX\
�Qwi�bG
4X3 kt�myw't=}*ЏqĄ5Nbu][>-`�@�ԩ"ݩČ#�X]TnXM��ZUx_C=W7E*�@p0zX8R�Ca`ZbfCl\V�*}PU[H�� �ػ&��Z?տ0c;x*-M(\�%|&zd=Rji'A�Qpp:7˞M`q~tG@kfj�4;V=,t�Kոd �V+pi!O�=z:4r�/fw��\
vpP�n8N��Wm��ezZo�ˋU˯~RؿiOwYr���.!�{Y��~�W=Om#IN]
�N�_Z��ۼwF�v
G�/8J\8�,G*Zl�X
}_]�frQU�IM%�5k)$#{�H�PQ�{1SBD4*z固ءX�"�`�8m-
箻#%S_]&ꏽ҇S6݇Irp�u!ެ�H�64�7.UEiJ%`0nrn)�꼋$�~Hb�N*�I+�Y�u
ERce��u�핾E$b!��Gf],ɫ��NH���p�͌Ly:P
}O.�ҫ$6^U��UE�~/��Bג~(;@�Q$(Ӫg��%�'h@�W1Lы�*�m�g�֏F�&>^V�h5\�^�[PHO)�oAzmy=EԸA�Y)7ʾ��|s.ѿ�_,=DEdVO��Nҋ �NE>�xN se2�X嵞PrUUkNcՊ6�3T.#paZn�~�TZQ� f!Rmq�K�=+j�)]iS[z3B(C}n_Ul@�P4�=�˾Aq/��C7"��|:g]u�FM
U#M�]^Z�ɱ
�;B4-�}�h;j�:t><�W;�l@\o)1,�Lj`/+�OO�*}�VV�q/QNG�jLj�Ju7ؙ\�b�Jw)dM�])x�jâ;�g�
vip�)�Iuv_�srODf�{?]/s^:<�~GE#J3SY�
Gh�MGM'ZXc$k&F%[F(�Dr1~/`#YJތo5]Vo�_b_7pW<.�ޟ$&ufX&]��T}
To/Q݊G
pF%C2��O
D:tTA\�w��1S2s2B~y^��ٓ73D #fGQUHwje�%~.b]w9S�(�hZ
v]Pm_IBak8XJ3M)@Le8W1KO1��6k\N1fj*~"@� �kd*uZ6�bI9a)t9ӟ Ѵ8T;dd�2Mٺ_OpwP�3u@vۋ_��j�~�,q:�V@4��|F*}߶)c`�۔uÜTWQ�{=/N��,���9XV8wd$!
4!*
B�7�B49A�
]v�L�)E$.8:
ztX
M7G�9k6L�",0(r̩&TQ5Jmp@@Y_Hk64[>R]�֦.ԩΪd��K+]�<4H2S6\FLl6-�,+�[Tk'�bM%�s1@c�s�"Rsô^:$k~];$�M꾼�([/�
e(�s{���nnC`�
MIs_�8Gt�!8s4��JxAE�D��p iqF`���yOAseLW۷��NGI
��@8O>y�AM%ױa4{� ;
%� $w]�i��>m�sp :Y�= �j�I|@:=.|țU�ȸj/u��|i�ze���}�W�O�|"�|L?�ޯg kxJGW��s
Xe6
ŏqg�S��@`�ޏV%�x[K):1a9.͗�'!qG�IRJd
R�<-"Lg�|~PD
��?5sWA-E_Q<�ܹ|L�Hje��N�6z�>^%pTt�N�nŞP�7lq���1��MZ���"�6�!9R�.]i!lw_9mL mbN3�V~H|@��v��rzD�S8�mѤn컃 \N�T.�0�*�m-�xyD�zЧ`4Ŕd;SSXBӼU@�ш� �ྖ8��_�ф~4B2S�:0S7E3:0kIEB˚fg,�]|��C�i7�E4�LFmҸJ#f�[6$
�7|���~��T,DbS66
1dFW`Z]�ߎkÊ�2®v.DX9g-1��<���2S�B8]|�bQ-iOۯ�vG2t'Wӑ\?�Ee�l�T��7ӞP�wEdb�'ڴ��c��B}13f4�V1kMiNo*amŭө/�tQ.E)ģ�E@�4?2 5ο@nW;OpJe1n~C(?�RD���%e-X�ч�*$�Y
�)�&0O#��/9>h�+?y�7
w=jIkeۧ�Rϙ坑Y�Q%H"F6̖7V?J�w%h+�(ʒ1��\�+8�|��@�[Kb�JQ}�I/��M��!Ea̡:xA AL_]xs�'5jōߢp9&|/LR+X$N� 9�WP��Q;&BSԓvHq?�;)p+��L]��i�߲){_= �sa 6��k#!#;USw$3�N4T}�r$رu妄9ֺOq��k�xk#�빩v���Wǂt#�
�S23�@|r��v�o@{z��Gک+3jXF;f�}U2s*%SRvr EleYN`�jw0���� ��{�L�>'�n��&X�i�T�w:_DY+��_�
x3X�jԑ6n Kgޕ�uq�<`9
Oe�kw60%Ԋ?t;&�D~i�Ͷ�TeD�$]w�s(r+mdGDPP,lgkY�놮�0WY
Hh{r�{\$�͒vT.��#<^�i?x���l
�NfݕG�K�Ј>>89v8�inyS9RH�`Sw�3`�B�^
HG�uh�:�q̡��Z��pߏ,
�u~�ՁF5I
~Kc�A �eCɻ~�eFM�rd]�[�Q/Nž@N�h�#u�}\TZi;eUgXt�px)K�
R^Xo?L:�t[Mǘ rQLw ˅lQl�>%I�ZuJ5Kc�@�s{E"x�%UjT]>PI&uUCF�VuZu�չ(�}
Tw!4�9�Wt$=��etr�aI2H�O@0�l%~�g#h#�p�e.Ͷ�6kq=:KV�nR�Y}g*
>Ɋ�^�ˣE�/6GI�#>Ȭ�-�+N䰠Bfd�s�b�MFL%pQIa���
W����t}껰:[�$Iztl4�ib/e�϶1�YSlWPMRm
���/bMGK�H�SpC
��wH{qb��#}#RD=�;,4DAneM�Yxn���pPP)}E�K0v֨(>H;�K7"<b%nI&�:F`I[Hov{WEzJZsuU!�+ߐKcH13_&b(XQa5`5�۩(�u�r.m�J5g1UL�i2�@z~T{t�mg�b�3htÒ�+q"{&ΉI��AOď*�h�Ґxm�F99im�Χ+Xt�6+ک{suq�RD�ɄiƢ�J�.(�h,�-�VTz�TpI,Xئ��ǃNSX=h�)Yλv{Ay-ҹeC�;�@qE@mp٨ET݊��GC�:�W�+9:C%gF߯y�\42P#(��~
"�qy֟ONz��捾3Q�l7C2r.>X���[�Li��&L#9Q�%��)Y˪d[*qePG6c+�m6ܕ_kG�bJq]�ćL�5�k)#rh�l)�*%��uHőN
<�ZC˅{�]eI \��zP�C�s�x3^DQ�N�DS
۬]�*-�/��a?K�n'3֢\�W �CrS#;?m1y
WqB}otϣ倰ہ��ς=�!FuidNnG
&`i$Y҅´Wܘ4�Ss�aUR�>`!�TF�-_aYb_�&d_�R�%2zd>0
�ؘǹ��R�+�:ǻalgၧ[s#L�XΐAl�Tk�(ܟ$�qzeVD_xIv:;lWU;B
*$J>M�!Q'bD75�P ֭5'M�7�����#�-}Q*8� �nM�� �'~PWP\�r,xWݰ++�V���]dVzs˫�]PeH(l^3�Y=
XIpc`O~�oNNڸ�OA��p�r�'wm/ Y A�H*�*Ӝ-t�{߲0ȍ`ngvBC|�c�C(9�{Br�З��\j���fWxw�*��lfBax�(vG�~��jkZD�}aJfY�j9 e(�x�CϘ��_�+`2VF�C=q4��r5O%�n`GEAZbm
{V<�}rWn
S_?TaeuwIV:�~]
Bk�{��
m8�?ĺ1P�=�Py4%ȶMfKC7�C{�TE`l@�a�\g�ݜz*�=)�ȦQ�u!��Xl�wr%�f��Bоt�?�'LBGx���]vӔܷ�.�W9���,`hVW=�7{{i,Cj.7ӵB?����rd�S.c]qF�cZ%�@��]/*� z\"�6|/-:"�kN�0
@U�`�]���TL.X/h4@��t\0,|mk,*ue�*(a�wEFC�&Z10��a+�iNP_�9ל]Nj6p\@uZf4��X~ؤ@ȯp'dF-��3GX@y sK\��\iLG�O-E5TeXl-rNU";�Q�/dq;*FMr.欴MoW��ǧ n)j��լ;�6�Rw$:֎H�XU�-/,׳5Y�&o���*θ�݅��uX�2�tFQ �TK@Ö1umE٢�Ÿ"�dݍ�z�Iɜk�_��C�b`>8�vm�
�oۮ�e(x�Z��Z}̠4.YjCs�k5~BHCe_4/W\�F&/yN�4'�g3Mg
QP_c*6.q!C.fpJ@|�
84T,a�;k6yW?
R�Wk]YV�3A�Yg{st�uG13A4kNb,�
c�֚��#>J5s �Z}h4�ND#' -[�}G�OiV��Ni1��2;sG�拼�G�>ό3��e_ؖ� �Y*Ύ a��毼�z_�o5ђ��:D44Қ}�L���Tx$
4̂J��U
oVTm!@v,vI�^ƀ:N͠tzU*�0"#NXfʖ8��Mطz$Vo|_�3ZOjNx a�~
�.Ww]W�7�Oa*'�\ic�2xt"/'pQ�/<�qQ]�wxPʫ;^�Ђpk�E`\�ZApaC�f�vuq~��x0mu~�ǁ()�FdqHx��)$ZS=8E�Y��0R
L*���q=%�PP���3[ul<܈ӱqjf5:lXݧ^�C�a�xe�^%X�Uc�oB@�K^Wp�-Fr9֓a�w㕯Ȋ{B�B5�Mm�Wes�RsN� ',�qpR�nHRkjh͎MK]*4I�
Oxo��Ueu�4�m%�x*5g�6;"�\eH.9�i8L'��q�av\Mps8�|[�Xe �l��q�A9Lg��by5�ϤSlK�dTC<@eS@Nxh^2Hmڋ/w��$b�FOghHyG$K0y }2mv/d���8j6θ�?�5��dCAN9%۫c 9ҩ]
D"
U1�¯cSs�e/?B�)HG
�#ͻWy,�#qX`~�rTjz�lD?53�x��!II㝲tUٕ^=i�$K+DҊWOm�tO'
�jh|�8b�v/:Sf:d�.O�Y�L.~�@^�+x'oqF˟&.~5[��s3G��d�uIw�Ȧ|m)J[<+Nڂ
j)�BH".;e(;�%SQ[Ṣr�aU�{�r��gnk#���It�]n
�+ax1U0-@�:ڽ�Ȓk)Ah,�*X' ca9�gԊAi%�M)5�$|2�l�Ԕ�X!De"8ˤ1�Zr2]4=<+B�Gzh� )�"w^Ci4VjeCSd2�7��LF�Ľ�0�M˔KJ$7!~\1ʤ�mC�!ЖwkO �^ڼlnA*f43�xngAS�7�irP:`��aa��c,c6z`M"2 6��om^3sA;�GDԴ,A��yV��'(ъx��&IF�&;F(;$R�Ve�](�%}^�.�S �&���`�o%Shݼ�r �iY�a%u(CeVɼ+-"L�Oc�礽B,ؒܞ�i
-
pE.E}�Q�(ʙ�?dωY,��@v:�4]n/oC[dj '|W$_y:ܛ1cnJ�h_oLnB�b߆;kdaֿ�'��
t!�zC鍂n[=�Y*Q G aK>t}A]�;;"�)?�y\ǥ!.�]8MQB�xCeFg�fQHTcWD%Ozd�H/9@O/CS"�)%ے�$_OؼL3�����IV;(�i5?\Zd:dw�P�8�y�\�\J�i,!lM>"��J_֤1 Y)Jsʥ;B |7>z�ʏ_H��'W
4ў�U �B!C
�1�摸Fi�1�~tO8RO����d�bፔ�7qjO/VQ5B&.Qju;[˨䐍Ið הQ3H_z0�NE(V=�ڱb�ȸzй:2OiX-($��|PQw��]gB� xmN�2*�
,#&Rd(N�:i%tAm2Bۡ�Zk5&�:݀��X�#i_qy@.�lix7XV}�\YFk�=LɄŐ�`$A�/ĊBkwU�'r"-Peo*c� ;�hE/A�ya�2M�"�)��(/,iO2WE�l#*Q/��/I��jQ,U�~h2Zq|�pڶ;���4�\2j[o�ّr��#URW"B����g'�TW=q�>;2�:ϖ7ɗP��P8&Tb��b8P!MfL\��2�6bA算F
{&U{DbOhޣ�55zX_�;�xInv>��
k�jȆ)'[E_qdy6�?
��� +b:kaV@sX~ab���L19�~_ƲF9\:QvXڪ dž,D}jY��㝌W�!@�D��L�2�{VF*R�"G����Ӑ���5e.R�~m�rsbU^(
���gM@�"wv{Ԥq�sz>Zў|~s;[D'�}rPC0g�<3
-bO֕��ѵh|gK��p-Šczp���a�Z�5�Ǘ30)ik�n�R%hs5[NL6�0\e[E�c;ҴelX�S�DC�j>tG4�IKJQ�]v[
S�U!*kE�P<"4�D5LGPR&D]Ҷ��ad.9ꋕ�^8#9Ә>�S&��
G�Fv*&W@AqbK/i�P,�MGF�dKU3@f�@y
@]2�o j�eӅS|�v���tIH��C�rSnDK�U+|m�Y�R_�im�Nbjk�qN":4-�@�=b�~o�QW]Ot4y�2,ǫr!�:�ouT�{�pd�@P=@跠j�M�"Z[29
g\JǺ�Y8gP#L�
�%�(K:�Le�jvm��,}�Yy*?�i-�RŚJ [ڑ5�TPN(H�1�+Z�(�)@MT�q�)�өe$/?;�K7pO>|
gF&�UNӆ�5mW���M�5N�Y�P�U42��X7r3�%�%gC�
pE8cf�� E�'ڕ�
�T]u��GZL�;C(�&t��u8�;s�}`|&�7q�N8Dy:"]@EDSb5_*QUqcW2%2-DkN�M!Y;>]g ,�d��*CC?Z'=]�0�{"�[Ys)XMki��� �i�mXrz��(u9H��
}%�R��
�6S$ꧾ��U��P"J�j4? nkA%�&�u皗�ǀ{@nӓᕐܐUz� �#����LG@ ZazZit���E�Gt�4̓~�N�f.Q
d=*#s3gȚՓg]52�I)-[
1ˀwʇ1D7'�Tfx^x.{Je=;�<3ݘW*(eDhTM!�(Ǻ$M(�; rM
�|4�»P�٢��7Rd,'W�gՎ3Y39n)t�/ţIJ)$S5���Ly��h�i_.ʦiFrSԬk`Lej�-�&wPv;KT =ݏG�I]{�O�'J`Ӊ�X�%3ytdFxeoY�@M,�,xa�95A�U��N^�#�'y-�yt|sI˃SЄ;SǦ�&QwuCE�3v\�L>\,N2}>KaNVB >lUnj-/Q4ݛu>�E^6˖p1G0PcHcuفU:׀��.+VT�d�h��k"O�_
p�7�A�X5Cf0
��!u�0�]y3]#-Uhܮ�Yt~<��ձ#tw}.xE[N|sG5w�q|�uLBXZaPdk¡�_?+#pGҝ&9+g7�55))unM⨄*`@r6otw٫ �Z�(HN`3(7�E�H~S`S8^;��U`>^f��,өB`�h-g��8gĿ4Bc^Pn��_ÑQcU'mq=)^86˳(J�ҤRhUqGr�ӣQWd�ƌ(��kĝ�`��
�B@}��!;O"bVf!e�)�0s./8
78MoG�=lV3\#�X�)\g�l���>tJF#m9o�P�T�I�C�Rc_s.
&1ox���UCkrbS$&��DSVt4�₆d��7a4\�7orh8<�č-/岠�p��K{�:K5{AҤ��4њJo�ǍP;t',KtQ�:S�E|/[j]6y&ѝ.m)!4<:S_H�o�c�/?"S�&$T
-}aiji8�sbE,n6�P�%ϐ�8PǼqbOsSܒCL�[|�.3+�X�g}�Gq[4�4.R^z�:6a}oWDZei^�,�=eu�[m4�u0Ѝ�Z�g W��HV'@��(?,��Bcr&>����rs:9\U(�Sǹ~A��d-N�9�489
ѵexp�-
'�DŽm⯧i�~L�U�ẏkش(點SJ�尛c
��ŨCp#f�'x#SzJ�@�LJ�1F�XޗЂR�_¯�}l�l�ۣ`Db�͛ź
�5M�5o�`f&�>X~��8�Bϭ)I(pG
$NKJ>&Z+E��rl>WWDU&�Iwo�v'\�Li�[Q^6�ۛ�zRs�ep�Ҡ*��ۈ\ǼqcDžI/}5ӒF`OvK�a�}� f/i�;n�@ln!�iZ;փ?�|,ohY`�m;;w�ك��AZ*yb�:r8{fƐȿ?;E^5lˍsZz22"i:3mn.
25F$f �v���U51bGx/�oD%�w/{C/^.
7/ؒH ַhjyrcXR��iB*#��+o�kp^�`,JŬ7$+�+rA d9w�TY%�F'uBAdeA�Op_�y�X�Bq.?�~�sԖ�u4[�k`�k6E�.sXa�LM��o:28�gXQX}�cM*12pZ�
lk1U63�QAjB?wޥJ�;=Ve
{��Rn¥^�pe��<;3�㹘8k(C�>���D=z^J)2mU�/ 4oS_��S�]ڇ��5�
�4&�VU�|h,y?;!ׯ-0g3ڍY@Y�G4!쒕F>�S k�X�UM�%W]MMbx� �fKwwXx �hs(\~ۉݎ*-�OQ a�m아
�u'q�<��kYE�9�7M�yݿ *Ȧ�]oFD
��q;lWE�J�\xn9w�{}Q%Kp�E`�24�mk1ِ[vv��%f�WӎE|F1#7��cRy$Y3�$x�5�2�wʥGSޢRA]�O/U_> G
|�evp5�y�p5\[$OT�ޓs�z<(YU�X�Jst�NΑ�gpTTAF`r�q1�5\Ǹsv�+I&"l�3mBX,0IU�ۧ<,�U[��PBUV�Y|e�253�:oW�kz�d'=o}�i#uؽQ1y�
�o^݃ЭYޜpPF'#Vׯ�sˉ[��t'�yu$X�yDW�BO8{>s�aP�\Q9o}p�I P9C�C'Ӻ��$?
Ӄ�)�Ң�}KeMo L=
=C�r�Y*`;xl'9��Ny�,9�LVy`gIѢ\clRW:��uP�NJ %d�|&�Zԁ]?;|�Np7}`�ɛp��$xC{=h#be"`ʢ8�f��H|;-Ov_�}WoTA�kƾxC?ڀZ~_ Iv$ZO��9��KC�KqKѾx
�99!�_GBz ZK%ZAV��WJN�:\WE 4h-p:Ǧݷ� �\{D7��4bȠ�w_\�C[5l�Xdi5� *�xL@fBdՆ�gٻp$ ֈZ�ܜ��1"y�;2qb�3]t�W|3%;búACSEuA2��(P�&aQxj/w��Mt�p~v�Ç?O�+_¶-�^&T]fT��sX�ٿ:yXQMhUHc0Kݝ:Sxd[ٲ�!o�[�9--ea6'(�VlyPƋ>���0ޢjo@|pk�G�F::(��2s
Dj��DI(EЧA��$w�yf��!�@,�pL�<1a_�K!�[�eJhb6�" 0?
kໞ�Qb'Q9|֠tO!(��Js쏩�{b.�i.�W=MT(
�#TƞcVu�>EF�/�E�5-_
"8[�#l?cTpp]1T5�ۧڱh�4y�=i�"�a{918��
lMh60fN.�/�ܔ
z��dm�L�#�Z)�u!kW5|ШWznL�e�<>�y�dԋhU+�ޣnLh��FV��wJ��˜L5,8�Y@|LeV+)AMΰ�X7֛*i1iz!`J2и^�q���cνޓJ%�rr�zr&%0�).1q(%Wj>X�%�^06v�Eim$KH��`<`v0�jنl�]u�E/B�T�!aU,uzYJpb�G�H�N�]�(q.�Dv�w_x����-aɃȌہ�\:ο̈iCur� �N':�ğ�%�D
7l�\p|�U)z83X�N)}�9&u�q�M�����~!,� #�hE@?.BXk:9ݞ5ؐL|�iQX
{Aб�=��h5�M]{Χ�HNr��!�!�-ڰ EI�z����8nJUw�;XtMVjgr7>�9s�NV_Y�i!PZoyv��}ish�ou* �3PCE?�Uusb�Ë1cD5S�_"S07p�|�+rcU;xS?ٯ0R]-3��Ԗc*IG
r$Q7w9[wKT��?&�)�`�/H(vt1�$�\N7*3]vJ5�4w�UeAHfw.4s�&n=f�H3CI�vI��d�ݶr$a�i��6<�p�l�yE�/v* r�
NC̿{���XdG�"��eE֍tT_���-�}LՉ�@�?��K��]�@g|�rY`FEc�u;LH80TF#�WF���!0E2]w*�N5N iUEЁ4�/W2�K�B_�Z+)�rXvbo#|h:`�HK@KϮd��865Ỷ(>lPm^0s8��7N!*[
1d�y3{zi\F ߫D ̩)k���:1m�/4G��J4mk'�
N_;Ҏ&�>R�}�o�t�&(3o�?�;c*ᢚ:$=���2m6��>�Z��O䭚.HV�ˊ F&���Z�WMM%̬=bAc|%G�S]ɑYM�Eo\�I
/syd^ILF@�Q&�{Lm|uB#d��T4(Wl_f6S1�nwkxu,Uv{G�}QV5�|UhP|d~)/J0! GmB\r�@+߉6[QJ7|q�<|F> q-Hfj<S HXEPO66Bѡ�z��WQ�֜
:1V-�t">95wNs~�N�
5\Ul
.M$O9%\�n�T+b�h%eHH+Ci���m�kJ&X��9�o�(cžT�!F5@-ԍaC~�NGl6Vb��HcK+I�C[бg b�{}k
3tF�_�ՉbY_l�Lw�\N!BQԞۊ�
d��D�AϷ<%ťWv�"}G ��bv^"�qxJ1h*?D.]>] M*uPj|K}~NLxNP�t˳3VhG4 �T6z&�薯�ϏS3dB�gM>�-KG.k][3�$�bRYw]_ �.:gYRyy=4�?HFqk�Q�Zowdk9$y<`u}K��ފ(t�tG�Q2q�aQkuJD�(КkIѬ3ZIXa���ë^�M?waLW�TVpjo$$�;4!4{ՔD�}ٳTab��4�Ax�{�-q"$کUde6�q^�Y:&&2K?jB�/Z9>w�U�+(7ԼІA_OZ,�jW��p1��@�
)�E�K+ՀASj\Gt��oIz� Vs m�.1kl!5ҳf�91xT%5V9摭Ļoe̦_q]R�@s��/*�1eUo#�ɗ~~42~"yPr
Un#^>$Pw%+z֥Ms��v�ϕޘ`p+4;Tl�9>56&�
�R��ˣ`-vsU(�>MiF\L�Ϋk`fKAvɦ@BGL(�tP|͊BЬr�`bVdΦ 1�G&�
=>N�y�ED�?PY�i:@y}���<�<�h�ֺϽF\ �7REtm���KO�ed�@~ն�\�*���;F"7a�̖W mx^�R¢ԝ2�~uK�.�#9x
mDH9�̀�'1yD7!߬h;�Naz7�ʣh�i���kN3a1G4ab��0);% ug}%G;�l-AN}v�z ;�^$�vu!
<2)V[E= Kjɥv8!EgzX(ݪ(JW7;E-ą�b�5V �2�\�tuƦf�K:&ޏ}�:e�Άj7�IEj�ߍCLجS_0}x��CeM>]`�h%DKu'e.*Z ����@x>(LAʉcȈ>CѐC:o.��Q+.:?:{۪�E�J�P榬��Eњ��=�*~%
WF:�Gu�1uӫ%Df�oUNj{{D�qy_�>0��+��LI_֟/N�iX�+SwS@.�
�Hx{r1n�b)ၥ0O/g`bMGXwX5+ӛC!�.�lWf"s+�Oэ�?��$JҢ�1ڣψL�tLbiU �v�l`B�n�{@��KXlG�#661:<��a%.V��OftH`L�
G A�1�|竾�T+ؖ`���"XPyq¦��+'$EUxlPT'�L遪 HŴ߬��-G𬋃E���=04ćP�B$&tiꆏ�Pw߹a_y�GH�Nc�w�P�㈴83��2AcO��@))2�ϧmS�yoغ�K)}��U=�kslVjjq<�@"J2*/�d;YZV8*Өe�߾'�(~#JuH�f�W�Y
4.twW,Ƨc{QI�H7_V8�s"q���~J`"=uG哻S� 48!0 gϸ�ja��=u ih�cWX+\<�Xf�T<�E�9TeLW�ۘ@NuMն�$)n3ⅿ|H�m
�, M
��0h� s`^&s".jj)
�#�|�-Dg33+c�c5VlK:īcɳ?ͮ�
#{E�'&sC,8ęX:l*Ѻ*�@}���\1:dp�gs(SSs'�IJ��uB�_6���i�"Ė�w�;@�n4x%uګJ0S\�ǀ G�UL$��x�XZ*Ƭ>Y\q0Z^7
UVmV KFl8+4SR�.�F�k�T${K^վcK�8Iyy'[�LY7��mytq6GQZTY<�'y�j+4'Znەy#s�bn;uF Y|7ձG#( �W߹8+�w�VC[i ɐ +<���;�26#+wܒpK
�8^?1Z.�?�=]
�H;3&>O�a�
M#�-�;ř,ιv�9T;ߚ�yˢ"8��d=^K*-��@59HE�*md�Dل��v����K_p˾�&_&p��)7}1r�e0.�?.ʏdyVӳ5�,�Ry%oR`'Z}O�m`8{r*gRt�-ZA.4L&;3�8
jOҪG���1| Svcfl!zw8G�1E5���:G&1���%L7-��/̷ �L��L.E
�V��s~MnL+
豴�ڵS~SUcg�V.�q?u#�**}ےR�K
�ɞ߫�:ӂu[R�yH=2D#O:�͐��2b�4Vi�\0L_�'gs^=3Ӱ�:x�d�nd%'7Y9gD)9g3Ze^`�/O||��ؤ䥚9Br�όcHʱ��G@!S86y�B���\O���$z܆KG.L=q%wG��[eD��U(�\6͌2˿6!�)Q�Ŝ|ǧ�FX�ALgm] u�
*^hr��?�'\�'۠,_�K�]
�Ji:=*)mwm<-^2� �e�<�_$]ReU`2��8P�h[B�Uo-ja`ءZr.�4*�KuCz�fBFHD<$ɹJ�gDTKSj�w^Hx] nkrImZI}*ZEzm(5ÓLϝZE1A(اh�q�te)R5)#QSW~/5wd(G[m�G�X�VPaL?8
�!qRFKΖѭ'Ǫh;
C-W挭kJE�+^�^+&��YXFز"pt��J!'OX��ߔGm�b�'*p}a$�?��i0w%�J�;e`Jݪsڀ4y��S�噰*�Z�E���&EYC1G�)gY�61r0^+ܷ�|tM�~aEqo��dTh��#HIttC擵Dϓ�a|�@�K�L�
�[\BI�\�{� N.G�wвVAg��F]�U�p�c*3LF]e��lyK�6l{�Ov�Q�ar,Va�F�S/9Y��p,ȟ?Le=K
֖X�"xy�F
�f?Zc|Wm};[0��-- U~�Kɬ~�m(G";�.ÈK6㺦7O��B+2J\PL�y(;&V{uf@D^wgc��T�(�=uljBҘ��,d뙀;&ccѱn��1bC$.",LųwLjbs��.� -(":�'+��W֪M6}A7y�TH-&k4F�6i?t�>L��߾hemȦ,$
6N�]w}#oJZj�d$@O�{7�Ij5`/xp.9*S˗�X�~�h>�>>�M:Z��SԖ颛�OI�ZFf�P*,ZF
i��!]�1f�VmjUauqMAO+g~Mܤ�O8
h2�QI6}A:1]~ƗJ�hZ0c�YJ{۾U履�wz'a� ���U
�x̷,�s5V.�_4kh�ݣ_GxSz,p� uǻ02@Gt�@r�]Z-�*at,u�}U^.y�D+P�C.�PNs<�<��VrCN/V�)��W�FL #q(�iov�+?3u{I]3]ʲTv�5C���
7C�%Y0�Z}aрzaɢ-_kX;(`;w�de�~#ۢ@p_O�rv "í�E#A?�w?1z`âUk8l;g@G�(rΕU#kj��wrH$ĥtH\S'~~)β1�H�B(1# �"-`ki r�b+hH�(n9T@/�]ݣy@wf3ZU�9����d��Mf�w[e��j��jbTW?D0�2�P8}���8<~��,���ƒq9��{DS��G�ҥ~�".*_?"�ʞ�A���zj̥"TK{ce�e��?eɇsjy��Pv.�y -�F�`.Ti b<�[��?Y%v"Z5U�, �zLFg;�-a$�H鲪="��?W↭}�XFwAW4B�J?�;n^NC�>*G~WZNd0g"!V&[^d!+3x(*d�W~K� �F/:Ƙ�A",��3jx r2!��q3t�@A}?�H1ˉ�}bo�&Q4�ܲj%%% @0]��JN'��FL߫!ϯ@�, ;!`H7!/=M3:4FĨK8uj4)iMz�g�nP{�@HMρ�nZ�VB��%�Dixa5{.(6rqkF$1r�
v'tef"%zcEpSr�.CP5Hء��n}+!�Bt=wE�{>`XCb�2:I˴p��ǚ�w�"=�PC>:��^LƐ�qkf?@"�G3[ٌI8�wL+Nr!�N���W� �[f�'i+|�DD#/Vf$"�L��D?Ԝ���e�Rq1�4a w�b���Q|����TS+HI>�֮X��h�Oh~_ТQ<-,މ<:)%]8r�,
&V�БXm�=99c/��q�1^�8�vG"3�oȐlm}��g�3�^�;^/;Ύ
uZ')fZ�1b�P��1?W>ՌScUW1iG�[9D>��|z�6ie�>Q�D[;9h&ʼ�s��m��
c12T�M��\%
gc7����K3OVT�f�]�dBW�}K :D��(E*�.E#]{F ,r*Ǩi �V _6K_wӣ�Qە���K�taЂl ВԪjɹqB�&ڒ!�+Ѱ��L07m\ƚ.U�4�0 >ZyqP+J%R'x)֭k�Nϵ�]�xM �(�LJ�Ab-v%�16jp fx�:,�*|Bv'=o �gT
j_C��{#�$2�`+˃;+>�-�A7(Ou�ڈ/��/HkVHN_V;GmSy*T[9i�V]2��
י�*3N�fȔEQ�Z�'��av$l�z'VlynԷI- *N❨¦۸V[J-k�$I!=�N�Ŗ�x
q>V�&N�Q*]gЮ��2G���B$hF�?ing^�`�s!z*yd�YQ?C}\ΌPDzs�dTGX?÷�f"/@ܔBȆSxj(-C8mA�|^[x=SB8A�Z$���M?�{�ƍ<�jJl�T�,
�ax�?༾&_m�I��!7 [@@E
�BZ1�zy"�T�ډ�`啻#�4�҉%qbfd,|4v��=n�)K+n�^Qqu) >A���u)�1d]eD~#o��;�Y
ad�")(ό�`Qo&�uk"[!-O0{D}^1Ek�_wymW:�p�$e)L��҃Lcb{HCsbq�wXc9~a�w`YRW^4u]=:B/�静��Sͣ�"9AO-��!Ƴih)tSzlɌD�bU4.Ni1�8|�h"Ae�&��}ogzU�[�X�&*6�{uz�E��-�! 13F~xv9V����*քDzhG>&{ȉ`z[p�-�5!�SC'W夏{{�+,1NsjRMr� �on{'�i�E^:ޕKMhJ
�zW
IT�r�K]"qvr�x�p/*�D{�]$19�p�7F�M�Ma1�P�\~�o_=�D�`9Q��z[L
\gG�n7CAb(!agӚ����;$k�`t]!qRp;� 3m3h_15,�3XM^
�4�@.r>Jʻ3w�j":R�ywඔw*�g0ť�Ȟe���L~�m��_PdETxLlMH_{N��X$�8�b9kw#+'-2V](+�Ǥ,&2�_/e)�`R`{Ycew�'(J�8`�toO,]\BI"^R}8&lR^-����`m�ey�D#I�6mȭ+afiJ:ͯ5_$ﲼX@Q0B/5w�OQ( $K��W%`�P\Nue�!Nӡ?P P#VȄi<0�"8&.s&S$;ڄ�~ǫ5os�?-泔*PN8P��Bhfe�U˯<|��X9`fs%�W��]$8cJ�[\D/0}$8|o0�bs����Nrw̄Bꬢ�)7Z�m;���"���[ lW*�F\
�./ δ.�Q/L6ꆶK�X�7Y珖Ӯ2�&AU��t`I�p<)̹M.�Z�c�#"%Gav�"�afC\�ѩ$�.�8,»=�Ωs6�����j
k!�~m?�]�%Pk�]�"bLGm|#�
xH3,Xc~�Dj]�ou���M6�_}5%Nk�ۣ
&djֽۍ�4Ծ?#aԟgL-�u�Fp��wiOvO�!bY1�gHb(/BHVs�nc'T,"_jΛ�wLWEa�rhE!r�iNُ6u�D�^w��%�M,�V�v?k�]ӌ>$R쁥ulq݈&õ�Jo:p M)>BJ~YkW�lq5u *:!|^A�r�I6��V ?"U��>���q�=�?yEܴ
�S)LTx�s�,BJIȖp4Nt[Yo#u�9g\x�!~ �S&做�'1/W�I0�o,ʳf^?(u�gL:E��t駉,�O.�o��cJG�0QUΦѦfּ4ih[:byLv�&$� ۵ ? 8GM�}j��V(n`�oe)pcp?0�IG1{uṮ;c }VE1�㻤p.u*d[bKS͟n
i0 @X�B&�9$+^�n]h-Qj$�+әLΠ] �'XmS�ew?;
kCn487e9M|c���WsK���T~�Ě~Д&��G�?]�Yi�+R�߁<";w�ӵ+ lk�~ة60\0:&U�=�]vaY�kU�\VZ��֎KJ]Dڠ^sB|Hd
�]
AiZH%=L�:%މ=ZiF�\(�D�6C*�iq;s�h+93ipdY����~�^/S{.)m٤~x퓖y�
ږ&6\�c.BVoY��nP
X.B�>qnP"�bz9>��!v�d�ƟM[>�˷�<�--=.g`E�H��+8(I��x>g�F?XQ
QB3;^� к@�8�^}�}nϋm'i= W1$=^[3Y!�gbN;XD�Kh�w�43!TӴ}�� O�l��q76f~^ޡ�j"YEA�T1d5^oVl�:p�
fо�m�?*_K�e�$li��c(tOH>N�^==M�;I3`B+ubA#ExCy2�9�$�/Y�Φ%b@��@�Db~�23=4��a{j<9g@&V@O17� ���MD5�61M��&=@n�$IDZ:/tQ:�s<]�̦SQ5$לy_om�S�!RxJ��>ra&�.��M=�c�i0oVs {K�ۉCDT{-3z@u��Ө���AeEoh 0�pN$DK�[(�xI�~k6|IHǛ�s(6_7��~
yRv]3qEu��q�LJ��F
f4w�7��Ti܁s��sɎ���/
�a-@24��[�(݁�?-�r5쾱d`H-?.��`�:�%2[7BFu�fD�4�~mSWT_�|a�.Ll��`�
PZ8�a ��0 X2wȟQX#;[F!��eĥCx~\elݲpp�ҏ`ic!ьtQ,n!/e1GW{SDAc1Uzم�W�[7H�YKbi�<8u eΎ�Ja�]��Oq
�sX>PEkQ@- nbff3]XH,}ҳV8Od/&l̛�Ol{7nߓQRta�w/�m:apB<{5bt#*vS>��7]X�4
ec�L̠�7�EK��,�s
q�ju|7Y$@6rH���҉ʀ,Lh��`X¼2Xh>2/ѴUJD\-!M�uC$qfr\u:k�i;*˖9�ʲ:�6g!r}Q;�Ajq�*�~�ry:��v֖X?&m
1(3WOmV;5�HjrP�|pL\<`�ge'[eiXԽI~?/ᗹj>=PweϹ
�KAa2K�W;w&cOq�κ<1.KO�mg$T8{vkgc9̺�<>{|GUH'pH6P3`CxH^�C]Ғ�ہv1�{"�9`9�}SO�=r��{V&co
@N^l�o3&�9�{KӐ7��ϼ4Z�>��%*k�JMܸi0m
Pa،}W�%וa(]!ȥS J]BhlХ�2:͡0bJ!�H�(:XȜd߸�ꦨ��s�y�~C?rc{ }Klg- �e'!�*x��xr�zR�y�qL(Zws�䳏FNH3�OO&mm놽+�"'B0Y5e?8,?ѡ5�z���cYZCo#]\դ r!-,�bo\�QrG�m][�R|}l fԄs㣃�T�v"Rwm� e�&EHrW~[&MBSWfE�ƙJ�%ԽĴj1t�{ �4*eG%n39/��A=O@ZL Jd$[M'{)�dJŪAb;�el��螠�m@9�$Ax.�XC
j!)C�`s u�5鶫`̘�
Je��H��7*�beG`K` �ܖ���=?O#m~�'�|۷��!r�wZPBC,ڥ�#��{Otz00r_�<� %�@Fu�ٌ\}EG$p]kT^v�3V,M�OH�&j͍cZ;�ۚ*#o)���#Kl�sC�!`-/fNO���\�[4�wa�X.��Ф�)��{mN�4UY{&v�6j͈�|J?t� B?˱1Wuc�Peϝkt�S(RW( Vrj{+ʚf@gߓċm7�5UH9�K_6?$ScT_ݨ:G}[3�a��6{�d�gTB!k�2fW�y
C5�dFSkJyz"��*冏,�[]/ȔqƱ�;�fIc_ݽ� �ۿx̉X
�.�^�7�uQ�4r�ʢi�$��h�)�)[A B��� 憢�wqAF?N�ݠ@wj$i倫#
P8Ǻ/'[�U��_jK}�u�;jQ2�02ûK���u{ky�:�+X'~a<,Pa�M%i}Ңn��m�*�2L~"R)`M*
Q̤V$�ن���Ճ�R�kd㌷�#k�đ7$ЁG:ŝz:}-.�ai8P'=�FzYR\DEc��<�M`!؝"v{TlR�8`$$r~st=�=t�l��tnbы39�'Р`B��#�R^蓀|�VF5��¾�݇2=q��&��bowuq�f�H}VF`Ok?VVc�Æܶ�6Q
L�C}�T��T�UKP e˻�'!]�uE}=�8zJ�߯ڹ���"FC�g�H7j��il"WN^yr�yu�ї����e|aT]J`/ޯn}�,ѐ^|h�*c:XEԂ|vө3+~�.���4*�[�ׅE�М1pT?h�s�Z^0i"�mru_
�gG6�IHSY=Ăar"78ΌT�'ap�@i+kzXn��}B/E1t{'+@SK�d}m7@�½>萕T\ǶnCܹ�W5-,3-1z%IEc�Eދ����?ٷ6/Z}C��j�ybEw.�<\a}ϞN�9ۋo (lyT x&�3�ν{o'L��yƖq҈�p3Pq)�qI�S$2i
dd{�d�ho�%`�};,y?u��=YZPV1둶J̈iӻTNXL@R�l��$�&dq-@� mɻ[��vWnK}HYY�\EA:�T'M��KP�5U%Km\$)Y��mdNF�x+HMg"�.3 As+-
�?�tkϰ!Oe _q jrNq@Sf���8&mnʝ�Y�q�Fm���i�="JE�w@X��%��y=c�\[Myђ<�$�ZXBOL�bxH��!RCc2)tU�.=.�M+εK� z37�/��[�l(^ɓ��w[��Q^2#x)P�ܕVc6�j;c2N)9뻥���Յ� Gž9 -2֘U8*�2S�!Z5�( ���x�bI(_V���I\P�˖ް.qT˄+����2�Mh_��HC�U1�3Xk6~��7XPH>��e/�G۲��|?�CU5�_R;|�T:?!ˣ*2ah����u0d�g,g?��p�msgjG
@D��BpVO�1cV�2u�1N9i)ntMRt9dVC:M�g?[HL� !-�`[56мj��ra��Ǟ�`:v\EЕn\f _jo7h�>�^-]HF;[ƶ^cr�lk�WCj0~ZIv#�bM�>!UX��EhJ5q�\W
7�WBfx[�%Tn^� lbAO��v`K|�K�p
u�&>Sۋ4rحRJG^U{rH�qhG:œ85��5bV.5"+L[+4��&�V9r6nV�LDO$G�uh�4XMn�s0�E{V96bV2��[7E-%
vLv1=r��=|3w�d�n��Ҙus
rZ)
*�Qğ-�NG_
#cް�D}��Zy~]rkN>K%r
F{�iw
�v50�@ru�ύ�Fun�# �xT�N�"v'�ڽۿ])Sp+Ah*@oM�6[ jRf �g��@t�L#VXa��m��}�a8z���uN>�㦕�P��#�l�-%�,&\��;� |sDmlqY=B$~
i AS5=v�qG�X��tUXl0�GAMi�
7�p]bp��Pv��ї
㭴~f��Zm�Rr
ε>�kS�-Zjd~p
g6+fan2HȺ.6$s�Gg4Fx�+�×o#SRf�〄��R��}8>b�J�].//@��8p��pQrs;�5Dcc��2�r�
�>q9_<��IMw-�%U$�w=8ߜ)wJ\08�Y}O�sUg;83
`5Ja>XFYl�1�A<8��;cun��1G$J�>Tv��6SI5k�5�H$GE2(}U��iAUCj�]zD�Q9yҼJRз�TyQ�iNUKnkݻ�( G`9]�6��. ��5uȄm?7.P2g5'WY�V��Ӳb�$�&^1-�$4C7�c� $�lքh:S�,HIhgb�@sϐJlo�؊c��sxgZ�t��VW �珍m:~wp~se��K�
�+¼;�'P<[�3M�T�lKv
)a1q+*4tܭ �v,пt ƌe�?!�6�?�qB�xM L*Â]�/_/�C_/\BbgܚP�,�S=z�Bv�ڂe ��>��б5`ؐ3�M᭰Ad):�>��QYzM��?�~>�zYCJ�XTM%{>u8BJ_�QG�eM|O�ng��8Knt��,�>1lz
\x0E
K>),Aj\7K&ieok~��Y6)G�ˮG/0+d.^w/(3�v�͈�2TI�3oq�`5��X�!wdF1HJR
[K#�dP^z2-˗VԼ`Rkz�W���N:lúz8&�o@Xm�]���C˒FM|#�= \?�FG��onn�:RgT7n4�|�wJjQaZ)Ԟycr50�A+b\Viu_l\!�Վ!os�ճ{~~3jQ{*\x��&.ܕ PnXG;bғM,Tu1==%n_98�#uy2 U��<�P."��/:,rARΔFN%<@Xbd�&c/p�ՈR�]Sd��xޓ�aw5Lc}>x�t~�SY�\$��k
b@3+�ռ)�ȈG�b�,;=Y��)7Q�0^<[ Λ'F�j��_a]z"֘љ}#!#Z�cת
~]�+Ӓ&�~ؑq�PC5lWHf�ƨgZN#2*g
/ e��9SŐ% dVmm���o[W�~�f?Y�qo� ��ŻX5�wxA;K�9�+#%#�C{1/�9Թ?;1'�_@G .�d(g�1g4[4l\Iڞ7!PIS-mK5jQj�v)�S�TgI"#�A9 �
1�%?h/ fn[y[ʲ������νuRc�[JL`hrݵDy:q
Y[�{?2�
&佽ѿОL{ImÅ,y)&J�O�ɻE/Ⱥ!IgШrR�'ԸT�7�R�/�_�V|3/י�<�#x�$,�xe/˅A:�yv�e��aaXAܱ`��w�^<
3�sRZ
�Jd=Nu9&�b*D�?�J\
9m{�.�Lw�&Ɉis�s+^ϵ[�֬_yR�"g�NŦщ� ?hCɄI*,�TxUVX݅#U[9TƛԸy~G:/纵W��U1%orڏMmm'/c/43S`up=4f XwN��MnvW�DA=I��fZHx'SCO�pTao�%-rb�l]��4VuWQ�^I͎�/,ĕB{_֮7,�q뢰e�
Lj(Fi�wd\�8AEOQ<�S̼�0��]VS�^z�3]S�#}jX^q6L&zD|soj|}L�o�(�QvqGna�r4J�ǯ^=1$'�1A\n�>Qcͷ<�1)ݫ�S{�^<�sEXgiR�p�˦ļ�PKW=� FqPid}-\55>{��}K�Ɣ��{4E8gHw!~eR�@W;?i�{��x �v ۅ$3%~�n{Ⱥ�Dg5k�a�+ۥ�|9"\/K�{Ԥ,2�����4 /vNCB//XF�J�(x,i$+��k7w8�Uq8���'Yx�${fE(6�/#ۗ
�85��Dr �xGT�W5Wha�j��Pnʄ^UNj�ۘ�,c;�!-�qC];<$=,FTj8{NMQǐJӄFSr�tlZ*}H�✭pUBc�H"�u~4;kb�ƻ!Qgx�C-ۭ̐Zwi#��,X"_2Pn;z1癗qL��~8
1cd-]ǔ2y/}|ھ)炊:J1)y#V q� ޗƄa`(vH۴�P#�%w^K�,�v4<]RL��ڻY܁>@�Is>X��:u06KyO�7/?�^$�͓ȜSX%$�A .5e�К�,.�*UZ~mWdwgS7&��{-%L)GX)L
bZfYw"o$D_|��#O�E��y|��y(e-J(�µ�Xƅ>B�m31lVʑ|,Ux��4z}K^?g�']?DJ+cݙ�-�#:�b˕
Z�mٛyǤۂ~Vzf��zc� ʡQ�Y�?M$>)d}8v*�kPB0ꅐz5�GNQn���g0m�*d)� gI�Im�CHMX^T־KH�狇�sf�EQ`b�||1~L?Knx^Ԕz1W�[4H�mD䚹flʖϭG�I?h�;`!!L+�71$u4Z�r8�px'�*Gs��4k8fS�l�Op�`G0�w��
M�AV"��9[�8+O19.��ml^ovēwk@BW��]TI$O�`dj�u�u�&4^'\+&��l
�}h�RwȾ��D�8d�>9^*/)�sEּK {J�i_/-Λ��q_M cX.?�i"N>\9見V�j,-ͤz"�,Vs�c
+$Wf"ƫ*h�N�
6wEC%�W�Iws2.��mN)o/�~�@
ӀJ
��kh,H;�|q�iOV}fXPaB/8R?�C[9*�7�;S
&x4
$4:��q9[�R��
фר3�(i镑#�B=8j��${�D�x��$$PY~ZkK�ִ-�7fغqv
0f|�8�K�O/_Uk'TC�mD'AU�w=QH#mPmܬ3��ǥn03�p�)I�ehoǺ@
�'s�NQ킵u�R� �F⾠��Pjr0�LSudSySVC�ɕ�w�=�.A}>eL�l2u��R3pHfT�928�a/cbU|:p>�0�uC�m�:4k"x�q`=]'ۻ\˪��Jr:8Wr�o��)gAF2�~±HuY@89���"�- |� .�l{g@ND>�pb�:3[xfz���yD�: !l#��L� ƙ�FcGNZMJ�[�VvT鶝3>}Dr-8̡��{@]=bf�*�Z)dO�b2}]#km'ed�3#OݗU�N!E*]�]1P$hf��~xӨRh/+�L[K|@i=�I_CS JZAYSV`:�hu8Ӷ�V>V>�tP("RԄJ�#��dt'y9�} 4S.hQrTU�'r4�
@d�mMs$\"&I_ �d]{_�}v?)P|z?�T�;q\h�{:�۴pZ+N�#^͛+U^H
<2NG�U��]�V5���֛��Z|'j� Z9Ӥ]q:�r�h�g9K~Gkj;q<,,$SW�L*#Ρ�)G�'xv�~fk�v
L9eqI%n*ALm(¼^&럥^J�L�ݾ1-ab()Y�1'��c$�֖ޯ~Olʧ!Ah�>ziz1�V97,J�"�߅-Oڔ Qz $C�8ܴu�ԞW8Q)#m`l#Pf i
P�de��I�Aor>k
�b`
D@K';y�
�qw�Ӄja^:.
d(Y:�|ɽA&rt-�H�'~ sPb\�l��V� K;,=w4т=ݧh\ҵ�
f2ޚ*B(yDD*Gɨ0ځ[q�Ld|�+.8dj�՟B �T"J,i��Y34q};^n�u-?|A.~6?
,bv[q/��1U̘ȿ`rZ�,P}WWq#]�ck[!ԳH B�?9׆5HA��0as͙}w�D<�I =|�nԛ���5v6D"-ެ}̩ؐxB<=u?TR�g'-,����u
�{M!>e%X0O�a�[|q^+0G)v�DoPPhL�>G/��V�v(R�$MsSa]#"��;vqDcz�fIٲK||p��T�y��D��{;^xo$lX>59Ր_QXZÔA����])�}=���b?IC3�DM5l�=Zgn�C�B('m�RD\@H��^@r=�9�5ݦ��D=}�=2/�tY_k!^�qHz5��PY%ip%߾BfXj&�/#<褤x.qO{0�]wȶJӇGpĤhGbE${W�.��k��և#&e&vj)C�'�rm4�3
#5 �Q|.갈S*�g)ηA~,��-ژ*?$@(
���~jfqr�[Vd,%e�4>eJ�P
YU�)�ʁCCwXB{kUX_�Χ���b߽�
Gu]4}1.E5I9tvR\qKibbA,~8v1��H9.�bTׂܿˎ�[C ]0FLx
@��ONQWeП�C57'Ѭ�#PQ-:V�X{B�#M�q6~c! h8ǰ 5}��vԭAQߧ�k�
yΠ:�o)YuI<�B�B\r7��xg^c6q[;��,4 w)M�eZпs��9�U���"�cWNQقDɗ��J�K-C`#3:�&Mk�sS�6L=��E։?8B�Ae]đ`�,�,(JY\zu�ȏPY9~�n�*�%Su Ɉ2ƨoK��p%G �aw)&�w�K�A,$`+3;
G@�+ђ�`�70R�5N&�g��4yӸ0
:+�!jPk&-�-֟)Dk�F|�@[t�nyhz"{:(b��u�:e@C�H�\D`}!1!��5uS$:Ꮇ#H!PĘH%uC��(q#�c-C$t��ڿsȔ(47�$m�1�J6U��Љ�##@�
K,�jʚv[l^jH^+ܙ�`BJD)>NkDžnIx�{0���}]X.UAR?H�,7`Ah�C?荃�`q� h 㬡*'c�Ëtw7bs�K�j�xo�cЇ�]-�0=ɣ6�9`6>M\;6=!FbG�>[ޜ��g�V$q{{>t/X =V�chdgүz_ _z1G"Y�f>\hQ5ƌb#
]r�+D]d�{Nć8�J
%MpAY�
tL�nqqmy;bsow�rԬ���ЎJ��H=mEw#[�U��we]穝y�� .���xºrgvb�t*��9�u��UȺ�jf
�3a6.gԏ�w|�
[,�**Z�7G^�8QJaᣤ sj�f�lPN.I��b=g8c9�6}~�P,ֱ�-�AR�=|��}X.Ci4j1���t= �CV~J!j�\Q+;�u#1(J� �$ZD}~K =b�#�w�ٽ�^ CKDT^ķ81֭�sX]^^$Cx2z>ߏ<�*x>�r]0=� >"�$�pv!��eÀ[S"Nx��9= OK�'۹����
F%؈ptu$ǎ���P!�P
>_|"�(%B�eEYSOX%uu_�s�bH3NVjJI��l��5�|���gʾo�`")|��$r�j��G��8QY�$���Y<�p-V��EO�t| CuWc|x%K_�Mv
�I$FFA��� =Ɍӹщ٣�7�
t:(�mw4D��T0sy�W��0�1l�Q5ˡ� D�1=p 6Y;�Nw�KQx ��-Q=(�u QC�A���@"< �U�3�h-qM��#Fc�)��3
�!.Gh�@\å-���{@?e4P��4Tp\y>��pvXm0O�JQ�DMU�-
�;v"i)JZ�=py<_����Y8�k8^��Euy|wR$(|>�#Ty��m6!9L^C290�@<_*/�wC5`w&(�;<*'v~��.NKB�
B4�7KGB&�z[mU-l~��"FG`@t6�AI4cp�{vr|MP�J��#24�&!%�u#��AoX,>W�Ѱ�@>]A~n�I~0�Z��n�2�FuF�K�5h��F��ڜ{?
xdz��p!S1?� .����gܚf��P�D��$x)&_{׳]CG����
��ձz�m}3�WCq�@7�x��+nA�n�œ;d5<=�_{"o\^ @�V�,�Aa 9j4�؏�(� gHЈgeW�Hj�&K�X�GOqXL;H\k� ��7oZ^OHF9���ە�Z,��e\g{�BZ%|yR`Èb �%Q��$PE((�s쫹E��$)x$H��=i*7T�_�>ٕm)F��!Dj�6� ��tE{|
p�"0Rƍ~!:upyw���!b!HP!HS�*�>U:(�zgJ�U>ô+@D�STTpĶw!�en^�18[y=hؓƟh���Xv�}'x~�[oУ HJ~j\O>)\+\
��=Oq
8AkS�
-G䪼d7ַ+n�H�2f�8q^a'0q\!r�@mTjI.�Y�;:t �o �݀�8W�/\�?29CHP%"$�ב��H����ȩtdsXZ|��7x�e-:Bf�$`�Ȋ�D,Pj��j7��y"@0ڼWs. D�d-�UX�e�|3$p2�h^cǓU��XY^�O~L y\D�{pZI鸛/(YP|��q�0 (�^g;oGt�Ε'idꄗ��kOn96�}1߳6ߟy^OxmPFfv (6̨Y&Eej}"BJx_�Jp]j�dc�S4k�Kw
2
�=��*���{Ǿ{>w��G�j2F@"ߥ
QY>q#%��iR�$η6�of+"�dEȄyz&iF��F#$+�i-lllf^%FATGȉ�{g2�^�=|�����@&`hH"
J+IG��-s-�Z"='h�㋛�՟+N�S#bK�G?^�s�у*oSCIz�Ly7Gq%~0��䂙S|�bF
�B8j�mK����8_
~PquQ5�pA6 �vQ!9 įqܘU�:P7,[fdC�
70͘8{~W0m <�wi�~�38�uN9qk��pI�I�H]F,�PԆQԞ==�$9\+c6�3GO�nʖ+�nH�#7Mék�9^d)HsɂaowO$I ->f�>�~o
\=� "�8t@I/|hS&�O{m:��}(\p�}V&Xe!l
�307�OH<˲:֚
l��xh��/T~-TquH:=vV3A�`j�
�D�X{:u[�i+of0(zOX�@J�8ZJwwU[0�vߎcustL�w� I��T�4�`�d��P{H@x�W߳��w6d�'��\s_y:n#Qﳿ-sz $ $�R�@._f�x.�!B@/IUa�BՂbUVOTP"2+.FKd�SU{{¹}�|~k_u��u�(K�"]�8pE{�ܚ�!��^=��-��Xf%W��X^<_�#P5i6�"�@���FK#�ђtӬJɣ%$�"z)# �ua`Nn~:�dۿ�CB-9�P8��p�f3֖="�`^�ZV0��E�HPQT!���CLP^SA$rT�?z! A�^�o(M.vC.�ZNc|Z�+�BF��NnySMQY�p@Z->OfoеP�|.���(hHi
ZdQ��x?|lpx~7m-�ci�
[Y�'ɷ[ߺ�$ьTw ?�8]7hꂕ�ddD!�vZl}ÙP�QP$^`�d#^GC1립2&gf�a{x}+ɶ9gm)Nߴ{Qc)tI"q�#mӢ|)!#�~eic��a_?C2_.0CK&G�� �,!��-Q�s!VVdf}�ϠNF=�rj/�� @�Zo\Xɥ6\�=>1Ho���K1o
I94MEO̲+��yzU:ei�E
1h�L�Eȭpc{rv./pnp^כ�]N|v~ 2 y}'b|�k�ձ,kb�6$-D!4�P�BS(8࿒dHFuG�o]\�6�@'H��`�X 7To�Z�tsN[t7&>oG9Wa��Dw{y|Q<"V��nn�|C�2h �Rv�hT+#m�#o�x}_pXs5^7���]ђx7۔m>� B,��V?AJ�"_RA��D�R�v�vS# ��6�ed$s�
;d�ZtJ�YQ�M2?."w�#,&ֶ�+(ݬnzgwӴSR7�;kU=k߿oM�Fe(�Se6/]JD���
4ON?N? E�WԜ'(#?_�O-�6|�=#
`@���С�(� aXt��-Le. +ZۼAb@���(ra [YrO�ԟ'��W[/
ޞϟn|=t+T͋8l}Cl%ѩᰎ�D��Y��֠$U�"A1KC(�^�T^
ƕ�P�ADT4gIe]k�t!a�迋i=|'�=M8�nf$8@@���eUk$F�*AuS
aJQ?Q0@e|rO�;HBl,c�.�COgI2�b�2Tx\3o;:�Ј} ��eE���n�n-59@���B@�d� +��x/8/'�/+p�h�%y�6YUjQR�MvuȀBܿ(
��:3Ek�yЅc��:s|n�r��kڌ�u BA�`<�#`-��dN� C^AP�n
v}�߀uE/ѝ>�<|�bmx @; �w�kG8�-Z�C�;fC$�jhxcgS폒�ʼ|^6Eu�.ff�kZ�|q\U()�jq͊?W#z9�ۥ]3�74�|�O�OF7/g"K&BcԝyS�;�
��Ib ͠""�Ci+rČ + ��@W�̸ 6(�'�0���'�Oq@>�T�<Áo�4*�(���H'&H03�~�`=͂3��!OD�Fi"��4R<{�̊&*)� d%%�4A�I�ߥz{;OR`Gf,E����6�" a�4� b8Zȴ_z
�aWC�Xp�ٸp�%ޙ��#'j�U�.&B!@��?�}a�X�}�eH:�fqV!wOݘx﹛ ۖ%%/b�/���6c�ӌ0mm7Tdsݱ�.B��}#äw&"^x/@bH2�k[;1Z0>�#��1AUMTTc鲪Z*!pJ�'ڽJO�%�x|/V��yK;cʻgVK@�$^�g|}m8�aL�AJ?|;�=�v`:<���M%_p9C{ M�w;VOS���Q�5CP���ʁ�"4г
g
#�l��G28HA��C���_�N]5!x`8vVu%=�J���E1c rz8�oso��/�_5Ix�?c�t�ΟOx�@��cs/�Ȃ�{?3��sz
@f�7DB�0M~�9Û�(�ސ{�{T-�^��lh�7!`��?�|ŏ���}8�P#�4i'm]X}�!�]{>�:t^ɼ?�� 5V��k�q͈4�h�݁Ep[.{AȿcǍUWn��.9�0w8J�愬��W6Kh}&ta
E`T֦+!��V�:=vZ
�=W'2�y�I("�@�ad�RK~j�D�2MS(DIomYg7=_ݽ�_]#Z�VA�������a���V@m4�� MAO�y#xB D����dꮆ������@�oGWU��Jg�"̲bs\5`�0?w.���X�}�,�d�铺{jROk�Qc̼̠5���"���ap�_=Lh|?_6/!m��}YO.O~��kR1Z?�6n.3#4�7��*
?/Hp�`p�F�u�"�R [Qb\ ^�t"N~�.bXv#P:�n�B7)/�M������
�<{ZE��.m���F�>M�u�a�U.�cB\M&��J)ߚ�brJ�#h�z��qwJ� �h#��ἶann*�QS~H�y|s~UoO$=rz?X�@ϗ N�?˄^R7̍?/#A\dIA�}���n=b9*g{b8]gt,^^BswL{5�}of��)9ǡb~={Z
a[UڇxX!�q[̰�J0KbP�[H`9e]ODTM6k>~@g�c" 9hLI"0ŶX��l (i)0l8.�!ĺ�W5ך?VFpe�5a�����E�mv�YVE]kB�Q��X
8b:�ep}>ֺW``jL,�kbnr/)|�;Ҷ /m4+ox/b!7�
I�E[&N
!�iwڱTkT��rg+�2�jr�-601�t%f2рbΓ�:{iN�{�s
Hdj/���扎0LV;br�?�ҥ{Xz0xQ���ƞ�B[܋J!O9`>c@q0�A�:KN\CCs[!pd@A@�#ZDi69r6+N#$�}��\0
@ymW�QTJSm5x1�XU�1=�%dl6+.�;Z?�
�lȐł0�UR
E�b1u��hdf0bs_�9K-v���
;��zآ]6E�B$H"z:Js]���iӟc� N�A��ZP�Jg
);Q�sT/ؼ��S�5�$f..C1q�&"J.�7�4�WE[{ݙ+Qjז�?�B���E�UM���5fz�.osݔ9,nO)A���}�������CI_�$ɕ�Bc �`�4�.�o�����e�jj��<�>T��X\+@uk;~
p�LʑT~�@3d;o��cmy�?H@HQ����PIA0@�wO_Yg/�&/��dd㳓ۈ_}��(JZ(BAl#}|DP�"9�IƄuW{Wޔeq/'v.yG�xtrJ=��cÌB}�C7�4�-O�cl�_��Y�T
�?�O���Ou}=gB��P[R�$X(��%�R"$_0dV���a"
I��=QY�X!;iADciD�@�(,HT(� ,Q�T1&- ȥ�D� @c"dK-Pd$1K��"a��p�
A`�d "� �IFY S(ޔAZ+\Yd���п�k�
�(��DNֲ�0)Rjt` BA(��B�N\�\-b0hd%Gۯ+�?C�C�|�?wqA\Óm:c�^"�*o�%-b�w�()vS�e�E��q$��L},aU��Չha(�F(�Mk�d-�
�xó쾮��QCISM?#b"a�B±虭°&��
�1� B\ٰYH`��!�}x~wtgD$?.ssqsBBA#}Tm��-�����"�BDh
�" X*]�$#�@�=�A�m�a,((*B.��_c|ot=5OW[[S^d
J�=foO+PcK:�W?!=Bk(U�PwP8~[m{=ÿz'f�/efO8.QK`?wQ�o�sYU=z�y;��?�cWbwe'_Կ$�X�EO_Zv0;P�6Sգ}�6ϳ�P�pT��h)��_�7jJT�yV́K,���!�lZQ\�Ʃ��YETvzKs3�ygq׃>+NkʶhN�J*�k?W�b��q�y (�1bD#�#+@DB� D/!;lD2!�7|� 7 '#ա۾_��Hg8T�nfvH��
*#hlP|
ń�"<����A[(4pQM�^��`�"�Qb�����,kȸf
:6��s� �3���q$0�n�L8 H%�´qa1 �
&2&1�X���$L�Qi2�6!�uho9����5, ��G?�6n4P�J-[�j�",rwAFx�[BQZx]5�ʾJ洦l/xOs/m=Kmʨ� C��+Q�A�ԈFZ
>YQCLƿ�.�;�ٞx'@�
�
!@ C���V\\50'NI�x}@3#aҊa\
4ۥar`,S>���bUZ P��r��Q�]5c��|Gq5~g'>82�>@Ihx�]Cd &8��R)��|C/Ld�Pꍜ3��d߲7SYu@��h�q̤nW&5�
,��Ֆ�B여Ļ2�e+0q���o!e�g��1ux)�_/�H9�20�V�ۤD��-J/)@Chlh�ϜkQz|C�^�!hRHaj'��׀+x�]0≠$1s#�EG v���<�T)\H�}L�$;��-t7>_> � �U=fA=�)�psT0��PC �z-�i��>LBBE]�TI�P�&?�mEJؤc%rXp0q`I2��KId&؊�UUFe`$ l8\
] ꪊ��l9&��J
K!��<0�"�a2)VK`%T�ܶQ��bᰇAQ*$)oWiƨ�y�Q�~Џ#,#�IN*/\}l��J��*Zƥ^bY
�\cP՞�#wwD���~FSW�Y�#}Ŷ6�&�̖0Ċ���a"W��"[{S�ك.m�Y_s'�\l}
Y"x�c�*,��eI%>qW ;�:i�ɂ�,R�_XS�J�y|PɻH!P�CR���*ڼ#g9վ�.��Bk�dC,uݾ��$q jm5�\`�O&n#46'�u@�"H!d_`Y_��Q�A �=UC^�\�,h2�XA{ܹ8voAD@Ӓb#!zRUʼ{cNjE/e$$:
|R]n
p*ȁn �dQ�H�t[]LQV®�`c��e"�P�"I�ԣ`�DE�XtXAH�t�ڨҊΨ��ڐ,襻�?av� �e(E�w�r/~���ljɉ��ʧ0�
C1nmq:T�$�`w`Cm~wjݵ���BϑP"�Z�^h#ai:ݙCi �hS�Rku3>yӋsRw��1JQ�@:�c�q�`n�֖\@:�B�t��>^~��{�|o=O=
\Mw.�XY�}@,dӦk�*�n�eOt=t*tk}`k��D�ݽ(*c�&p�X!*�oS4�LYArI�YDڳt_�@���F��N�s6��]a!!�=Uөz�5\�W,:rͣ'�ޭ�qO;fWTjrb�krc8$)F.�#B`3==�mt5|'�xy�`ol"ϖ�![c�v�c�sXԯi�Z��:lj%\A몢��w;{+o>LOع�(ۼ_֢wkզ��eLtz�o-
8fxc��)/j�ۆ)%�<4m F惷}�Q%ܛ�Ϣs�wfyOM��p{#K٤_GXiyY-dӃk�c�R�D1JQ& Byn5F7Ke�]:��
]wC�s9s$��Mh@h�sE`��_]�s�V$A �%� ?t�,}]i4H �ڥP� �j�yAzO�E+Ud`.)V5WIxz?'ںk�f%�*͠GP]SI�Y.�2\}_�P@�,d{8>-iY'�r̔[\/ÿE~ν{xO8^fiY߰⢣K`a\\l2|�
�C\T
l?Ucn`yd~Zg$@K�ጇ{wgZivKmr)rs���aLC>v]o-ywlC�ojT{�!;/ʟfo��H2?�c@'AoU��y��˶ÎKKI��*��$8^wsxd� �H=L@������D;mAsե?R{b
U_72+|`pER5yUϿ!y��ζ�����B�VSV~�H~*!�V,S"Z^5`oGSB�UaIn?�!��DmB�5�2��NvvoSe0J��}[�>g$?<�3��g�z2Ν�c r)b�(���E�I�!��'TlJe
�kq�ph��;BZ+ �t�
wk��1�7'
p~YB�7M�k\%ݷ3[FJ궘N.q'q#
w$1Tѝe<(�S(@��xnif]X f��'b<{m�_��%�^�g~n!�LZ5iԷy*.�j&*�&ēS�;3��XbX,2[C�)��Ȓ~�J��MH!C�A^´yU�jL�$�KzqV��:+��_g�67fo&'06A�8�ُ}uP�!gP,�é!,ϩij��2mbjjV��@�(E�Y$�f#c3d��am�\# gr�'�t�@&>*Pv�*�,2���\�I�MyoyU#�K���tY�u��l.l�Jϻ#�%\�&�B�f\Q�߁Z%���0
@DPP#�Ę"c�#ı� �"��mJ
Aj
Lh�"2,b�M�U��0FΑ��q�^D�����co�rVL�.X�Hf6,Z��(���Q �� A&D�bB0��V���BVLY�%V\<{l
�ٲ�0�������GkAb�J%@ʂH�tUisd2�쩂��� �ҰBq$�H*i3m_+Ө��e�(��~��,ITSN&c*B
i
�1@<�u
:��!X�EB�h繲8.�)
yJ��A#e
wՒ>DL|z{]l9�ɧ@ʢ�B3O�p�>x`�Բ@ɿ�d>1,.Z鞝oN9M�͌S*ms5lkK9W�[kYQ=nū�f�t]v7]]�8�3Xf��S}Ec*bps�J/*�f�,%gaufʸ S�iVV�j_L=F1~C�+.�,�,B����ᩒ~B;]p�0k�E!���EX�c�
T�Ä!I�4IQJ�D���@HAdԆĐ xI%d���b��A�z[��$@ûƁ�4E�2
nF�̡ zR" ai2r��qB[@+d��HB�@%A, nd�bO}�ۭ3`:)m��
y�Ǟ�
H�)���
AIz>�[�f��u&4��|k,�&ِY7��1Zc�PP�
��N*&JE�R�t)�M�d��`G40�%
Ttg���.Ǚ��(f�kҘ��*H(-XT1nPPŪ� Z.a�E0եn7� p�o>,�̵XTrfl@e�Ȧ��Q�h��6C�,�"�sKU
R &ՠ"siM\hr�C�JlkMЮ@��@41�$H0�ဗ�ހ$1de"J-aumt$,��$/�.J�"��"f�?%V�V.�)�'ÏK����H�;9��|ykڅ`�
�a�L@(F�����"GsO���
�
�de�`��PO�ບT�`9FDhGWD21qƭ
�!�6K\nܝ(�
)
T!
�ɛD�`
I�3�,E"jpդ�zP���\)l*R"Z(!�*P��8X�I6fzq(:MX�mY�sKP*US�VYqA�AV�,�jx8XLb@r]3/iH���J1`��C8� i�kݯ%坹-�DF�
�
Q��}uۂr�PY�ﻂǁS2ɉYk�tI�
kt�a�����R@gʋ;gsEϦ7VK-hb瘥M��qV"pG����;\4�*س
q�b�kBBIՋ��
�ָ迗)l(FCiR
$!RڪL��)pyoJ�D�[�*�`�`ㅘNX+az�uG��R�Um�9yjG [iD/I�ܫ<�`P4c�D�k4�F6�"->kj� ��Rʏ1]�j�(r9Z�A�Bfw#h�O{\�;M%G.|��x�Y�2��;"i��&i��|U!r ��
/-���5W6pxlp�
זQDG\j�Tu6*G�#fQ5s�h~oaAu]s/CRRHT�P ��
L2�@�!�H)�SckØ�2�ȱ�BЬ%ZZ_E
�})SE)&sy
�1<|ƼpQ�óC^qE$:Xg��yy-�Dn
�x�+39ԵBP"Q�BBE��BdDx ��i�T���Ä, 2'dm?3AQyu$'�MrTH��G>(�N@D$A�0��E�$
��� Z
XZUzzw�X4�e犆==.S� , ��i5iq'8�O5�
Ө�QBI�HU쉂tD��#��?|��
pĮJ=\��"]�!҃E
Ȩ ;n2p9y$�ol\ea���C�!)6�6G�@�J<�=D+��Ey`�aW �Hm �f�x�-{��@��$R1��ɘ�c�z0�2Eժ�9$Sb�m�/��ֺ���ABD|++2�*N��XM�.9��$�8&I�plփ�&g8L
<0�,\!K�a�o#+H8j4߷J�\1��W�F����C#.�CR(+It��$�Nmv.�F@??Q!�
;8#�`�#�URZڭ�$Y#�r4tOG*�l�7{C� ;B)Q�/E:X"yD��T,�U$4K̲�.kr,7��y{IAQі6#8ª
M0�Z^��@ԐN>Rq����m�Ā !hUw&B�`r+���s<\&O6%�I��\1E"�!kk�7w4&%[ %��K�)Th]�ec)Ũ`a��a"�L g�1�D��X� ���l�;Ki]�R�_LMN)˿o1��=oKA]ԗ�
Mԓ@�I{�)mXQ8j��5�(�F^�=��p
%U 3�9(͉ŋ�#'K:�^�?7�E;N[P[w�j�)�4X�x�聶v0#�bֵuh:dr�M^)U�y������T�BU-/�{ @5�W�k[5Q" �L7pF�X6�0\�}PN, C�@b!ܼٴUH���hᦜc5�cmz0@B &�cHz�b8$�<�N
m�$2u8�850+a�j $K��Lӳ9xr)po"p� ]��"`��FkG20&?tqP&�i\G��/�CGzۗ`n'U�7|+RBH�a���;�V-:aZ:d{v2~�?ld%vA�s�O.x���bL�10lFT�dQ����nEx�^^h��r_jD�([�nL�PpR9%�:R�۠D(T�=���)�h����J2�+P`�
hd�ό�&*E�AÑcnR오)D01\e�f���]W@YevW�.�b6"p5$a
NܶPjrX��^��@�Vw�P�C_3�ӞH�@�Zm�}7�7P6Pv5�A�eq@@���e\bds����7�7B=VZ#)b,�G#T�3k�.^rǻs$^ �"�
�^�tç![�#6*8*Tv�a�ƔMT*tT#C~;iLfF�pn
6ZQx4�k�0D0�Ɇ�F7�H!Q
r,N`5��h0p7uN!UY@
"�ijׇr]yms^����#P�� JϨ��T�TS��A@���R@U�
@) �6 ��""", �"��t��,E,�B�ڒT(�$B(H�P@ �P�U �PQ �BD�FE�@��B�X���@2�d��B@@�AD$��AVEE$D�D��QDdABD$T�UdQ$P$���VD �RE�D� �$�Y��@T�$QV@EI�@!$�VD��@EdUI�Y�Y���d@@DI�FAQd�d�I������ �FDDA$��@d�$�BAA�B@D$T@RD�E�F@P�AdA�B@Q$U�
iT� �VED �E ��d�U$E�$T�;� *2�%@��X�*TZ T��|x
�)߀#Q���#PT$U|Q��<��C� ���ĉ?��~(.QPd�$��倪�A��"Z %"%ARD�P�2�PU*��"
" P@�A7T��X�DA�4P�"�h
���� ��t �V@� �I� �I� �;X!Q��ä%/7|;:<%�ʓK9�{kN4W~?�S�hPv&d��&ov�[TMb�6�d/��ͬ4?�w[99'�_� ��!��
Y]Y_{e�_���҄(�AG5\~T|I�;v#��@|Oj5趬W5>gse_Ϛ
=Z~m++��؞67ΝSgҷ*!P�
ɓp?gty9z6No,r�(�ѷ��,7,�IV.qAX@ۡKMT|^D{zuҤˑ�n�[THbD?`� ��-�O%S쬐-��B��$�V����+z{I1��EE!3���H$�W _Krd][1Zpw{FA~p_>1�� �#ɘ3)Qϧ|òI�CoP�%Z=yF%ɄE��H@L8n*$�
��=5y��:$���ؖo7jK HZ�$M:.o��3vרB�D �C�r��Y>(r\Z#(�+a PBH"=��op>4styA�<|u\�_{wh�A Vh'�`�h"� ���~sxյLݏ%���T�ru{��A^NslǤ�:�S���k~ "WOQ�~+O)UGv��ꈍt��)#v�]aT>|��i@H'LW+S`� 36f��/D4@�?O����D��L���E@O�_;��E@u�EUБQ����B�E
�}訞>�_{\�;�,n`_Qc��S}U�9��-*2�|9n?= mD�*�?¥ޚ�?j�&SA�8plP ?J*}jn|9'`P�<��o�*'ix=?{�* �:T���G���d�m"&1U�N�T�,|ҁl^{[ExW�4D{,
�@2$�Ơ�k9MZ��fC(�wsE
U�|B��WH* �D�(o>3�T��_zO�bէs̘`>],i�&b@iq:� oIe��G,(�H�4`Q8P�~bWAnG�H䨛j-1L�4#'.}!
l��`0t{YKEK�\+K�ԧ,So�q��CB73��B`&2G.5CIq+en�ksY��f]Əۜ´
��>.;-d]�X+l;�Z�D�?c O.�ӫ5�.˵Y8�ƅG/)`Klf|n
&Vv[莖'[A+7ev
ѣXkGXGBy �Eov,~dNY}��)-6rI �����a2>BQ-9��?亚o!8��s U/qR"M�on7ʛU�[~:Tв'SfSy�7JیFd>yog˦p֬%x�&9c>57��D "�.#zG�ϵSGu�!�4(]cjb[//I�ҳq>{~4^<%{(+]!Ue�NN!& 5Դ�m9��7Eajךp1?ѻvz�яKLQ;͙�?W��L@iua�rL1|6Y~(-�%}*ڟJb�l|$�g�QKdٚZM�ʆ(n
;H
5H)}Ƈػ8�~f핚㞽�ڒEر�wjUO^�j�Q=+jiLa5�, {k{<Ӳp�Ӗ.�q���^�ѽ�=L��H%"����90��S�r�3>HM�J�R"G���ke�JWmV8��J(� ;Ȃ�Z$�A��U�5A~�-ߜ�{'A���},X�/�?�b56ǴC50�y2_7}��o*ˋ|:XlS{�P5{��iڕdeӧ�1��(mQj�離^
ޣ3C&�+(nfM�yn�tj���tKS]�ŵq̯lB{�aa!Z#S3K\-ud٪j,bh��Xg�u(םm�D�� -`�!d�z�
rՊ��qcMY-���44Fu1n\pMf-�J| ӢcͶ^hub#DM�J-[mVPDYT#ӅkYښsnX-[}T;fWlˉBƪ_An�͌n5Z$lp
J(�T��+'D
R�Ъ\-zC= ul(8kQӡRVhKG$"wTar)3�@^�W8�E-�Jt7�_k�̡Yû5��!-��]%�s\Yv��s7.;,¥s+�(�Z�43eZ s-�Ud=ӻ:�(�j �HZ�YZ�ǹ_}:x6^ �&EJy�(/z.��!䵔��iI �>~�:b�"�=⚯5��:"
�!ނ������@T,�
k�� �
,�c�5����*(jB�Q傇D�Q
1�5EDD����5�S(D�q�D�v�@``�a���@!�T�\A��U<���e��/�\�}h qDqD��.qTHp��:!��#!x�N8 �B�I�&*JŀkHy,{L`�V/Ӏ�tO�)��#9/�j369EU�]'�o�:=������c�SIx�fΦ渀ߣ1,h�U;*zld)XsvuXa�BL"E-7/�{�
B;Se')q���:s6UElA։�YM��0���KDur{VBcksC��ȅ-ȑ��dŲ>9;P4cQpьcc�� 9K-p.,~=�6֫-�oT��P�]M*:8LUm�3f}t�M&ڬ0Tx&��8THE'PH_|\ZT18fmn��..qUf2jc 4ʚTF"fRSC0Q zԱj\��T�2s̳�ыW,�94e�LsхߚD*�Adz9�.�Y6KeJig�ZKU%|man�9�j6jlb]wܗd(H_3t%ϥ�X&vH��cΓ8�k9�M0ILج3i*pb^+Z4aeϹȸ涪k#ԩMI\sj]bƗŶ~�Y}EI�mn�l"g�j4;L���v"'(kF+2�)@+ �]&gmnfg*9~g?;pSW#Sj,2��Qՠ�@�0�5c�V��6!�ޑ>�&�R��Հ켏�̀H~�aj*n7<]��5�&�{sl?���>tC� �y5[/ڌ+o�[j{�g%liU6�Hr@Dd�W[~�"!R-�NZ~mgܶ�F��@ظ]ٸ(P�ị#_FZ�G���s�!�@1���N[=~Hԇ(�.���N5�ǘ\,<&e99�i6l�iŔn5$�=ӀH�豞C��Z&!��3:~)�ӂ�t:��sr�7K.w��I[C<~]k7"z-�5n/Z]ή`a9�AYc<
&w)9y>>uoR-<^Xa�#~�T;�~wz{\Wϡqe�9CLޅ�#9r,ߢ�ۡ ^�Cųqw,>JDc&_�er(TP"
97xk̺g{P�B�W}Cs@A� ��Z&r�%)D�ގ�s[iNk�
�dJŢѡgTr�
�Y<�D�E()b���py"�}�H}���#`��G=Q1Ƞ��@�6`bE�̛Sv�mDMdOe~� %R�CP=$:QrlL]d
�T�I>
U^�({B��و'F�
!}E(��̡~�CmxCs,�7|4�sp7`&�r6BC꯷}wWW~-�1=̻O/l^o{=1iL&RuYT&Բ�h �4B o*'u|?ts�w{�=cJZ>o{h}+ό~>IEtX�FwH��! � BoVU�� ���ډ�T�GtnluP��x��MQ:H=O?ǖDB
Ǥ�}YO;g.�}Fx�llz?\|\E{FdMĿuVeouJ�-:t�|9�c])jd@~oS_s>�c\[9%�{%ʳ?z>5!I@7��Wpi>ֆFݯq9~o�y=�N�eIa;?m%gsd}k emT$>�@�D�!#�ww
*.oqm<��
e�%*���ce�f�(;GW|0w�+|�K�5Βy`[9Vk`53~�cX�=_^/7Vm�92�� 'Mޮhn�e4\+OݽmuZ��a��P(WkMD ��!DH�RZ�@��0H�x{Qyڬ[˼�$Gj��?���A tR�ob64�@/҆VZְ�R�%@H
R+mA�T�kW1oϜU�[[j+E P߀"?z(?n
"b*$����,O;@sXQ-F/T_�h�2�u(�F��f�Y�1�S��^7cEƾ�;4wN�#%�2kUJ)Ȓ��F0L&��!#
l>ǂ)v�Y@! jڭ{bl�e�SЋo�l4>%?p��HK\Z�yOh[`ZՁV���M�z~ ]�ox�`#NwEC/Xxo4�}!I�+�H(
H���E�_ē^_ʟH��5
����""鑎�ٓ���y~7e}w":n**;)pث�X,4oAQ�geELo�8:��)��4�n7�7Ҁ�Jpvr)D
(g%�n5𡯛Ibp`BER�R���}>ڿs/�u~%�3C�6��o�K��s-��^P�&�2IЕdJ8$]�BKֈ~я|jb��wךwm����~ >�,Zu �4��Ф'DO!�+̌/c8�E�ة�vATDr`?�v����)T�&P�xr�CMT6ټoouz;ra⨀E^Wu�eύ��o�zoH�v��FPmmy�"'���F���CfQ� V8��+�(ܽL�60&@z�X(�Ywzv�7ZJb?I;[4/�cn�:X�&c~GOKSue5�%܅fI�܀�P�Mr�T;4.^ZkIUdЫżJ!X¤z�
�f�,}tk(jƠ�s�;b�d6$�:TAaC��O�}�>C=[E;�[%&$���`˜^(P`x�Q�>BA'�$_Ѷ�=Ng% k�Q�OJ��_rSWS�&+�E�,C
���|oR��A�`{Dϫ\t:EXU_�6փr�oKs m�0Q@� �D����55o��gV{9�ɪo4BJ�1O' L[�;�=p@�Rt?y73�?
u)S@UÀ�k|=q ć>�< �=P|ݭѷ[�dy=Q/�v-D{MC#asϻ$UP0"���:�ϷHmu*% �
+L]6�=3MGH+MJ tyX+�ҫrXl=o=0P3<�2��0�*��M路"(w�`|"Nh'¡�~o&�>fL:�O'ԇ�'pY@�F;;(뾞vd��N3j#ix%dQE@ x�LܡBl�W`oI��~�v��~÷O����$^M:06�Y$�XbQq�NξXn_�6{~vw�~FKQ)zE�HTyp=f~��%4!koJ]wos}�̿dԩMAJ�x@,R/F\���;%A�嵪noR*gI#>O�;\Gc'g�ۇNvsqo#(W 3y{>"t9Χ<�ַ&{МmarI:z�0]���p_Y��C�Gַq=:(%*�{6y_ϝ�ńBtrݾv"d�iW��n{;�X�-C"�HnQ�8Nj{& :a�5]Ay>/E_�V��[��Ɠ|_�aM�G䯱�N�Fk ʪ�C߬p aE&뺘֠;K'A2�?zͻkWܾ:�կ^y$g*$J�5Ԟқ~#x�!I{NyG`>��D�yc�/7]ץ{pXOSEEH��Y6vÇz��p�`�&50r%�����%WI�<��u��D?Dޗm�&����U�>:UX2/�� ć�Gf�R �=�+C�+]CocY~l-Vr!�lB�D%�}e�I}`E��EAXܜ*9Z*�S*_Xއu�ЈT!Ny~��&凾˼�Sy3�`�T^ ־o4C�=ޱQ��/K!S5xRJ��w�NbhϺTӻq�{M��1(�T~Df�q.�H@F܅|^�W^�3IlOi7wnHj��9ϦS
t{<'dn}@Ja@�,D$XV�|;|px�ߋ��D$`4
?]�co=���S{[fLlhR7Kozft2'˙Ud=IӔ6ᾜ��w�kqo�|B�[p}�y ^H-kM�k}n/oB�/rϳ{�{G~]�
�RX�>s|G gr2P�~6�s߱45y>o__WNv[/n nuӝ.=�-l �2�
C�v`�5�B(
W%$�$VDd�(A`��I�CIPR(
��U
�&^?���Z9���kO/j�.9t=d��L4B ��t4ʛG�*esuOlODxM<[ITjag�x<��[r349ftfMA]sM�UaaGz?�7@O3wv/�n)��l�\mҀ-��^�-nik=*_H-JUP�֊SZkZR�e��DD�
*{_�� vTAE27��V'bʛ�q�;!$$����+@;_`qT�sHqBکxA�\Z�Ľl0P�~rp/��Dt�d�y5J_j%w#I Q �!'�7]�i�y*@Hkx/D?�)j$O2Q+�
�}7N�= \*#:���u9B^��Ծ>a8mn:F�۲U{Md7�J�I*,Rs�I>�=&Lq'*(2+m�+Ɲ�###J%d%lQDJTF �X�I ��PXPEFP"#�v+h�h,����R.&
jj+7PNgܮ=Y;be٦��9`Q�ܥ3ω !� Hi"ܷ'q1'ՂD��j;ԙ���QH��e8q�/TjL�uJ�2"?�R'fgYx+�x^]zkNyw�o;o?�|*~wΞUBX�9R�]|]3팓""�$�liŇV�|[:Lq�wO�|�|�8Tsl9_jtcD�%6hD�(�ĵuYccDu5
m��2Z+s�أmqB|H,��Oaӛ""RAH���۽Bu<~Suky;RD�=N=@��@� ��XT�T~l�=\augI@p)dr�왮:4OPn�&�H���V�\�:K�dj���Bz{Jʋ7Q��oC E5r* �5v\�s�@r��كgsVV�C{u�;�fϤԗrOCrO8�S�݂X(�P57>74�I_�'LE߯/��&&y�8jT ?�BVڋ_^].uu��Iyی6EU�PQ~*+0=J�=$*��8(Ʈ�\(4=3� h�Aqȵ0.W642�5dD/����Ci� >Y;R|t�!=<�'Ƈ'فhq'%y#StW�0"*4���wcƣm˛WW� "EɆH�!�GI�p_
"$�#
nYB�lD|Y�UTUy]<�#'8mY}|5fs皾;�Dov<7z�{Ǐ>�/!�irg
p|�TU>p2{چ___ٖ�6z�Ρ=`yF`
¤׳9�E&b.[ŀ�VyuUN5
E;7e�Y\��WI"⮍��T 5u�c� I"�_a�:J��aNhcZ^ve(^tM:PĦ�\YerÈMIn.٣e/B�@}s �C&�x
�]R/b rz6x/U,DY�
BQ .(&�`h-;S(z;j�dZ�!D(3=i��D@2"�"/��0?^�˓�-R�ꊃ<_g�@ �)"�� T� |(�"
#� "P��U}�3dܖ$D^� /c�x4vC\}(C�GxGHbu:N:@v�}X�|�v#L�"�1[{#X59[b=Ї�p�R:wAǰ՛|Ön?1dYW�6^�z�+=�*�۞4�o~gaϧ4j9%?K39sл7 ZW�}G%ClAT�lς��c=A�ey�[fۂA�U�"*��%R|<ѯCY@�'Œ+%.]iw�`�)#w1:{�M��K_NĘM�5�!:}OC3em;n�MoY(t@;�e']��cg�L�D�lh?<�U4T鷗,���8KK'h�L}=^ō^z�'߸bZ�>�c Ȏi\ׯ1"&y}x$�j'k�{$��N�XVq,&.pw^Ror . k4NcMkAd7pY?�3D�G;X�M$pׯ�;KS_sd9�M J�|&���a<�p!sFw#$>9cj� =}lCh~s�'�"lđ��)�q�TO�(�:͎_�}oQgb��R���I�D�A�}P�EUGA�@9.'uZ+ԝ\+ܽɎF��_tZ|Yʞ[J�dTY�eFP>B\�&�{ y#s8,ڽU� �^T�$� �f~=�ᮋhiγ�a�}]hi2���s�Aۿ8Xoi_ǭ
hH$
r*��
e2Z_f'>3NCs/�wwK_ŵ�.\�[t",Gw�3�OK�031�B,(�{`&H�@U ��D�Ǎ�� d@ ��f�h�2@�l`�H�
Bs�6�S1<��ۘ�]T�}6>P_J9�[my&Ys�^oZl(Sm�T1?:(�$:Յn m�f\}i!CjZ�pU�TI>�Lst��D0]X,Yf�NaE�l>9�!`'頊͂ᶃQT*��H�}xg��RE�Tp^j�簾, zc+>��iK�z<_��!>�ǂ/�FTTQS*l|%C�s�|3
ƀL(��{U�q��7Жij�%uVcgy~,v.�U��0?}~�:s|$�2*F?>)"'df�eK ���.;vPq=ʫ<��S�L#2_l�Hl�T�I2Ux�*�5�Ep�n2Z`tT't�߃��DH '�:Gڈ\};#:1_͢z;u<2Y9�@ֻ0@E!g��L6j�۔Q�Jg*}څrD�^ʨ�Nv[ {J�~?go�^s�us~/atܝ~Nʤ/~�,7f&=ix5�nk
xPqusk��1!:#יBhjṅZ�R
z�ٸ�Qq'�;G}r<}CSPDnkR�|ڸrRݵ]eaIƈrT�^��AI�w0� "*��iH�@@���*(/�A�3.&b[U��cw�Z^��ʗ�)(�*P�k͆�5�d�L�l��TQa�d�!�9,~�@�niH��q�@����(F@SN"|�N�`9�X#�1rnCax?à�ÛQ�WlP1�5*pCL�_cܓr)-�Hh)`h) ]��bD<ͩP#{��.sԕ0����肨 fTApBN�q"�$�I�^�P�/�!�\5
qfz %�@�t}O$r�d3�I#G2�\�4z6mm,X�:�g\&p�$�n]
BLoM�֡\Y
��+�ZK!;��EBCBp*N@�aN꠬ڄDT4e��|ܾRB_K�xFA%ǖ )~��h@"@d�_)�o �Κ� ��pC���TДju�@j� w1�M�*j=&U�A
\�ʆ�� Hc�D*NSTw}C=E4.�ѫv Sy7�viDTd� B,/~|_k����+JC'mgvP�@�OL�I���zMRsv9�MZ0-$y+@�*aӪ�'c�=( QSMK�
<�aũ9vp5 ���C^72́:LeYW-&7~�a>^s3ꐛR�d[ο���;P�'(�v!9�{8@��y|72wr%��sx}L>.BhfR�" A��Lc
3ݑjӱ
z, @aՍ�}dG}�7&2,�qR�Tݰ
yR��yu�dY2dq�mc�.�0^}��G VT[%�64�1�pys2-�E�&�0!$xQ��\P4��MG-:tBѼT�9*k�8$���ࠦP��H+j4P|�(s�kgGQ
o�xQO�Auݸ}qzؖ#yi9 CjHtn��ʈT|�}u}Y�ҿg�|$ �+(]���mк[`.#ﻏ�z�DAk;XJ!ZQ��Ă��;jB#x�I�@��A�D9@����76{
^ÿ��RgSBܹrFQ?<8~�@�G6>08i�˯J ~~Ƒ�� ���Hhit�EE�Z�z�T'(]���F�e 7
TFіcipd�5u#V2 GLUBBٴ`},�ֹDSɜlY�����P(�]1|H��2�]wN��) !D(�2{"`kC6e�w}ջ`2r6l3w�rgZ3YAEy6�<)�WsuD�J�"3e&gfݯnn(��TGJow?mu@L�DT�J('Ȁ�u~�ܪ�zO9|M*̂�FE ԂBFhτ���B"~eSlOB�}Yr�rܽ�kUQi=߭D2�7cbc�.�6�_.\\/�{"qB=�䵁HR�I1B�,@F
?Coa�;L0P�nHI� �z�R�?�
��q3WHjn8u-�E2H��Inƚml�hrRjo8��)�S(A�ʉ̫J}tvMh"" >\=��\/cG ԤCM%
}?u.�ZڴE�jps��}SY�PО`&iZֿ֘D�S&"֕�c4:F�X�S$�Tј:�Y�?7ad���N,=;ܻ�qpV[�\B7^ܡN�9y�Q~i@"}Ƞ;5k�9!."x�3Ify&ൌoԻQ`!_B�Ȏj�V�P\�%O�*"s����X��PB=yKW3�gr;k"XY "�-˵__�^-�,HA�@oKh2ZS (v��@��A"zSY{4I�y Sq(O]�pP;E |PbkCcxҝ?wF 'ިko_�Gn��`
j&�4��!�hwg3ΨOOG.Ɖ0D?�ܴ�h�ld~�[ P{R���蓱�Vr��Do&M]qAefp"�Q�F!p/t?t�h#UE;6!|�E��C="1cF6b�k*/zx{ser2ŭACma=�n>ͮg1@�85R �;X"��]n_z8T^e�/"j���yU �~ߜ},�'0\o���GVW�"nC��'f0�i�M���^Rω}��KrU-�� ��5�~s2L>ˮJTt;֤��_
bU "(C[x"Oz};|+WΦ�8_Oݖ�3/~ΥT�}�(aW�ZE$P8Pdk]{BǮ1�9ߏg$Qat�!Sv$���1뾷yb}��{'>�C�~.�}��?ݻ/3>%mi:�g8UA8nJ`�^#�TH�(�"�U"K@U�*W0,?�Х*yUȈr%o�ϴ)�T^5�f{2�2c}q_iQ$ӷu}!���YXn��ɘ6�{_^
1 �
"0�l0l@,D�ʌbr]PWl:R:4[�:ݯ{]�Wq3Hd!1M�CL)�U�Z2��syҸ��1�N�@�p+8f[*���{#[!9�r
՚4�R$#`��k~_3fFC?x���$_=t�uz[Iy/'2��Q!ء)����HL^d\3AnҔb�z���1V� @xQ45
@@#@)u+��13�)XlE��^ÿE�TQ�G=Jns�|�ga]�$�� |Ȣpːr�?,|ĺ �F��"7Nz=Ox�[ޫ�Рa[o B�*OϥhhIux9?6bXl}籟BO
=~Â$,c鸗|_o[YǪ�1f�Ӏ� �/_N�n[*�l�$oEۺk
�0)����H���feD-Gc>Ӛ�r� �OE�ryz�Cz;av+�5&z�81ɽ-s[M\?_�q=?�dײ�" LKܔ:GYI��V�V����y�uĶ�35$N$}��2�߉n/k�4PC qu�*6_"9�g0QZ��l.�!=lx8�ժןe_.O]]]�RCL�7�=Xm0bRAILNG 8s�ڟ�;~{\
�}_n�dCsռN�h2Co��Т҄)�SϤ{ k�?F�ikҹ�����n�~Q9�fj�J~ .�IU6�MSK>�4$Ì<�=�zĀJ�>GzN@�w"*h^bv�G8?K(igo횵�_gm"�^�!˚]Σq
ipCr�3+�+�G?��H[��
�х1خ`K3�&x�+9��H�mJ�v�-τE)��pZ�3'
ҴoȯP ��p8JIۥPV!-XVHCp2�+NU-|�{ϥ�uc�_�L�qI =~��yo�j�X{�*c�{��i7Ш��l?}
t%�"(���H�*�zvflq�w)���� ^�P�"e�'Y;^zC�l
(6ڮ;∻�((�"�e��/�¤?�AB��ڋ��0,=,@d�X"���H2=�C/V!���#\��4�T&!~M�t
A�xv!%��f�8{cF%PX��0W,l\N�,V2ge�A8BR?/?�Z?U�uJ(t:O_|�@٧b��ns�"t0.�S�Sճ?jFٸ`Ma����J_o�#w�F��a�+"HbQ��l=�J$�)h$�Dt�Kʔf �� Z"Hp(Ȓ����(D(�Ɇ ߤ|H9#6j͗4_}l�N|s_qӯy�:);+>-�ɧ~�6.�#RFH��Pw�\6�1 @I� t{_,rh�x:�͂2�_f02ZnճBe'ǫzl?�S�a�)�HT`VId"bd0
�)
m�>'JrCX�wDZGa7gKTWU⊩XS+[�oz7�\�QpjnLܿxH晈Ua_-懏#Q ^�أf2'k�|4�W_7 �1$TAFEtURO4?c0x��R뚐I]���R~Od�)Zѓ�XG(YΖeg\u,>??;=KPagZ�0Ψ�7~<�٦i2�۱R"[07�r[`��^�QжV�xQ˶jd5媉)��!(��d�eJ�4m�D�FFO�{~ʗ68f'?oBQ��$A��0l@%̏P,tf:�-@$�߰yL�PRu1��^2vmBC""CKdD!P,Z5_1;�'<@UFI5������ȼъI#͜�dXEI�S}�$@A�(Zd
�RHHIP+%`@42 �u=>�05nG`�f�3��� �[�#WS
Klc-Ju�c �ޏ8u,+#R���TE� �ڹjӛ`p4
6h�WK�+�
wA�(0-$"?/�$E F@ &?� \�}~5�EYY�vȏ5չ:ÁR�s��r<%P$QZ'H��`GhX�����
l?Ӏ^�qsz�\\2Y��dv�m ��jфy^r@.o`(Mp�"��68f)�ͩ˯ѧndÆ���"
έ|Լ�/}?ߐ��E$I�� �I6�Pؙ�ъ�rpZ$M[=.O�ۆ峦aM",& �Ȁi�܊��,DPTH|&r(c В%(���[?��o_wS�r1J!�><;@~�$q! C�-�*/�~3I֑̊;/:kH�2�;O�J�R�1A[�|?asXhs�2!(Q�sG5d;`}
�ͻT��Y�d<[(�C$T_ cR�m�8,�*{9�T@�8c ϒ߃�oJ⽘���HYA!`OϤĴv� GOX>�/Igƌ�jn\MeN4��t̜ٛ4J�iCpˊľ�ToTP�㍶ZW$ʪ�1O9=U$\�
�,�=]#8���D2T"T!?w�T �Imk�&jtQ/5" N2Qd䰃1:�h(��8
���6B
�^b{'Ʒ?�G8���j!���)úOd��}E�ݚ(�hl�_it%8�$"D@1���]C��1XTDpLdP*IQ@U����QVpßY7}"R(�wTclCۘ�TM�sx\RS1G"xXo5kSv6pL`�@تLz\:Eڎ`l��wհᲀrAxS6�}VQ;$x�>C
A@RAQ
,��"("�`)��1�3q
LxlI"��2${j� |L:,(�~F0(I���1I&79 p eՏ��C�#
ӛ�#_T�xL0`"@.���%�\-I�
䲍o9zň0��x :J�q�S8!5-L $NdNe
yIDY8X|E�'|{/$ߴ2x�**#b/oTfE3HP��Q��`)eY01T&�kz�XF
IlP��F�|2�µ�f�>uߥ#Uvl8sZ6X;G]Ԣ�(�=���S_=�{ �Y|VD� �V~_�&�1�8|x*Cdc��� @qEb�*XP*��2S3"�c��$�娛H{]G;�RIkrt�В�ROI )'cqnt)}ya4�={5L$a;�ީi:@"�2�
E�
A@RE���.cr#��r%��"�7z{nߛ�w
gk'A%Wj:G=nj:*(vL�|G�[BH���ԐQ{@gfGFN�Zg�g/^�vxW�;�/Z��G���ї:^��8<+^4}* (,��,kB[.i=�7N|~1{Rx�(Pc���w�*ZB�KP*\�+ k(�����
�)7"ox!r$�)}e��#ʂ0�; ��q�
RZۭGH0D;ywy��+�FEb^5!ux�m'Bk:*�RtzzquQ,uJI�I���((D�**�u,!!�
xs9
�'(�@jNGO�R
�d➲m"��=J�o0v{*bBWg�`��T"ܘ�CZ;�DUKoNbCEi?6`%<�:K�5{g+Eߕ"b:pcá-8s=d�S?qe��HF#�D�?J�Լ�FCzi{́n��-V2#*�Z�(fTCG�dd�[�=^36T3Iܒ�v�:P�TL=@�(X X"VH*ʓvue�O�U�bER��D,�$l�b$Nq(Y:伭��ꮪ6(mH�X�V&@/]oME/Ϻ9Mt�q+�Qcy�/Wdpm D�i4Y�DgL~�wpd�����:{�˦SiZ-1�=bɎkX
�Ѳ<��co ,k/�EC�{�P;4��� �WA�%,N�ܮO'AЮܿzt,C[$SAH�.Y�.�xHK�!��4կdŸ+k*P9$S�3!AS
P¿sr��+`�S+3p`It0�Ǯ�&A
�RCEԺŽJQV��2X`@7Z"
!�� (��ɾ�8Pj/Tn��mΞ�Kh´!!jŪRZ|�Zi+J8W^>T0+r{H}^�1GJ�I�\(��g/4 l���2���A7I�x�>]4\&^r%T_��-?/�s�*0�АU$U�?|?/qE#;�н^~LrΡt��E�C%�M3M$l˨ )H�=f~O�Z��=��$�2:Xu0e�Štv-�m_R�fۈp�0�3DF()P<9 0S;ɺ �:`gNSLA=�sb�M{{!�ވ=�5
l2�x�RC�y2}jqJyi>_cLq��=ԘCNiH"��eu�g�y���)r$�����pKi'4!��\�A'
dG1K0P/�1�x7c`2 k�a��D���Ys?g�omDH?+�xˏ_��=w�Ӳ jTХ�A����oe�/U��)��8sˀЈ(A��JܿD
!o^U�Zd,��j�=#dM�7��,Q6v3|�?�}Ǡƞ�$�?�� ���`(h0id�7aߍ|cr1!@@��#�p=�Y�az�2)���߄jխyt�Իt\Ťc���k{K
�$tjb| ,R��\/ w!"H��B�CgB���(�VB|�e$d�)xHe��×uD�FI�4 �J�@(g�@X�(�XkX&�U:PL/\};CT]!�8��VQ$Sk|Xap!�(�Q
A�([�r0v(���yoyCy���VsÙ�IϹaӖ9pM2 mP�=enW�-r)
,\cf�+h2qqrPkm�Z��D�AHҨss+clƨ~$3C��$�R���E
&Y��@��#��E bU\1L& 1\D�{W�
P$8&"�9g1&�@U�99/6yCffk9癨
ɄPP����@FA������,S\e���h�}d�<ŎQ�x_�V6լIHva}|Z�ED+:�Q'Aѭ��vsa,ҹ%&Q���؋憍ex(��E���Hnnvg`iMJLsc�?���T�xUcfD94�N�`h��Y
,C+�@Q����]_�ћ=�i{Y��}\NluC8Rr֯x�.]�mrqJM4Y橝�u��hg@ʔ߾ {0*��v��6�afH�9&jnq�)oc�J�۠I.60`
(gY{7@ ��ӸgIƧ�b<�&gcv:;7zTN2�8�UT(Bx3V�M��878!E͕Y`Û>}}7��G� �B38�g[ԙ�l*�/hQ e�HAdEӍ>]}.�}Fk�>Ќ�(ER 7
�͖tba;P]��j&�l�[a �+Wk$Y&R"ꪺU!�j2ퟡcpY�E~M�:TL''{[4~�9Ϯς_XI3�2�unK̓�B M�{�?�E$�س-Βن�߬����ӸʫF��-�DҠUW\v6ca+&z�23+v��M-��$瘱S~H-:�XSǠUɉF�Na2,.kgJ7b{�ۉ ��E?~�
�f?&܁E!Ir R\��>b����V.U*Ov4IGqiM\#=_alHy[rLܽ%�s�p�8'?�x�D`�;`#۷�
�NҴd9Ł�Wl�v�:
3��!I�Sh"A/}_�SG�%�MiW�N{ߐ|>`>Vu^cAom8�fNo���ꀧ?VvN5辜x-A7�-{��iDd��Ļɿ͞����Y�=�`&H
�ٳQ7�Ϫƒ�61W�B@{M櫟Μ?y�yH�@�'}Opo_cs�w=c"uF*?}Lҍ1�وէq�♜�.n7m4H)In[7l�AE�������!CbC.|4]D�%[[zsyAs@�ޭ�z�?�<�6� $�L�uA>(&*HrԷs�Lms;D@�
: N/wC5�Csuc/)m>��߯y~r#u�zI�ffG^3[�I%��;1cr�-Y6�4#眼=#[d@+*�H~`|s4���4;6ߗoLԫ*S�'z�WU�h ~1ʞ�CR)&�$�RdʯVn�\U�m#�*F�!�! >X����$�Eߵ�膺_Íd:`%�t�O�
䈀n "��0�d�[3JF.�{�`$B��?-�Hygx
$:,�6�5k=pQD��,Q�
'Zǒ���cw<͐�K?v�r*�S�Ӿ0QUTec�,�]9�a# �o{H95yV:aA=��"`a6xaLp��4��B�ABW${K@W�D$�zq�sNڍ:,;7+��<�B^_F����2��:9EAGJ�"S[ܞ/Ǐd02(H$� %8d֫�:1� �FLJ *&Q#ȇu*O66���-�hQt'm}�4�m�0H�
Kp�ь0�z 0"�D1�܈el w\��)L�9k�k�2JU
5X�
\?SLE*Q�B)qqy!tލ'Wo93^5cJn�݄g>~ǃ�g[3x�EϘz\?Oy�[�{����B_Ђs?r 'm~S2/+8˶u��H�k0��x8fro�ޟ�3m|ы� �U#?/tZH6ɻ� UAeL�x}�*I�y�VZ2%S=_�T1O�(�#"(�F+?�{yx[lE/]m9Z�~YQYqs*:7_�O2~��8јZzuv֥r��[�BfDd :-"� L5cenѾ_*��d2(t��#P��@���Od�/:`3�&:5#�2
�ʼnd �,-�����t�$=�_,9�JjOb5Y %2950t��qw~gf3v8n���"qOga}-GqӯGy����"��qt{�|u=�NY-�H/f߮'CUbl�Is'mUW5>k;F1M]MK�V�Sq9:�&rO+-Ity�ζy9
I4�s_��|�{�vd�J���3!Y��|3G�iy+.�BTj"