libsamba-errors0-32bit-4.6.16+git.154.2998451b912-27.1>t  DH`p\ř/=„äOl{)Q0wDIEwE8aqPܦx0{ѧpL4χ/{U,Z0g|=~<:gyKQ3 u=tDc* ʲ6ͯtS!+UrhK ~?dN0kl!EZ'rF-/k]%-{0uhWH˿C_2-.2Cx| 4(vߏ0520b787a75ed0fd1c88b843f85d3bf518627096p \ř/=„Nm󁬨PVTd.No~@#+&]9ZNF0X1S8.&hI)C_ri$="=p JS)`z'N὿MmGvW4Y"u5pQ[ދ@)F-j #W1;XoR!:4@)4 Ͼe iT`LPVE% pj-KhJ1մvLP6Z->:?d4 9 WX\hl     % (,16dh   (89 ::>GHIXY\T]X^mbwc.defluvwtxxy|Clibsamba-errors0-32bit4.6.16+git.154.2998451b91227.1Samba errors handling library\]cloud130openSUSE Leap 42.3openSUSEGPL-3.0-or-laterhttp://bugs.opensuse.orgSystem/Librarieshttps://www.samba.org/linuxx86_64/sbin/ldconfig\]aee6f8148d8cca8a775b5587717644adrootrootsamba-4.6.16+git.154.2998451b912-27.1.src.rpmlibsamba-errors.so.1libsamba-errors.so.1(SAMBA_ERRORS_1)libsamba-errors0-32bitlibsamba-errors0-32bit(x86-32)@@@@@@   /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.3.4)libtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.4-14.0-14.4.6-14.11.2\N\}@\\\X)@\@[%@[F[z@[a[WZ@ZZZYY@Yo@Yo@Yo@Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USaT5'@T5'@T3T12T->@T->@T%U@T$T!`T!`T@T@TSS<@SS@S@Sہ@Sہ@Sہ@S@S;@S.S@SSSS@S@SS8@S}SxSg}@ScSZN@SXSO@SM@SM@SG@SG@SG@SG@S:@S:@S5d@S2@S,)S L@SSSS@S@S(S @S S 4@S?S?S?SK@R@Rb@R@RRR@R@RRRRRURURURRR&R@RR=R=RʚRʚRʚRʚRʚRʚRSRR@RjRjRv@RG@RG@RRRRR RiRu@RpRW@RUE@RUE@REs@R:@R6R4OR2@R(r@R%@R!R7R@R@QQQ@QQQQޞ@Qޞ@Qޞ@Qֵ@QQo@QzQQɆ@Q@Q(@Q@Qzl@QdQAQ,Q+R@Q@QQQ@Q@QEQ@Q \Q \PP-P-P9@PPDP[P@PѬ@P @P @PPP}@P+P@PP@PBPBPPP@P@P*P6@Pd@PoPoPoPoP{@Pb@Pb@PWPWPQP,PPP H@P H@PP@OjOjOORORO Ọ@OȮOȮO]@O]@O OE@O!O@OOO@O OoOc+@OaO`@OKp@OB5O>A@ODavid Disseldorp ddiss@suse.comSamuel Cabrero David Mulder Samuel Cabrero Samuel Cabrero ddiss@suse.comscabrero@suse.deddiss@suse.comjmcdonough@suse.comddiss@suse.comscabrero@suse.comscabrero@suse.descabrero@suse.descabrero@suse.deaaptel@suse.comnopower@suse.comnopower@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comnopower@suse.delmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comnopower@suse.delmuelle@suse.comddiss@suse.comlmuelle@suse.comjmcdonough@suse.comjmcdonough@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comddiss@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comadrian@suse.delmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.delmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comjengelh@inai.delmuelle@suse.comjengelh@inai.delmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.delmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comjengelh@inai.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comsjayaraman@suse.delmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comshargagan@novell.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.delmuelle@suse.comlmuelle@suse.delmuelle@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.deddiss@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.defcrozat@suse.comlmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.deddiss@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.deddiss@suse.decoolo@suse.comcoolo@suse.comlmuelle@suse.deshargagan@novell.comddiss@suse.delmuelle@suse.deddiss@suse.deddiss@suse.deddiss@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.deddiss@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dehhetter@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.deshargagan@novell.comddiss@suse.delmuelle@suse.dejmcdonough@suse.deddiss@suse.deddiss@suse.delmuelle@suse.dejmcdonough@suse.demrsb@novell.comlpechacek@suse.czjmcdonough@suse.dejmcdonough@suse.dejmcdonough@suse.delmuelle@suse.deshargagan@novell.comddiss@suse.delmuelle@suse.deshargagan@novell.comlmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.deddiss@suse.deddiss@suse.delmuelle@suse.dejmcdonough@suse.deddiss@suse.delmuelle@suse.deddiss@suse.deddiss@suse.delmuelle@suse.dejengelh@medozas.delmuelle@suse.delmuelle@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.deddiss@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.deddiss@suse.deddiss@suse.deddiss@suse.dero@suse.delmuelle@suse.delmuelle@suse.delars@samba.orglmuelle@suse.deddiss@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.dehhetter@suse.deddiss@suse.dejmcdonough@suse.decoolo@novell.comlmuelle@suse.dejmcdonough@suse.degber@opensuse.orgjmcdonough@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.desjayaraman@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dehhetter@suse.dejmcdonough@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.delars@samba.orglars@samba.orgjmcdonough@suse.dejsmeix@suse.delmuelle@suse.dehhetter@suse.delmuelle@suse.dejmcdonough@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.derhafer@novell.comhhetter@novell.comlmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.deboyang@suse.deboyang@suse.dejmcdonough@suse.delmuelle@suse.deboyang@suse.deboyang@suse.delmuelle@suse.derhafer@novell.comlmuelle@suse.delmuelle@suse.delmuelle@suse.deboyang@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delars@samba.orgjmcdonough@suse.desjayaraman@suse.dejengelh@medozas.delmuelle@suse.delmuelle@suse.delmuelle@suse.deboyang@suse.delmuelle@suse.dejmcdonough@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.deboyang@suse.delmuelle@suse.delmuelle@suse.deboyang@suse.delmuelle@suse.delmuelle@suse.deboyang@suse.dejmcdonough@suse.delmuelle@suse.dejmcdonough@suse.dejmcdonough@suse.dejmcdonough@suse.deboyang@suse.dechris@computersalat.delmuelle@suse.delmuelle@suse.delmuelle@suse.deboyang@suse.deboyang@suse.deboyang@suse.dehhetter@suse.delmuelle@suse.delmuelle@suse.deboyang@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.desbrabec@suse.czlmuelle@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.deboyang@suse.deboyang@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.desjayaraman@suse.desjayaraman@suse.desjayaraman@suse.dejmcdonough@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dejmcdonough@suse.delmuelle@suse.dejmcdonough@suse.dejmcdonough@suse.dejmcdonough@suse.delmuelle@suse.delmuelle@suse.delmuelle@suse.dero@suse.de- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- s3:winbindd: let normalize_name_map() call find_domain_from_name_noinit(); (bso#13173); (bsc#1123755); - s3:winbind: Fix regression introduced with bso #12851; (bso#12851); (bsc#1123755);- s3:passdb: Do not return OK if we don't have pinfo set up; (bsc#1099590); (bso#13376);- s3: winbind: Remove fstring from wb_acct_info struct; (bsc#1114459); - Use foreground execution mode for systemd samba daemons; (bsc#1112223);- Update to 4.6.16; (bsc#1110943); + CVE-2018-10919: Fix unauthorized attribute access via searches; (bso#13434);- Update to 4.6.15 + Fix ctdb_mutex_ceph_rados_helper deadlock; (bso#13540); (bsc#1102230); + Allow idmap_rid to have primary group other than "Domain Users"; (bsc#1087931).- CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bso#13453); (bsc#1103411); - s3: winbind: Fix 'winbind normalize names' in wb_getpwsid(); (bso#12851); - winbind: avoid using fstrcpy in _dual_init_connection; (bso#13294); (bsc#1087303); - Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1068059); - net: fix net ads keytab handling; (bso#13166); (bsc#1067700); - fix vfs_ceph flock stub; (bso#13506).- Fix vfs_ceph with "aio read size" or "aio write size" > 0; (bsc#1093664). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425). + Fix memory leak in vfs_ceph; (bso#13424). - Update to 4.6.14 + winbind: avoid using fstrcpy(dcname,...) in _dual_init_connection; (bso#13294). + s3:smb2_server: correctly maintain request counters for compound requests; (bso#13215). + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375). + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338). + vfs_glusterfs: Fix the wrong pointer being sent in glfs_fsync_async; (bso#13297). + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270). + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244). + s3:libsmb: allow -U"\\administrator" to work; (bso#13206). + CVE-2018-1057: s4:dsdb: fix unprivileged password changes; (bso#13272); (bsc#1081024). + s3:smbd: Do not crash if we fail to init the session table; (bso#13315). + libsmb: Use smb2 tcon if conn_protocol >= SMB2_02; (bso#13310). + smbXcli: Add "force_channel_sequence"; (bso#13215). + smbd: Fix channel sequence number checks for long-running requests; (bso#13215). + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197). + s3:smbd: return the correct error for cancelled SMB2 notifies on expired sessions; (bso#13197). + samba: Only use async signal-safe functions in signal handler; (bso#13240). + subnet: Avoid a segfault when renaming subnet objects; (bso#13031).- CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741);- Update to 4.6.13; (bsc#1084191) + ceph_statx configure time check doesn't work with a non-default - -with-libcephfs path; (bso#13250). - follow up fix for libceph-common detection; (bso#13277). + Fail to copy file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181). + vfs_ceph uses a local statvfs() call to determine FS capabilities; (bso#13208). + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193). + smbd panic when chdir returns error during exit; (bso#13189). + ctdb_recovery_helper crashes if recovery process times out; (bso#13188). + POSIX ACL support is broken on hpux and possibly other big-endian OSs; (bso#13176). + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986). + g_lock conflict detection broken when processing stale entries.; (bso#13195). + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132).- Update to 4.6.11; (bsc#1084191) + vfs_glusterfs: Fix exporting subdirs with shadow_copy2; (bso#13091); + s3: smbclient: Ensure we call client_clean_name() before all operations on remote pathnames; (bso#13093); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + smbd: Move check for SMB2 compound request to new function; (bso#13047); + s3:vfs_glusterfs: Fix a double free in vfs_gluster_getwd(); (bso#13100); + s4:pyparam: Fix resource leaks on error; (bso#13101); + s3:smbd: Fix delete-on-close after smb2_find; (bso#13118);- CVE-2017-14746: Use-after-free vulnerability; (bso#13041); (bsc#1060427); - CVE-2017-15275: Server heap memory information leak; (bso#13077); (bsc#1063008);- Update to 4.6.9; (bsc#1065066); + Reverse sense of 'clear all attributes', ignore attribute change in SMB2 to match SMB1; (bso#12899); + SMBC_setatr() initially uses an SMB1 call before falling back; (bso#12913); + Fix segfault on MacOS 10.12.3 clients caused by SMB_VFS_GET_COMPRESSION; (bso#13003); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically; (bso#7909); + Honor SEC_STD_WRITE_OWNER bit; (bso#7933); + Kernel oplocks still have issues with named streams; (bso#12791); + Handle EACCES when fetching DOS attributes; (bso#12944); + Missing assignment in sl_pack_float; (bso#12991); + Fix wrong Samba access checks when changing DOS attributes; (bso#12995); + Groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + Fix GUID string format on GetPrinter info; (bso#12993); + Match WS2016 ReFS set compression behaviour; (bso#12144); + Fix implementation of process_exists control; (bso#13012); + GET_DB_SEQNUM control can cause ctdb to deadlock when databases are frozen; (bso#13021); + Free up record data if a call request is deferred; (bso#13029); + Initialize ctdb_ltdb_header completely for empty record; (bso#13036); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + Ignore event scripts with multiple '.'s; (bso#13070); + Sort the GPOs in the correct order; (bso#13046); + 'smbd' uses a lot of CPU on startup of a connection; (bso#12973); + Fix str[n]casecmp_m() by comparing lower case values; (bso#13018); + Can't change password in Samba from a windows client if Samba runs on IPv6 only interface; (bso#13079); + Fix file change notification for renames; (bso#12903); + Avoid a socket leak after fork; (bso#13006); + Fix a potential memleak; (bso#13090); + Fix passing of errno from async calls; (bso#12983); + Fix segfault when running with log level 10; (bso#13032); + Do not report an invalid range for AD DC role; (bso#12629); + Print the kinit failed message with DBGLVL_NOTICE; (bso#12704); + Fix changing passwords with Kerberos; (bso#12956); + Fix changing the password with 'smbpasswd' as a local user on a domain member; (bso#12975); + Fix a read after free if a chained SMB1 call goes async; (bso#12836); + CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); + Let non_widelink_open() chdir() to directories directly; (bso#12885); + CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); + CVE-2017-12150: Some code path don't enforce smb signing when they should; (bso#12997);- Fix GUID string format on GetPrinter info request; (bso#12993); (bsc#1050707).- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2.- Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346).- Backport upstream master fixes for samba-regedit; (bnc#896536).- BuildRequire python-xml on SUSE systems only.- BuildRequire python-xml. - Exclude unwanted texpect binary and libhttp, libsamba-cluster-support, libsamba-debug, and libsocket-blocking shared libs. - Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct, tstream_smbXcli_np, idtree, and idtree_random header files. - Remove nmblookup and smbclient4 binary and nmblookup4 man page.- Update to 4.2.0rc1.- Fix small memory-leak in the background print process; (bnc#899558).- Modify samba-regedit so it displays correctly (related to ncurses). Changed code to use menu sub windows, seems to fix problems with display not refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536).- Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and the man page of the unused findsmb script.- Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969).- Update to 4.1.12. + s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout". Add new parameter "winbind request timeout". Please see smb.conf man page for details; (bso#3204); (bnc#872912). + Fix smbd crashes when filename contains non-ascii character; (bso#10716). + s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects; (bso#10749). + passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570). + s4:setup/dns_update_list: make use of the new substitution variables; (bso#9831). + build: Fix configure to honour '--without-dmapi'; (bso#10369). + provision: Correctly provision the SOA record minimum TTL; (bso#10466). + s3: Enforce a positive allocation_file_size for non-empty files; (bso#10543). + lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640). + Make "case sensitive = True" option working with "max protocol = SMB2" or higher in large directories; (bso#10650). + Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652). + lib: strings: Simplify strcasecmp; (bso#10716). + Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections; (bso#10723). + 'net time': Fix usage and core dump; (bso#10728). + sys_poll_intr: Fix timeout arithmetic; (bso#10731). + s3:idmap: Don't log missing range config if range checking not requested; (bso#10737). + Fix flapping VFS gpfs offline bit; (bso#10741). + s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742). + s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for; (bso#10751). + samba: Retain case sensitivity of cifs client; (bso#10755). + lib: Remove unused nstrcpy; (bso#10758). + Fix a memory leak in cli_set_mntpoint(); (bso#10759). + docs: Fix typos in smb.conf (inherit acls); (bso#10761). + libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info(); (bso#10773). + s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(); (bso#10773). + Don't discard result of checking grouptype; (bso#10777). + s3:libsmb: Set a max charge for SMB2 connections; (bso#10778). + smbd: Properly initialize mangle_hash; (bso#10782). + dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787). + vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory read; (bso#10794).- Wait for network-online.target to prevent caching of pre-network failures; (bnc#889175).- Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend; (bnc#773464).- Prune idle or hung connections older than "winbind request timeout"; (bso#3204); (bnc#872912).- fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774).- Remove pre-11.2 patch which by default uses the smbpasswd passdb backend.- build: disable mmap on s390 systems; (bso#10765); (bnc#886193); (bnc#882356).- Create the cups smb backend as sym link pointing to smbspool; (bnc#891220).- Fix winbind service parameter usage; (bnc#890005).- lib/param: change the default for "winbind expand groups" to "0"; (bnc#890008).- Update to 4.1.11. + A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).- Fix "net time" segfault; (bso#10728); (bnc#889539).- Update to 4.1.10. + net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263). + dbcheck: Add check and test for various invalid userParameters values; (bso#8077). + s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for now; (bso#8077). + Simple use case results in "no talloc stackframe around, leaking memory" error; (bso#8449). + s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763). + dsdb: Always store and return the userParameters as a array of LE 16-bit values; (bso#10130). + s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute(); (bso#10294). + ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory(); (bso#10469). + dbchecker: Verify and fix broken dn values; (bso#10536). + dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582). + s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers; (bso#10587). + Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret"; (bso#10593). + rid_array used before status checked - segmentation fault due to null pointer dereference; (bso#10627). + Samba won't start on a machine configured with only IPv4; (bso#10653). + msg_channel: Fix a 100% CPU loop; (bso#10663). + s3: smbd: Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056). + s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673). + samba-tool: Add --site parameter to provision command; (bso#10674). + smbstatus: Fix an uninitialized variable; (bso#10680). + SMB1 blocking locks can fail notification on unlock, causing client timeout; (bso#10684). + s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(); (bso#10685). + 'RW2' smbtorture test fails when -N is set to 2 due to the invalid status check in the second client; (bso#10687). + wbcCredentialCache fails if challenge_blob is not first; (bso#10692). + Backport ldb-1.1.17 + changes from master; (bso#10693). + Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693). + ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693). + ldb: Do not build libldb-cmdline when using system ldb; (bso#10693). + ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910); (bso#10693). + ldb: make the successful ldb_transaction_start() message clearer; (bso#10693). + ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693). + ldb: Use of NULL pointer bugfix; (bso#10693). + lib/ldb: Fix compiler warnings; (bso#10693). + pyldb: Decrement ref counters on py_results and quiet warnings; (bso#10693). + s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c; (bso#10693). + dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694). + s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694). + Backport autobuild/selftest fixes from master; (bso#10696). + Backport drs-crackname fixes from master; (bso#10698). + smbd: Avoid double-free in get_print_db_byname; (bso#10699). + Backport access check related fixes from master; (bso#10700). + Backport provision fixes from master; (bso#10703). + s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX(); (bso#10706). + s3: Fix missing braces in nfs4_acls.c.- Reduce printer_list.tdb lock contention during printcap update; (bso#10652); (bnc#883870). + Only update the printer share inventory when needed.- Add missing newline to debug message in daemon_ready(); (bnc#865627).- BuildRequire systemd-devel, configure --with-systemd, and modify the service files accordingly on post-12.2 systems; (bso#10517); (bnc#865627).- Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056).- Update to 4.1.9. + Fix nmbd denial of service; CVE-2014-0244; (bnc#880962). + Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler; CVE-2014-3493; (bnc#883758).- BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case.- BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent on CentOS, Fedora, and RHEL systems.- Update to 4.1.8. + dns: Don't reply to replies; CVE-2014-0239; (bso#10609). + Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549). + s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124). + Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command; (bso#10151). + s3: nmbd: Reset debug settings after reading config file; (bso#10239). + Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348). + script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'; (bso#10472). + wafsamba: Fix the installation on FreeBSD; (bso#10472). + Use exit_daemon() to communicate status of startup to systemd; (bso#10517). + Fix adding NetApps; (bso#10524). + s3: lib/util: Fix logic inside set_namearray loops; (bso#10544). + s3: lib/util: set_namearray reads across end of namelist; (bso#10544). + idmap_autorid: Fix failure in reverse lookup if ID is from domain range index #0; (bso#10547). + build: Fix ordering problems with lib-provided and internal RPATHs; (bso#10548). + Fix read of deleted memory in reply_writeclose()'; (bso#10554). + lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556). + Fix lock order violation and file lost; (bso#10564). + dsdb: Do checks for invalid renames in samldb, before repl_meta_data; (bso#10569). + Fix wildcard unlink to fail if we get an error rather than trying to continue; (bso#10577). + byteorder: Do not assume PowerPC is big-endian; (bso#10590). + printing: Fix purge of all print jobs; (bso#10612).- examples/libsmbclient: avoid some compiler warnings; (bso#10624).- Fix printer job purging; (bso#10612); (bnc#879390).- Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17.- Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701).- Pass through vfs_btrfs snapshot manipulation requests when "btrfs: manipulate snapshots = no" is configured; (bnc#874180).- Clone the base share security descriptor when exposing a snapshot share; (bnc#874656).- Use appropriate HRESULT return codes; (bnc#875046).- Update to 4.1.7. + Make "force user" work as expected; (bso#9878). + Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911). + Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942). + s3-printing: Fix obvious memory leak in printer_list_get_printer(); (bso#9993). + doc: Add "spoolss: architecture" parameter usage; (bso#10188). + Make 'smbclient' support DFS shares with SMB2/3; (bso#10200). + Make (lib)smbclient work with NetApp; (bso#10230). + SessionLogoff on a signed connection with an outstanding notify request crashes smbd; (bso#10344). + dfs: Always call create_conn_struct with root privileges; (bso#10378). + 'net ads search' on high latency networks can return a partial list with no error indication; (bso#10387). + max xmit > 64kb leads to segmentation fault; (bso#10422). + Fix STATUS_NO_MEMORY response from Query File Posix Lock request; (bso#10431). + Increase max netbios name components; (bso#10439). + smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from within ctdbd_migrate() with invalid lock_order; (bso#10444). + Fix 'wbinfo -i' with one-way trust; (bso#10458). + samba4 services not binding on IPv6 addresses causing connection delays; (bso#10464). + s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467). + Don't respond with NXDOMAIN to records that exist with another type; (bso#10471). + pidl: waf should have an option for the dir to install perl files and do not glob; (bso#10472). + s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474). + s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481). + Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE; (bso#10484). + lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs; (bso#10504). + Make 'smbreadline' build with readline 6.3; (bso#10506). + smbd: Correctly add remote users into local groups; (bso#10508). + rpcclient FSRVP request UNCs should include a trailing backslash; (bso#10521). + Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534). + s3:rpc_server: Minor refactoring of process_request_pdu().- Create a new DBus connection for every vfs_snapper request, to ensure correct snapper UID detection; (bnc#866354).- Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658).- Fix minor compiler warnings in snapshot code-path; (bnc#873177).- Remove references to the obsolete samba-krb-printing package and get_printing_ticket binary.- Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549); (bnc#872396).- User error strings instead of hex codes where possible for FSRVP errors; (bnc#866927).- Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957).- Add krb5rcache directory to the winbind package; (bnc#870607). - Cleanup and consolidate the sysconfig and systemd service files.- Extend vfs_snapper man page to cover permissions; (bnc#870570).- Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707).- Default with the cache and lock directory to the same path to have both non-persistent and persistent data at one location; (bnc#846586).- Depend only on %version with all manual Provides and Requires; (bnc#844307).- Update to 4.1.6. + Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224). + smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; (bnc#855866).- Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224).- Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665).- samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442; (bnc#855866).- Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484); (bnc#865095).- Propagate snapshot enumeration permissions errors to SMB clients; (bnc#865641).- Properly handle empty 'requires_membership_of' entries in /etc/security/pam_winbind.conf; (bnc#865771).- Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).- Use libarchive to provide improved smbclient tarmode functionality; (bso#9667); (bnc#861135).- Depend on %version-%release with all manual Provides and Requires; (bnc#844307).- Update to 4.1.5. + Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork; (bso#10358); (bnc#786677). + smbd: Fix memory overwrites; (bso#10415). + s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(); (bso#2191). + ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind; (bso#10087). + s3: smbpasswd: Fix crashes on invalid input; (bso#10320). + s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous directories are open; (bso#10406). + Add support for Heimdal's unified krb5 and hdb plugin system, cope with first element in hdb_method having a different name in different heimdal versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418). + vfs_btrfs: Fix incorrect zero length server-side copy request handling; (bso#10424). + s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429). + smbd: Fix an ancient oplock bug; (bso#10436). + Fix crash bug in smb2_notify code; (bso#10442).- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).- Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079). + Improve vfs_snapper documentation.- Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677).- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415); (bnc#862370).- Streamline the vendor suffix handling and add support for SLE 12.- Fix zero length server-side copy request handling; (bso#10424); (bnc#862558).- Set the PID directory to /run/samba on post-12.2 systems.- Make use of the tmpfilesdir macro while calling systemd-tmpfiles.- Make winbindd print the interface version when it gets an INTERFACE_VERSION request; (bnc#726937).- Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH definitions; (bnc#860832).- Check for NULL gensec_security in gensec_security_by_auth_type(); (bnc#860809).- Ensure ndr table initialization; (bnc#860648).- Add File Server Remote VSS Protocol (FSRVP) server for SMB share shadow-copies; (fate#313346).- s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662). - shadow_copy2: module "Previous Version" not working in Windows 7; (bso#10259). - s3-passdb: Fix string duplication to pointers; (bso#10367). - vfs/glusterfs: in case atime is not passed, set it to the current atime; (bso#10384)- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain(); (bso#10358); (bnc#786677).- Default sysconfig daemon options to -D; (bso#10388); (bnc#857454).- Add /var/cache/samba to the client file list; (bnc#846586).- Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454).- Correct sysconfig variable names by adding the missing D char; (bnc#857454).- Update to 4.1.4. + Fix segfault in smbd; (bso#10284). + Fix SMB2 server panic when a smb2 brlock times out; (bso#10311).- Call stop_on_removal from preun and restart_on_update and insserv_cleanup from postun on pre-12.3 systems only; (bnc#857454).- BuildRequire gamin-devel instead of unmaintained fam-devel package on post-12.1 systems.- smbd: allow updates on directory write times on open handles; (bso#9870). - lib/util: use proper include for struct stat; (bso#10276). - s3:winbindd fix use of uninitialized variables; (bso#10280). - s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285). - s3-lib: Fix %G substitution for domain users in smbd; (bso#10286). - smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open; (bso#10297). - smb2_server processing overhead; (bso#10298). - ldb: bad if test in ldb_comparison_fold(); (bso#10305). - Fix AIO with SMB2 and locks; (bso#10310). - smbd: Fix a panic when a smb2 brlock times out; (bso#10311). - vfs_glusterfs: Enable per client log file; (bso#10337).- Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454).- Create /var/run/samba with systemd-tmpfiles on post-12.2 systems; (bnc#856759).- Fix broken rc{nmb,smb,winbind} sym links which should point to the service binary on post-12.2 systems; (bnc#856759).- Add Snapper VFS module for snapshot manipulation; (fate#313347). + dbus-1-devel required at build time.- Add File Server Remote VSS Protocol (FSRVP) client for SMB share shadow-copies; (fate#313345).- Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part of the minimum build environment.- Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; (bnc#844720). + pam_winbind login without require_membership_of restrictions; CVE-2012-6150; (bnc#853347).- Make use of the full gpg pub key file name including the key ID.- Add transparent file compression support; (fate#316266). + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers. + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support. + Extend vfs_btrfs VFS module to utilize get/set compression hooks.- Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).- Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021).- BuildRequire systemd on post-12.2 systems.- Update to 4.1.2. + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091). + dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors; (bso#10052). + Missing talloc_free can leak stackframe in error path; (bso#10187). + Fix memset used with constant zero length parameter; (bso#10190). + s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'; (bso#10193). + Make offline logon cache updating for cross child domain group membership; (bso#10194). + nsswitch: Fix short writes in winbind_write_sock; (bso#10195). + RW Deny for a specific user is not overriding RW Allow for a group; (bso#10196). + vfs_glusterfs: Fix excessive debug output from vfs_gluster_open(); (bso#10224). + vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs; (bso#10224). + VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity; (bso#10224). + libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232). + xattr: Fix listing EAs on *BSD for non-root users; (bso#10247). + Fix the build of vfs_glusterfs; (bso#10253). + s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries; (bso#10264). + util: Remove 32bit macros breaking strict aliasing; (bso#10269).- Let gpg verify execution condition not fail on non SUSE systems.- Add systemd support for post-12.2 systems.- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474).- Unconditionally create the CUPS smb backend sym link pointing to smbspool; (bnc#850656).- Update to 4.1.1. + ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101). + Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).- Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).- ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101).- Update to 4.1.0. + pam_winbindd: Support the KEYRING ccache type; (bso#10132). + Fix PAC parsing failure; (bso#10178).- Unify the defattr lines in the pidl, python, test and test-devel files section by removing the optional directory mode.- Verify source tar ball gpg signature.- Update to 4.1.0rc4. + dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs; (bso#8077). + python-samba-tool fsmo: Do not give an error on a successful role transfer; (bso#9461). + dbwrap_ctdb: Treat empty records as non-existing; (bso#10008). + Raise the level of a debug when unable to open a printer; (bso#10118). + Add "acl allow execute always" parameter; (bso#10134). + vfs_shadow_copy2: Display previous versions correctly over SMB2; (bso#10137). + smbd: Always clean up share modes after hard crash; (bso#10138). + Valid utf8 filenames cause "invalid conversion error" messages; (bso#10139). + libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144). + Samba SMB2 client code reads the wrong short name length in a directory listing reply; (bso#10145). + libcli/smb: Only check the SMB2 session setup signature if required and valid; (bso#10146). + Better document potential implications of a globally used "valid users"; (bso#10147). + cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149). + Not all OEM servers support the ALTNAME info level; (bso#10150). + Regression causes replication failure with Windows 2008R2 and deletes Deleted Objects; (bso#10157). + Netbios related samba process consumes 100% CPU; (bso#10158). + Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162).- Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel.- Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0, libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0, libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0, libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0, libsmbldap0, and libtevent-util0 to baselibs.conf.- Add or polish the shared library package summaries and descriptions.- Update to 4.1.0rc3. + Fix working on site with Read Only Domain Controller; (bso#5917). + Add man page for vfs_syncops; (bso#7364). + Add man page for vfs_linux_xfs_sgid; (bso#7490). + When replicating DNS for bind9_dlz we need to create the server-DNS account remotely; (bso#9091). + Winbind unable to retrieve user information from AD; (bso#9615). + winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO; (bso#9899). + Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911). + Add SMB2 and SMB3 support for smbclient; (bso#9974). + Add man pages for ntdb tools; (bso#10000). + Add man page for samba-regedit tool; (bso#10001). + ::1 added to nameserver on join; (bso#10030). + Fix memory leak in source3/lib/util.c:1493; (bso#10063). + Fix segmentation fault in 'net ads join'; (bso#10073). + Fix variable list in vfs_crossrename man page; (bso#10076). + s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082). + smbd: Fix async echo handler forking; (bso#10086). + MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba; (bso#10097). + Honour output buffer length set by the client for SMB2 GetInfo requests; (bso#10106). + Fix Winbind crashes on DC with trusted AD domains; (bso#10107). + Handle Dropbox (write-only-directory) case correctly in pathname lookup; (bso#10114). + Masks incorrectly applied to UNIX extension permission changes; (bso#10121).- Implement shared library packaging guidelines. - Correct interpackage dependencies; (bso#10129).- Define the source URL differently in the case of a release candidate.- Update to 4.1.0rc2. + Add vfs_btrfs module. + Add support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. + Fix replication with --domain-crictical-only to fill in backlinks; (bso#9029). + Windows 8 Roaming profiles fail; (bso#9678). + Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + Do not delete an existing valid credential cache (s3-winbind); (bso#9994). + Fix segfault while reading incomplete session info; (bso#10003). + Missing integer wrap protection in EA list reading can cause server to loop with DOS (CVE-2013-4124); (bso#10010). + Fix a 100% loop at shutdown time (smbd); (bso#10013). + Fix/improve debug options; (bso#10015). + Rename regedit to samba-regedit; (bso#10040). + Remove obsolete swat manpage and references; (bso#10041). + Fix crashes in socket_get_local_addr(); (bso#10042). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Remove a redundant inlined substitution of ACLs; (bso#10045). + nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048). + dsdb improvements; (bso#10056). + Linux kernel oplock breaks can miss signals; (bso#10064).- BuildRequire pyldb-devel.- Add libnetapi0 and samba-libs to baselibs.conf.- Update to 4.0.9. + Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + s3-lib: Fix segmentation fault while reading incomplete session info; (bso#10003). + smbd: Fix a 100% loop at shutdown time; (bso#10013). + Windows 8 Roaming profiles fail; (bso#9678). + Add UPN enumeration to passdb internal API; (bso#9779). + smbd: Cleanup disonnected durable handles; (bso#9930). + vfs_streams_xattr: Do not attempt to write empty attribute twice; (bso#9970). + Fix Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + s3-winbind: Do not delete an existing valid credential cache; (bso#9994). + Fix excessive RID allocation; (bso#10014). + Add debugclass for DNS server; (bso#10015). + Fix/improve debug options; (bso#10015). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Linux kernel oplock breaks can miss signals; (bso#10064). + net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain; (bso#10073).- Update to 4.0.8. + Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124; (bnc#829969).- Require krb5 and not the non existing krb5-libs package.- Update to 4.1.0rc1. + Directory database replication (AD DC mode) + Server-Side Copy Support + Btrfs Filesystem Integration- BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp. - BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version. - Require perl-base on SUSE systems only.- Adjust group setting of the test-devel subpackage. - Require perl-base from the pidl subpackage.- Remove libdir/samba/ldb after install if we're building Samba without Active Directory Domain Controller support.- Remove unused ccache switch from the spec file.- BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the man pages and add them to the package again.- Build from the package from the top level directory; (bnc#794744). - BuildRequire pytalloc-devel, python-tdb, and python-tevent. - Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1 SUSE systems.- Remove the empty data dir from the doc package filelist. - Explicitly use samba instead of the name macro to define the docbook dir.- Update to 4.0.7. + Fix a core dump with invalid lock order while opening/editing or copying MS files; (bso#9794). + Fix crash bug from search of mail=; (bso#9967). + s3-rpc_server: Ensure we are root when starting and using gensec; (bso#9465). + Add support for MX queries; (bso#9485). + dns: Delete dnsNode objects when they are empty; (bso#9559). + dns: Support larger queries when asking forwarder; (bso#9632). + s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805). + Use of wrong RFC2307 primary group field; (bso#9880). + Check for system libtevent; (bso#9881). + is_printer_published GUID retrieval; (bso#9900). + Doc fixes for 4.0; (bso#9906). + Build fixes for 4.0 found during autoconf or debian packaging work; (bso#9907). + build: Add missing new line to replaced python shebang line; (bso#9909). + PIE builds not supported; (bso#9910). + s4:winbind: Don't leak libnet_context into the main event context; (bso#9929). + Fix a bug of drvupgrade of smbcontrol; (bso#9941). + Check for netbios aliases in ad_get_referrals; (bso#9947). + Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953). + docs: Avoid mentioning a possibly misleading option; (bso#9964). + Fix build with system Heimdal of samba4kgetcred; (bso#9968).- Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and OBS for any other operating system to define the vendor string while build.- Remove ldapsmb from the main spec file.- Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man.- Don't bzip2 the main tar ball, use the upstream gziped one instead.- Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and libopenssl-devel.- Fix libreplace license ambiguity; (bso#8997); (bnc#765270).- Update to 4.0.6. + Fix crash during Win8 sync; (bso#9822). + Fix segfault when loging in with wrong password from w2k8r2; (bso#9834). + Fix the username map optimization; (bso#9139). + Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382). + SMB2 server doesn't support recvfile; (bso#9412). + Fix the build of vfs_notify_fam; (bso#9545). + Fix adding case sensitive spn; (bso#9699). + Properly handle oplock breaks in compound requests; (bso#9722). + Properly handle oplock breaks in compound requests; (bso#9722). + Cache name_to_sid/sid_to_name correctly; (bso#9766). + Fix 'net ads join' when called via stdin; (bso#9767). + Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775). + vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading; (bso#9777). + Fix panic when running 'smbtorture smb.base'; (bso#9782). + Use specified python for runtime installation of Samba; (bso#9785). + Change '--with-dmapi' to 'default=auto' to match the autoconf build; (bso#9803). + wafsamba: Display the default value in help for SAMBA3_ADD_OPTION; (bso#9804). + wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807). + Package new dbwrap_tool man page; (bso#9809). + Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem; (bso#9811). + Fix 'map untrusted to domain' with NTLMv2; (bso#9817). + SMB signing and the async echo responder don't work together; (bso#9824). + Fix panic in nt_printer_publish_ads; (bso#9830). + talloc use after free in winbind4; (bso#9832). + Function called in unix_convert() path can overwrite errno; (bso#9833). + Fix NULL pointer dereference in Winbind; (bso#9854). + Fix making LIBNDR_PREG_OBJ; (bso#9868).- Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches.- Update to 4.0.5. + Fix large reads/writes from some Linux clients; (bso#9706). + Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740). + Can't delegate adding computers to domain; (bso#9267). + Fix GNU ld version detection with old gcc releases; (bso#7825). + Never try to map global SAM name; (bso#9039). + Certain xattrs cause Windows error 0x800700FF; (bso#9130). + Samba returns unexpected error on SMB posix open; (bso#9519). + Fix build on AIX; (bso#9557). + libnss-winbindd does not provide pass struct for groups mapped with ID_TYPE_BOTH and vice versa; (bso#9617). + Reauth-capable client fails to access shares on Windows member; (bso#9625). + PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636). + Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639). + Fix the build of vfs_afsacl; (bso#9642). + Fix the build with --fake-kaserver; (bso#9643). + Fix compile of source3/lib/afs.c; (bso#9644). + Make SMB2_GETINFO multi-volume aware; (bso#9646). + idmap_autorid: Fix freeing of non-talloced memory; (bso#9653). + Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656). + 'make test' hangs; (bso#9663). + Fix correct linking of libreplace with cmdline-credentials; (bso#9664). + Fix filtering of link-local addresses; (bso#9666). + Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669). + Samba denies owner Read Control when there is a DENY entry while W2K08 does not; (bso#9674). + Fix several resource (fd) leaks; (bso#9683). + Fix a memory leak in spoolss rpc server; (bso#9685). + Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686). + Fix several possible null pointer dereferences; (bso#9687). + Make sure that domain joins work correctly when the DC disallows NTLM auth; (bso#9689). + Backport tevent changes to bring library to version 0.9.18; (bso#9695). + Remove incomplete samba_dnsupdate IPv6 link-local address check; (bso#9696). + DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX domain socket; (bso#9697). + Fix vfs_catia and update documentation; (bso#9701); (bnc#824833). + Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703). + Fix nss_winbind name on FreeBSD; (bso#9704). + s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and getgrgid calls; (bso#9711). + Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717). + s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307; (bso#9718). + Allow forcing an override of an old @MODULES record; (bso#9719). + Do not print the admin password during 'samba-tool classicupgrade'; (bso#9720). + Make samba_upgradedns more robust (do not guess addresses when just changing roles); (bso#9721). + Add a tool to migrate latin1 printing tdbs to registry; (bso#9723). + is_encrypted_packet() function incorrectly used inside server; (bso#9724). + upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725). + Fix NULL pointer dereference; (bso#9727). + DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728). + Fix 'smbcontrol close-share'; (bso#9733). + Fix Winbind separator in upn to username conversion; (bso#9735). + Change to smbd/dir.c code gives significant performance increases on large directory listings; (bso#9736). + PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739). + Make sure that we only propogate the INHERITED flag when we are allowed to; (bso#9747). + Remove unneeded fstat system call from hot read path; (bso#9748). + Don't leak the epm_Map policy handle; (bso#9758). + Fix incorrect parsing of SMB2 command codes; (bso#9760). - Update to 4.0.4. + Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624).- Fix periodic printcap cache reloads; (bso#9650); (bnc#807334).- No longer use the cifs- or smbfstab named configuration file on post-12.2 systems; (bnc#804822); (bnc#821889).- Shift the smbfs init script nfs dependency from Required to Should.- Fix SMB1 Session Setup AndX handling with a large krb PAC; (bso#9658); (bnc#802031).- Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to generate the default share snippets on pre-12.2 systems.- Explicitly configure --with-ads.- Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350).- Remove superfluous quotation marks while setting the SAMBA_VERSION_VENDOR_SUFFIX string.- Do not restart the smbfs service on pre-11.3 systems during dhcp lease renewal when the IP address remains the same; (bnc#800782).- Update to 4.0.3. + Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface; add documentation; (bso##8909). + check_password_quality: Handle non-ASCII characters properly; (bso##9105). + Fix 'smbd' panic triggered by unlink after open; (bso##9571). + smbd: Fix memleak in the async echo handler; (bso##9549). + defer_open is triggered multiple times on the same request; (bso#9196). + Add extra attributes for AD printer publishing; (bso#9378). + FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461). + Downgrade v4 printer driver requests to v3; (bso#9474). + samba_upgradeprovision: fix the nTSecurityDescriptor on more containers; (bso#9481). + s3:smb2_negprot: set the 'remote_proto' value; (bso#9499). + waf assumes that pythonX.Y-config is a Python script; (bso#9503). + s4:drsuapi: Make sure we report the meta data from the cycle start; (bso#9508). + wafsamba: Use additional xml catalog file; (bso#9512). + samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517). + conn->share_access appears not be be reset between users; (bso#9518). + Remove superfluous bracket in samba.8.xml; (bso#9528). + Fix typo in vfs_tsmsm.8.xml; (bso#9530). + terminate the irpc_servers_byname() result with server_id_set_disconnected(); (bso#9540). + Make use of posix_openpt; (bso#9541). + Fix build of vfs_commit and plug in async pwrite support; (bso#9544). + Fix aio_suspend detection on FreeBSD; (bso#9546). + Correctly detect O_DIRECT; (bso#9548). + sigprocmask does not work on FreeBSD to stop further signals in a signal handler; (bso#9550). + smb.conf(5): Update list of available protocols; (bso#9552). + s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555). + Fix compilation of Solaris ACL module; (bso#9564). + Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional level) produces dbcheck errors; (bso#9565). + Add dbwrap_tool.1 manual page; (bso#9568). + Document the command line options in dbwrap_tool(1); (bso#9568). + ntlm_auth(1): Fix format and make examples visible; (bso#9569). + Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients; (bso#9572). + Fix a possible null pointer dereference in spoolss; (bso#9574). + Duplicate flags defined in the winbindd protocol; (bso#9575). + gensec: Allow login without a PAC by default; (bso#9581). + smbd: disk_free: sys_popen() failed" message logged in /var/log/message many times; (bso#9586). + Archive flag is always set on directories; (bso#9587). + ACLs are not inherited to directories for DFS shares; (bso#9588). + Correct meta data in ldb manpages; (bso#9591). + s3-winbind: Fix the build of idmap_ldap; (bso#9595). + Linked attribute handling should be by GUID; (bso#9596). + Fix timeouts of some IRPC calls; (bso#9598). + Use pid,task_id as cluster_id in process_single just like process_prefork; (bso#9598). + Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609). + dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610).- Update to 4.0.2. + Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both don't apply to any SUSE Samba post-3.6.10 as it isn't longer built. + Don't build and package static libraries.- Drop separate build-source-timestamp file as it led to a second, incorrect Source Timestamp line.- Add server-side copy support; (fate#314770). + Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers. + Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage.- Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2.- Disable SWAT during configure and don't package it any longer.- Remove dangling references to Heimdal from the spec file.- Remove /lib/samba prefix from the localstatedir configure option.- Update to 4.0.1. + Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects; CVE-2013-0172; (bnc#798364).- Add the missing get_printing_ticket binary path while calling the set_permissions macro; (bnc#783375).- Use the version macro while definition of the branch macro.- Remove references to no longer used devel macros.- Update to 4.0.0. + Honor password complexity settings; (bso#9414). + Install SWAT *.msg files with waf; (bso#9415). + Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES; (bso#9438). + developer-build: Fix panic when acl_xattr fails with access denied; (bso#9456). + Fix "map username script" with "security=ads" and Winbind; (bso#9457). + Install manpages only if we install the target; (bso#9459). + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Users can not be given write permissions any more by default; (bso#9462). + Fix MMC crashes; (bso#9470). + Fix SEGV when using second vfs module; (bso#9471). + Support FIPS mode when building Samba; (bso#9479). + Fix ACL on "cn=partitions,cn=configuration"; (bso#9481).- netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken; (bso#9438). - s3:auth: fix create_token_from_sid() to not fail in the winbindd case; (bso#9457). - s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given; (bso#9470). - Support FIPS mode when building Samba; (bso#9479). - s4:provision: set the correct nTSecurityDescriptor; (bso#9481).- SEGV when using second vfs module; (bso#9471).- Update to 3.6.10. + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Fix segfault when "default devmode" is disabled; (bso#9433). + Fix segfaults in "log level = 10" on Solaris; (bso#9390).- s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED; (bso#9456). - Install manpages only if we install the target; (bso#9459). - Users can not be given write permissions any more by default; (bso#9462).- Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094); (bso#9418). - Use work around for 'winbind use default domain' only if it is set; (bso#9367). - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend; (bso#9374). - large read requests cause server to issue malformed reply; (bso#9422). - s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426). - Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439). - Allow to force DNS updates using net; (bso#9451). - Respond correctly to FILE_STREAM_INFO requests; (bso#9460).- Update to 4.0.0rc6. See WHATSNEW.txt from the samba-doc package.- On uninstall remove winbind from the pam configuration, invalidate the nscd passwd and group cache and only recommend the install of nscd; (bnc#792340).- BuildRequire libnscd-devel once.- Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294). - Add SUSE version depending pkg-config requires macro; (bnc#792294).- Define library names and use it instead of libldb1, libnetapi0, libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and libwbclient0; (bnc#792294). - Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems.- Don't clutter the spec file diff view; (bnc#783384).- Fix fd leak causing 100% CPU in winbind on certain dc connection failures; (bso#9436); (bnc#786677).- Fix spoolss segfault when default devmode is disabled; (bso#9433); (bnc#791183).- Update to 4.0.0rc5. See WHATSNEW.txt from the samba-doc package.- ACL masks incorrectly applied when setting ACLs; (bso#9236). - s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272). - lib/replace: replace all *printf function if we replace snprintf; (bso#9390). - lib/addns: don't depend on the order in resp->answers[]; (bso#9402).- s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209). - lib/krb5_wrap: request enc_types in the correct order; (bso#9272). - Fix net ads join message for the dns domain; (bso#9326). - docs-xml: fix use of tag; (bso#9345). - s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359). - s3:winbind: Failover if netlogon pipe is not available; (bso#9386).- Execute the run_permissions macro on pre-11.4 systems and else the set_permission one if available.- Ensure adding the winbind group never can fail.- Create ntadmin group only if it doesn't yet exist.- Update to 3.6.9. + When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). + Winbind can't fetch user or group info from AD via LDAP; (bso#9147). + Fix segfault in smbd if user specified ports out for range; (bso#9218).- quota: Don't force the block size to 512; (bso#3272). - Fix poll replacement to become a msleep replacement; (bso#8107). - Fix wrong test == syntax in configure; (bso#8146). - Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344). - Fix builtin forms order to match Windows again; (bso#8632). - Fix RAW printing for normal users; (bso#8769); (bnc#790741). - Initialise ticket to ensure we do not invalid memory; (bso#8788). - Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966). - Fix crash on null pam change pw response; (bso#9013). - Connection to outbound trusted domain goes offline; (bso#9016). - Increase debug level for info that the db is empty; (bso#9112). - 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117). - Winbind can't fetch user or group info from AD via LDAP; (bso#9147). - Open printers with the right access mask; (bso#9154). - Fix makerpms.sh on RHEL; (bso#9165). - Remove non-existent option '-Y' from winbindd manpage; (bso#9171). - Add quota support for gfs2; (bso#9172). - Make SMB2 compound request create/delete_on_close/close work as Windows; (bso#9173). - Empty SPNEGO packet can cause smbd to crash; (bso#9174). - pam_winbind: Match more return codes when wbcGetPwnam has failed; (bso#9177). - Fix crash bug in idmap_hash; (bso#9188); (bnc#788159). - SMB2 Create doesn't return correct MAX ACCESS access mask in blob; (bso#9189). - Fix service control for non-internal services; (bso#9192). - Don't take 'state->te' as indication for "was_deferred"; (bso#9196). - Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209). - Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213). - Fix segfault in smbd if user specified ports out for range; (bso#9218). - Signing cannot be disabled for SMB2 by design, so fix the documentation instead; (bso#9222). - Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry; (bso#9231). - When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). - lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259). - Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart; (bso#9268). - Add support for reloading systemd services; (bso#9280).- Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719).- Do not write the build date into the header of the default smb.conf as this causses superfluous rebuilds of packages depending on samba; (bnc#781601).- Do not prerequire SuSEconfig.permissions as it's already enough and more generic to depend on the permissions package; (bnc#782293).- Update to 3.6.8. + Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). + Fix Winbind panic if we couldn't find the domain; (bso#9135).- Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058). - Fix bad call to memcpy source3/registry/regfio.c; (bso#9065). - "Domain Users" incorrectly added as additional group on domain members; (bso#9066). - Use correct RID for "Domain Guests" primary group; (bso#9067). - Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). - Fix smbclient/tarmode panic when connecting to Windows 2000 clients; (bso#9088). - Fix refreshing of Kerberos tickets in Winbind; (bso#9098). - Fix identification of idle clients in Winbind to avoid crashes and NDR parsing errors; (bso#9104). - Fix compilation with newer MIT Kerberos which hides internal symbols; (bso#9111). - Fix flooding the logs with records we don't find in pcap; (bso#9112). - Initialize the print backend after we setup winreg; (bso#9122). - Fix lprng job tracking errors; (bso#9123). - Fix setting of "inherited" bit on inherited ACE's; (bso#9124). - Fix Winbind panic if we couldn't find the domain; (bso#9135). - Make 'smbclient allinfo' show the snapshot list; (bso#9137). - Fix nfs quota support with Linux nfs4 mounts; (bso#9144). - Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests; (bso#9150).- NMB registration for a duplicate workstation fails with registration refuse; (bso#9085); (bnc#770056).- Remove backup files caused by running configure in examples/VFS.- Update to 3.6.7. + Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). + Fix migrating printers while upgrading from 3.5.x; (bso#9026).- Correct documentation of "case sensitive"; (bso#8552). - Printing fails in function cups_job_submit; (bso#8719). - Fix kernel oplocks when uid(file) != uid(process); (bso#8974). - Send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls are set; (bso#8989). - Fix build without ads support; (bso#8996). - Don't turn negative cache entries into valid idmappings; (bso#9002). - Fix posix acl on gpfs; (bso#9003). - Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022). - Fix migrating printers while upgrading from 3.5.x; (bso#9026). - Fix typo in set_re_uid() call when USE_SETRESUID selected in configure; (bso#9034). - Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040). - Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). - Fix build against CUPS 1.6; (bso#9055). - Fix bugs in SMB2 credit handling code; (bso#9057). - rpcclient: Fix bad call to data_blob_const; (bso#9062).- Create missing doc directories while install. - Remove no longer existing Manifest file from install. - Don't creat a link to non existend html man pages for swat. - Don't call the no longer existing libsmbclient testsuit while build.- Configure with option --mandir instead --with-mandir. - Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and - -with-swatdir configure options.- Update to 4.0.0beta4. See WHATSNEW.txt from the samba-doc package.- BuildRequire gcc, make, and patch; (bnc#771516).- ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262).- Fix shell syntax in dhcpcd hook script; (bnc#769957).- Add missing int declaration to the net kdc lookup patch.- Update to 4.0.0beta2. See WHATSNEW.txt from the samba-doc package.- Update to 3.6.6. + Fix possible memory leaks in the Samba master process; (bso#8970). + Fix uninitialized memory read in talloc_free(); (bnc#764577). + Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983).- resolve_ads() code can return zero addresses and miss valid DC IP addresses; (bso#8910). - Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983). - winbind can hang as nbt_getdc() has no timeout; (bso#8953). - Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627) - s3-pid: Catch with pid filename's change when config file is not smb.conf; (bso#8714). - Possible memory leaks in the main Samba process; (bso#8970). - s3: Fix uninitialized memory read in talloc_free(); (bnc#764577). - Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971). - Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988). - Winzip occasionally can not read files out of an open winzip dialog; (bso#8311). - s3-winbindd: call dump_core_setup after command line option has been parsed; (bso#8975). - Directory group write permission bit is set if unix extensions are enabled; (bso#8972). - s3: remove dependency on automake for "make everything"; (bso#8978). - sd_has_inheritable_components segfaults on an SD that se_access_check accepts; (bso#8811). - smbclient's tarmode insists on listing excluded directories; (bso#8922). - Notify code can miss a ChDir; (bso#8998). - s3:smbd: add a fsp_persistent_id() function; (bso#8995).- Call autogen.sh even on post-12.1 SUSE systems.- Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems. - Recompile all IDL in any case.- BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora systems.- Install talloc.pc only on pre-12.2 and non SUSE systems.- BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and libtevent-devel on post-12.1 systems.- s3: Fix a segfault with debug level 3 on Solaris; (bso#8861). - s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904). - smbd crashes when deleting directory and veto files are enabled; (bso#8837). - winbind_krb5_locator only returns one IP address; (bso#8897). - Wrong assertion/comparison: Compare value not pointer; (bso#8859). - Inconsistent (with manpage) command-line switch for "help" in smbtree; (bso#8831). - Fix incorrect debug statement. - Setting traverse rights fails to enable directory traversal when acl_xattr in use; (bso#8857). - Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877). - s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869). - s3-docs: fixes several typos; (bso#7938). - s3-VFS: Fix building out-of-tree modules; (bso#8822). - s3-docs: Add hint that setting "profile acls = yes" on normal shares can cause trouble; (bso#7930). - s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915). - Avoid null dereference in initialize_password_db(); (bso#8920). - s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend. - s3:registry:reg_api: fix reg_queryvalue to not fail when values are modified while it runs. - s4:torture:rpc:spoolss: also initialize driverName before checking it in test_PrinterData_DsSpooler(). - s3:registry: multiple cleanups, fixes, and optimisations. - s3:auth/server_info: the primary rid should be in the groups rid array; (bso#8798). - s3-printing: Add new printers to registry; (bso#8554); (bso#8612); (bso#8748). - Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it; (bso#8945). - s3-auth: Don't lookup the system user in pdb; (bso#8944). - s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952). - Fix typo in pam_winbindd code; (bso#8957). - Fix remove_duplicate_addrs2 previously it could leave zero addresses in the list; (bso#8910). - Slow but responsive DC can lock up winbindd; (bso#8943). - Broken processing of %U with vfs_full_audit when force user is set; (bso#8882).- Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems. - BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and libtevent0-devel on post-12.1 systems.- Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731).- docs-xml: fix default name resolve order; (bso#7564). - s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836). - docs: remove whitespace in example samba.ldif; (bso#8789). - s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845); (bnc#730769). - s3-docs: Prepend '/' to filename argument; (bso#8826).- Update to 3.6.5. - Restrict self granting privileges where security=ads for Samba post-3.3.16; CVE-2012-2111; (bnc#757576).- Remove all precompiled idl output to ensure any pidl changes take effect; (bnc#757080).- Update to 3.6.4. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797).- s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784).- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454).- Remove obsoleted Authors lines from spec file for post-11.2 systems.- Make ldapsmb build with Fedora 15 and 16; (bso#8783). - BuildRequire libuuid-devel for post-11.0 and other systems. - Define missing python macros for non SUSE systems. - PreReq to fillup_prereq and insserv_prereq only on SUSE systems. - Always use cifstab instead of smbfstab on non SUSE systems.- Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870; (bnc#747934).- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854).- s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825).- s3:winbindd fix a return code check; (bso#8406).- s3: Add rmdir operation to streams_depot; (bso#8733).- s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738); CVE-2013-0454; (bnc#811975).- s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).- s3:client: ignore SMBecho errors (the server may not support it); (bso#8139).- Be more strict when using PAM_AUTH API from winbind if Kerberos auth is enabled and don't unintentionally use a bogus domain name; (bso#8734).- smbclient fails with posix large reads; (bso#8727).- Use the smbfs init script on versions pre-11.3, or cifs in later versions; (bnc#744614).- s3: Compile IDL files in autogen, some configure tests need this.- Fixes various deadlocks in if-up.d / if-down.d when running under systemd; (bnc#732395).- Update to 3.6.3. + Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724); (bnc#743986).- Use spdx.org compliant license names for all packages.- Update to 3.6.2. + Make Winbind receive user/group information (bug #8371). + Several SMB2 fixes. + Fix a crash bug in the spoolss code. + Add new contributing FAQ announcing acceptance of corporate (C). + DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504). + Fix cli_write_and_x() against OS/2 print shares; (bso#5326). + Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563); (bnc#726145). + Remove pointless use_memory_krb5_ccache; (bso#7465). + Fix perl path; (bso#8176). + Grant credits in async interim responses (SMB2); (bso#8357). + Make Winbind receive user/group information; (bso#8371). + Fix Windows XP clients crashing smbd process every once in a while; (bso#8384); (bnc#731571). + Make VFS op "streaminfo" stackable; (bso#8419). + Add an allocation pool to idmap_autorid; (bso#8444). + Fix SEGFAULT from net registry export on not zero terminated REG_SZ values; (bso#8528). + Make DSO_EXPORTS_CMD more portable; (bso#8531). + readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). + smbclient posix_open command fails to return correct info on open file; (bso#8542). + winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548). + Fix setting the machine account password; (bso#8550). + Make SMB2 handle compound request headers in the same way as Windows; (bso#8560). + Password change settings not fully observed; (bso#8561). + Fix double free error in talloc; (bso#8562). + Fix alignment in the non-extended-security negprot; (bso#8573). + Add systemd service files; (bso#8575). + Add systemd service files; (bso#8575). + smb2_flush: Don't send uninitialized memory; (bso#8579). + Enable inotify if sys or kernel inotify is available; (bso#8580). + Increase a debug level; (bso#8585). + libsmb: Only align unicode pipe_name; (bso#8586). + Fix marshalling of samr_ChangePasswordUser3; (bso#8591). + Don't limit the number of open dptrs for SMB2; (bso#8592). + Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). + Make cldap work over IPv6; (bso#8600). + Fix intermittent print job failures caused by character conversion errors; (bso#8606). + Improve configure.in so it can be used outside the Samba source tree; (bso#8607). + Winbind: Don't fail on users without a uid; (bso#8608). + Ensure we correctly calculate reply credits over all returned SMB2 replies; (bso#8614). + Fix migrate printer code; (bso#8618). + Fix crash bug when trying to browse Samba printers; (bso#8623). + libsmb: Don't duplicate Kerberos service tickets; (bso#8628). + POSIX ACE x permission becomes rx following mapping to and from a DACL; (bso#8631). + When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). + Fix the vfs_commit module; (bso#8639). + Add an update function for Winbind cache; (bso#8643). + vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). + Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb vfs modules; (bso#8652). + Fix deleting a symlink if the symlink target is outside of the share; (bso#8663). + Fix renaming a symlink if the symlink target is outside of the share; (bso#8664). + Fix NT ACL issue; (bso#8673). + Fix buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). + Fix Winbind segfault if we can't map the last user; (bso#8678). + recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). + Try ctdbd_init_connection() as root; (bso#8684). + Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). + Fix typo in 'net memberships' usage; (bso#8687). + libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(); (bso#8692). + Make DeletePrinterDriverEx remove printer driver files; (bso#8697) (bnc#740810). + Fix major leak with SMB2 in connections.tdb; (bso#8710).- s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504).- Use correct license, LGPLv3+ for libwbclient packages.- When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636).- Fix incorrect types in the full_audit VFS module. Add null terminators to audit log enums; (bnc#742885).- Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810). - Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504).- Buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). - NT ACL issue; (bso#8673). - Deleting a symlink fails if the symlink target is outside of the share; (bso#8663). - connections.tdb - major leak with SMB2; (bso#8710).- Renaming a symlink fails if the symlink target is outside of the share; (bso#8664).- Intermittent print job failures caused by character conversion errors; (bso#8606). - ads_keytab_verify_ticket mixes talloc allocation with malloc free; (bso#8692). - libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). - s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684). - s3-printing: fix migrate printer code; (bso#8618). - Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686).- net memberships usage info was wrong; (bso#8687). - s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628). - Recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). - s3-winbind: Fix segfault if we can't map the last user; (bso#8678). - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). - s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb; (bso#8652). - Winbind can't receive any user/group information; (bso#8371). - s3-winbind: Add an update function for winbind cache; (bso#8643). - s3: Attempt to fix the vfs_commit module. - POSIX ACE x permission becomes rx following mapping to and from a DACL; (#bso#8631). - s3:libsmb: only align unicode pipe_name; (bso#8586). - s3-winbind: Don't fail on users without a uid; (bso#8608). - Crash when trying to browse samba printers; (bso#8623). - talloc: double free error; (bso#8562). - cldap doesn't work over ipv6; (bso#8600). - s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326). - SMB2: not granting credits for all requests in a compound request; (bso#8614). - smb2_flush sends uninitialized memory; (bso#8579). - Password change settings not fully observed; (bso#8561). - s3:smb2_server: grant credits in async interim responses; (bso#8357). - s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592). - samr_ChangePasswordUser3 IDL incorrect; (bso#8591). - idmap_autorid does not have allocation pool; (bso#8444). - Add systemd service files. - s3:libsmb: the workgroup in the non-extended-security negprot is not aligned; (bso#8573). - s3-build: Fix inotify detection; (bso#8580). - SMB2 doesn't handle compound request headers in the same way as Windows; (#bso8560). - Disconnecting clients swamp the logs; (bso#8585). - s3-netlogon: Fix setting the machinge account password; (bso#8550). - winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548). - smbclient posix_open command fails to return correct info on open file; (bso#8542). - readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). - s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465). - s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531). - s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string; (bso#8528). - Make VFS op "streaminfo" stackable; (bso#8419).- Fix incorrect perfcount array length calculations; (bnc#739258).- BuildRequire autoconf to avoid implicit dependency for post-11.4 systems.- Remove call to suse_update_config macro for post-11.4 systems.- Use samba.org for the ldapsmb source location.- Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile; (bnc #729516).- Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572).- Add ldap to Should-Start and Stop of the smb init script; (bnc#730046).- Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571).- Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564).- Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145).- Fix typo in net ads join output; (bnc#713135).- Ignore a potentially missing AppArmor snippet helper script; (bnc#725256).- Update to 3.6.1. + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Several SMB2 fixes. + The VFS ACL modules are no longer experimental but production-ready. + Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465). + smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509). + Return error of cli_push when 'put - /some/file' is used; (bso#7551). + Fix usage of cli_errstr(); (bso#7864). + Fix 'widelinks' regression; (bso#8229). + Empty notify servername; (bso#8236). + Add man vfs_aio_fork; (bso#8256). + smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes; (bso#8334). + Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338). + While migrating forms, don't fail if the form already exists; (bso#8351). + OS/2 sends an unexpected write&x/read&x chain; (bso#8360). + Fix build of vfs_prealloc on SLES8; (bso#8363). + Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364). + Fix the fallback to the deprecated spelling idmap:script; (bso#8368). + Fix vfs_chown_fsp; (bso#8370). + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix smbclient access to NT4 shares; (bso#8385). + Optimize serverid_exists() for Solaris; (bso#8395). + registry/reg_format.c must include includes.h; (bso#8401). + SMB2 server can return requests out-of-order when processing a compound request; (bso#8407). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with SMB2; (bso#8412). + Fix 'getent group' if trusted domains are not reachable; (bso#8420). + Fix infinite loop in ACL module code; (bso#8422). + Fix wrong reply to DHnC (durable handle reconnect); (bso#8428). + Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429). + Fix segfault in iconv.c; (bso#8433). + NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442). + Be smarter about setting default permissions when a ACL_USER_OBJ isn't given; (bso#8443). + Check the wct of the incoming SMBnegprot responses; (bso#8452). + Fix smbclient segfaults when dialect option -m is used for legacy dialects; (bso#8453). + Fix uninitialized memory problem in group_sids_to_info3; (bso#8455). + Samba PDC is looking up only primary user group; (bso#8455). + IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458). + smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473). + SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474). + Don't call smbd_terminate_connection in smb2_validate_message_id(); (bso#8476). + Samba asserts when SMB2 client breaks the crediting rules; (bso#8476). + Map to guest can return uninitialized blob of data; (bso#8477). + acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480). + DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493). + Remove "experimental" label on VFS ACL modules; (bso#8494). + SMB2_OP_CANCEL requests don't have to be signed; (bso#8503). + smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507). + Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509). + Disallow "." in can_set_delete_on_close(); (bso#8515). + SMB2 create call returns incorrect file allocation size; (bso#8518). + Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520). + Winbind cache timeout expiry test was reversed; (bso#8521).- s3/doc: add man page for aio_fork vfs module.- Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).- s3: Samba PDC is looking up only primary user group; (bso#8455).- Add script to create or update an AppArmor sniplet with permissions for all Samba shares; (bnc#688040).- Add "ldapsam:login cache" parameter to allow explicit disabling of the login cache; (bnc#723261).- Retain the smbd startproc return value for correct startup status reporting. unset was incorrectly being called prior to rc_status; (bnc#723724).- Prevent deadlock in systemd triggered by if-down.d handler on shutdown; (bnc#721598).- smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; changed defaults and documentation (bso8473).- Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client); (bso#8515).- winbindd cache timeout expiry test was reversed; (bso#8521).- Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520).- s3:smb2_create: fix allocation size return value when opening existing files; (bso#8518).- SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474).- NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442).- s3-docs: Fix bug (bso#7908) and typo.- Return error of cli_push when 'put - /some/file' is used; (bso#7551).- Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509).- smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507).- Default user entry is set to minimal permissions on incoming ACL change with no user specified; (bso#8443).- smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).- Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft Internet Explorer 9 on Windows 7 to download files; (bso#8458).- DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493).- s3-docs: Fix typos.- s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).- Remove "experimental" label on VFS ACL modules; (bso#8494).- acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).- s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476).- s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin; (bso#7465).- smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473).- s3-netapi: allow to use default krb5 credential cache for libnetapi users.- s3-docs: document -k switch in net manpage.- Map to guest can return uninitialized blob of data; (bso#8477).- s3-registry: registry/reg_format.c must include includes.h; (bso#8401).- smbclient segfaults when option -m is used for legacy dialects; (bso#8453).- Fix 'widelinks' regression intro'd in 3.2; (bso#8229).- Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429).- s3-spoolss: Fix bug forms migration; (bso#8351).- s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452).- s3: Do not fork the echo handler for smb2; (bso#8334).- s3-spoolss: Fix bug empty notify servername; (bso#8236).- SMB2 server can return requests out-of-order when processing a compound request; (bso#8407).- Remove smb child crash fix. The issue had been fixed upstream differently.- BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems.- Fix samba duplicates file content on appending. Move posix case semantics out from under the VFS; (bso#6898); (bnc#681208).- Make winbind child reconnect when remote end has closed, fix failing sudo; (bso#7295); (bnc#569721).- Spec file cleanup as suggested by the spec-cleaner tool. + Make all BuildRequires, PreReq, and Provides a separate line. + Use %{buildroot} instead of ${RPM_BUILD_ROOT}. + Use straight commands instead of macros (make, install). + Use -p in post and postun if we only call one command. + Use %{_localstatedir} instead of %{_var} in the filelist. + Remove superfluous AutoReqProv on lines.- Remove %release from all Provides.- Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433).- Use /var/run for the cifs state file in the init script too; (bnc#710304).- Microsoft Word from Microsoft Office 2007 fails to save as on a share with SMB2; (bso#8412).- Use sys_write and sys_read in fork_domain_child to fix a winbind race leading to 100% CPU usage; (bso#8409).- Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428).- Fix infinite loop in ACL module code; (bso#8422).- Fix getent group if trusted domains are not reachable; (bso#8420).- smbclient can't access a NT4 share since 3.6.0; (bso#8385).- Optimize serverid_exists() for Solaris; (bso#8395).- talloc: + check block count after references test. + added test suite for talloc_free_children(). + license info erratum in the manpage. + fix typos and better differentiation between versions 1 and 2. + preserve context name on talloc_free_children(). + ensure the sibling linked list remains valid during a free.- vfs_chown_fsp returned in the wrong directory; (bso#8370).- Remove irritating "." targets when recent system libs exist; (bso#8369).- Correctly initialize "idmap config * : script" with NULL; (bso#8368).- Add missing include to suppress compiler warnings; (bso#8365).- Point the chain offset beyond the current request; (bso#8360).- Fix gpfs vfs module build; (bso#8364).- Make vfs_prealloc even build on older systems; (bso#8363).- Do central cli_set_error and return the actual NTSTATUS; (bso#7864).- Add a fallback for missing open&x support in OS/X Lion; (bso#8338).- Update to 3.6.0. + BUG 7462: Make SA_RESETHAND conditional on its existance. + BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined. + BUG 8324: smbclient cannot list directories from a big-endian machine. + BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname. + BUG 8327: Fix the reload of the configuration, also reload activated registry shares. + BUG 8328: Cleanup of idmap_tdb2 code. + BUG 8330: Fix NFSv4 ACL merging logic. + BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id. + BUG 8341: Fix segfault in libsmbclient. + BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file. + BUG 8347: Fix regression for HP-UX, AIX and OSF. + BUG 8357: Make sure we grant credits on async read/write operations. + BUG 8358: Fix a bug in run_poll_events(). + BUG 8362: Fix build issue on old glibc systems.- Remove references to disabled vscan build.- Add missing define, includes, and initialization to get_printing_ticket.- Use /var/run for the cifs state file; (bnc#710304).- Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303).- File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335).- Fix reload of the configuration and also reload activated registry shares; (bso#8327).- WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326).- smbclient cannot list directories from a big-endian machine; (bso#8324).- Update to 3.6.0rc3. + BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). + BUG 7888: Deal with buggy 3.0 based PDCs. + BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb module. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8193: Add new command 'enumerate_recursive'. + BUG 8195: Make rpc client code working against NT4 servers. + BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is set. + BUG 8213: Fixes in idmap_autorid. + BUG 8214: Fix smbd crash on printer driver upgrade. + BUG 8215: Fix Winbind unix username lookup. + BUG 8216: Make Winbind returning correct results with 'sids2xids'. + BUG 8217: Do not stat-check the share path in 'net conf addshare'. + BUG 8219: Fix SMB Panic from Windows 7 client. + BUG 8224: Fix the build on FreeBSD. + BUG 8226: Use c99 initializers which are supported by old gcc 2.95 compilers. + BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd. + BUG 8231: Fix crash bug in 'net cache get'. + BUG 8235: Fix smbd crash on startup caused by migrate_printer(). + BUG 8240: Fix Valgrind warnings in winreg/spoolss code. + BUG 8244: Fix copying files larger than 2 GB to a Samba share. + BUG 8247: Fix Coverity ID 2582: FORWARD_NULL. + BUG 8253: Fix Winbind panic if verify_idpool() fails. + BUG 8254: Fix "acl check permissions = no". + BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes. + BUG 8262: Fix build of vfs_commit. + BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl. + BUG 8264: Fix Valgrind bugs in svcctl. + BUG 8276: Close all sockets attached to a subnet in close_subnet(). + BUG 8278: Fix smbd panic when CTDB is unhealthy. + BUG 8281: Fix build of examples/VFS/*. + BUG 8286: Fix smbd crash on premature end of smb2 conn. + BUG 8292: Fix a major architectural flaw in the SMB2 server code. + BUG 8293: Fix log file rotating in SMB2. + BUG 8304: Fix uninitialized variable in error path. + BUG 8305: Fix segfault in nmbd when using 'smbtree ...'.. + BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks. + BUG 8310: toupper_ascii() is broken on big-endian systems. + BUG 8314: Fix smbd crash with unknown user. + Mark 'time offset' parameter as deprecated.- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289); (bnc#708503).- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site request forgery; CVE-2011-2522; (bso#8290); (bnc#705241).- Fixed the DFS referral response for msdfs root; (bnc#703655).- Fix CUPS print job IDs; (bso#7288); (bnc#701257).- Make use of the actual library version as part of the package name on post-11.3 systems only.- Fix winbind internal error; (bso#7636); (bnc#659424).- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION; (bnc#705170).- Specify nmbdsocketdir at configure time; (bnc#700953).- Build the tdb, talloc, and tevent libraries ahead of anything else.- Update to 3.6.0rc2. + BUG 6911: Fix Kerberos authentication from Vista to Samba. + BUG 8166: Don't lockout users when offline. + BUG 8200: Add support for multiple writeable ldap idmap domains. + BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer. + BUG 7054: Fix X account flag when "pwdlastset" is "0". + BUG 8144: Fix setting timestamp when touching files with CIFS clients. + BUG 8153: Fix setting up getaddrinfo on IPv6-only machines. + BUG 8156: Fix 'net ads join' using the user's Kerberos ticket. + BUG 8157: Fix parsing a cups printcap file. + BUG 8175: Fix smbd deadlock. + BUG 8189: Support shadow copy display over SMB2. + BUG 8197: Winbind does not properly detect when a DC connection is dead. + BUG 8203: Winbind needs to reset the DC connection if an RPC times out.- Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209).- Add "winbind max clients" parameter to remove 200-client limit; (bnc#697461).- Disable logon cache for password lockout consistency when running in a cluster; (bnc#694836).- Fix logon of AD users with many group memberships; (bso#6911); (bnc#657026).- Don't lockout users while offline; (bso#8166); (bnc#692607).- Update to 3.6.0rc1. + BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open. + BUG 8112: POSIX extension opens of a directory are denied with EISDIR. + BUG 8132: Fix filling printers location field when using cups. + Remove fstrings from client struct. + BUGFIX when converting from safe_strcpy to strlcpy. + Fix off-by-one calculations with strlcpy. + Ensure we always write the correct incoming mid into the share mode table entries. + Fix the SMB2 oplock showstopper. + Convert user-specified domain to uppercase in libsmb. + Fix Coverity CID #2302: FORWARD_NULL. + Fix cups_pull_comment_location(). + Fix double free of cups request. + Make cups_pull_comment_location() work again. + Fix potential crash bug in display_print_driver3(). + Properly clean up in pthreadpool_init in case of failure. + Make plaintext session setup async. + Reduce fd load in Winbind children. + Avoid a potential 100% CPU loop in Winbind. + Tune broadcast namequeries for unique names. + Properly deal with exited winbind children. + Fix dup_smb2_vec3. + Fix return check in nss_wins.- Fix to renew the kerberos ticket in samba after expiry; (bnc#669949).- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945).- Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969).- Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946).- Package static libraries with 0644 permissions.- Add Requires libtalloc-devel to libldb-devel and libtevent-devel.- Rename libldb0 to libldb1 as 1 is the current major version of the library. - Add libldb1 and libtevent0 to baselibs.conf.- Don't call the suse_update_config macro before building lib ldb and tevent.- Update to 3.6.0pre3. + Listen on IPv6 addresses with IPV6_ONLY; (bso#7383). + Fix wrong output in 'smbget'; (bso#8066). + "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module; (bso#8083). + rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null; (bso#8088). + setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099). + Fix the build of 'smbget' on HP NonStop; (bso#8106). + Fix build of tdb2. + Correctly detect and deny symlinks anywhere in a path (not just the last component) if "follow symlinks = no". + Fix timeout in rpc_pipe_open_tcp_port(). + Fix the build of "--with-profiling-data". + Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470, 2471, 2478. + nsswitch: Add 'wbinfo --lookup-sids'. + nsswitch: Add 'wbinfo --sids-to-unix-ids'. + Fix smbd with the async echo responder. + Fix the build of vfs_gpfs.c. + Add a 10-second timeout for the 445 or netbios connection to a DC. + Many pthreadpool fixes. + Fix transaction recovery area for converted tdbs.- Add PreReq permissions to the krb-printing package.- Remove _libdir ldb and tevent from file list. - Explicitly state not to bundle talloc or tdb while ldb and tevent build.- Always use the actual library version as part of the package name. - Exclude shared python modules.- Fix printing from Windows 7 clients; (bso#7567); (bnc#687535).- Update pidl and always compile IDL at build time; (bnc#688810).- Update to 3.6.0pre2. + ID Mapping changes. + Implement SMB2 support. + Add an Endpoint Mapper daemon. + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Quota only shown when logged as root; (bso#7080). + Fix printing from Windows 7; (bso#7567). + Retry DNS updates when connection to one nameserver has failed; (bso#7690). + Unlink may unlink wrong file when hardlinks are involved; (bso#7863). + Fix 'nmbd --port'; (bso#7875). + cmd_spoolss_deletedriver() returned without checking all architectures; (bso#7880). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix cups pcap reload with no printers; (bso#7915). + Fix bug in chain_reply; (bso#7917). + Fix problems with "kernel oplocks" option set to "no"; (bso#7928). + Fall back for utimes calls; (bso#7940). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let winbind try to use samlogon validation level 6; (bso#7945). + Sgid bit lost on folder rename; (bso#7996). + Fix getting username in 'net rap session'; (bso#8009). + Fix inode generation so nautilus can count total dir size correctly; (bso#8010). + Use jenkins hash for str_checksum; (bso#8010). + Add explicit configure option whether or not to enable dmapi support; (bso#8033). + Fix smbclient segfault with Cyrillic netbios names; (bso#8040). + Fix file creation on OS/X; (bso#8042). + Add "--option" to 'testparm'. + Fix crash bug on smbd shutdown when using FOPENDIR(). + Ensure we don't return an incorrect access mask. + Fix bug against the new Mac client. + Fix leak in error path. + Fix error where Windows client spoolss returns WERR_INVALID_DATA. + Fix a segfault in the krb5 locator plugin. + Enable sharesec for registry shares. + Fix memory leak in "security=share" and "force user". + Add "net idmap check", a check and repair tool for the id mapping database. + Add new 'net idmap delete' command. + Fix segfault on missing input file in 'net idmap restore'. + Fix 'net usersidlist' not to skip every other user. + Fix potential crash bug in spoolss_PrinterEnumValues push path. + Internal restructuring. + Don't wipe out all printer drivers when only one should be deleted. + Fix winbindd_dual_pam_auth_samlogon() for NT4 domains. + Fix memory leak in print_cups.c. + Remove duplicate cups response processing code. + Follow force user/group for driver IO. + Initiate pcap reload from parent smbd. + Reload shares after pcap cache fill. + Fix numerous Coverity IDs (2041 and others). + Fix a memory leak in check_sam_security_info3. + Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable. + Make "net sam list [users|workstations]" list only the right things. + Fix a potential memleak in secrets_fetch_trusted_domain_password. + Use the right credentials in check_netlogond_security. + Add support for AF_NETLINK addr notifications. + Fork multiple Winbind children per domain. + Fix a deadlock between smbd and ctdbd. + Add 'wbinfo --dc-info'. + Make "nmbd socket dir" configurable. + Fixed valgrind errors. + Fix a memleak in receive_getdc_response. + Don't grant SEC_STD_DELETE always to the owner of a file. + Fix segfaults on addrchange errors in Winbind. + Allow machine accounts as members in groupdb. + Add IPv6 support for the endpoint mapper. + Free unused memory in the rpc server. + Fix possible segfaults in svcctl server. + Fix possible segfault with client_id in rpc server. + Add a 'svcctl shutdown' function to rpc server. + Fix a resource leak in net_afs. + Fix a resource leak in smbta-util. + Fix possible resource leak in net_usershare. + Fix possible resource leak in 'smbget'. + Fix possible resource leak in 'smbfilter'. + Fix a possible null pointer dereference in smbd. + Ensure we send the direct levelII oplock break to the correct fid. + Fix private libdir and codepages paths. - Add RFC 3454 to the vendor files.- Fix idmap_tdb for big-endian systems such as ppc and s390; (bso#6901); (bnc#675978).- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913).- Replace jobs by _smp_mflags macro while calling make on post-11.4 systems.- Don't crash when publishing a single printer; (bnc#643119).- Carry error status in printer list IPC message, do not refresh printers if cups is unavailable; (bso#7994); (bnc#675478).- Define the libwbclient packages ahead of packages with a different version.- Use %_smp_mflags for parallel building.- Update to 3.5.8. + Fix Winbind crash bug when no DC is available; (bso#7730). + Fix finding users on domain members; (bso#7743). + Fix memory leaks in Winbind; (bso#7879). + Fix printing with Windows 7 clients; (bso#7567). + Fix 'testparm' return code when EOF in encountered in param name; (bso#3185). + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Fix "Your Password expires today" message for users of trusted domains; (bso#7066). + Fix maintaining of users' groups via UsrMgr; (bso#7262). + Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356). + Raise debug level for "reduce_name: couldn't get realpath" messages; (bso#7409). + Fix updating the time on close in vfs_gpfs; (bso#7498). + Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594). + Handle Windows 9x adddriver calls without config file; (bso#7641). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix memory leak in the netapi routines; (bso#7665). + Store unmodified copies of security descriptors in acl_xattr and acl_tdb modules; (bso#7716). + Fix incorrect unix mode_t caused by invalid client DOS attributes on create; (bso#7733). + Apply appropriate create masks when creating files with "inherit ACLs" set to true; (bso#7734). + Fix "dfree cache time" parameter; (bso#7744). + Fix a getgrent crash with many groups; (bso#7774). + Fix requesting lookups for BUILTIN sids; (bso#7777). + Fix smbd crash caused by expand_msdfs; (bso#7779). + Fix atime limit; (bso#7785). + vfs_scannedonly: Switch from mtime to ctime which is more reliable; (bso#7789). + Fix copying files from a SMB share using Gnome vfs and SMB signing; (bso#7791). + Make Winbind recover from a signing error; (bso#7800). + ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb; (bso#7812). + Fix "force group" with ntlmssp guest session setup; (bso#7817). + vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835). + Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841). + Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842). + Expand the local SAMs aliases; (bso#7843). + ntlm_auth: Support clients which offer a spnego mechs we don't support; (bso#7855). + Fix 'net ads dns register' in cluster setups; (bso#7871). + Fix 'nmbd --port'; (bso#7875). + Make 'rpcclient deldriver' delete drivers for all architectures; (bso#7880). + Fix flaky Winbind against Windows 2008; (bso#7881). + Fix SMB session setups with Kerberos against some closed source SMB servers; (bso#7883). + Fix stale lock in open_file_fchmod(); (bso#7892). + Fix sporadic Winbind panic in rpc query_user_list; (bso#7894). + Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name; (bso#7896). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix connections from WinCE; (bso#7917). + Fix opening MS Powerpoint files; (bso#7940). + Fix endless loops caused by inotify; (bso#7942). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let Winbind try to use samlogon validation level 6; (bso#7945). + Revalidate the pathname once re-constructed from a root fsp; (bso#7950).- Require a particular library version even if the major version is part of the package name. Using the same major version does not guarantee forward compatibility.- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773).- Update to 3.5.7 + Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431).- Disable separate build of samba-doc for post-11.1 systems.- Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431).- Increase the log level for missing PIDs on SIGCHLD, printcap child processes are not added to the children PID list; (bnc#666460).- Do not require a particular library version if the major version is part of the package name.- Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries on post-11.3 systems.- Abide by print$ share 'force user' & 'force group' settings when handling AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353).- Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded() returns false if the pcap cache contains no printer entries. correct call ordering is already enforced. (bso#7836); (bnc#625936).- No longer force activation of the cifs service on post-11.3 systems. - Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4 systems. - Move the cifs init script nfs dependencies from Required to Should.- Recommend to install samba-krb-printing from samba-winbind on post-10.3 systems; (bnc#661845).- Fix error paths in cups_async_callback(), an empty cups printer list should not be treated as an error; (bnc#661842).- Abide by printcap cache time, reload parent smbd pcap cache on expiry; (bso#7836); (bnc#625936).- Fix race in cups async printer services reload; (bso#7836); (bnc#625936).- Don't tweak with baselibs.conf during %post if not present; (bnc#652620).- Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620).- Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux Enterprise 10; (bnc#652620).- vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835).- Replace Requires samba-client by samba-gplv3-client in the gplv3 packages; (bnc#652620).- Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112).- Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind, client-gplv2, and doc-gplv2 packages; (bnc#652620).- Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions; (bnc#652620).- Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620).- Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind package to avoide an accidental install trigger; (bnc#652620).- Add Provides samba-client to the samba-gplv3-client package; (bnc#652620).- Remove all Obsoletes from the samba-gplv3 packages and only keep the Provides samba; (bnc#652620).- Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620).- Reduce unnecessary ldap round trips and eliminate invalid DN messages; (bnc#654719).- Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux Enterprise 10 SP 3 and 4.- Add the _build_arch at the end of the vendor version suffix.- Provide and Obsolete samba-gplv3 to replace potentially installed packages.- Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4. - Do not package libsmbclient and libsmbsharemodes.- Update to 3.5.6 + Fix auto printers with registry config; (bso#7280); (bnc#617153). + Fix SPNEGO auth when contacting Win7 system using Microsoft Live Sign-in Assistant; (bso#7577). + Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578). + Fix "admin users" when using vfs_acl_xattr; (bso#7581). + Fix using cached credentials in ntlm_auth; (bso#7589). + Fix Winbind offline login; (bso#7590). + Fix Winbind internal error; (bso#7636). + Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651). + Fix smbd changing mode of files on rename; (bso#7693). + Fix crash bug with invalid SPNEGO token; (bso#7694). + Fix smbd panic on invalid NetBIOS session request; (bso#7698). + Fix smbd crash caused by "%D" in "printer admin"; (bso#7541). + Fix 'smbclient -M'; (bso#7635). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix crash bug in rpcclient; (bso#7688). + Fix file corruption when setting Samba "write wache wize"; (bso#7715).- Let startproc wait for nmb, smb and winbind pid files getting created on post-11.1 systems; (bnc#520036).- Include the reviewed french translation for pam_winbind; (bnc#499233).- Fix smbd crash with CUPS printers and no [printers] share defined; (bso#7297); (bnc#637755).- Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870).- Fix baselibs.conf for libtalloc.- Fix buffer overflow in sid_parse() to correctly check the input lengths when reading a binary representation of a Windows Security ID (SID); CVE-2010-3069; (bso#7669); (bnc#637218).- Use cached ntlm password in libsmbclient. Prevent lockouts when kerberos tickets are lost; (bnc#602418); (bnc#606304).- Add a dependency on nfs to the smbfs/ cifs init scripts as they require the en_US locale and /usr might be on NFS.- Complete fix for trusts with Windows 2008R2 DCs.- Fix authentication dialogs when connecting to older systems; (bnc#632055).- Adjust position of conditional ldapsmb %package and %files definition.- Create the /var/run/samba directory on the fly and package it as %ghost.- Fix preexec scripts; (bso#7104); (bnc#632852).- Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient pkgconfig files and BuildRequire pkgconfig; (bnc#632770).- BuildRequire python-devel for post-9.3 systems.- Only create precompiled headers for post-10.2 systems. - Remove mkinitrd scriptlets.- Add vfs_crossrename man page. - Call make basic and remove conditional proto target. - Increase libtevent version to 0.9.9. - Remove wbc_async header from the file list. - Remove remaining cifs-mount pieces from the spec file.- Fix printers not auto loading with registry config; (bso#7280); (bnc#617153).- Update to 3.6.0pre1. + SMB2 support is fully functional despite managing quota using the Microsoft management tools. + Internal Winbind passdb changes to use samr and lsa rpc pipe to get local user and group information. + The spoolss and the old RAP printing code have been completely overhauled and refactored. + The SMB Traffic Analyzer (SMBTA) VFS module got added.- Intilize workgroup of nmblookup as empty string.- Fix net ads join when using parent domain users; (bso#6364); (bnc#630812).- cifs: do not restart during dhcp lease renewal when IPaddress remains the same; (bnc#573246).- Fix "Too many open files" when trying to access large number of files; (bso#6837); (bnc#619787).- Update to 3.5.4. + Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing from ldap (bug #7448). + Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507). + Allow previous password to be stored and use it to check tickets; (bso#7099). + Make ea data checks identical for trans2open and trans2mkdir; (bso#7188). + Fix editing users' groups via UsrMgr; (bso#7262). + Fix Winbind over IPv6; (bso#7341). + Samba sends "raw" inode number as uniqueid with unix extensions; (bso#7410). + Fix printing large formats; (bso#7423). + Fix spnego returning incorrect mechListMIC string; (bso#7449). + Fix some crash bugs and missing error codes in AddDriver paths; (bso#7459). + Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479). + Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500). + Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503). + Fix numerous build issues; (bso#7504). + Fix session setup from linux kernel cifs clients with "sec=ntlmv2"; (bso#7517).- Remove all provides and obsoletes samba3 from the spec file. Packages with this base name have not been offered as part of a product.- Fix a NULL pointer dereference in smbd of the 3.4 code base; CVE-2010-1635; (bso#7229); (bnc#605935).- Address possible buffer overrun in chain_reply code of pre-3.4 versions; CVE-2010-2063; (bso#7494); (bnc#611927).- Update of the SMB Traffic Analyzer v2 VFS module- Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873); (bnc#592198); (bso#6697).- Update to 3.5.3. + Fix MS-DFS functionality; (bso#7339). + Fix a Winbind crash when scanning trusts; (bso#7389). + Fix problems with SIGCHLD handling in Winbind; (bso#7317). + Add replacement for IPV6_V6ONLY on linux systems with broken headers; (bso#7196). + Fix cups encryption setting; (bso#7263). + Fix exporting printers via 'cupsaddsmb' command; (bso#7277). + Fix SMB job IDs in CUPS job names; (bso#7288). + Fix segfault in mount.cifs; (bso#7315). + Make TIME_T_MAX defines consistent; (bso#7352). + Re-fix a bug with smbd serving a windows terminal server; (bso#7357). + Display an error on 'net conf import' failures; (bso#7378). + Fix bitmap leak in dptr_Close; (bso#7384). + Fix rename problems with full_audit VFS module; (bso#7398). + Fix setting of passwords via 'net rpc user password' command; (bso#7417). + Fix 'net rpc printer list' command; (bso#7418). + Rename mod_name to module_name; (bso#7421). - Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler. - Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423). - Winbind not working over IPv6; (bso#7341).- Honor "interfaces" list in net ad dns register; (bnc#606947).- Exclude the RPM release from the vendor tag for openSUSE Factory; (bnc#604049).- Enable the build of the idmap tdb2 module; (bnc#600822).- BuildRequire keyutils-libs-devel for Fedora and post-RHEL4.- BuildRequire pkg-config for post-10.2 systems and else pkgconfig.- Add "net conf import" error messages; (bso#7378, bnc#598189).- Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544).- Update to 3.5.2. + Fix smbd segfaults in _netr_SamLogon for clients sending null domain; (bso#7237). + Fix smbd segfaults in "waiting for connections" message; (bso#7251). + Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935); CVE-2010-1642. + Fix a memleak in Winbind; (bso#7278). + Fix Winbind reconnection to it's own domain; (bso#7295). + Fix segfault if hide files or veto files has no ".AppleDouble"; (bso#1206). + Fix parsing of the gecos field; (bso#5198). + Fix several printing issues; (bso#6727). + Fix valgrind warning; (bso#6814). + Fix race condition in mount.cifs that allows user to replace mountpoint with a symlink; (bso#6853). + Fix bug in vfs_scannedonly rmdir implementation; (bso#7075). + Fix handling of bad server data returns in client rpc_transport; (bso#7159). + Never mark external domains as internal in Winbind; (bso#7170). + Fix access by multi-threaded applications; (bso#7202). + Fix 'net share' command; (bso#7203). + Fix DN parsing name was always null; (bso#7204). + Signals are processed twice in child; (bso#7206). + Fix returning of group members with 'getent group'; (bso#7212). + Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216). + Make Winbind logs more verbose for troubleshooting; (bso#7225). + Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229); (bnc#605935). + Fix automatic building of vfs_tsmsm if gpfs and dmapi are present; (bso#7231). + Fix race conditions in CTDB persistent transactions; (bso#7232). + Symlink delete fails but incorrectly reports success to client; (bso#7234). + Fix "printer admin" functionality; (bso#7255). + Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256). + Fix _winreg_QueryValue crash bugs and implement Windows behavior; (bso#7258). + Fix job management commands for CUPS queues; (bso#7269). + Fix smbd segfault if using vfs_acl_tdb; (bso#7283). + Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290). + Fix smbd crashes with CUPS printers and no [printers] share defined; (bso#7297). + Fix DOS attribute inconsistency with MS Office; (bso#7310). + Many disconnecting clients render clustered Samba unusuable for some time; (bso#7312). + Make 'net conf addshare' atomic; (bso#7313). + Eliminate race condition in creating/scanning sorted subkeys in the registry backend; (bso#7314). + Winbind possibly segfaults when trying a trusted domain without inbound trust; (bso#7316).- Add SMB Traffic Analyzer v2 VFS module.- Document "wide links" defaults to "no" in the smb.conf man page for versions pre-3.4.6; (bnc#577868).- Fix workgroup enumeration, for client printer and file share selection; (bso#6880); (bnc#586215).- Fix tdb validation for offline auth; (bnc#587014).- Fix "printer admin" functionality; (bso#7255).- An uninitialized variable read could cause an smbd crash; (bso#7254); (bnc#605935); CVE-2010-1642.- Ensure to have a valid talloc stackframe; (bso#7251).- _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237).- Merge missing pam_winbind message translations; (bnc#499233).- Remove cifs-mount subpackage for post-11.2 systems as the tools are now part of the independent cifs-utils package.- Fix join of Windows 2008 domains; (bnc#567013).- Update to 3.5.1 and 3.4.7. + Fix security flaw on Linux platforms if built with libcap support allowing file system access even when permissions should have denied it; CVE-2010-0728; (bso#7222); (bnc#586683).- Fixed libldb.so link in libldb-devel.- Fix argc handling in net_share, making the command "net share" work again; (bso#7203); (bnc#584253).- Update to 3.5.0. + Fix duplicate sam and unix accounts; (bso#7145). + Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160). + Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166). + Fix 'net ads dns' usage calls; (bso#7181). + Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182).- Update to 3.4.6. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix printing with 64 bit clients (bso#6888). + Fix core dump on 64 bit Linux (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bso#7067). + Fix string buffer overflow causing heap corruption in smbd (bso#7096). + Fix bogus ip address in SWAT; (bso#5885). + Fix vfs_full_audit; (bso#6557). + Use the first "uid" value; (bso#6157). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix DFS on AIX (maybe others); (bso#7052). + Fix pdb_search crash as non-root user; (bso#7068). + Fix unlocking of accounts from ldap; (bso#7072). + Fix vfs_expand_msdfs; (bso#7081). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Fix reading of large browselist; (bso#7122). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix listing of printjobs in Windows 7; (bso#7130). + Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136). + Make idmap cache persistent for "ldapsam:trusted". + Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not only the persistent idmap cache. + Shortcut uid_to_sid when "ldapsam:trusted = yes". + Make pdb_copy_sam_account also copy the group sid. + Shortcut gid_to_sid when "ldapsam:trusted = yes". + Speed up pdb_get_group_sid(). + Try to build the full unix_pw structure with ldapsam:trusted support. + Optimize ldapsam_alias_memberships() and cache ldap searches.- Update to 3.5.0rc3. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix vfs_full_audit; (bso#6557). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Fix duplicate initializer in the rmdir module; (bso#6876). + Fix printing with 64 bit clients; (bso#6888). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix core dump on Ubuntu 8.04 64 bit; (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio); (bso#7067). + Fix 'smbget' error status; (bso#7069). + Fix build of 'smbfilter'; (bso#7071). + Fix unlocking of accounts from ldap; (bso#7072). + Cliconnect gets realm wrong with trusted domains; (bso#7079). + Fix vfs_expand_msdfs; (bso#7081). + Fix storing of create time on directories in an EA in new create time code; (bso#7084). + Fix an early release of the global lock that can cause data corruption in libtdb; (bso#7085). + Fix string buffer overflow causing heap corruption in smbd; (bso#7096). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Add pdb_ldap performance fixes; (bso#7116). + Change ldap filter to what really was intended; (bso#7116). + Add new "nmbd bind explicit broadcast" parameter; (bso#7118). + Fix nmbd problems with socket address; (bso#7118). + Support large browselist; (bso#7119). + Fix reading of large browselist; (bso#7122). + Fix listing of printjobs in Windows 7; (bso#7130). + Owner of file not available with Kerberos; (bso#7139). + Fix IPv4/IPv6 problems; (bso#7140). + Fix get_acl_blob in the acl_tdb VFS module; (bso#7148). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix some wrong newlines in de translation strings.- Take extra care that a mount point of mount.cifs isn't changed during mount and don't allow it to be run as setuid root program; CVE-2010-0787; (bso#6853); (bnc#550002).- Check in mount.cifs for invalid characters in device name and mountpoint; CVE-2010-0547; (brc#562156); (bnc#577925).- Don't invalidate cache for uninitialized domains; (bnc#538923).- Signals are processed twice in child; (bnc#538923).- Allow forced pw change even with min pw age; (bnc#561894).- Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868).- Fix enumerate domain local groups for primary domain; (bnc#573813).- Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106).- Normalize "Changing password for" msg IDs and STRs; (bnc#499233).- Build libtevent and libldb and put them into separate subpackages.- Update to 3.5.0rc2. + The Using Samba HTML book has been removed. + 'net', 'smbclient' and libsmbclient can use logon credentials cached by Winbind; (bso#7062). + New vfs_scannedonly module has been added; (bso#7028). + Check password history before increasing "badPasswordCount"; (bso#4347). + Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202). + Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap; (bso#6157). + Fix deletion of an object whose parent folder does not have delete rights fails even if the delete right is set on the object in vfs_acl_xattr and vfs_acl_tdb; (bso#6876). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027). + Disable sanity check in NetShareEnum for better compatibility with Windows; (bso#7029). + Fix SMBrmdir error message when deleting a directory fails; (bso#7033). + Fix segfault in vfs_cap; (bso#7034). + Fix 'net rpc getsid' in hardened Windows environments; (bso#7036). + Fix a Winbind segfault in "trusted_domains"; (bso#7037). + Complete and improve some German translation of 'net'; (bso#7039). + Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039). + Fix crash bug in libsmbclient; (bso#7043). + Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045). + Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046). + Lock down some srvsvc calls according to what w2k3 seems to do.- Update to 3.4.5. + Fix memory leak in smbd (bug #7020). + Fix changing of ACLs on writable files with "dos filemode=yes" (bug #5202). + BUG 6642: Fix opening the quota magic file. + BUG 6919: Fix remote quota management. + BUG 7034: Fix internal error caused by vfs_cap. + BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. + BUG 7043: Fix crash bug in "SMBC_parse_path". + BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. + BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS server.- Free unused memory after a packet got processed; (bso#7020).- Add timeout to rpc call to prevent infinite loop when network is down; (bnc#538923).- Update to 3.5.0rc1. + BUG 6837: Fix "Too many open files" when trying to access large number of files with Windows 7; (bnc#619787). + BUG 6939: Fix long filenames when "mangling method" is set to "hash". + BUG 6991: Create symbol links to shared libraries. + BUG 6992: make test for getgrouplist cacheable. + BUG 7014: Fix Winbind crash when retrieving empty group members. + BUG 7020: Fix smbd using 2G memory. + Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. + Vector correctly through reply_openerror() (which uses the same logic). + Fix bugs with the full Windows ACL support. + Add a few missing gettext calls to the 'net' command. + Fix up a share type translation and translate some more strings in 'net'. + Allow to call "pdbedit -N description -u user" without specifiyng "-r". + Add spoolss_DriverInfo7. + Fix rpcclient after setprinter IDL fixes. + Use generated krb5.conf in 'net ads testjoin'. + Add some German translations for the 'net' command. + Update mount.cifs man page with nounix option. + Fix _samr_GetAliasMembership for results with 0 rids. + Fix an error case in cli_negprot. + Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. + Restore correct timeouts for SMB requests. + Fix a 64-bit error in libsmb. + Replace IS_DOMAIN_OFFLINE by a function in Winbind. + Simplify/cleanup Winbind code. + Fix write behind memory block in libtalloc. + Fix result check for getaddrinfo(). + Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. + Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. + Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. + Fix standalone 'make installdocs'. + Output %p as unsigned in snprintf replacement. + New attempt at TDB transaction nesting allow/disallow. + Remove swig stuff from libtdb. + Reset tdb->fd to -1 in tdb_close() in libtdb. + Change the way mksysms work in libtalloc. + Also build and install tdb manpages from standalone tdb. + Fix infinite loop in NCACN_IP_TCP as there is no timeout. + Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. + List trusted domains from wcache when domain is offline.- Update to 3.4.4. + Fix interdomain trust relationships with Win2008R2 (bug #6697). + Fix Winbind crashes when queried from nss (bug #6889). + Fix Winbind crash when retrieving empty group members (bug #7014). + Fix "UID range full" error in Winbind (bug #6901). + Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910). + BUG 4832: Fix iconv checks. + BUG 6338: Do not always display "none" in 'net rpc trustdom list'. + BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time. + BUG 6828: Fix infinite timeout when byte lock held outside of samba. + BUG 6837: Fix "Too many open files" message when trying to access a large number of files with Windows 7; (bnc#619787). + BUG 6841: Fix "map acl inherit = yes". + BUG 6850: Fix shadow copy display on Windows 7. + BUG 6867: Fix listing of directories with a lot of files. + BUG 6868: Support building with Heimdal we well as with MIT. + BUG 6875: Fix DOS attributes on OS/2 clients. + BUG 6880: Fix listing of workgroup servers in libsmbclient. + BUG 6898: Samba duplicates file content on appending. + BUG 6918: Fix krb5 build problem on Ubuntu karmic. + BUG 6929: Fix build with recent heimdal. + BUG 6939: Fix long filenames with "mangling method = hash". + BUG 6967: Fix 'net ads join' with OU. + BUG 6981: Fix paged search with DirX LDAP server. + BUG 6982: Remove erroneous out of memory error path in lookup_sid. + BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids. + BUG 7005: Fix "mangle method = hash" truncates files with dot "." character. + Fix the build of the winbind krb5 locator plugin. + Fix enumprinter key client and server.- Readjust the _libdir/cups/backend/smb sym link only on uninstall of the samba-krb-printing package; (bnc#568603).- Add BuildRequires to fam-devel; (bnc#564260).- Prevent winbind crash; (bso#7014); (bnc#566119).- Fix processing of open modes in POSIX open; (bnc#530683).- Add baselibs.conf as a source.- Update to 3.5.0pre2. + BUG 2350: Add LDAP Alias Dereferencing support. + BUG 6288: SWAT adds a second share when changing parameters of an existing share. + BUG 6435: Fix minor memory corruption. + BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. + BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. + BUG 6837: "Too many open files" when trying to access large number of files from Windows 7; (bnc#619787). + BUG 6860: Fix shared library build on QNX. + BUG 6879: Fix crash in Winbind. + BUG 6929: Fix build with recent heimdal. + BUG 6938 : No hook exists to check creation rights when using acl_xattr module. + BUG 6967: Prevent glibc error on 'net ads join'. + Fix vfs_acl_xattr which was failing to call the NEXT connect function. + Restructure the ACL code. + Refactor reply_rmdir to use handle based code. + Fix the build when no external talloc and tdb are installed. + Fix detection of CTDB headers on systems without system-libtalloc. + Fix several printing issues. + Fix the build on Mac OS X 10.6.2. + Fix net and rpcclient after setprinterdataex changes. + Add full support for level 8 printer drivers. + Add more spoolss architectures to IDL. + Fix enumprinter key client and server. + Fix crash in EnumPrinterDataEx. + Prefer posix_fallocate for doing "strict allocate". + Restore "fake directory create times" as a share parameter. + Fix explicit stat64 support. + Add support for NetWkstaGetInfo 101 and 102. + Add rpcclient wkssvc_enumerateusers. + De-deprecate "write cache size" to prevent its removal without a proper alternative. + Allow more than 1000 users in BUILTIN\Users. + Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. + Fix the build of the example VFS modules. + Fix crash in free_file_list(). + Give the user a chance to change password when password will expire soon.- Store the smbfs service state if enabled and restore it for cifs while upgrade on post-11.2 systems.- Prevent cifstab from being overwritten while upgrade on post-11.2 systems.- Give the user a chance to change password when password will expire soon; (FATE#302414).- Rename smbfs init script to cifs for post-11.2 systems.- Allow Windows 7 to connection to samba domain controllers and member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680).- Error on joining windows domain (invalid pointer); (bso#6967); (bnc#553622).- Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165). - Simplify the winbind package %pre script and suppress stdout only.- Update to 3.5.0pre1 + Add support for full Windows timestamp resolution. + Experimental implementation of SMB2. + Add encryption support for connections to a CUPS server. + Major windbind asynchronous refactoring. - Remove using_samba from the doc package. - Increase major version of libtalloc to 2.- Fix kerberos refresh chain; (bnc#546162); (bso#6872).- Hardlink duplicate files on post-11.1 systems.- Add BuildArch noarch to samba-doc on post-11.1 systems.- Use full 16byte session key in make_user_info_netlogon_interactive(); (bnc#551811).- Update to 3.4.3. + Fix trust relationships to windows 2008 (2008 r2) (bug #6711). + Fix file corruption using smbclient with NT4 server (bug #6606). + Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). + BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a symbolic link. + BUG 6529: Offline files conflict with Vista and Office 2003. + BUG 6532: Fix domain enumeration if master browser has space in name. + BUG 6606: Fix file corruption using smbclient with NT4 server. + BUG 6690: Fix wrong error check in profile. + BUG 6703: Allow smbstatus as non-root. + BUG 6704: Fix syntax error in avahi configure test. + BUG 6707: Fix an occasional segfault in config file parsing. + BUG 6710: Adjust regex to match variable names including underscores. + BUG 6711: Fix trust relationships to windows 2008 (2008 r2). + BUG 6726: SIVAL should have been an SVAL. + BUG 6728: BSD needs sys/sysctl.h included to build properly. + BUG 6731: Fix reading beyond the end of a named stream in xattr_streams. + BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password. + BUG 6764: Fix timeval calculation. + BUG 6765: Add a "hidden" parameter "share:fake_fscaps". + BUG 6769: Fix symlink unlink. + BUG 6772: Allow outstanding_aio_calls to be decremented. + BUG 6774: smbd crashes if "aio write behind" is set. + BUG 6776: Fix core dump caused by running overlapping Byte Lock test. + BUG 6781: Fix renaming subfolders in Explorer view. + BUG 6791: Fix linking order in cifs.upcall. + BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6". + BUG 6793: Fix segfault in winbindd_pam_auth. + BUG 6796: Deleting an event context on shutdown can cause smbd to crash. + BUG 6797: Fix a memleak in libwbclient. + BUG 6804: Fix hpux compiler issue. + BUG 6805: Correctly handle aio_error() and errno. + BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names. + BUG 6810: Add support for finding alternate credcaches to cifs.upcall. + BUG 6811: Fix reference to freed memory in pam_winbind. + BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure. + BUG 6824: Fix avahi activation. + BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. + BUG 6828: Fix infinite timeout when byte lock held outside of Samba. + BUG 6829: Fix displaying of multibyte characters in smbclient. + BUG 6840: Fix crash in pam_winbind. + Fix an uninitialized variable. + Only ever handle one event after a select call. + Conditional install of the cifs.upcall man page. + Fix warning occuring when building the manpages.- Let smbclient show special characters properly; (bso#6829); (bnc#544204).- Don't fail authentication when one or some group of require-membership-of is invalid; (bnc#525123); (bso#6826).- Allow winbind to ignore certain domains; (bnc#539506).- Update to 3.4.2. + Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517). + Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115). + Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).- Fix potential denial of service; CVE-2009-2906; (bnc#543115).- Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).- Fix unresolved home path; CVE-2009-2813; (bnc#539517).- Don't overwrite password in pam_winbind; (bnc#515444).- mods for winbind (when used with squid - ntlm_auth) o winbind adds group 'winbind' o permission 0750,root,winbind LOCKDIR/winbindd_privileged- Merge two fixes from 3.2.8 and 3.3.1. + Adjust regex to match variable names including underscores. + Conditional install of the cifs.upcall man page.- Remove supplements from baselibs.conf while %clean for pre-11.1 systems; (bnc#520579).- Update to 3.4.1. + Fix authentication on member servers without Winbind (bug #6650). + Nautilus fails to copy files from an SMB share (bug #6649). + Fix connections of Win98 clients (bug #6551). + Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). + Fix Winbind authentication issue (bug #6646). + BUG 5879: Update LDAP schema for Netscape DS 5. + BUG 5886: Fix password change propagation with ldapsam. + BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe. + BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab. + BUG 6437: Make open_udp_socket() IPv6 clean. + BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient. + BUG 6506: Smbd server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE. + BUG 6532: Fix the build with external talloc. + BUG 6538: Cancel all locks that are made before the first failure. + BUG 6560: Fix lookupname. + BUG 6564: SetPrinter fails (panics) as non root. + BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation. + BUG 6585: Fix unqualified "net join". + BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. + BUG 6601: Avoid global fd limits. + BUG 6607: Fix crash bug in spoolss_addprinterex_level_2. + BUG 6611: Fix a valgrind error in chain_reply. + BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 6650: Fix authentication on member servers without Winbind. + BUG 6651: Fix smbd SIGSEGV when breaking oplocks. + BUG 6655: Fix 'smbcontrol smbd ping'. + BUG 6620: Fix a bug in renames of directories. + BUG 6664: Fix truncation of the session key. + BUG 6673: Fix 'smbpasswd' with "unix password sync = yes". + BUG 6680: Fix authentication failure from Windows 7 when domain joined. + BUG 6688: Fix crash in 'net usershare list'. + BUG 6693: Check we read off the complete event from inotify. + BUG 6700: Use dns domain name when needing to guess server principal.- Update to 3.2.14. + Fix SAMR access checks (e.g. bugs #6089 and #6112). + Fix 'force user' (bug #6291). + Improve Win7 support (bug #6099). + Fix posix ACLs when setting an ACL without explicit ACE for the owner (bug #2346). + BUG 6387: Fix Winbind crash when multiple IDmappings exist in the LDAP directory. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6089: Fix SAMR access checks. + BUG 6112: Fix SAMR access checks. + BUG 6279: Fix Winbind crash. + BUG 6291: Fix 'force user'. + BUG 6099: Try to fix domain join of Win7 Beta. + BUG 6386: Groupdb mapping fix. + BUG 6421: Fix POSIX read-only open on read-only shares. + BUG 6476: Fix more smbd-zombies in memory. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + BUG 6504: Fix SAMR server for Winbind access. + BUG 6520: Fix time stamps. + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6465: Fix enum_aliasmem in ldb branch. + BUG 6484: Fix searching for users while adding them to groups via Windows usermanager. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 6526: Let parent_dirname() correctly return toplevel filenames. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 5798: Preserve CFLAGS info in configure. + BUG 6382: Case insensitive access to DFS links broken. + BUG 6481: Don't require "Modify property" perms to unjoin. + BUG 6628: 'smbpasswd -a' uses algorithmic rid base with 'passdb backend = tdbsam'. + BUG 6560: Lookupname failed, cannot find domain when attempt to change password. + Prevent creation of keys containing the '/' character. + Fix join of Windows 7 RC to a Samba3 DC. + Fix bug in processing of open modes in POSIX open. + Fix the negotiate flags. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to 'net'. + Fix a race condition in Winbind leading to a panic. + Add workaround for MS KB932762. + 5945: Fix out of memory error with Winbind idmap. + Avoid duplicate ACEs. + Fix profile ACLs in some corner cases. + Zero an uninitialized array.- Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271); (bso#6615).- check in .po files for pam_winbind; (bnc#499233); (bso#6602).- Add ntp and network-remotefs as Should-Start dependency to the winbind init script; (bnc#515629).- Update to 3.0.36. + Fix Winbind crash on 'getent group' (bug #5906). + Excel save operation corrupts file ACLs (bug #4308). + Prevent segmentation fault on joining a very long domain name. + BUG 4308: Excel save operation corrupts file ACLs. + BUG 4370: Clean-up entries in /etc/mtab after unmount. + BUG 4640: Fix guest mounts in mount-cifs. + BUG 5906: Fix Winbind crash on 'getent group'. + BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. + BUG 6099: In order to allow Win7 to connect to a Samba NT style. + BUG 6279: Fix Winbind crash. PDC we set the flags before we know if it's an error or not. + BUG 6085: Fix build of vfs_default. + BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work correctly. + Fix logic error in try_chown. + Correctly use chroot(). + Fix bug in processing of open modes in POSIX open. + Don't install the cifs.upcall binary twice. + Fix mount.cifs handling of -V option. + Prevent segmentation fault on joining a very long domain name. + Don't try and delete a default ACL from a file. + Add workaround for MS KB932762. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Fix a crash during name resolution when log level >= 10 and libc segfaults if printf is passed NULL for a "%s" arg.- Use a conditional suse_version macro in front of the SUSE_ASNEEDED export.- lookupname failed, cannot find domain when attempt to change password; (bnc#520645); (bso#6560).- Don't link with --as-needed flag on post-11.1 systems.- Stop the smbfs service if an interface goes down; (bnc#517768).- Disable build of static libraries on post-11.1 systems; (bnc#509945).- Fix missing zlibs for cifs.upcall and test_shlibs.- Update to 3.4.0. + BUG 6431: Local groups from 3.0 setups no longer found. + BUG 6459: Fix build of pam_smbpass on some distributions. + BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain not. + BUG 6497: Fix calling of 'test' in configure. + BUG 6498: Add workaround for MS KB932762. + BUG 6499: Fix building of pam_smbpass. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6512: Fix support for enumerating user forms. + BUG 6514: Improve error message in 'net' when smb.conf is not available. + BUG 6520: Fix time stamps when "unix extensions = yes". + BUG 6521: Fix building tevent_ntstatus without config.h. + BUG 6526: Fix notifies in the share root directory. + BUG 6531: Fix pid file name.- Package /etc/samba/smbpasswd as %ghost on post-11.1 systems.- Fix net ads leave; (bnc#511695).- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164). - Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164).- Update to 3.2.13, 3.3.6. + In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478).- Update to 3.0.35. + In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes"; CVE-2009-1888; (bnc#515479).- Uninitialized read of a data value; CVE-2009-1888 (bnc#515479).- Update to 3.4.0rc1. + BUG 4699: Remove pidfile on clean shutdown. + BUG 5456: Fix "net ads testjoin". + BUG 6081: Make it possible to change machine account sids. + BUG 6253: Use correct value for password expiry calculation in pam_winbind. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6305: Correctly prompt for a password when a username was given. + BUG 6328: Add support for multiple rights to "net sam rights grant/revoke". + BUG 6333: Consolidate create/delete account paths in pdbedit. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6451: net/libnetapi user rename using wrong access bits. + BUG 6458: Fix uninitialized variable in local_password_change(). + BUG 6465: Fix enumeration of empty aliases. + BUG 6476: Fix smbd-zombies in memory when using [x]inetd. + BUG 6487: Add missing DFS call in trans2 mkdir call. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + Improve pam_winbind documentation. - Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions.- Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user input as a format string to asprintf; CVE-2009-1886; (bnc#513360).- Fix a bad memleak in vfs_full_audit; (bnc#510035).- Update to 3.3.5. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix joining of Win7 into Samba domain (bug #6099). + Fix joining of Win2000 SP4 clients (bug #6301). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5853: Add keyutils-devel to build requires to fix build on RHEL. + BUG 5897: Fix shutdown script example in the smb.conf manpage. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6301: Fix joining of Win2000 SP4 clients. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix 'net groupmap set' segfault. + BUG 6361: Make --rcfile work in smbget. + BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a directory. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6415: Filter out of range mappings in default idmap config in idmap_tdb. + BUG 6416: Filter out of range mappings in default idmap config in idmap_tdb2. + BUG 6417: Filter out of range mappings in default idmap config in idmap_ldap. + BUG 6441: Fix the compile with --enable-dnssd. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent infinite include nesting. + Mark registry shares without path unavailable. + Also handle DirX return codes. + Fix Coverity ID 897. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix a race condition in winbind leading to a panic. + Some man pam_winbind improvements. + Zero an uninitialized array.- Update to 3.2.12. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix "force user" (bug #6291). + Fix Winbind crash (bug #6279). + Fix joining of Win7 into Samba domain (bug #6099). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5798: CFLAGS info lost in configure. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5835: Add keyutils-devel to build requires. + BUG 5945: Fix out of memory error with Winbind idmap. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6279: Fix Winbind crash. + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6291: Fix "force user". + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6386: Groupdb mapping fix. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent creation of keys containing the '/' character. + Fix bug in processing of open modes in POSIX open. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a race condition in winbind leading to a panic. + Fix a crash bug if we timeout in net rpc trustdom list. + Fix profile acls in some corner cases.- Default with passdb backend to smbpasswd for SUSE products older than 11.2.- Explicitly use 'tdbsam' as passdb backend in the default smb.conf file.- Update to 3.4.0pre2. + The default passdb backend has been changed to 'tdbsam'! + Samba4 and Samba3 sources are included in the tarball. + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Made parameter syntax of the net command more consistent. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 4271: testparm should not print includes. + BUG 4831: Don't call openlog() or closelog() from pam_smbpass. + BUG 5681: Do not limit the number of network interfaces. + BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo access checks. + BUG 6099: Fix NETLOGON credential chain. + BUG 6136: New AFS syscall conventions. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6253: Use correct value for password expiry calculation. + BUG 6291: Fix 'force user'. + BUG 6292: Update config.guess from gnu.org. + BUG 6302: Give the VFS a chance to read from 0-byte files. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on malloced memory. + BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix segfault in 'net groupmap set'. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6357: Use Samba default command line arguments in 'net'. + BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4 and IPv6 addresses + BUG 6361: Make --rcfile work in smbget. + BUG 6371: Unsuccessful 'net conf setparm' leaves empty share. + BUG 6372: usermanager only displaying 1024 groups and aliases. + BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids. + BUG 6415: Filter out of range mappings in default idmap config (idmap_tdb). + BUG 6416: Filter out of range mappings in default idmap config (idmap_tdb2). + BUG 6417: Filter out of range mappings in default idmap config (idmap_ldap). + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Fix the core of the SAMR access functions. + Fix SAMR server for winbindd access. + Add dbwrap_tool - a tdb tool that is CTDB-aware. + Hide "config backend" from swat. + Fix linking with --disable-shared-libs. + Fix issue with missing entries when enumerating directories. + Map NULL domains to our global sam name. + Fix driver upload for Xerox 4110 PS printer driver. + Add "net dom renamecomputer" to rename machines in a domain. + Inspect the correct computername string before enabling/disabling the change button in netdomjoin-gui. + Fix join prompt dialog test in netdomjoin-gui. + Only gray out labels when not root and not connecting to remote machines (netdomjoin-gui). + Allow to switch between workgroups/domains with the same name (netdomjoin-gui). + Add NetShutdownInit and NetShutdownAbort. + Fix samr access checks. + Add a security model to LSA. + Also handle DirX return codes. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix Coverity ID 897. + Fix a race condition in vfs_aio_fork with gpfs share modes. + Fix bug disclosed by lock8 torture test. + Fix a race condition in winbind leading to a panic. + Detect tight loop in tdb_find(). + Fix chained sesssetupAndX/tconn messages. + Fix strict locking with chained reads. + Fix two bugs in sendfile. + Fix memory leak. + Fix file descriptor leak. + Fallback to the legacy sid_to_(uid|gid) instead of returning NULL. + Always allocate memory in dptr_ReadDirName. + Fix 'net' crash during domain join. + Zero an uninitialized array. + Allow child processes to exit gracefully if we are out of fds.- Enable cifs.upcall on versions newer than SUSE 10.0.- Add BuildRequires to keyutils-devel.- Remove redundant Requires to keyutils-libs for cifs-mount.- Detect tight loop in tdb_find(); (bnc#450974).- Fix lp printing with kerberos; (bnc#476913).- Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all other build targets.- Update to 3.4.0pre1. + Samba4 and Samba3 sources are included in the tarball + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Make merged build possible. + Move common libraries to the shared lib/ directory.- Update to 3.3.4. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix usrmgr.exe creating a user (bug #6243). + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6279: Fix Winbind crash. + BUG 5329: Add "net rpc service delete/create". + BUG 6238: Make sure wbcLogoffUserParams are properly initialized before freed. + BUG 6263: Fix domain logins for WinXP clients pre SP3. + BUG 6286: Call init function for builtin idmap modules before probing for them as shared modules. + BUG 6243: Fix usrmgr.exe creating a user. + net conf: Save share name as given, not as lower case only. + Prevent creation of registry keys containing the '/' character. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Don't access a freed structure when logging off and re-using a vuid. + Try to to fix password_expired flag handling. + Make sure to grey out change fields in the netdomjoin-gui when not running as root. + Don't look up local user for remote changes, even when root. + Use procid_str in debug messages for better cluster-debuggability. + Use cluster-aware procid_is_me instead of comparing pids. + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Do not use the file system GET_REAL_FILENAME for mangled names. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to net. + In net_conf_import, start a transaction when importing a single share. + Fix writing of roaming profiles with "profile acls" set to "yes".- Update to 3.2.11. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix smbd crash for close_on_completion. + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6205: Correct sample smb.conf share configuration. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6263: Fix domain logins for WinXP clients pre SP3. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Fix resume command typo for "printing = vlp". + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Don't look up local user for remote changes, even when root.- Don't lookup local user for remote password changes; (bnc#493507).- Update to 3.3.3. + Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly (bug #6195). + Fix serving of files with colons to CIFS/VFS client (bug #6196). + Fix "map readonly" (bug #6186). + BUG 6195: Don't let smbd child processes panic. + Add backend_requires_messaging() method to libsmbconf. + Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf. + Fall back to file backend when no valid backend was found. + Fix a memleak in dbwrap_rbt. + Provide transaction_start|commit|cancel fns for the registry tdb. + Speed up "net conf drop". + Speed up "net conf import". + Add transactions to the libsmbconf API. + Reduce memory usage of "net conf import". + Registry cleanup. + Fix handling of SAMBA_VERSION_VENDOR_PATCH. + Fix build of pam_winbind.so with static linking. + Tidy up some convert_string_internal error cases. + BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to run elections. + Allow DFS client paths to work when POSIX pathnames have been selected. + Try and fix the build farm RAW-STREAMS errors. + Ensure files starting with multiple dots are hidden. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6193: Avoid messing with sync_context in libnet_samsync_delta(). + Fix notify_printer_status_byname. + Fix Coverity IDs 722, 762, 774, 775, 776. + Fix build on old Heimdal based systems. + Fix compile warning. + Use parentheses in if condition to make negation clear. + Add dirsort module. + BUG 6147: Fix detection of the GNU ld version. + BUG 6097: Fix smbd segfault. + BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6139: Add missing whitespace in mount.cifs error message. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix a valgrind error. + Speed up "net conf list". + Add sorted subkey cache. + Use StrCaseCmp in the dirsort module. + Document the dirsort module. + Disable dns_sd by default. + Add avahi detection to configure. + Add event avahi binding. + Use avahi to register _smb._tcp in smbd. + Fix two memleaks in the encryption code. + Fix a scary "fill_share_mode_lock failed" message. + BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set errno. + Don't use reserved words in smbconftort. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Parse_packet can return NULL which is then dereferenced in match_mailslot_name. + Format the header check for netinet/ip.h more nicely. + Missing break in conversion function prevents tdb password database update.- Update to 3.2.10. + BUG #6195: Don't let smbd child processes panic.- BUG 6195: Fix crash on passdb conversion.- Update to 3.2.9. + BUG 5920: The length of the memcpy was calculated wrong. + BUG 6097: Fix smbd segfault. + BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS server is invalid. + BUG 6099: Samba returns incurrate capabilities list. + BUG 6100: Implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem. + BUG 6161: smbclient corrupts source path in tar mode. + BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif(). + BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client. + BUG 6224: nmbd waits 5 minutes before checking to run elections. + BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno. + Numerous Coverity fixes + Fix double free caused by incorrect talloc_steal usage. + Backport delete semantics of alternate data streams on a file truncate. + Allow set attributes on a stream fnum to redirect to the base filename. + Fix use of streams modules with CIFSFS client. + Fix more POSIX path lstat calls. + Allow DFS client paths to work with POSIX pathnames. + Ensure files starting with multiple dots are hidden. + Fix guest auth when Winbind is running. + Fix memleak in get_remote_printer_publishing_data(). + cifs mount fix for handling -V parameter. + Fix guest mounts. + Clean-up entries in /etc/mtab after unmount. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Enable total anonymization in vfs_smb_traffic_analyzer. + Don't try and delete a default ACL from a file. + Fix remotely adding a share via MMC. + Fix resume handle for _samr_EnumDomainGroups. + Fix a buffer handling bug when adding lots of registry keys. + Fix a O(n^2) algorithm in regdb_fetch_keys(). + Fix a valgrind error / segfault in dns_register_smbd(). + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix two memleaks in the encryption code. + Fix "fill_share_mode_lock failed" message. + Add S-1-22-X-Y sids to the local token. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Don't miss an absolute pathname as a kerberos keytab path. + Have nmbd check all available interfaces for WINS before failing. + Initialize the id_map status in idmap_ldap to avoid surprise.- Obsolete change from 2008-03-05 by removing the needless examples cleanup.- Update to 3.3.2. + Fix "force group" (bug #6155). + Fix saving of files on Samba share using MS Office 2007 (bug #6160). + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + Fix corruptions of source path in tar mode of smbclient (bug #6161). + BUG 6082: Fix renaming and deleting of directories using Windows clients. + BUG 6154: Make ZFS honor admin users. + BUG 6155: Fix "force group". + BUG 6160: Fix saving of files on Samba share using MS Office 2007. + BUG 6161: Fix corruptions of source path in tar mode of smbclient. + Fix some NetBSD warnings. + Fix bug in processing of open modes in POSIX open. + Fix use of streams modules with CIFSFS client. + Ensure ACL modules work with POSIX paths. + Use fsp->posix_open in preference if we have it. + Fix more POSIX path lstat calls. + Fix a bug in message handling for the change notify code. + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + BUG 4640: Fix guest mounts in mount.cifs. + Fix displaying the version string properly when no other parameters passed in in mount.cifs. + Prefer gssapi header files from subdirectory. + BUG 6176: winbindd -n should disable the winbind idmap cache. + Add a vfs_preopen module to hide fs latencies. + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a valgrind error / segfault in dns_register_smbd(). + Fix build on SLES8. + Decremented by 1 for ntcancel requests. + Fix creation of core files. + Fix first mapping of uids/gids in Winbind. + Initialize the id_map status in idmap_ldap to avoid surprise. + Fix initialization of idmap status.- Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc.- Ignore return value from subshell to fix build./bin/sh4.6.16+git.154.2998451b912-27.14.6.16+git.154.2998451b912-27.1libsamba-errors.so.1/usr/lib/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.opensuse.org/openSUSE:Maintenance:10100/openSUSE_Leap_42.3_Update/f3ced68f8983c5971665f74225479598-samba.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=6fdce618523f3b85e3b30a5fcf4428869395abc8, strippedPPRRRRRR?`] crv9u*Tx!k!};@x[zll# J> oKhPϻWᯭJ,pńO # "Yr-4E\i bMKnUuє4Z]α J08V((euk9Is 0qSf܅IHbmث s8]wFHS%+1`׵hԎ^-auNմVrˉ)W &1sGa~ˋ,>=vyT,D ϻb.' ,Gea@8 g/,:IaS+|gq_ PP2mP1wHigh/!4GfrPÈ-a?(iga[`:Hgƶc l6Xmf1S̾Q>i++EivFm}Uo\sZn(V{%}l$"/8O$Gnt >S I,rѤ|dMyƝk\_V޸=ع#'8WP- 3fpL (5m).E'FFJ=YY`cZ !$kM ߕ< <7WcUSxȷ!Htn1mLb:\Oш!q2TPxMy凕rCc;)zj\dkYj%p۠Gս_s#Te[pxGޏWn8(d#"SgSf\W Mf!q X 8n:*E-m- jZғ'Xi?o+ t/FL"lsFbGk#ǻL/Z|&HΑxْ{όV1G}bM$  %8.Xx\TSqFXFU΍&4D@l"{Fay@ \Ur- ;`ڶGm##L)!*"~3 eXw~}ʒǒB\&YV/IBN}Bax2mVx]r[y9^n|n0/Ԟ`x/T`fC2j/7|}HDrc< `E03J(~B ( IˀUz(:#TX. 1CѸ9%kd&j4˼J\A۵wfz(;bAZ0zɜXE{MhT\{Ϛ ~sߵ8_FI2^Mzl.$MW;z*󎵿HHeJCJځIR*o8ue+ƀS.fr/bd*03"\2fe=ܲwP)!3Sj&b W{5u˨`M\T*/+2ߠHnc7 dFš0g#XExssq,Okw/0WIA{gAuyOlEac\׳ɰFRٳ*٥~GFm^Já3H*#tG>~;ϓ\#"#V8@>q,GjEf=n7tmh@A U"W&  i"Z ]c8'Ì}ҞxY|t{XAxO8)MWriX\bEԶȢA}AHK#ym5? Gihw{EW?<ژM`A!#nrqdQu6ҁ[-|W*w|Qf 9 wqUtFt\6)`_*Br)9l-ƀ:jA )\eӻ'Z*8!xl٩3I3h\oE샰1EIC'CT0V@s z]7nI@lZ(p$6-">+궫XA>'S; FFI$:>϶Vxل>Iq)nOPj O#/ -p m}3"xp˗R@N}c *oRH]#?ŷ1ÿל*CX('|Ǹx?)X` uN(DǾ]\zƉ܈Hq`#$7%u%~GZhz]N2Fp,R)GbrDמsh? {`C〘KMZd#K G*+YwtA-uG2]97cLNJ*񠧃'_ 2+q3%H g΅i1^B~2A:v%k^dPJSC_rZ۸/о9(Vghjx02mӕ*F ~އfGL~R4lve.U3dT>MӅ5wAheue 0t/ p?^d5[@*_֮YD<0'm_W1FN#rq 2W *iyl_\V-%"sĖ8pCX61ͱrk~ BJaʳk0L'^xӬ+q{$õh&r:ǏwJ[ )ߒ~\L.hsa'n ~w*u)Puep0'A)RfY 1R-4r \ߓPuEGu3(KcE6u) v3 }?0t(+ZSGg9P"C~ , OII2 `8dcN 1PYమxCƾM7*.WĎt;o}PWaV;JFL/CzD ,.R3v9Ry<*6qPԗPi*W¢[*rRPV0\1;%Y쑢E?a/Am DD.ec9OwAqe}HyoS'ɺ+=nZobW;T1ŝu.JOcsiKDKY/ `)a;mI4rC&Q]@4ֽܶaU6)Xq s`Iݴk^z҉0~uCNTol-,v$vU@C^2hufCZȍYDzf,]x>c]mċ'}Ji4E{b6+2UGnlȼ=8,?\n"ל)i7b HHYh; DYǙSvTcni"~gm$A] [FtM >mb/9$TX\wt$"tE~Svm"dž?i-$\:w_J]=7t& EKOvߵ^=y͔EɧesUNut9 C_ڀf "MK[GD^l29k "6i Y4 kyZ52Uxo~jWoƘS`yG9UTDqF#ҘYt?_wϩ] a媞+PSS1T㭍aUkyG9 %zēauٙ, ݞ;-:!\ƏX0g-gOiI5VXPjd*;3*4((fls{Q/^![ >QrH߶=w>rIf:N܃t^GhmuV[#pL$=Ez n~n~b:P@*!uW0u#i95A?³?=u9濟֢܉4/R[3zP;eȎnSADGĤrH4lT ̆WP_f.0AKUqy< n&~yrHenkz2 0 !#x~2$Ժe1PL`raZWXG6`s3\|./RSW,nC&XOS%"'Pjzf a>ԕ"W6{Q y͓feHrXS5vN$ɘ:%NըJyqDиuG3M;¸gI!ü$*jp/йz='Zv .%upKGEE`~F ly%n?l#kfl C}(2q'=@I# ҟ+"?Tk>?sSWU~~x oE a5fMar\@GjK WEy}]7^L#0_X#!SkDPӪAWds>7ꌵqg"M;wh&_RYґqNَfp[d73].vsdĵoR|Q~ңc u:9VrOkkbM,"RZ&Н(V E4Ro c#^˂NRۼ,C/o)+P.(f#NY+?`Sۡe45wlpD#/0LkJ &p ]6}Ldo&hg @X^vc7i]pj;ESnakdr%5حJ=N^"x/VsXU+.?bJzB= һϜB;?jL}"Z~ -4`'xsTA.ڃKOjncX<pŀ"@ )aQwY^KN k@{Ѳ[u/!gYZ/>:(9+ 9a f 1C}qQ9$vO-T^}ήv=L]]PvUHjp{GS <,:X^ yrwFUWz ifVi=! #wqe*2`3+e;FkߠA6'y| YbM}"xgT`9{'k>Hr\bCFL5۾<[ժ4մq~;'>?dO!A;Q,"MogS4ꜛjVD(<{AB뀠޵d+bJG_`ë1* npqF0W@~;H ;)gnv' }%B 3Rkuc-1+r۰4ۀAv:F^ܱC򀥍2ύ6oHUp۷]޲PlPuCtH9h=Hq{JޏvTț$٫'JPX"^֊ 70t;R*u̽|-'+WEe&3Ѿ@*cZbIaDk@qۦ~7!=%ֻ+e-hBC,f1t"a9xٲP'+|'=n[u;x nw20 Kt19+5G:;DoBejkj;?NW2 6j8Ì(l[~%NH-Fc%Z }V dsH8$k1 \}Vk4~4#<،r-%Lnsb8~$.,4Z5'{L\`,A|lĚ%a\BVG#MW _(j-:VtO j;J;y)|l{:zzhd 2&+s}L7`ѺM/v0`uo %ÚK(;bXxt2@!J*})yyQ%8"lUT[,IMmB-yi9ELWfYh#'9:[T4,4`$FG-Lx :O3"\&';>%lPJ36o3A8BUM77_u@_B+ EX;L YknG.JU8&pֳmwcop bTvHgXP~%1S@ B8oϸd[3x%@ aΙH(/5L~ܴkˀGReO1W4wi,p^FV |#˜Ϗksj1FGHϷp'څgr r 4ǵv1lԾR>8NrC @!_}-Z: 5f%p"d㓁fr4I?tE~fJ*1BHTSM{TQqt"y{["*ћ8dH]h\7d\iY\/'GװTJeIxCw2ҡ3\Ũ(#}u86JkEyƃzE M?A] !% bop}Դ4.ުTH8cC#j2,4o^jpGnu~^l@EyO~z03Ie@h*c/-uK wW۟xhuy& FE!/KȾ Ě<0И61V10tB'F(`TR7SLU1w5̏boJIT)C#ax%Ek[N' 2? 2)LWY+[gsOono:>SeO$Cb o6@)aEŠzGd /KL4R6-%o0s&N%eI-2uoǫd s%$FtJ^([Hᅣs h\-=l1_aWTmT)Ao=ftA ej'6< ylɻ y(jz9&9O&V Q0PRq(~L) Cd>w׸jb4k%To6Ygm:k3m|hnr(:͝|5)2t*8Z{oXQ^#*`2a.ľHmcri~)+U@,ےLȥ* }}$ 9g֗%٘V1? IZ[-۹z*ZMĆ-^ɵVB nׅrw`gv4y xm+QDm )]mfbcg=~ O'Kԁ; ps'%yރ9jfla SLym9b M,!m0_b<ڡ(C[/p>od/ErКͫ{0Ԑ=@ǶVm.bbIg7CU]+ cs]k̾Nœ] c  v^$\FFt}4dS{iQLn( K?Qj}9e-P3٥5*I[,Ѵ&VZP~TD5^4"W>;^03 Hʋ1Aƥ5QTpc)Kg')gffvEy4E~~5ssI(ݻR x+UUNY@S-یvoYqٱaWAꯎwuedNpD';EG=A.iG@"GMtro}}YX|qnEyr2(9/lNnzZuXϓhu9}g<ҷ\tuέ.y$`yQ;: ;ao ; :p4(z{>ʻƹT6GZ\Vd2.\(}~.PZx=].!%aE"-ξ3>pQʩY)cϙ?zv7RP+|-:uFo˾UQb rjvOyՍ䋨՟<2hMbb$tǨ  jP71aH)5t&(,u1m8L.Bl6OO?@P UЀTw[M$!&_JQ]P1s,!f$bZ_G0ܜ9( ·k1:",RFT@Z7 m{"a11 ٟ:"6'S'ɍ4:>i_kPLf6[{.mzՉDU8xHK7yKoW'M{s불nH17>r_O LԸ:,`csEQ%9' \sVk\qq12uӊsk2ui VB)">f(9 e2fDž.vیPeh8p_&;M#5p"ȾaQ i\H*i𒋨 zl9atvncZrsƕI=~=*U/q Dkק̏ wN(ELB?N?c8rGuR 'SA5Z=ї e7KL PSMH, VL֛f)>oЉha]f-O#G{h@U52jsI9')h24X٨ zwVow0%A! ꈮ@CsrgzKbgAp2^ '=afÕlHMШJ[ :xKAQ¤GfqPJZM|JCfs!< _F!C'^o ߦ%tv2)SPn|*D2ڿG ?r40Dї( @,lM[:r[ k}&[FB0+l-<)p ]]wĖTnݦJbNrTz$FC0(Y! Vo,LȌC=߂o#д{G>JK<oӄy&-qI R6|j\$7[54;KUzf!xV~w; ϊOwC~JT* gSn`a~Cv c +kWd Vf _>G:".k /eZǮ[m kU>hRʩ)xB֊DzkbU0J*#=9K0H MqZbLt a2_2ڀ0us+:j9g#!&p S<=3T7۲*WpM -Mx%ޗk*m'?e AIJĊxDM0G$g @Al8^#鞚T#6T(>p Mȑ]5n5\͜< y5BH-Zy|?ʡYp._Wh@hm? 1040VэY DAM|S/+V ڶsbaЯ [ٿјUozi}(}_'D>לy3Ab.̌*GXօk#E!"y31c;[|Tfjd50TOZZ* K~_ZOb`Q{Z0g\o[Aw{xS|Z}tO!>q#t^:"<2Qh*\% jY&Ͳv[\@zİmgm m(C䀃5}!0_O|jS[Oø,0rdajr`HhyHim7aN]W΅uR!ɻCH/03>CZESΩLF _Ub7WUnL^y|s 5>ϧ:œd ZvAcnJHđD_YP`Pe/ PٻSܒ!mZhI!QtSMŧ`KbyO,mkKЮf0J’63%<0$\(أw:%_?ˡaq%Feⷓy<&Y~ &6vr!*T7s HftR^Zը/9s=#:[ȻH)vl|ڱv^/3:zV*䉜 3^2_QMJڱZ.Tmi9yl%P%7Nx #F 4C}d蝅k79m[@u|%CvR,/jM87X `00D}b! EںC 4EG?9oܝ$sx]{^)Y}cFk4͈P?ԋ\e4EL.ig{RuZQX5C'c(,L:V3+\؀HUrYR$'ib'-Lmr7vzϟi_hln&Xv>jqxC8XpX2ھqYOځ]pk} CUoS]|~Zz/ƙSv"A*od(ssJ٦+Z.z^sU Q!^Ebrz/[A8-io}&s<9ZaBdzԙ1AIUL~j>ߗFb$񚡳âKNs9H}@ jΖ"ӷzK5y\H7m(G3m#ElS7wyWS=!6@rԻ0FD3!V3@C8QZڢ>V(=Cꜯ ],P1-i",a4WmKSqvԎ~iN*&"ߛ^22Qn8 'U2:j7'֨%P^)çt1XVL6:#\=ϛ]Nj- C>*. tN[02я]S쌪JCe€6U .6=4:w0$ypܶ[No9U %ʚl lt&O$o'^ΐ295~=תfRN~$ 'ē"b8n*#M_|K4&Pu4ѱUAjB~R2JeWàb`߹OIEi N6iؿX껒ْ)|yy(Eώdf11Gsr/D5(зteP6fUy8%*I'[@h !ֳe`K%t:2X f/1ًkuZ&_n%+- H xp=W#Th`աT%RI7tGy; .Y.TNf`V.ODk\yDWGXK;f@ɣ- m˜ cbM[)/yv%;Fs"LD*租)4JM ډʧUx@%3Lu,ɚpx]:b{^B$>XQQeh!n+[:Ib ѡ&. Kݥ,d< _TBqi65eEX#K ԜGz["!}~4 ꑅgr̵ֳWR0BwGpNtD9ff f%;w~řk'7p""f;D_GK"׏}(G:X#ҦkՖ``w2K{$N2 ҙܣ;:N.a23=R(5OuM0ƙ.lb{*<6}JlYvRgj(O*,E.?g}࣯5L ~"pb` & 5_S$s+!6|`PȨ]dLG&ϒCn,q ěB.0`Q9+o3DpnL9Җ[; /~%6vBз)FAy#l_WcsnK4LXlZOElcR7I`RE x}/+'.R"r3k&<H-CDW235B|bӁe+bK{ ZAܬn6bz޸~&ګ._hV q>|.,{0$|J̃?zwnQ?UyfF٘#Q ڸlLKN`H0|üpc^T?(%AoY3޸ʁfe/Y{i٠5453)cY Ϋ(W$Y1$G#@ƦbJ-67H+v\&gY02G͊Xp N[vc|BX2T./1S1z*6 QTM2$ ,spV<;z^Pt=;kU8U!;tK?Γrhr2!Ձa˝?ENkMR/)S1B%k0)M<!hF&!WJW/ (>Rwua4^sn_oB3`ɞ 엧 w= u!r5h=~18Wtsz=,7NiaBt[ķwQ a2080+Ϙa( Sb1,wGG7Vm:Nр>کRM(V<ق{KBz3pPBxL0I4[Iٗi u9CL$S,Mu oghCzN2HJM,(u*4<ͅ?hS cD=_KMR26%"5E̵Essgᧈ-Qbl,,/{^<6ckARC~^+4 JIj!lH pz~,^*O٨%6H2WT. iAQڳl"$@POqV)0GxEwU/K->WɁ->2+64=|_\dBzXǁ~$=$_>&7; 8:Guw|N@>3i|.:'"upK׆^n[KYyw[? Ma=вddi6iL' O>߶5Z{TJĉiR䍅D ET1bcȶ|q|G:+gf3$lHl-_nW"Ux[\hقܾs"2;6S$r.Z:<^]b#dj!QDEv`2xbv}(4>$&Nnj>`<g6{ 4pVUlMF6a Qzo>(fcI7l;J"x,b;̣4p#qKK {TQ+uy`p 5s鞥l>-N $b0LN;]:OTD row_k^d7'\ab{v3Q%:N"1$FD6#]B74Bk0>V͙X|d5V) Ûh2 cH'L=bZ{}BKSӈOFڨ% ycJ3d\%Dr-`R9f3rPYJx)R`a`nBl4.-a'"^iFf:|d7?EIwHksC6kz=`XOAJ$܁,,pX =jOchu\RR\oPEv7o;w+g4K8]h..LJ'^B\^ZD6Vw.q]`=G) ^IR94ehqbM$ T@W Mzt "r8&qweGB!n>$Gu}F%nsGtĞ0h7ܑCmg0(IXuIm-Gʭ^;Y ԄfDt(L#BVMC5aj1RCIٯS!e8}d!'TX*隣(]z+9324M%=AGG(Q؋BJ#XW @+C ju@I)Wx8rvnƈm2ܧFπڤ%rIནɚ8jo\*+Qvi<(fe"!Ct* 9Ρѹ]'˯7Z9o.ne1^#r6Բ^ӛ!VU:`h?#by L8('Uy4 Goc)xدyǷ @dUA't'{j7 1'Wzv!$(D Rj+)RUrٙG< JxX Z\i&9qs ֢OQ]D4-Fxw>۝irɺ&)Lx;GhQ"{pqscc:BĔG3(AcեO -Pj45-pxt!ۡg"Gj%PaX͇{sdRb W^paa {B;o/)IyS'@|Y/^KՌ%&_騟Z<8\AV%RQ7 =l#WK23,D56WIUO.eo}rw۠=CeiwEh\̓0]̝: _P8Oc}%(d䓔VIܮ{GᅔNwUu |z`3OAv5(sh 7B BHKʽz Ǩ b]W&iHW DMsHU`::Θ,,Y&DPW -t %Y mEA#E?\!ڝE_F@g Of-~`txMЙ_ D2ʵy}v'v(HLi*Ey]1G ?П9,j8/\</ %(tTUuvTymD2XXL"^kh=\H3cF3GH \IwجZ(~ s@|^6:<E%tA] ƬW;gv _s\7F0Bo2o—:[پ\h|@C (70+|+g1/ ^鯗R>T8 5K44[dZAڨfPgAG10(^/ntr# 31."h#,'M:EFߵpOI:I((q<bG -w"Y8MeV+oe`wgů#"2ÉE,tg[HcOOбg3Y;=`_A etB@4(-M P'b./ TRhI 7-|i8d$N07'Zƙ} 4qv[_ fpcZdhPq}~>{ uXU6OoF#p_s4雕'kf =SU^s{;~K,4'I0y$I~j84ޤ8bD|PB]!~lu:- +2y}ˤgz2-VX^A?۩>h>>(JjYgLqn z´cr;EY Mj1BY|珤T;/xTcctXW(-p+0+#~>r.5i}8$zӸF3fml\x{u<.?&/:e}|V.*Wym+,.`tDܒpws7cvleߖ7D:Uo, z& 74.>*6;>ӛp\*Ltf=j)b7k  5)^BNhϚ؁ YYJrBP_n#c yÏ@rxPb 2NP,luRm;:W=0*ת7*'o3sfKm_ٮ 3Ý]"Qҷ޳d&*L,jLT9 = tr$Lsf~MV=W€9>vW{uqtnY;7-ImaE@n8K!>H8 ݷ!}a S|'x%4)OHSa%p9 IRqK_500(+nD*I9&!e]n1J7B$ L{X@eHߣCk$1䩞Bi/Prp1YyLboW/αOp]QgqVZ>ƕ\$Qb:U^bnS}Ξ:/Xk(YDOySODe6jǿ Aڛ#11d 43B c\l({/:Sr<'KSb8jnF5zzi  t>>\W Vj UcZErwW"'qP!%dhsK)N9 Y,zYOҭ<&z6*2+w[o\]BtR$g}?)!-Fѩ=GtRiհ$2n J/6o.8>ceKT%9)G.ʡf>-ǻSA[aҰ5}0YJSSm:wZW _ýC- oV~%)kQbgtxk+1u*[lj(W NCwFEj 4r%8urqtO˒%=0ВpL&QQѮ&6y}FA(5Žie #Sk{ta.24;"? "Uiuk>S܋6f! ~0lD@kVZbFO ʁ?x鈉/-ߜЄ8{]54 l8^g{2"<\|0'ti f]^% }fɼ(0NE`rAx4w_#(2t`8xoeC/V*6쏁{18X֊1ҙ'yWAvPed?3n=q\v=Ft[$ͲHfR٥y5Y +9-9co*okD-.9$$Hyi'K J|}9qGԢ-aiid| fݜ&ϣk№EH - #$w9v$iİf*' J||l(Nx$DKؗ)M*.$5~wfS H@uԬ&M7` LiU+LʳoW;4x})Vu3zL{N_\v [>{粃r''A]08Y+JV؏^"1Zi2?47(h?`V|l4c*Bql1/2( B Jȧs)\e%?+LE$@.8b;>FAWG3GR(7'B5Wgp'wˎuR>V-}u.H],RB!| FtNy"? i*5*q:=NE=Co|&(I/Ѿ>N/n ,Fqtxr ݇҉#QoCH.cHTPUc}s*/'~ܻc$ٗclr.Q?#?u{ r|àtZ 'K,f(5_"&wFXMQ_z Q9D2eU[O-.|]41C|z]h+Y%4Zh+RMfE}Ps)ʒ{ʙ 0l4f19Jw)4l BQeM+T;saq+o0xah IogaN'z+f~!z#ob#ϐ7 ?UߙXmq ʐ骱Xd2!ݴW|uhܕj= Ttogz-P`RhSiyHQT373V"@R?"ȯ. /BJFgZ\إs{I|y+5Rǿ2~̡<_Pڿ Xu dSgRR!1fF0~-I䌰j^`̢rU/ "ȐMBmf+]E)JNe6={ْ+ETZk$dUL[<^8}.aUv~|tW֕_ ΁Tmp ӈ#D\q\OYޭJE&1de$lN 8gݰ|f54H"hmhU}* ^?M+KA򲝬(()<*!Ik#a: q-&8 #Sתշz+#XYq<xaY2nC˸Rӕ id)0}&ulĐbe::RPn5z*.T/iv;nְDFQc8~uO3CA:pi &um^8ņAlB})e@{7 K#1%!Y9=p~GА؝_Iq*wn+I!pJ -LQE4p04E;0ڞ.{6EV;d{xyHgmGW&Mw"hJOh%Hra, 633;g2ȝZ1gɖ} L a?k1qCcÌPSI,YAT^G;wBD 8:f=&2:;k.{&嘧x)׼K_#ǫ۳v~ϯ{fJw/%$o4qxR/Dr |U#0oV}ܛ|1@teUCT)${ՌуPi긹g u-J\/c k&rJ9)?xA6`HIL )=R[\6gP ,9S5bUֹnflGF4h$M@zSLPܫ j:@@z1枾(O6A{mZ\t`a2P=SɜP94Ss@k SdNaX^%/EeaڊX"|֩at bj$\e@7EO){Mm+`5ZU*]/d`h&w9B[0P`s9 @~ y7pHHL/b-Zچ::ESdtyʩ¥*~6xjH*FG.لU Yk  anGl!W1=ڠw1UrMsVVt)fzjkgLW &<5+RC VgZ!^lvy_ Qzхc4ADcXT̽8@.fhWQhn`rDjh'x׵.a JZfK-aTKXj0eunTk| nyimn3wbp;O'X.|ϳj(ty$k7oXL=) f[v4f$ŧvA#fxM ěّO\\QYӔE5s *GAsb &[Kre6&$1V/l2Ukm#b;u $[zg|_CE>bÎTh[[ 7Qt54? yx!].zk~sm$y'[.lZoo{:[UA& t恌OHe6MS]B7)ЄkbbˢD-FU(x#s,5/2_V2b :%tN~0F;fp\dm#2Zq`o(_'m~SٰcXWˎ*:FH UI{޶OJ=ǔ6)u+~a l8sFKsgHuɻo:/}|ܝߟz7NG݈61 } ۍ".fF%_ؼsb_hgu>`.bŪBk:sꓗ#o; 邀X2w}w͊GA ǀIMۤȍdۏel}I2KY+F;3+PdFVY BMpͻ:)8ǢWd#ՐB}Y "3ESN  Eg+b&6=8L9 S!d/ݠStD` 46fuZwKCe%vYuq 5ޤj '*M(#X/9 hmO'˜(J6X4oѝScAat,_*:(8L;VD!̔6?{īG1J9M(5p|PL[B>e/w CY:L%вT|Ae;ҏ1刀1]A4V5BOgsoqUG?ecC_e+1 1u7yh]{>P 54Nbc&KT'""<ⅼoEsDN hyڲ#*κj胄& %F^CXQۋY}rx 0&0*%aloi~,#1Hd~Cu^ &AAp>uwS|JCQ&6e$k tRY%rP{4[/_g?n YĨu?.mʉO#vb[\5rx<Oh;Xi)$ǍC4O }%~ۋ hvkيr#]ڐ:n|C.~,úYA 7tnQ.s'{>UРAޜX6 W12۠pOd]r/:% ^T*慍qM`>Q`*OxY`P oޒJ3ËN[.|ɿׁɕϞ_U*d|4=8m6zujtIm kܠ >uDѺ]5Pֈ4y0cxJ ]_VX!@)-|yN}DR@Y=M F`M%1\o~qLřsI{e]6jSM1jF|fyJ!c9,%+SM84R @uf )ay.>?ޮ}n7)kI2AȆ G8Swg k@6*(ߜ[:RG>UM @+YiY)k*vTә@W=DWɃaFkrVQR1yXr={z˰i`tᙷ'x5r9+|SJ.R`]]uu'?@Bx3Jc]hy3֌8 P:.@(p_Wn"}V{9|3.hܸ.Ǿg0<0ΫQ9@V1EE) O4vB zlECXʜ0<+1 SvY$J̳ۧ[[JV )(5:eev0Y9""ҶR4UZ26ᱴ-8]K;l7ׇizT!Cdӷ0aVW`1EQ/hZy ?sEi2)e6R%ڔJ96`l6(=kP RP4~)JIQҲw湑&'Dŋ?=BLɤq~gY]\U{Z_cЃ@k>CO?8/ _nM̘Y/QQYn0ǜnDQf:PR$N ۄ G>-O.lMYVTp 5֭z:ȨՎHHCl'tp[FTsP,Xrzt?vM.[;ҾM7W'?s%ا9VxS!p 7` ,L1x 6XOql;XP H:3iaї-,*".a 2W,o^E)pPZ,tOxg6Sp|KW_`?soH5pgj8@w/%xEǠy.JE*oǾI{ϵxr"Pn3.9M-.ZVlu1԰I$nCDr'f2C_U ,D"܈8>ټG(*҉d+r> vPw%%ӮsN)JF Sk塗<&eoT;7u iP8#x 0r 1KXh>߰͵0aM{=sSC t*Ks(oPiRn@1(DhT9=:W?ˑ3A'GGV;i'C%|C_>4v(pF?~zXKH 9#޹TT R$br5}-g+2:wuVe:h -ָc+gg#zI.ߪCbVKYEniΞRǓ4zN)q՗X5z,/LsaQ9ao :?͛iZu$_iо^GZO[O@e}?gF4KEGd.lHHi:k_' y0" x7֗ x\]P%%U j Vƈ& qݽtjBa gkخ 6@C8,#}0QC1 #ń}1fifIƐݡbC>pg͈쟯l{@7EΠ^OX.bG^035>s-5M dgkVh\ NN9e.wf`>q?֑X.m؁ _lxߨT,w6$o"Lr1_\!0 4g۠\@t$?$)[ǢO YTSJ '.m)kW UG#2MR55'ppg=44ƼW^2QerVnEfS]{]&`go.ڗ wi~6-ۦ7 l]\$~ہOw O+|U@xVdU%"_3ᖧ*35tjcjec.|xZ,s1u<6[8e5V)LS韝[ɗ«F7uP,x}^ϊ֐P9D`O.hLG:: p3ID:%J%U8ڵ&fXDn*ܷ,/ e+&vV+\*@} ,O< /9{'4-P7ʊʸ6⸻tn粕SžɦZG MyvNp|*PN~3"wWB& M`&)9ҳWUg&(![͒n:Ă/Q%3]6`UqJ07YJ]؛E"$PecGî3RGqt|jCҎ}@o l=WW.ToҬ/.:S?iRwʕFa?h p:o".IMWuN1%b<(+`ɟ21`cDl8kgTk,PR. +" W 71XٵFv(PRxaEF,v=pzKoӛ 8/("G=}h]d@䛴U g =ɢv?TP^H-aǔtM1E'qi}?bc@qtW :f>]lEl#_;0sDS'R:緙le?qPPB:x[̥͚avP1o 7P;T{^+ =Ev6G)`U׫k\6Ycl듅/R⢮92?f ЈCHZYT [)gw}xAh mK@g' ؕDO{^9~G0L2C鄹'yALК5γfZoHWlg5juVϋ dRSIX`ap ;X2i`|ǗJ4PU"o3uc2㷸؄\4(͐&+"q9'S3h[_r!A84#5d % e%MhMT2я$bWRL¤d\^Lu l㜻 A)yxhiggŨRm8m5/=!ۊ4a<-YN5SSBPA3isOMnhiq|/k?w0Pb I[!e㫉QKu(oLjH.Ćj[}TyL Ou} J7zd֚ ؙ8ՖkG)5@us?YIӈO6XLgϼPcK&:DF.X]ʦ1P!o3nM\Ρ[ C>FQn|JֲBL-m|$j ӟaMz33lxk4_4w^R%a{YdcI>U'ƳIy,{NUl1DO6 Dda??:"{uڙBB6ଵz" G)/!r'}K(::ioS&Sv +;tE$z `j@:eU-|51Þ>qav1ZyC2&ξ{>XǠ4:9&JlR+c\Dz:-8PUo-1D>D%`n-'i 1{5ҙ/#wDD8ۥDշhCd)A-]@^X ]!2OaIgo-㟵&M>|x;XqM)5^b+ <ġ $lX~dǪzTBLls,jc$m-5 u%%( U2㇛䨂 lCe0D'r_ִ5 Hwj*c!NΦZp֕*, YVCԮ.p/Lz5"n!R@;;TIRS^,[O2}o w2CM&O:ơJV_XP2EV[m_Po{t:aٲfw= y AՇm>>2b akVryъA+K}eZKhg5ž炅v ˓"A,smu аMJ|uoe$8~7< II't(؄/"2& Kqڅ}8aE"?EubSR鰊JpcJҠ|S D*cYY\ ;+u4"@= +pc`qh@u G"1a~#f}KB`ݷVdzʗ ؊[{VADT1,Ƅ[4/`,0 IAPB*b4k{A(EDKRȮQ+6| Mg,oG )u!-R& ZHsC@+lE^[h%u…'O5̞ͯh+dTN{ᒴG+uL& j6gRLc!]=]"^VS`X St5MŠumLmhVyDPu31w}s\Fnh{خe]1ZIKG em|ha* HTʘ6sr_{N\rx:m3_]&V .c#9Sy_KrAjK3;|kz k¨;dw {Rf 0Ttga׼ ˜ԷFq7FFUl<k/ίLbCJd1T^u6 I9WpIUYo#Nr]Č@-R\ybAۨK 2G\oxeJ!&헜39y `O1҈߹bF,[!D0̮Ac  ν0RH5 yY]8P))( WgH\Wnqe"T۳@iFa'VMW] }a>.-,/?v*l>@9 '"~@@"2z8d 1Aܟs) BP$iX9uhl.U#UbblO(S *SVeQT}8:SEXtls?9p,Rߌ!P{K䩋,!Ym2fsbԢ_wK`N\:#l!мAߪۋ4 Pf4GE{h΢ۭ] tاza61%|5+5ٗ鼏ĎѺO;GuKGYs*}޿.5$ٰn7\[!5|ĭt[:F_,+#~M~`XC'G3l PVQ[G0 +/+Nj8ˤ歜nAbґs'M}Lr?-4N{i#> }hIr ]\n豶ixRu񷑦;̊ j!,D#5DZV!~5 'Y58dt.1Zw[oӒ9Z8TIgμ ij'f}lC;R,J! 7*GsA qP&}6Rdp4h CGܬAY V_ݫto|Ӄ-*6nD4rt:~t0Fb^F jcDGf/8anDk4~څ!BtŞNXTWZ-gKP$Y)F6=mBʇ^6[`%Ll^9G#jEnO ?bp-sr+Ij:״sw=0Ѻw3ӻ*BX=63X_zQ9s TO#KUx3 6]0΍p^{A:"ݘ9#5n;RBmQuvXP8 7ߠJ S3sߩ/T.buFO 45#&y;g֣X avͫ5@y172)ݔT$eaunn T^{Ej8JPz6 Yal(н3!zOuMAglpcEJ5b|K{;<^5mE,D'|n鑅Q'\yA&qC]tH,} D @Goh,.`FQKĥnd@ ǂ" VTtQE.C|BQ8-Uh@O$#6)|ooցP G3ph sјIr7i9^U X.Ƽ &'z^ZOouh HMǴ chAJsE>1@gա[~ɨ䚿÷-szrR]vMǸQ̋n"J l&K8OSyr"{TG:?9 $*=QBݫ]1Q?rjZl68?7zJj퉵#z4BX9b7 eg/DUgٸvyEzx ^FT̐ʔ:3!?5\6}F[:k ׅuЧ3ۭk@U1dZ5e>15fw &w(}dnW#k8Dgvϋg!L ΓiZaHRO%z+c86"8AMaz]Sָ.%KӖcȢQ N?q^|BtŽM1LFxxS с4Mݓu ˃o;dzy֙\'yt]FjNx# ؆ );?nNw)BzjJRmpwI D5qDDZL\8aƧQ)x*>VunHt+}ᆻqy~3ʀ~ѻ_v=J2c8Vt'],)h>B iT0o0s##y&‘PF gM6׌,wէ~W*r0rqanpT ٷG+=`ߌkV8V)~6$&D\>#2n؊ELsrRNax~`2=ROjr̀;pUl\ Gbzϰ&;lw;Y cr M"Eb _ũ,lEW=Ss;yRjYFO3 n.ֺsBpV$:S]oDw; zf)3L)DYIE֎PM[~eIsU`H̡ehE=I֤wxP;rC',wz YLQ\X 32ڗJ Y5d|AYKRs#vҞI9$Z erSs=/"T*Zr-o Y):WJk8I2I]L f3Ÿ2N#NJFaS^yf*U74?p};0b댁~p ']+a"hqU|4p0?9Z[Y_G`xEg `/bJ)ȬBF!b]| 0 a;xǿrjCApȋ6RH&~CN$,^J(Uj0@UW4'IS28dG(kZF䔇3IfH^ qhK%gC}8LB/@QI.f_n2Tqg}(=]do`>rǿi\BK`-1ck]p f/ɯSedq;S+h=֑BUsTz' Ow J0kIM =}?g&A挪l~2ץ?_ZhRh?XZOڹ8.(bPquk{zA[x͗d؍p%;1Efr'\/B'v!]c/mL)k%[6:ݓ,|kٕL9sfÓlyvJ>2o`OEd*ZJ :>@\P/@d9``>tZڍl{X pd9z~fT9mor* D{0Dlà8"TЩz9:z P فʊM8Lۚ/s 1q3C~}zFe_ug%?Ҋ( 4syx?+.gׇ75A]&O>f`96\TcNLUczaֳSVU Ef 4s4̂;u%B$n{/36U콟'#,7#xs FX~ 9SQQ˗ Ȝzncf|. N2`Yx3%t(;R6X_GcW*H͵}/݊+ۜC @0:^h * %0=m,DVKjw_p{6GVcn@4tslp B ]QU4){YZG"A (~ԡ<;5x{ p }h5go FZ :fțo _R+̨^hF)=BhZYLa9yj<$aZ}k%Z\1g_նɤٰ<=P/gޠw>:0zyCh K2 'Y@aL|6Uf?-҇'M93q9VWN_`󛑅>bFhS)# |K9e{TK>ȅ7PɅMrCl|&Řκb}?&2ڜ5!I Na3x)A J8|O#~54%YrYu4~6ݲ43Q?^ܲ3q7{ 1l뗽OG(XX5^ڵŽ|Ё,mX/FAɞV{b1:H7)q-cI7Д2tvΞ݅yE΄$t)6q2H)4U? W|GHBlPmَe Oqf$l^ h rx2%ͬ/7{짋 Sܩ&NO~߫DMcN=p In\hlU||rOPӱ3ر5˻'ӗ%| N)P0Y}.HaΘQKz5"i}AB&^:jx ^ wZm+$ЗԗCT-ҥ*S,'$y5d38-v14kh| f#b{j)TAHSA3S`# #mF\e*]7SZ|Uʫ\2iqݝ_W0Y Z, {J'q/.ѽaа"qܘ&_ARd;{Yї-2z xc^R nK3YY (BwZnQW ٥='=䂫i 7 /P: C0Չlx*7 ian̆ߣQTUiY[sֶKzva:< 6i2vʉ2QO%3?П|_*%C>")gjl.rKR {ܤ6?tqQWmUN!q?wbgGG 6_{s=at a[ˀ^0JEى (ϭN"to<'4zPb#H=yqԡ8,X\ 6J#>irrwm@̷^a}P&;3`̾2(3dyG6Ŕo$i)'EgB7UN%û"0jCx;|4SxU P([/cJW'jEZN@aS.$̴9R9zxLtP  |HN$M`Z&uE G:{[/Ȍ=5 :7LI_t[#6ähH,Sl[,y%b *,*26$" V^MD-Y#2b[q|%R(3e&}PeЭ9~wkY^-Duqn>p _!lH68?/kOi+ES(~wi8W-jKuTL ;w}|jt9T V>ρgn:H `ۇr+!ݧ$鶫^MHe_DL - bGŢX+nĬs'fa K7qޜ5B6b)]NE 'Fra8HqelL֗Š8 ;U!X6BḮ:f^>kefQF!^9u ̯- -wvF%4_ (>yJG*iRy$RZ Yvy*F􀈊s-rP@wqb Mu^0vXf9F"x>i:[%TcmU5 % :'Msmjsk[C{2fXa0"\ʽx\}R}u0:SiR[;5OeVy&J}r>F^+жDWj@ bJ FT[QFC02ry21&:!伋ey?:ڣfjI$=.ӡ@wRZ7ȄDﵨ^;xtqC!ekKTŽsZ3o@Vy?cc΂7q?+b-#6԰TK63i1rؚj_F&K t@&\ƥCN- qzR9;',SUb3MFqcKv|'R",A8Wyn-)anM@ ,8X]lP;mzD(5_uۅIUmgs-1쀿-ޛv0C |K_ -/rH]Xl0{(#r[93 3Q3ْ:/ۃLmG$'')c,6Le]|ŷUI> ۂEQN\Ŏ`w V PMz U⡕J1 : }sXz,G@.WR핎2;}*UNӧ({#k% * s2܂?5 7CVD n3:#,5>eRL6M([5cˏ8g:CB`#gŐa!0#3otjK8MSԫ*(lagAyFb6NI6m{@RB.u2ݬDv(mN1?37a2&}f̼9kNi0!/!"˟Xgor#L-Xm%%ۘÉ) fF͸>r i>NǮ)oJnܙEPxq'Q!eq=ieմda.U u',T/஫hux:'<~\IZ R¾w>MWoCP![H'k{T;XuuL8}7.(tO-Hl6N"rs5p_瞿 kS<@Ϯ`#V^`ϖ\%GYfcԑrN nvN+BU% >S.E9l<13CUfcs="ߒjZmy:='W>/,?E+jrxˊPIsfiL,2"b%FY2Ly)*驟vĪ6[$ng}9U^XBS,[ėؙ<=Kh.?؊l9&'PlE WŃfsʗkvUEpqQ_zxQ<?MpWpm€D û{Z!lv"(;jZMWQNjT r Uf mgix(;&`7aR2N KpkGoD~RZa~vKwqYi ]꼹3Mۖj_昝lTtw$bIKE t/ߌW̷f=-[N.JF?zlDhp eߞ2u5u@&> w4(C_ѓ.{|N콽5`DD.lroݸ3QgXF^BLE a;nXZ7K Wh=󥱳db8dp^2~RWj9I| V1^1D<Ԩ *ccrI%F+ NYg$ČL+&$"UՇU/,&!c[&û1T>M2 r>Y˲Ӱ[k"+OڋfҲek`;h$H~H`$َ[ޯƣ#miMFj=X Z- TpmdK}z|"j*E!1\T`tORaYo.N/{ٴDq_&2^7M :PxB1P$coG`H-6t4a$ KcHt" qsG҇18p<Mh%`sZ*`ݫɂdNCe.]nH*bsKFFn[l :Nջr.;\?W3QCLscŒv%{4@O}Apxw:Ѕ\K7KhU;v̋8 ˟jyuќCN|-Ğ'c^γ|UH@h>hӲ;4|!HK-x/DJs$!p1<.27fyuLYJ5ژs{XV >qRSNe=j1bc-ĈK&VBeAW*iK[d:Ya5ۚa?|X=b#J7&Bz",3[(@g+?pl4)99K,P@ k2a#4fzM(a `<:X쇔ǾŃ$gi$yC\;Ūs4囌wzqR1|w΢#.,> V:mq>F[mX5v58yj~_!¥*$qM % &E1f%=1^KU%&o<9S(-S+-,'#Rh4`IA+(ɈzauOM:{w㐵>Z8ǿNwWw+8kE%G#z,1ĚmuKӒN*M sHwh('}m`lC;#3q6\G݁)W#CY5Eu`:"flɢEυvZYj4DVYzL;[(<%R,[o\1#:<Y"G[ʣ6$>C;k8&\>x I>'+$̒ 9gbӂz`1/Ke8rVLH.a{$Cdz|Pz.v(bR0u#!%5=3 G>n(fAXP /XMef ޫhwK/GU() yk0ul0c'iqv(xhZbK'jo6dNV :FLJ>,˥H-V|0H,,Sb٬}# n&APIzb܍rcv5؋h>wVm0,I \XD8DYz1&U+0seah+PYǚB>yoW_PɿKկC LoAp!n*;ĉq^gzde'/[ڜ~hrF;Ǭ"vy t2%=Π9zx(N򗡼R^:!jlIX@g|[NzmR@Xhj`/(ag>'ʿZya1F8r(Mqpdt0[,WAܼخ@\|Fq@V45 L60Y)p{ Z]?i27m s͛T̖]s^1:cwqM,3gu1̧ĥO "q2߱Ӄ[RAWmf zU5_SX*+WQ.+eV(ŕJ>QgyY/t>CI{H.6q&LiK2g ,0w:B(ip~AVe2h(ӧ-kWÖ4&|HX 7c4#DADBadech7h@g· ˨9R<1?kʡh>bA ~KHj_%5eGC:%3K}`Rbi0DM"X{m˥:-oreբ-WhN~+JKQݘ/MUǶvϢ+:ﵹcw9LK3$kzjj;313zYӨZ: TM3P#q†wE"cjKHyOTwӔLe@ʓ[@p*EC<}nk@v3p0_c 5:x@!U8}E҃p>Liҭ QS:ML<>'5D+} \aݰm `Z\An^.uej.gJH얏YS©T l uz~s[YH{DHdX3ReU'Lj!&bFlX =4@ ^NMWy9,;MQV/[pV" NNA]@O*D_&j`:Lԡent&?#KD%. 4 ?1W7卧:k;?U3]6 h\2|"mE{ U&3dVL |QT4j}۰k)dtPABbS{%fVJ 5}M$lnt6ƮSӷũ Ab0NZ zU>qbwG`KіM8@g7ZolvG e͑(ށmfUabiYR~ZHH?i_ dY%6œm _Dd6岇Lρ>L_ O?A?~ e2p%ҹpa9\g$iJsp7UBBv8%!PY]%mnR1Fi!MOBR[~l9Qh:p_`h| ,`v?[?bsEMXqѼmovpt: [Z8Pꋊ6׬v @F@x=e6 8"\bsǯ:U@T_?>~LY2 llGKZY-`0 [wG!vxˠA,4%fYƪL ݣne?X}g9pqՑEho}76ic ,Kg{G!ZEڕ{gTkIoR~<+m!\-\+ݎҟ:E%jӍcnrVQ(*20% )v?+cJtrCɡm(|YàyG>(+'YL(AM0J%p}<{+!y85 U ޹YW"r 9aSʌTu-[0 \S憸 .IU)}\S%xT6A,ڭ8j hȢI_!+%$P|Tߗ 6\2fF'Pm>R41LVu!g}qhLəx})ݬNGbtm9*(W!is!(t)ig8eerULSrF_˓RSڇ(ѐԠg8 AIAiJbxyiߵV[WrE#!XPX(- ;ZEp[!< +2^Rx"m9 1ǯQ̴# "/CD G퇑wي2Bܠha6m3-lUx94H1#Z3x%v ̉P3S+؜֋0>ҢnkD|364E$ up[Ö#8ӓ_>žnS-jjy¼w\`^<֜C%uG6(60ԫϥ(C<ʗvмbAm\-c[㊀1F *o/ t`B@Kyj:G"M3 d]'Ȯ<][T=\a/9pL! q anH$ $^-$@\x*JbJpCi}xuNl8G.o Hzy`twϽ [$d;bl椆 ?~ZrWgS YX^]],fл[u=!Ge@c&5p5"i Ux@ÞJ"6Gɣۘk*q:,"tEq ˨DoO6ms=- >nxsG}W?8/æ}GMxWJ8xBG^F [ D47 O @m2(T#zw\5^~&=)9abG#@14̍ZZp  #ǐg~d!7e#g8d4kNϿ :HBI& Cj9dpF& R); ;Ҁ^- KUO+e4pR)^#(ȓ7h(\ ܷxejiV#-P2m&GX#Eq@CmťGue@3o7=6-R@}!!F &xtH{Pf9IϲTΠˉ!/*Oi].5cz͇csN&GݑcSXl7cbpv)Fp 7p~":2(9nUjRߑИ}%}p/rDT*A*)DnR,nP̱ǕdW䙛6\wXQg( 21;LeV]oz"8 "󢵙H1Lxʔ2\|bI2o)}GQUL4.P2 q9f&fE_N}bAmQh*:R jW4l)@fȮk5 Gm" ďQ%PP䥘75C;MMpQJJ5 [N)\EPʣn:iuc/e̎˰U\w:4*Ii P{ov{w|+2irx]1Z JotR[AQ+[Wry^"ieV7xQH%wP|hIcS3̲kC% $ C}NL#Hm68SQbÈ_R*vT8C Qtf.V^ jV~pq:M[zY'G  bV] ܗ58~O}6D=N^'b -z'H ?k*^?9zʡb&J.l&fpA5be-I.$£wY`SZqs*3 6}?ǘ]]ǧ]~;7X N &)Ar|j*6WjC_]!q*All ZVy=؜jz^i0Zz4Xb(K9QoF5zFXJ? \ߋ;vzJ=~|DYK}tAɋau.jHzFkQ,w,~ )zS ܧ{t)>Ok0ݍQy{ڿzQb^Q :F:9Q L-}0WB١1dX#QRTt \<28 ?p.9DXvbNc>bNoz1H{2`4MjeY&I{TyL/f`oa얂9]t¥u17$r^Dėq R!WƧ2:ƒ}pSOf QRTV J}?mc!%ˎn[yn d =>\66b'DC3G]f5Xsڜz_}hB(=STSݷ`uQvKL\P*+>#c1~مWؖ}Qg|{i֣rIy-NTvUO)i|0J ׃TF~!KP_YlϻYn #a$zN%i-2`Ưׁ^nK̖7Yׂr%χqpƉbi~i}V# UbԪ$0IECDʒݭߓxLC/hՊ]Lc^(>#nbW7=M M֓pNt%bi;͈´c@|c5{mU@Kn !IvG#\ zW/ rxZNJMY~cz8v? O=,舱K3`]'s>VɅI֑_(|e =G&HM@(7'^idaW6ۉ<%.VAJi6c5yƅ0ː?ҞTc׬r`fF%87I6{و ؆jrf/g^ ڰUE/<"v/.%-/k'JbS1"W>>HӚxNLΜ kGW8)| @Ȼ_&]gPmJ]D}أ((zpuբ8|BRuA!iE&*O7}xfܩ$3Ecq!h ֳ$-`@H ʍuJ{ -R! 0i2DE.Y[+ѷfAu_|{ jDGM t'LiP5RXbZVY8mn"3G9H୻xD0`-sŐ?>֭e@޹_w>Y&}2p#1.}9= " >y^mMG|^QE8TRSG_Vx~NOG] ㅴQqlk[@a/+kEO˾z6hQ {qWBi>$hB'%wFm?v:j8)%q4&a7ZE?h*AFXLq?Xvi+= 軏Ъ)jSmg[Ҍl*?_6bfpsOw$0ԛ7Mij < .i?:"i㘢Eʀ%^ R` H~TXhp\m4EZ}-e)y| 1%SY)#6cX>Vd (w>@QKׅNG">#͏/X%{ϣÄ:)Yhgw@D85~542lٙ|h!k5\#*rMIϗ2M+$;vTc*NHdml}]acADcy1}5:@L`{換dZƶ`?< 邯^uzm:9ި5v*ebҎUWf")G#NN_Xf>Ϟ\eE=MQ_4W:;B&הiV#%Ff0u-ŏhIJU<XƢ= &H&HI쌔LV;jl?kvZ+2hE)l `h7щF$Y-+ayGdlQBăXn,&WBxL8/O)9RZ!=g2D|](V8Pg$g\`|O& 4+N%QC0Bʳ(6w扉P,6V paTĵKcה(`ydZͽ2k=95 T j|\I5Ul41)_Nd4qnϓ\y{Dz,c={qAL 5R&PJt{h]ՙٗ2x3MDW *렭{>yG$yy܉n:tBSQb5t/9՚ "D!? ß?> wbU4aމgfTXna.(8sƄT:Fb1@QdFqϱa'ywnT8V1S5ˢ 51EcB o7JΦYy`gcOWM8b?crZ4]o鱤D|tO}O0+qL/N+˟st^<IEDyidh^Va(&KM`$EN6 CܔGvgpx5w9 t'W3zL'Z&=knw\iOԧH-BJ9\w8vk‡@tg~AN \{͞nD&t" aGEݢ> t{w}v :3[-hN }:"@]V;кqu&ԠoydF $ʱ1x}{SIm%=IrnM}֚(lnxz=-=@^M*-s?x84^AT\5_>H).xxU2o547R*,y:ۜ/t=ֱOI?C]#~hTs# i6s.pr]|B`<4zyZ- iI`-w]Jھu9zP2T i)MxdLPܴ3PyHA/ Y[N&M{F2LwaJbF85B] z_[tԲBR!gGd*|{r%r'VS&>׺P2R@kbLySC(pCR4WdKU7X0Ɔ[7JoIf۾Km"#'>_sgwE6_N"B.n5ߍuh P $Qfɡ͌|'}z3] siM!꛲p (DJHWOZwc P@q"5*aՀ'Aƒ[:#ճDj]z_CTadx4*WlYȭUD*)Ϙ f%mCT\wy +2ȳTh&DSRjͨY Up

hf_ܹpTy76-!L&L V׶)ãFVFAF2d#0L//*w$\*b#? 4BPGeqyc9{Y0#QfIᗀ! gCZt-WX"vpWҢ;,$ Pi%:R,_wY2C]aeHKT7u;KԤMi {| Qxŷ"5H$VglҔ_۽7&AHbQ%ITq|ޛT opĪT)ܭ'\yF$ 7V3*^H`OAiZPB9w ߖD_*L>uI+sWv1kd'1E16(&B j}kK%DqհJx !vw!:q..q?\@\72/U3]V.PV/`hfq<ӂDH#wI5A⏍svP]b1A$k7 w61թ^t-[&=򡭿g9goJ y%nRʁ6˼>MF\P,8 r%|Ў*}HLZ/ZJA G>2'X9+!kUb8|w~7(,01]ƚKbYnal5)ywn)3V oa(4z&""ݟF2;NC]T52 a+y򯊛˶X$X%""3:qLڱN.6_$}{rn'tlYY2֧Fb4L,z9EWBΓrao=NL+X>:`FqG‘E_Kb|h͖IL~V,31Wrwʺ?>e*j4Y<)gvR $ZJV Mn,ߠ.?TX@#{^Y{@ }<%wgɓX@~VAj7!`:GJOET&uKbNaȯѹRHlr*y0.= mea'|&Jb?ybnxzN|S05V}KK]'+2L_OQƜ&n*X$A UIѴ"WAm* z#>5i+CuKdLc4_ř !^ěDŽe0΃4ڠl,S=J0=Hi)dͽM?9DV6ڟ虊 JT[kG G^6Jn9f)VJ=eZ A{GGFwz`{s aR If{bh\ok#Q\Ka/ Cq3݈v:Z3S- <,\B= @E*؅Z!+<|V @ћ ?88H-(YyOU_Ϲ3:Utz|.z V B>H&<(_u5LURc/H1]$~2,o{ȳhijjt(i-CFkAX]Vn>[U*6ЗZ^MR%̍x,>5zO}NFarZ|88g 7}?bff7jCk_6_ nCy-Dem*6Gڀ 4sAkUΝ#=41?My "Ey5yx'Ia_ :4>Nm(< uwǿJ^=BAF:5WH̔-]s}mQ'wBF' qϕ)LO4KH1|Qqn,gL^wkы.Ȧ8^P~^YRq煪7/Z(eM`y!# K+Q8_-d8'قfޕDar p¨7(W v0Q9O]V?Tek&S)>gEїOK2CaQ17 Gs"s &&LX'HCuJm'tGO.EwENQ+M1kQM=%9LmNKƩD&" ˕ Hp<蕊aߧ{d$ûu$<밆v}|x][D:'ue3n~)P7Oz7pʴGO <_r{\95@Z괪>5s&e3sZ̝xyѱVF-bH\sÞc~+Cwۢ+p06j xC侒1a^!Ǚb>wn:LC6V؍섾 EV@Wen5hn0Wkg3[ 1zZPL&1%H]lx,1̯Ėaؗ 0t ;Hu&8d{ߕ;'ֲ4ķ ?X_I=}G {Rr!uԔi?;@.î\J g d#DգzHG!q/*JѫMܓTQ5.%NbّE{T fqG˕V͗):_%,RX㈲r⣶IcBin3Y.UR>3t)X>|YX" 6*Ab>ϙZo^hrG%a rD0[0`?ʚ1@UG\7DH{2a^Gķ ?驲ȳ=SAnwuɞa[)RƓ)\R=#f`1 Fa I@haw|^VJ lsG8zDQrZЬFN"5BH?{)5"E%_\Gg`wFD!\9ߩѸPff =?182fhߙgFa%;A>bL k*{B\}v(lS cs.Z C-h^XjPp;6 ;SVJF1?lh|3jEjc$ʄ1k!SId(lK{P껣0IA%57pyn}63X`}"t}]smd2OJy:6vy -Sq;|5860F0QdZ㜵qσkk]vא4!iI(֎E dԛhC-/b@c*uǍ6tѡZQo&:Z*5k_9jq`((k$#8aE=Y? G2~sSC{z}RN[UNFg=I[[S ԽJz!6ù^暈%ŴX[=CvDߜrjѓARݲJR#USC((^A>XQC Z/$.<^PDe-M]7jP*A b4X,X|.D~&Tow?mhBG/gMS6Xo5B%r? 6ˎ)G^n_k / Q5DX?'D8FbF\_CO'Fܾ/~0'8"0qd_69+u`)0]"FSQovע1Ł,diѓ7ԍn~~tںfZ];2c %1 !H=[ZЗ4oiuQ5i0*ͱ64SZ# x sqSvfKl4ުz/[&xQ(5U7?UR!!t >i[Yθg?ۺg:(= @!EӖOZ nK-[c~gQn d3Z'9xѫ.>=V%`?޴:>fðʌKՊ?"^09\2@6X!JHuBK+@-o[y5UNXWW4!awa!&;.e~kua>^L4"HQJh/xWPUmmeH=#: 9G@b'6|VzcCMJ79nh97X Ɗ\+Eݥw;1%| Nv@V1[9!ރbq׃0A˴N{׾F紿EWU=NkMP]vY岏#Y(x&a?ijc9˽z7 b47 $rTUJ']WzW\~c5"QLHq%S+ߦq)J3rrKA|γ9si}z2 w`19mS}%sztgH 2B~X(7Za+%YdCړ͂\psns~6c j*NJŸ{ߩ.1?tМ_ ar-ܗ@n>4{8e}^T1:# 9S.CS;2Udw{\nе\_S pmiLpe𡃢(@r#yԑ vkWf,,+ mfpa}YJ57¹&{Ԡ>0$W-v%dửH zMe6:~pkh'c,7@@i{46P,eE川$qVކrf e:NDC8,23C[^]kZeL|`X*TKe}]vFQsP4  6/8 È϶:QV L8BpNWZFCwnG86?l_Om6PtܪmbQӥ[DxTM65n,1B w&z} [{J`)o4Ht8r ] $J\GĆI&`4K"n\fZ_ąLw2_Ke{뀰nrıjإ@Ƽ*ACz"J+T j f v{i"X[T40-ҟc~: É"Wh;oR4R/lRq|Q?3Q桉dq!npC d\B=|@"s0{ZN^hٗ5U.n)CTF4if;~X[ٻ){DgKƅ T5.|F' `~T9R`CF['ֿQixĹZ$T: chI-0[حG/Ն FU"^$-xm&?ƞR'$slxFUVc֙Yx^چ\SRT ] KAK8 =i\1 x.9c‡@;kp{JO mHx~,BPL&f[:$z)p&bC D# Tz^ (<@bՖRүnrŕgޣ 3оW@?~,ñ$!&@Pl$&rsvN_exN4 >9^"`&꜊^G|0g'x0g~ SzSYG.NtW-"T'ukH[`5AY987B\F@O&Ԑ!o=Y PR-s֛CdrxDD80|Hmѝ+@9cFnrIRJosk SNDسg. ioQ0åXh7/ڟ9рb ccsWҨ1a/@=lTƝhͺpҎe0ǚg֎ pied=vQxgDOfF""p6h0Nw7yj>aXy%47\t_c)bI?ʹm}QZt&zcն2J숱)3>LU!k.͇ͻ?󑌪zQdFm[ջR!jDT}~QTXsLJ\+Gzx1Y'[Z>9 Nh]qt\Ǭ7.~dmDD|FyI5cit?{:(KNwXɒ>~r$7,zH.͒k2gjۭ:q'[Ps]0gr}Bx+₾֤rIQ"IҏЂ^ӖF19cQT:YW~"P5ޖ@P8r"hVc̓ p,%֯`ù%{鑗s()_GYC:0؟_'&{AYޙ[t ar lQ+; -bD=#8C1Yz^)ӖW`XyYH- o&͔vSGnKZF}JḿQHHHϵv Ff9 /\S3Lf_9 3yNF.ADЅn_0j%Zg^ʕ!Qqڀ:4t Wbyޛpco(2RR\>D0(Psz"&V#I`py |<3GD ~2 i$ר,)D.J{ B2O՞_2'nUJA-Q`):UJW]BR5D=WS'%;)vsтbP+ؽAV}k>ɿ<&@o7tEZ˽ IȄȈF[pB46Gqe3Uj*n@ZHÛ}Sm&i% l@Ьsun9zIV[| S xHW#yy\s4 Rk2Zc:AS(CfߔL ҬR4,mѭ8XK+,;!W'dĿ冫0C":LNtRbi2 $4*EsœF)*=%; 'Aյ GvVk>sTdsQC10 L4t)H|ZTI|4zǁJ/U[: `&#/ j&\*~]Uz$8оLu < H u_zV8COEa- @=A}|0-*:TtGb9*-e:I Z CĶQ!\ߕĐ/i<<y ]T),`X( CA\Y&2x%i@`kMڗf+ UA|24}[2At^txV3~FO$w"*Dk9T d]@QSAԝꢆcō0TArcu 7ƀ#0FՋ#3K+vO@~YczHff:"B/x0.9ґd&WfyEqp8ag_m>4RlT#>0[ kp( ]o[qkb"sX5ό6R<* xg]\3L:a:8pi 6Q#C;_YђHUؠnG<3 0_SȢ[)k!qn2j@yB{~K gAK8^_<ŀ V=Z$AA6 I]«M;FPy=W9?驖RFc۪:b؜ r ʭr <,HW-s(Ԧ+6p.UOrg7jQ r ކՏpmm3N<kF'`;^M DM燌ThHNF{GK><) x&N#n)Nv6nZ]&͠u$ (ᚪKԡ|#Y "!S"0Up4EGxvEĆ28yNϴ'e6C=k"7R"ۣ#\LyU=^M 1>m4{7d"(~kgEst'?E"8,mɩȻ@ K^4)OpHN]%u~!$^PE9p?nIp=K'􇟫%( ɡtҢ(j*:=4 ].vfD Ї9\s ;s5Ҥ,L WVSԘ)"=S5Q} GR~]vuds_]WO4U1T&Y3'An jKk ?$6ffjl[&wba);?3/8[$5snԕG/Qz0ct~f*5/0yՋ KXkXHd (DO|e?0/I_~mH{/f AoS\nC+,6T+ GTG*HU&?C 9LPGUÑGmo3"yڢdqhY3q8RM9Ȉ$ )nV&ΝYnG"\B 6G 01JwEoRA8H&vXwSws?u˵-3 p ;ҡAVe2μ}* $-k,.ҠjQ)Co X;Y<[5RRlsZPLț'`9O`U6fPzl?ދ+9XLǽF * s=x\HqIBN[O AO``!qN짞eMɚ@y]V͐%GE* 啁̏ch~3hygc㝡M!sEjE,^=g8y@ &K؀zg)KÿՀK!H|Wb Ou=DH'F>â0)P51UNϣM(|Tw4jK}UecY"hp|wDD{|KO?~xmRmHn8n>؟lLtӃ8^\&|Mu%e~E\CwOD:Dg8(`5P@Rae0~ޅמLd%'6⊤pǾJd qsN/>ѢZv[sɺDQX2kAPt`4xDX4P π-ZLn(q v*NVsQZ?aHc6zӵWd X)_ޝ󚑼 g_Cft*5,f)12 Yz۶$dY~pxS2Ʀ&8Rҫj&F7k7 >?r`L˘X Cj+$C3D;ЙJZk;Y(s)Wu,!aJv5AvcGwJoSg3^ a ʦ~\6בj}Xypdo1UD@}sԋUK<øK0YeO%YJco A3myjN]㱁i6Cs#'^Kgs%hLؔ8MIK@h9FE2drD*Oxʏi:`蓩I"!",E;tL拂iw2u9LfY?"1dƌa#1xjļKj7HL7ZV˿{y]}^,) zI4̞Ȏh9@:@+@L6ԌP,|D-ްL\f*_KZK)SGm'Ko5LG[rr!(1LigSD$XZb$J ݭn5$GO\ޡ9\Fd! Xխ\ 0HpEע-57pք1i {3hfw;MD',uF$c> go$k3[T[f{&2Fͯ#npow"6hO&q@H^OAk Yaaee륾1ȆLX2JK*iTS~$Wն>Z,B6:S$D5o$~U{t ]<Yu/7*%Svapr#63DuT,)EbS羷\FH#[l] 2+Jfb2{\?yc,ݑj9`0rP 7@6y+Y(FzhxAp83.`.?K@+f@ppTǏkP0E 6c_B `hpJ/5gdA$eؽz)-TBix1 SZʇAϣ0b/񔍿..A]x#(渻['_PWm4)u"t0bj0LT(Bj C[#aQ R#/ovֱ~tonF*Yν- f؛ΈGsEaN (MY;ȇ`7Zvнߢ! j'2%:NIY扒 ~k'Y;nAD7vV (x*m557Q5[:1fGՒm} V!iv?k|OaN41oսXxc}6cEE-'`Sʾݢӻ 25ӋVJ4;0b+w{|D|e& D[ơ`@M|oװUI]( pmdD/f?nf fq'O;1TʈnC2Ef 0YpR]Up̸%R'l:g(]®b⓽ƼGRWFWVIzam30ѥ?VRMVUK]s15FT!qu =}’7mXgQƁ3ًNj$qO_H5YwJXڴN{C+Bp@ʢkӑ }P7"Z7*(;+5hIS5@͙"lp}1}ܢ~LűB pOL.n|쒭Ph㮐gČI9^$;mG1prLb+rVdZȋʪ{~p؂DFakЕ@| wjN2g??+gA`WȤȎNJ0m8z"#=k譅E?=Z $mxL6d⿆-β ?74O3[{?zw J 6p W}92x0O loK^Q>$HIGAȰJv3Xuf槲EQt%SEwg;8@Ԫ4-'ROH/el1&~NCjCe7O~>Kr*ZۄY6{mx|^=O/H t^+s>eQivE;o!T96mc͡B:92(yƇIWN^hjLiffمjzg'w]S=r#ʸ n l7*26f AD[9X1h *6B1lďtߺ3E~ r'ċsbIA@haٚj?cDtm(L_e .̀KtWEɬ2)w#5SM:ohm 6&6Q&$O.ً*Xh-Z ꨀ% WL`s 9c}ۼu=xu/%Eo"z1Ne\\)2<(mnXd[.o~xB(ekV,9NAߗP'(T WF W@򅻷>K\(ҙY7E͘9k |e,8>Ld9Dlq`&&ФNUx0ۅfucߨ< B,%Ikp/?51Hk?OLi q%|ID"ڧгOFZ}OG̒8]{M=2;]B$Z_^/b4CNՊz{%ێO%sBo1Icj-.9r.)4t؃V4UuD~HHro~j ,ہJ @Aˍ 7ل]eyq%Ƕ aF-szdx;\t B:'w@h&KMZ٘@P5[W AH*ou.@-AΛ9tx|m9O?; Iv+ hV@H*rM UҴ"}bnvy ]񩡴EӸ苰M<OŞU""u}tWG@t睿:\Eƣ;+|^lӿ=66PxOCD~V1\]7Z Xǯ7bwVp.' ±)Q*ByD*;|: H)p޳wK@v~V:.|Nv|[>IʨFKFkZaG4%z#Ď!xu 6|W҃X_dռSذO}("dRhJCNzH{2Xw1Kt¡J>gJBWjA\-h÷Vל?DO^¨{_UMk@6%Ė n2a\` (::%99~}5gWYBzcq3@%J 6_L熫fnG|y$y4[8^LtQ*# Fz^MJ>{Tʼ#Z(kfM’% v nѺ$ƖCzZBn(-^Rٹ4JH2Б>BN, ^C*x` +~̫iK"QEZǕ-`5K+"cWSq*H)UǺĠw;>H*I5}hrpz'}0 G/xtƵ1ڍ_`9e *}nZcQՇjpeeq)u] $Wu[q>hNp{f\*nv?Y|f|87ʤ0ꭲq\{M=<(fpm0^NU0Ѷѷ 0#f\/Oלm xwcñusʊ*n__yݬ2]c9 oHǯK5R@N/YOQt+epI#@fю~Rl$' ;Xgc.ߋoq`Aqo5#]'VEu|4ƕsY3݇Fnu<U|xs[Tf>u0PIJĺ|Ox[bhXY~^f#5T4?؀ 8}\ uU>1x)*ޮ/ðXf zEdp@ׄ|J4 vVֽMxOY=KH5kuٕP1[U싽sJ8O[]IMg!tAuHD6Yq8\lr2)닯VM3n>Ät2;Jl8Ea4I+{NQ+/Q2-}'"!D>:Y%H\Xgsk> )0ZnHawI9jO(m(p=$LIFQ%֊dG;N!&4_$r_S7}Ik>CFqLX}(LCveUet eڝ!0ÅG9~ٓXC_gEh|)P$R)qL´Đ ՎU%,4d=7&Lyz6Zbă= r$U͛J2 ab(|hF;➼,dd # kw3tm.y챷KW[Ҩ ۿA(N-Q&鱽bz[ G5wO5Md͵ןRM(N> ?`PS>舥7pC;c:$̰ˌ_MbpH8PGRRc<ϝkJ$[ԞYj;֯ h=w+K~QB9;oRw!ة *ԟ ܤ}u4a>f>\V1q_UP\)-zE9wAyƉi>Y\p9chx /ѢJ;+>-,}W?1e5CXAJB=8MB^S9kV똬9,˦+HFnP'9chBH싲-botJ%"?u_G0 cUe$garKiQ?C22:oaelh:e/:k񷵣ijX*X+p"12%L_Ծ/¤d[ae R8R$ .^~aieGs|+?ZMa'ѢO*Ws˃>?)1md [ +tkt&׀Gg ϲbcA%4"܁n1>F@KgkmJ?\ #%~|"xLX89*sT0\9]!\ S$W9:^S?pj[`I[sHk1ֿ|vOg\嶮WtA1dߤ1%Mq7BVш\hV5gZt,\;v4F;8q 8A>X'E2%{AfݡwF[ VGDΤ ?[O>..x\rԧ~ ]{Y ߥ,{apy;Тbf%x#,JZp֊3%mK/3}^8m8M Zfnsvsx;m ;#nc= $im_ #DL afMXw9ąbh4Vi S +&]@lRiBQUWX.S(׎k-LɈ5" t8$?lS@⊢<ָo.gv1B-t0o?4D'H?AV0cVMX4̆ia3$'&[W6fU + +!;„ s)HԀ*"ßeDKZ$mFt2TWL^q5."1֟I2h1^e⌆U/ݸ8Hc[ }p8!9L[XW74!?xhM{СtBC(~d{;'z7S]LtEd kˤK)Z1o4A%6_6Ts41{/0`ʝ,A*۳"d2[hvb;(d\FuJJkXOCG7 x tD{ kN[K6(ݮbIUѴkf3fHH-,Qiu]SAX%ihG'K' -_gIWw(\H\U*k㡸jⓜ+6֡O 2/wd<ŌF)flND<@|6mlڞ$hE ߘHN1J#C ޔ3Z'Bl^jj<%Rz:$4\;DBQ8= ]>&aSFl^ qsA- ṪnWkw&)b+'$Nk6u:ec M;΃ wDER0Lp_mt^q5-B_RitG6'[=U?U ty7*n9~ʲanccbn{ȐW,VZTR:4ka#|o1m-'|s`=bCw&6y'xcP&n=/P^0ɮ6'[[u^/$ Sމ=G e&[PW?-үfձ~IH::ߣ7 0‡>܏꧗O‰yA.v::LqvwJ  ^O2J`NMM7"@3s' Αajٚ-?UGWTp'-ݜ[D!}d/\mJ-=j\^3$Naĝr(iJ~yC&_/&.u,OP*A)spKS-ިSEdiqjOzU#xO?:%)&W!1 u.sc|;M}mخ9hy s>z@AB8o~-g>_ͽc>+7 ^TO l!I?}<.=96PÈ0H=hc evx04A4Xwgw'td~*W;ʤZZ3S;~r7v~JbZW>nw9 @Jc?~! U$8-:B:,om!fArbzD.wā |qMswq*} 򦃀W<3[qZ-K.?s.sR5&.>}4`zlK.hlhuƞeXgr?% h&^1Ú܆]pLy ˢ[ͼ$ZL6 E_I[U){MPѱQI81-%noft*.;0e:!|fd` fuE,6f͞iH8 [}+Hܩ8QCAa- )RiRBqc=S~?SIb4b!cՔtg8%.dRZ/rJ9r=!mؼ8*ln E8o.c&tNylJq :xFSP3!?d>b;d4o/ X1y؋^\#]Cnl ;:V;dK#o`miUs$/HWC{cNdг,niت!dv tVx$9hW:~ g'%" f[贏>Ls?6 q6,a*~_:TgK 5؎U/=L.}3L %1W&ܩ.&1Vm%$sµIąRj9/[D!"R /n }d[l8 |$&JZj}Z'T)F ;X@S-Rs"ilg&aUEjUZPTpzfn(JmjҠb=G)k]eJG21 sLYt H폳M)rn0bpsbxʒ4?iLgvdXMH>usc 3^ša2:ٙ켧'DvԻ0+jt[cHZn?gFQ+Оr"B]Dq9?QTn"J2ݾT8:S~0(<*6)*7]6 |GcLe q,f2r^n]#hw Qkb<'xO=V$Oʳpk4ߺ3KQ+Sꗂ_oL 4{%ʢq-Nګg{- ޗڪ*ekqoL$]!E|!\ $h*`T2@~MSwax )Gу9fN'>[b)ݠy_>@F giT+ֲ.-V9_g`ԩa-LUⷥM&6Uy4|6cfK5Ajlʄ:pv l$dN&`YEސ>GT8ha3x:<^~/$Y:!jl7jg>7FAtm 8pnZp:$ }Lj![7pBmZS4EҊ Ɔ2iƢ qϠH$wAR&3RS_L ]hcYd&+ (EQ]僯-,!Jȼ49L:|4z@'&8{2S"fydH52~81"{*wΧՌ3$qH'μWK&\*ʦ{ݤ\KD:^,ᓰB$ m/$oA7KpN7sR<:kގ@&aV| {,%;4L(wK'.PC>|eɋ8.1fƃ/[-mrkRqpof=8w:,sr6=ϏWwq_vq-mT/Dt-U^xxk~BYvPk.bby} r %.=͑iZn)ßUi(&~ : $k Dgz) .=PbVbRPG%ʋ桀Vee ~%QV.R(g3-? _)uAT'H[SKQKˮB1'+MM|xt?a->+AJ=I}Ž>+rċ9 ƈ9Sk,D|hl /̂O5J .nQs測*P,'ˆ cךd1fA¿]$uD '*ri i/+oa)٨g١a/Q`{)fv9Kh9E5b7.'h ]I/äZ˲}F x GԘ-.&.[(r5L,ZIҞȿ[aqlu4ء-핻 w``k(ly4A7T!;xCǁڰL M]OG^ƚ T6s͍b@w>T@^`!gg3gpA=kD$Ƿj-3%PU89>`md|ol8}*֖)naٞ:E'-#<-M)]T^WlmfGw 31FEU8EOKu7.bu32_x>qAו4&v&X8ϗI1мWB X"S)K-| B0&!!ƱfZdh7}B3Xk6 BͭO[,WS]tþ]Z$es FC8j ZJ.% ]ۙei(Y]paNHFYA_0;& P~Qշ^qھ"9}MC| ;q$M2!״NĂOdX.jꏰz3U{q;t2PfxhE>*'` nxnL&-2 zC!-:_˷ȟ!!:vNPڧxb @)ȔhPrL*O} gZ m54 tND?V"?jZ6 %!/OX wU.:?onWgLOJ[l^{Uj_|lF]) čhUqScI.{<,ҖȨrvj?<}G'?-JE&tjh}cXx!u [zNjY`*)%]}|ֽ'lڥOu jrmi2"ۙB}Mv잂#}gQ#du*EW`ՅT/3xz=.[-i@ЦI$s ~Fr?MXl=qCLٛ3 ;|ޗpʜrሷBͰ淭^ |I1E"9|4@.tt/avlw|rNdW'vXciv!],[0ה-*nfT)E tѻk%@kx`w>hu'"bܷSC4Š1N!RSŌOdbz:\\eߣoJޝxN;ftMߺQN(Rhfg{Pݽ> NA.EIehV۲:v{$+j!} iIpBJ&;OH\8;,n'LG.}[tkJyhl-PURd Du2{\$<ΚyHDNła ̐W$-BWd}^, nLaôhJ(Hz+ER F*,05\?+՜/J!x(B Nj["kKXؓ0i˪qٲ hw#1?*p 8ZbuR!)ff gbiSPeUHEƞ%d_CJ@f"k Go/K.1a|.NQqVҸ.M3FjB4vl"~8/ؠ2RgWA9qn؄;0kɝIiXJnzY̥z}!Cٟv(cRlPiwX*-UN~!yDzZq[g!! &pvlWt08/hEfpaL750DK5%>z18O",|یРO t*Hz_d~UQRšE.M e:VkãCOÜۜ"A2rZ*bfE@qxLi&+^X%g мT BsJ~ 3/ / Q4Y;[ P '! ŋ8LBɕXi^׬m"EJhPs^hPGdcP,Z5syX8K]X5!/QމUiԲFݗu񕁜\Ɛ=Nj$ySXzsҪHS $q8%:vAaV]CZGw Dk:q,u4L{peQ=2jMtmI <(`*GF盼ᔡc=UɛP1@.N5Qb4] tyW`v4V»e):Hsg!F.Y%N#1 =J3nyш\ z@|@:wv+kPKJfxNiʀUodncq6[{}͉k_NM2YեXd8Ě1m\_3Tr!;M!YCHlǨ_d^>LEYV`ǦuxX4`4VPpY:8t^>uU.Qrb!VK .k[S"މ?[%u=S:@>d3SX+5k] Y36ZswQzSހ克rÇX(ban4i)6Xpl\n`~qJrE@Pľ_q躙`W\`GZ}9#~֒t}`z "cG^)}&o LuR#="yim;x|g,3QH+^q_mh)n|/_ou&N)bSsNUsS[M| jE;(a!'o.uhmǣ\"ZIwE00 PU}>Dv"tٴoGR6Rqt]?dȗר_-w !揎XϢ]?˅4 dN^&I?wzȮ ߡJRUˮ9^lɍf,o]32u@ƔŠJpgSp_QAFs{%l͐$E3 AJ*pX7Ȯ{Lzw=q\{.c1&"M. r@+t)&_ήD c8""#<&C#ߔJ<4(w#,iAc;-K?H W~Y‡Qxbi:$X /Z&ʵf^2I*_"Fwy}3}|[$z!h:=dzeH&Mjv/uz7k,4~hu9r73-0fQ(FQUsCg[aw-wr d֟]&5z %]t 1H\(.iu|F8k 4HRHyʬ7b5vV'paNtְj:Sg\qjƉNt֙sЌ8"]m◕actiF3NEt12pIi//CS ÊUzʕ:V(b|RF?UcO lbSb'Mzv1^9RHDQ%X+Hݏ/Nަc/lU2F a]2Nx4^S4_ll^ʯb6s(0(^'bψpO:EcP 4c[iP`R]Rq|xB|Ȭ{|'wo,L`fPMh~Ik]\s،;۟{6_A}jYiJN.ĭ8Y)>es[$;B^ʷ<癁S֡J 5ujSwgy-<ƣ5D+"ZLp$htw(Dԁ9(LĐ&TOWqS!Z\j߲ >Ǩ͙[Iya(O!~ҟM;=?`Ovn3^Y R|V{iX*KpDQ]EF~ ԉ2VN)7Y\ jfS!]yJG~(^;Ƃn482Hy0ED0\m/VU?#_5fղhMr6t٩ lk;Tc落3?.%ھ٤VOh$!v>]"r*Rq9~߂s8mw #[t[_.U#d!/+-@(AJYSgp^e;&meH]ϭ|6.y=&s<,hfx٢-;0"8фv7S}n!Huo; '.8C4+ATCnHN M$Pf<; :SVX<hr8Uo+BQ_k֐}z$7S77#!P#y bVARZ;Y$S.*޲!ձ3B*KP| >p'D¶f ,E{9Wo+c6jtAD<.k f1I#dܘsr4֕[1=lr4hg(sDH{#|2ƹ<۴}XalmɉC|+h}O5r9x@!6JqdP WQ]!ߕv۷!Oēõu Rk7BҼ +7ZToBK,76)_?xW t*1u 6!e-W܀:czt* d Kh&wt˨L%0 [ ED!ӃW"N*m"MGB2-q0S \)].:OZ( }U;=c;52C զɏDI!&V T@ W:Ҫ^=ӝOL3gG;B퉢r|س&UኛG_U)ǾcLŕ" ёJWM}0tbDR r^a)ܣ>Oz/D9WPIcػZQ  iGc\m1Q@L`v)2^i^$:hj+}R5AQ?O^p;W zt9`v;EaNap qaF!Y{DYQyUsb ]RUd5bp@.]֭51SC g"p ՚ r:k4 DU _ៈ7VvZ; ]zWCNCw]Ij@"EYO[_iC9N2cxpD^^ĤHD4u&*OEgE%Oͳs?b[cl %H,ˑTjae48נlTWWgS qBL dQԵ >}RS/SY;esH&v?-\+4i:6~dH%Z]W1))!bx::skY5~p/}ԼpJOaWm HHXJ# P9#&Ԟ蕘;}ТUJcП̀ujXz:>C%"WTt$,gݠ=\-L֎L20iAzSE CI=VPۡg"3 i&_AȠ7u>NJϴ5 Mb}x qL=eU>o&Qc3k{GmW.ITwyC{HOsQcrQ)b>:Sճpo_Wv[w 1ϒO`GP>-02h$zt^Ŝ6#p:}Nqk$ @f2Q-4l.18#vG266 p܇]H+O1UOe@6^Fr>O,ݳNz8ɛ wL6( rDK)MXD~-Μ,^ھ m1?᧸3Bn k n)SåXCdDb K2+“YrwD:-WV}B8mtf+VdÎsfQec;UgӎIMf먹If9JG@--~ԊlٰJꇉe3XȎ3PS aJSS˵U42!ƉX6rmLQ_ʤ!Ҕ+1"fT)Op`Hnaҭ@ˇV+SD4+t7 nbUNY,>q n03Of#K~ȿUOIp' ]ÃWo>wȷ V6iFD1@dA_A翬>4B:zK>Um),j2t®b y $v*ED[@yZcXU4 Q\d+ {0ex @- fJdguS@la[sU=hWpXZI(= vBE8<%a_ϯ`9^+8kbA(IW$b9΋=7Ј2GRzC qu0.V*5X-&F1RN@l(y~;'@Jvu qd2qM쀠[Z&FCRO ?{ ձbpm1 kjv`DZ.Ieq/&^.a&z-EljFťZ)_J>i,sP/-Ǻu_M+o\8-jL4p-~_UY,b߶pB1]C#]80htdx?P'׏&v0;^:A{c{$.6]Ox ߍ[Y|:``ƲdaʔgN_ DyS~l{S `v^/VE\؄j@W޹5}9bGƘ7$TA(5J,Qm'^xXlJڑ F5r㌝bޝЖ\A< B16,`u;,U c.pu55LR6=|;/ <("cuM-菇3EϤPJQC d%䪠PߺFx#GFh /lC:M81=,r8 W~|ݫe ~\2VSX?C԰۩8!l(9@6Nǎ$g PBcPr%3,|clIƩ/t%ɾD?;G1kA&δmvzDfŁ,n]nryVawK&>m,L~&AՎ$B^׹u%\^Zs^fVa>S!3Cnso{ t¶owֱَT"]9yL حrTNpwq豜MS vYN[[P7ywƼd-_NdW|nc_YSϓP0D[<$JQ``42"O鸿= [2GT˵W%%=Lb,jb1)[ih? 4ӳCcwy1Mtm(gl-$"|ٗ®|\3ݽq֋ ^ag@}̕Mb},)=__f}ڰ Qd'}+(lπ礇1zλ!뭳PN5S cbv5";2R)>i.:{ZC)U:P+s-ֻ5^n%y88aD852;kQ`aqN2,GqM@~C[T >sU?*jYA[ot=KgC `VH.J<_EH^;Lƕ2%߰-If3_l#KHL}R%/ۺW8oV#dg kj*>hu0ySR'_ڇkԌyX|;#/B\{B!| 0xŮOqBJ_M vb/E׺/%q%'#F3ٴv,HsDzwr fM9G D_ 05'N-O?}I&q ,t1UxuIf6 B6S`c)m73쌱 2l{RKVkN$S EBF%Ha|pVgi_ӯrҤ.7?ϊ](Uyc}/~m jvj 3I-296l#vj%2z$opb(Z&* ?=Co./ԥNM O6(k(||2bjSտr)R0c|,Fúql9"6oȖZϕР2QiF_MU\[Az:N"Ťo< wK>.yHFTa(k k@"O`9z=RO2ؔ|@dI} r=x47ƟD_QV"#9,1Dd}!uFt_ '\QqSt㲁,= W=+Jw߄^׺FfA(ۢuL꫐jv-0mC5B|"2 =d!Ovω*NB"G{*F,ٌftďBKr ^Iq+_-o<0t+t~ٻ1xq=5͝mɍbUd8_dsP \2访d?c?JLu(IBڢ2%\B_~CY{HU>qTpB5jsʨx,hmcϙb ܈ٌ]\"yZ,Ez 0E)՜`B%RWı^dn]x{"_E;P{yZ$h6AiESa H#k28F%)5}"tN1hVaeQdŤrF q\̨ܔNF=@Ru:x7P96io0'fvSu6Qʥ׈]51t`he tS' 5zC|ZnjvgyYL+^5݉c4+Xs u&4^Ь)?ۧp0= 3M,Xc|]RC\-.- gA_; ^vU0K ̀Xߚet?U/?:a4$ž{<ղ4#EL~UK=,_&i]gTi%t}Gt\4~wx/Cg ϧ HQ|$Y>m1|AĆxM0iɑ&ேV/q Jy Fхie$Ŵg[9nOAE"Nn+iV-8)1xq?Wd!Ҷ#0@!%,]|eN$xtTRlAFx[%KZY[$Yš B@9 ct8KAxPtq<aݮCdAaΔ͝@Y'iˇ{Y8g̱8x<װp 엱]94ϐ.շ %{ Y_$èث␴gB'{oꯓ0b TV/'B1;l]7.@cZ'E(7E f }RJ,|4ġ77k磜k{8WU*EX/^u|"ߜܷoν09\'#㬵.`mE&Թ08H-4BݴE{ yVU+r$D21?pL燤h3&e!Z{&PTĞb6O\ 9^z$zc-&|%*`HyԧBay*v.;DڀKjM$@m̩7j7NYct 5V1DڥRTpEbB^TqOE8OIGa^Ռң3뻅K=tΌkJL`RG8#wnغ | HR^S ]6" mz4ld2[w'QBI=CBFSYT4IdOmi@-l U933o!69qNd:9@'|,c<<(Osf!TڷKTy+xrqgo?&1!mv\,Al\̻|  `f)AUJݹƩVag * % p{njԏ| !v8/3} ^ZF]t̤ֆOD' =ֈ b2"֤9svPӤϨoz_`4DRn7$K˼0n@„# =oak/ a,ipgBR}8"fc3C|cgCZVœM$W?(sG_&k6|Uz-[<=}ax{*dMDd)ŃxL^6*9e1<ېӵ<|L ..d9-%Bū[Q뛸w 3hn? ^Vuq)´RyQ7e.B\wAD/媁膳ߜ-ZVh]V@+eF|[%_-ˤ㼘tsq{Φ/`_h0EicS0?o U,y"a Zqߜ-!&elz<4;Ak˫k?vf%Hbxĕ(ߙƓ =9ny'Ŗ¹ 78uOy :ErwnvZW ^D( ;+#„ 4"6i dF7'ϰ>VBpBH8S!z& :H7k6XҁzsU9B5Az9,dúب)0) ]VGt~YGXhj$}HWg#2԰r ]<ݛ+],yYYV8"]#ե2D###$$@>ވ.qg!ˆ mx>dK۵aBx*/ gs"~-"ґĪӚJ8fer7w]J\9UvP yP=/-4~4e(ylǘ`wo?ޓ8p6_ άMkuV(aCDڲe!({3`UNY=4u&. &Z.ݠ6uKɡ3&-s2` Q*;(Ptf_Op7[!TxG{8` @Jb6 Ft =z .[IgNF,s[6NkChVSp5Dg>[sͱ9h3Y \n>XRW]7^aX+][M 9ꈐy^su> 7\'{*cDG7d3^1=ゅcHQVy%ߥxbr1Q? NYuT<j+"9d;npsRɟ?j 0FiNA #1̓/,f}<@Pf|NCbW(7NIJh]gWP!X l/ #}mmӦ(x76 a?uUsb)Ʊ)=SQ㓺4ui#5)X 2,|T`9.z >nK!:*Km(^훌^i^ 6̨ zsBâMYn.9Ѐ7 o)!l |%>oeخyp᏶uY%t^,2JP2x xat"b{q mLLi{߱^#Rzlj!^\%'X蟓Rg[N".0%j`\۴[N. ٴcSGPBi馢iAit߾-\atJZ,P/G@ҥԗ4X t2>ASsbD`nh˔`aʹar[ :z~).ux}[b ˈStmR/{S;Z JmmV׬,.,Iv0cOWG[q<8Cw~ea4Dr}#\6Q&~e{F>8wz4t;Hv0($[m|L|f'sD<:3+͢z'P'-ZV 5NG7E)̬|3"u"jPwC}xL (ҊYLf yUܞ1~c%S9^#ծy-? EYrw`"|HYg A:1l T%ujk,T5٠u^u ؖl&JCHȷޓC47SJ݉+>jv'[ |'?KdXU `仩_Q>}_-X&3U~ <4yX~.JI XtGQ/瀮nC;jO,j:& 3 ie#/fB Tt ra-в_\{ݱfpj)l{TYTTF!*,DaeC ##vM.JI̥IJ <+={4g>yQf`S șI` IYy ` r(I7ڊn5(۪}w]CM3&ИɄ1[V*cZD[5|/&[pekbHNJGz寪LVuL)yDMIs7&Hb $IMtXZG.侯7~}?W%K,kYg¼0FKoq.{5 gwhe&`c֢0cwpg#欽{I$"i"Yr*t=4t1n{Fr<|f:>=ݍ/fzΞMm"oac$y =߿3\;׉,R^,aD‘C3dIpwTYCE=MUמ{v3 *߶@:5̮]^w;eBLeBK "x 7u:>&v.XW.ZjTn/iWĵZ-ԴƼݖutQpX>sIEb5:&AWGOtܧ |w{oi-iॻٻ 7]%l/#8h9U+#/쏑T]ɏ(ۓ*(Ш}ln1 !V@8RHU!JPvtgfH|;!M F @0s, UaYEb 7nijQ&1W]N eǸɖajQ)a)Ri %@t$m;|PHjeA*cyyQWF9yvUo䳲 -\ q 1!h?N5S!&·5R:cb)XGb;ᓍU'u13f>Fq]Zk5y\SMOHXIŇ{:H>m0☺=~DsiMX "νWXn}XӽuGu )笛W7qjրAλ?uG3F5Fʬoyuj,(&S7zמqax*_jIbDI C wLqku= f$A8uCl j#Wc6VB܇یؤ' m4 lS܎_KX5 o&jQѕ,A,_-]-hՅ!0TnmX-3q,|&[\q)&do7.kKA1:3-AE!g"3IS/_88 kwm$7N Qog=8GjYՄ+_dx[KahV*#pE x~6>mj_~(ʧuDBnE vu})n}ςj~;3@ll #w9v'Cė'_(! rM<;>8BtuȿC_:W.L[O4r ?3+Fd:st8u`~)z0ZT_܉RdKC;Vh'[D_8$,G:q/&J% ?&$){Zh 6MOd1`dLYNg.IuIlo.dYTgTa'`r)Gkt\JUP]EüQ5dJ{Z.w #fAapL$MZApALs<ѓD( R-E?Hh\^HAQҼ)r_hZI+*$ vK7qA =VYh-ICV֨>s{H J[I'#0;I⇎e<Ȭ\|FPW|(?[7.#܀ߚ=xA'(ۈʞk l)!@vc?L&pYPCh9H*rBO)/Y;%waĽZ$%Vn_;%; ILzv V?`Ez ;䇩6 ;="?*rBaIЏ&`2%{RN7,cD !܆5ev`^)ptjK,yTA͢HosLh,O|I.!hN[>>>cd@2YqrbL?[(_r #qJI{=ã|gf_Qi<'߂Fghל!mGZLeG?lUu晆%c΅t~I\|t/w!#O1HӧWlƧ-49%$crRj5*}l5;tlLW5TOZ9?W Dr\EE}}*BfôjPLw#cɸǫe(uw _SO6wjnW5^U}߃YF82Ųgr3+% 3qHװIs>UTTt:nw e\ezf/R}2A¸Lu>̞'w" 4wzg`Ⱥ5HYHxor~o'þ+nRe*ZcL>Qà|ҒFO j8?-~=ya|KZ6PvYz0%;eqœc%xaOFs_ /:f/ ZR`T~MsBoKɑUWg9i=7%rj@B@ivLʣכ!:3$<;͌E))SNixQo]O.{4&t|Ve0)k}R>nR4 UEp?LSыV{{ļIvNdE/ rg8&J qzKzMH-3؁Ů:L}=%K̴G|78n yTe~K> f͆rO-p+<=bl SW)K(gLb&E-y}ճ]X 9ЂQD3[%/M :Y \dx@) 2:)H) # >tڋDVZZؗNa ǔ/0%j:Wh"áɋ(EnP!l_ R+Tiq.|Γ]'/Yx(Kb0g)R{Åp[kҥ4BǶ hfc&Y:٠ZpNwHg,zd:|bMgͨ&jƘK).3(fU7fN_ܝ7)'< [`+'CLJ\ .e!c{/[κ8y:rҞY7}Kflbc#5Ugy1y:?!,Yn+z_ɪT`-"}$ԓoEcm vrײL'mg۱ߡWBjUc YF:*cE5(3x@CF+ɴM^4$9t*o{eWspJ/گ$J1BD Yl1:j/$+aa䚒4 t0B*-}q KӱY0Tq=F~8qD#%xcIKu1/ק7*@rZp~M(5XN%Ku8fmLbso(8ObL.j; -$M'sZBƭ|@v̆Fx)6҈PPy<] Ҍ Z(́ %?mdF$6xbtj BulOV"]&7}pn`.Q1=UNN'1e@Z]n3d]!nJP} /LLRSn΄Q3M`M'Z(SdoSo譃u_F]ȅ3؍-sXl,[va0wkqMC7鏖u v5͡,=\#/62!T 3`c<}s7=ZӍK1vS

۶Fz1J5`QT'jJ'}xNߝ3V Ǝ7~$~G#4*k n5' - )Aym⒁V!{2\T'pk*gbyXL~/MKf(_|mJ)胢ևP;#l| g^,7+67D r{q,Xpl?O8׼v͢;U=RsuӶrF߭#UEI?6fyZ)Ǡ36sh(ݣgi3E# v>ÑT 'Fw%s+]# 9&ie Am+uMzq[!D$Uo> JѐM;& DxL1_H,)\-]WƧnub~ Q2kMQzS|,wp# NHf0]l5:jclVHY<Ϲ~j nӚGdisPk;hW͜~t@sg|G%Q\~4_Ywf %-n Cg 7. MpDB.^xq?&'p&ĠQ3Wx7F0.K ELNC7k]6\&D{gS t `ȯn3k2 ,\k׻H &W<4\ɼ<'`MR{sfŏX/1xt<78 zתKg[ ]E>QQ{´'4OS?G49'r﬎Uzd@44Z;:Uf+zr CA3~8`Cǒo}OͦzSz T7^n=-<ݏbSawH$l—= Q"(T)p|!elB&f%O'0oJyX.4ssԺl{O/>X<9:nE8Z9+P5J/[ f&o,ތ0{$3 e+o J ֵo,Qμt >7hOs:ΰrʙ5R S15@=\4g$f1r%` 1q;78!ӌ # 1o!\0]`e*8=>LqnIw*=NJ.rKwht~)ssH=? ["JOX]cᐱm,^8=/"SPɋdK֎) m)W{Ʃ /i&qT/uNd:jQpvN8t 3oﱵkS&V\`8n)iA{3z4mrQ+kJ*/5+w$ogSn`U/~GLj}oUj"8lS0,31;u2 st5ib{(/%ѥҙ9:ӡ'A<)Q?Y|'D.]Ê\]քgsE.>%7l@kE {譍'KWw;06lb}{S ټrLPW*uzkoz(gmF]>k&/>;cp~xz4ǭCA+q0r)D|sOv/ )hfJz]=wVn뵗R;ƃ)?[ X9_qVBCd+?Z5쭒*tyI[M {јᴁ&Vy?Hf;:7FCmV'Mp$aQG95f}OtW*qr&nf#f,o8Z۱ܹ>wD乳 8@a>yI=gT0 Z'#b{0e9р$F[eg1"~*#׎zܜ4]5#*6^ z/ApHVC3%κ>XNmn$lQ954`<ӟa4m4f:h1vJ1Lo!,Ğ@}oWeCI=nxԪSgZ8 t_dB}qfINA tXi##?qQRZ29A xXs|=o8[ZcU\%m;1,(5܇p+1_j?؎SQo@sѽj'7s+vE?1K'+bހx#AKc ~ qD3f2ƜTڵ(u'3P]7NBfpCA" O(m r\Ӊȋ!d 4qJyT+#h}"ne#N{]f2z|GO(LE1xuIc kY2ZZq̃^nqq8^u P{!TSE) j% _yhvT&BXdu*1ˉ]uF/*b4dk76X_iVek#1K{QNOZw][Ͳ' `9|J@繥#QhY: e~_),k>[&3b=tmq^?;`[Բ!U.Q[LE=,٢" n@&\]QkSij4|7Ylf>Oӆ'#$LZF+ b5O͔eu"|Hg m̉ L%]\a!Qbe.w@'+`e;aB_2~D#{Bqrw@P4@wj9Tc~Z[kBIuQމwys_ns' .fBcZ7}F}nK6ɼ+P!V;D[ $3y l%͐8SLm5.{=Э8&ÞçSQ։HΒkƴUbM\=;<4 0@7N/3* ^`IJj/o3OYޢlt\}qzO +)5 {}!.+0'?X`فK~.2Iep1U}'')j Pq\rh%{mZz}LrkVNo-9t"e4:>!(JE<ԏuM_ù/mV0Wi1;\4NH|nQC}ZLxi4oX[YC^Q5ˎs -VA6R.g]JqF+$rٻ%nE]6gP>9&eoyls[Y ?tND6dvpHMvޏDc-<@JF_cЏ 1Fo@Q۱YKMņT[ZL骙anDGu_GI*?ϽIZw6^SBo2/Քi3Bvm%gv7Ǧy߼qƈ L%S>T ePU(1hk{Jj>⁣snz1jq:* J4%ԗųw,89_eo&ѾOu7T/[?YPX-Xq Nb<JX[ bWn5m緦,zza"1i|nk2 ]wCSz]u~T6߳ۦKx&G߲h\ts(Y*shTӑvrZ`c7ޫqqpMZ)7NU.?TKd/$HwSE՗[VE;S";Oj`B;w#muc];ŖSsՠ Vo0񨚽kbݺ!y?'4 N99$B'h7ǗS)a赣#X|4(:r9[(T)%mEDVmm[2#^^*yKD3v&sGeJzPVBUmFھO2), uxʂ^s*tDX5@n \ptxGET4XBBU&^ihz# {^ҖCS<`qm1HLȝ"jNYu&aJ 5,xxm8U፹ᙊ`1{ /y ng%>ji4}ܖ:b KQF(|T"L;Ҍ6R*&'ډBAgמ~gT_IG8'ön? +vx2 SyAi6RqAj)p6 jz{K !s0Qp,Z7SlаYMpˊ~p)!4CH_+c$ZR6ӕ; 5v¨M.(XB$y1Qh! a=#/U|`˓\tkEL<ŻحI$YӐnvҮĜیI呁~ p!Jz;biht%@`#'7&}:8Ҟ~'3 6v"RxP?7=]SGJE<0Yes-.ߡE%7pEN,/}3 Qin {fS- e`hz5g$*5o1V5+(39+akZ|FfA9ZmZ!L(Z?_7d tDsV9lvo6'۳YԐ+436%C$!ݝ{&Ԛ[O۰e\`z`irZrhnOĒ MĹTvQ&6e7G U:VE}%9mБS^eʧ.5T4jưa3.3HҔ,?=!j " ajTAd̬CT_E}4[<_jD~h_W>9)-+@YVѨo΀5`:7F+eh [ Ȋԗ=bk4.HJ.}쓔MxBdna,$df{~be°qN/u pv~I7@HH:CM^>=aHv3Bf2vgKUAK%̳xp/r'C^Af+=Ӭͼo%^OmsL-NUfþiG#1j:ˊyƵ)9"m%a6u}ɟu8nwaFD-˗l;=0@x(q܈Fh+89 mSؾbKT?п+kH~s7?fZ$[8 u;3=ȑ`7\'.N M7kћRC]ybRyc>*WQD-yBHIUu`X@V\% Fk9z9°(M1>t0c@<F@k0d/|!j4C"R B=2jegt 1=Ъ=sJ!gx$8,,a ~!y߱#6tDt8Og;ۈ@uO 8ϡu$ ~{س#$SeEzZG ۻWsc4^৹\1%Pv`whctD)𜕕F-䂘mg mRs)3x2'Txv̷J- iȹKpt@cT>i; r OU\qVLeR*~m`%8/]-3gz{}b,oADzC%%oZ:W~cCs4Y+:K;hگ5;Eb(N\4t%;.48_h6 dwڨ8DI2g\@KΟ:^ĽO}|c}^Kbo4p7V*(ǓL7/+؝߳`>RW\z7yqGiDD#ϳ+_=J MjzWh1GP(707G,gp.[B7s#TǧK$uV>rru_;jI@vsca3HRLS(ea$~[[P,ju[3 *a=87 ߾f2-$s!wDGTiƕn0\e3'\~ؑ  #wEIyf@Yj ; $O"KKE^O>R vn8׾68DH,#/wt۟M 8nK6x}U\,+$)WFOYKG;jZ3 QX+d [ŀ0#Dx ~.Ls. (vK.4t}\ndPvCb$`oAS#;9u :C\{PU7f nbLHS׏$ yڠ>C$ĺiwP#7Hp )OJ6B6K&$k}԰=SP}=DuC[<&ʢG/=Ӎ%xDR!\bND?c6 Nn^lYEpQq)vyBy#/l=NN8[`pmհ&u kw9Tεny.ys #iEygYԇ"3s(CHUB'Ötv`cku ÿ2CbdeƅMY &yd!yԴ;iD/JvZ[SPm =^lRO9JYgA:e /i1q0"ݳJHr ?dLZ,I-%L'ɽ$Iu΋j|W аE1Ӽ"![I`f! ?W`eRVugq̚~ ['8yq8~D!\J`GDۘAV@HlAS(>\M*]\h[O܇/;mq6#<Bf c4];P秈hw0 E[:;Ha4ܔMl03.H&Tr=A~h7²K/(MN_: S={DSAiʵn}g{ckR.r ?T.1&3)Xmza-O \LZQmj썊榰=y_pWCL0%RxW?`TkÅ lZ7?ĂB4\xHڂGq/js( o. T2SRiAg_h vպ0Kb}GOR?RMM}pؖOu+*)l>׉FY7 a9`^_Fjk!^{Lm_ p~CUPeziЖOMzGIw> UVz4ERWz:Y|}m[)8* \ :HW[ԧ׺$A+lx J%o̾'PVjs{xê#jUu+:,i >p Urs"i2i{>6ii-8.?-%ઈr;DRƊҖūJͱM >?7'uuNj+UŐJ2 늉dɬRaW w3,dW~Y$6iHO-yK6 ЁsFI|..lKåQfth7=)Wg{p>໛+4br5:>Ÿsb")d~˭vѼ$AHOQZc،ݎuԪ>8+t?N$mL_q|%j3O& ?i.Op:MlƿpzdP\-QwZ cՒR50]iORnuk;j~[kPfh@& 5v {9xTp+'8|)zٗS2`6ˤT & duvܔԀxj%iiSN2c-Z#m?l۱`mF? S~}h-*fn#ZzqtČ5{8+QzBAu@?OJfû:ؑA"dTmRJ0l;s$wn["ªuf7J66nQ(Di?lӗLh8MFrKǪn 2|lsuGM~+Vf`Oc!w\SM=fA{GHc;Kw`do6m\}ɼo)9=Ԧ/xw7iMUŀwG@\<xr`);^Q{y?t->K,1h6'8PXL(Jt2]Epa/,j̓םSnV8lq`+dl` EE &?42k8YzvHTuC|1IWlbr|=x5Zm%១@"8 ÜG@ X $ v^K#`Jا%sjZ^B3&))~aWUpl! Ĥvi> %%s%T}ci"c_xszok{ Q.$ on<7KN kq pt!_ S1O$&)$߿!%͛ܨQb'  \ X~W:X!*~Qs-vű<7 G{%R&H%d  R˂v7 x뗌RL0.ϧ ]& =^7'CL{.jZͨ ?[AVI ])\}dSY̿k)5嗴(d(4lT(_@ 2m~y y6 Rx& L# NJF<0MLT}MG''>At6[x({fa_X"F)z^lRC)ߤΓ:|eMk_ˍB0#wzKcN 'LQ,&A][, S]*G,Zjf*YYex5}dhT6U tO|E< ᐴЭUGM^zp>h -٧} 4.p-'B`jSӶT`%6Um^jӡ ]_ '5#~1AuV:i0;4;AosD˝2mה*ѓH6'Q@Dz[&5W%$ymkz8 ?- +F'~œ$Ȗx .d4r_lK*ģk X?tՖ_e2a.FPbZ3_ ovcS.KdsG !3`Xf0W(Q ӌB-mG )82}OaeN؀?牌㆟PV?WYu!F|(oD)vEvt v؅OBйs=@KBD 9X\[?@4[ RU ?G|)j 9|]|؅w/#+1* Qtxg4Fj-"zD̬9o1/Ta5|.:mhbV.Uoϫ2Z{D7}=t RרaVvqf'@KO!|HO"۾4 ʬma"{MO풁'2/CЗmg[( -MjMĕ,qE$2t&^%=gu(7Wj7I0R0DjLV.P'qcB&FV$uGe~a1C聬ɨ*j lS"[NaF7xg=pkIZը '8K /BLAJY+0i:??F0"cWG@>Oػrb0 (2 cl5ߞw1 r?VO3>ǿvw mr hq]c`zB1ᑾQpPY^ݫazxpAc8(Ns+ʑYW~_Au 24e3|.3#qYKW\adK=I^;dt5.ĎI/e& r%'&yē*R;DEi;n!˪\p ?:{m[RrVߺ3 ,ɓq'1Ѥ*c9[b|2cli06# B7 L'-u6lX0&:3'dү OY 2X͋'%yuV/t{x^ji{bE2^=hu B\,/G.@ud:6aY6/)j[3ZK?Z/ kjwqBo5㽵Cyk(f,_ؼ?J7 #ʇ 6$x&rÇEky,Gn6"- y(.'hc?2F4:B߆'"7[N ֿiHxqYw cDdVuŒq/DkfZyS{Ls e읪K+d'UZ ,քI L8o*OCd^V3̘OԌ#0X}S!u opqߋQR?U0!ԕc3/5! ² zz#G:C|4+×[Ho{ejkTR[4c{XAcvl$NYDc?qLX>uEP1΄nʜ,)-\una%iAwM ø2um6ZDdilm]9yp>Q)>Vӭ3ϓ']ӌ\+JEm𦢳RЦk~*R1 I Sjq;BeD`>7e\2"Y98vlW3WV?r}(+JVyK*Bco@ Z ?U|&uf']TniDl59Ѝ1_j+x3(=׋FwNih10'6qa %02DxZ}*ؾ9sWh[wp2~(GB,2v}oc4Zqx!lYanݏ~$H~ưF Yg/+ vNMtʞ(+= W"8S<`@A%[bȐ ?AnI?8'.зOQOpƴBJXM BνS ^oQb%}/~G}3-t%lOt9 2=9tl7^ʰq)pF[Pʐ. sh^h/C;E{ y/a5 iI*}#,\%%Oyq%=Fܖal %8i_5.]|a@ 4{;PIritX}:\K1vlij̇2UIVMCST}+DizRBwp]@Bع˙jW͘JS k[n~%tX<`(֜q|/]D*߃\Th-&EVVuo jN5TTV6  9 =062 Xv|KfҮWfрKZ*8<7m@ X6j*Mvq:ooJKVegwsoZ-7O/QeaX= &fRk doIvy!0E&O=TtzFn!QnmV;JdƢ9'"Er ?!+\ߪHa,D8AwT4>8%(H~lXPS, K~R@P; 儧ѵ/9x_NPFli莝GyNVxBN0)=0;5>TLKƅ3ٶMߛzR&X)//΁-xooa1 d\$?BDغm uQPɗG:taNCp;$c­[ykb fa & "!<+zc6p?ݚ)O[ތXd}tA#9Jo?}Ho/nWW?+xM|糜}lK:+=,q_`MC|^΂[lRt.[Q^cҏܛQݥjNXJv.3yOE"WШ ÑJ' rfcozN(PYe {}R> c>c=ᦇl "djt'1+wMwYmFl JՁZjև*J[bܐWQ!7*l@h@{;ZˢcJF_ʉ@GЎ][U̷s{X*.Z>QB TToҧP3 J"iEsTo6PL3kDʪX/COhёz ҽO6ER R gG.fBү[Hmuٱ { ͨ1h b[-hPfx戍nx+ ħ@;oؐڴ }v1KZEsl&*4gLwɏlb`8> jlggp4.e)_ lQ?'ȕw\o< d*ПCHs%HۘC)#M 9Af*-XmO%pAe47ݒa܋Vc[5n,!,+{l*C˝`d£GWw ptҩ%tX?ttbkwðDoWO#JbߖL0uP,yr!RzV'ԭF詙a@avۓ)HLEik Ŏ*6 9/.m?/+-˾Ŝe/T :>-5`{.>,hn] ^)$7CϮhb 7§uX+ry?  S'ӠÍFeT%$e}<ÿi s ]A_0;Hi7Kv&ubE Hrk?Ƀ1& ۝>Rum)3(4J͠#Tt `$h 9ьdci%mLmEt.shޛ%ceR0RDFRD~BC#uiڒ Z7\WiNCa#61],gQbi#0Z]RoU`1ʻ8y8D]D9x厵U^d5pn,e*h9ă=gv/kՇwIc8%4X={)|^ LY^Aǰ3hXv]a8[6?,^ԋnűK .!gLފaň9׭&NP)~9;4<3Tn *LOJ ?כ஦ F T@t1T֔SNm拣DEiYgD?q&?g=V.s@g~T¸c7׶/?(CW}KY^1{|Հǃ9DYVi]T'B{sE6*t1{lg3K oO1iӒ0YyQ{a [*K?TGlL3Sdcষ{%(Y"V8U?Lb]RC7Y <%9Z4*A/;29a8,uFU 0U~aӨx$wM.Ȯ&dqyrp}LB9E*7#ѱЫ=Yj q!rOI+2c"ޱYGD??儁C{F<꨺`B{.U_ҝγ5OKLW^t3l|0s(p>I( wq[s.{5U ^Rp"gXnvE^vy~םKηDx/\w庝zWQH4`O[E(Vv1&?喃vaw֋pXn$y-C4-~۰f=h-fV2Ǖ,`le|A* c'iڬ_]b@rlOɣ eg0$8sN帶N@]=p>, b'"W?v7uӢ]{WvY؟h݊j^Rpba@_܇UԦFYK^= j əmgcį<=ő^0vu@h?R.֏2d{\<øAjNr6 隻{N]± 7."cƌ6`[ŽVZ!H轋v"yUv 6;n#Dȡ-⽢}y /0"ŏVطNjH5J}RZҴxdCKs}ΏPDžiыT`eԒO:0#8kB\kFZk\?06c݌(&;?U2Z _,no;(g8痭B!|Og!v]4}rXoIeCsպ>@AvnUo^.1+ TsN~/ix XЀBA|Ts]Hp,8wsoRPug @*D qu@QP7rrQkP :.g +2Ixy,DO+KcpŠ>۽n[Z06J&E4, bP④?HrC,"7_ӄRz݄ MXUD"\E:1G.%>eruQ٪{Cِqx$VSK]$c!i4nCX{eFDjžY{ >[H4i H ۶ Ai5l5W7i緱~׎RZi~CWf=muZ[6tS^CwQ:W 5٧n{'GVC{Y)h/hLs\ݩ*+/xA}n6Xϯt_NeHcCx1P")y}:ݛ4{;lx}"94O=06Up H^b:sڼ~ Hm/SNg-p;ͺ%̗u>K\@VkF9*€dIb s;r2TmyM/xTqɄ)/x?fdTSW`X- _26lGFnjXPwp_Eix>5 8L{PFדE43+ݠ|SUڟJC!#UR0`.F>}\dԥgzd<[=-Wm:w,p /!ITye{s+Rيb b=h"Ul7vߌCA5áI"uGDD^|/.2ۨQFma֒PoFlߗv#4g]sEgΓIZЀ9,hApMkBS珷7=ʴE\4'.@c$#CV0ĄpB V!̮a0pq[6Yp_BR -3O3{On:om~"U-/ۍnߎ|56r## uzJw{fLVn@KY%bG=LpF7*t6ݷ*+UMn[56ϵ־*,K\^7;Pڏ'VUjrHU i0r1gz1[ь M:E7 #"Ĺc N;~5IюCGY!ʗ4g4gB@"l4H/|nXB &KIKл.SѮ~ԭw`N=Z`pKv:Vnfj'Ma6,Ni$Ϲ6Bȷܜ$A7c ٘ڢZVqm~$,hzwE'0Fh8s oH^9(}"^yZQ#V Xc D.үO˪i(?q`xg;v捝56ҕ_ T*0r!!|%SȄD[ a.15l'-S8t+yv : !BMѣT70rah3r&RӼZD@rw\J|Y# dB*:?%D䮗wI8(/⼇* Ro838s.͎EbdP㤀67 GpcW'>azh+3n2r:ѹ_ 1ծ& hTB44Tlyn2Ԯl-.j[,- xNT39,Χİ=sMTz҈4GPRڏ+ibG!m+O4T=|)5""h|7m+$-u$ᙜBVnp쭇]Vg#~x {ʸr5Nܠ[eaUzцLRF(wy}UXZu TQIOH{ ޲onɐҐ%0)Yj}-JevaP~U LAl=<ǫҰ oFxLrd _we{Nb™-1[sl60:!dP&yBj%Q^f0ںc- jYǘ^y7XǺoew" (=%;veٴ~;q{||gNial bq2cy?w;)U{:OW B791f 0zpE?0(}!iZ$Ń[Z)wT712ށƟ<k#9ūa(GqG|G VGYNgtȀL'h!L qE6\tEğ v L9>QFV Wg1en^.4}c[{C`HYP/Xl`WDcf~,OxVa> M]Reʧ5LS5lǿR}+сv7J'6]A> W=rav^1^x;DY;Љ(cpJx a*ђ7ObADE'2w[Y\R/I{)8SNg[?yw1wM3^%umsD2'Q.cP Ÿnj{?Ӎ7*l0GY !)af{zpALcuBQ:Zt֣~e2ٟC'i6ARF(c֓[x6٦$,t^Wjw*qTy Hi̗* `J>EXaOi n4\l`<-oeiEwk=o\!ޟ=ՠg c90I;ՕP)5TÊ M>SF|irFW37.[=C<2f]7孄3Zsc#чF3lMmF^LHP<Gcmlt=ֳшQSRӷ$k䝽W,)x-ʵ*aɡˤhrPvk:n-y_Jw@&VlT hnL(6YS6bLh69ץpԿ[s#.G#UqH i:Zrj3D!M?[FLAc›,*$iYesꗛNN s}G(Bl/J0D=/`:S*⩷ĕMWYW/\_M@_W=6w# \\܌DŽ|2^&*)FW ])BW7G:AݬǦfMl 'V R^Xc|LL#ϳUf^ty?#9+6nQ ,?u05q-W#-W#(NDCfúAg=+[H୙$3OYK5[! UT p򠦒X7,St%HOs OD@J >hX% w9t W6uyBYHY#]&a%ȸ9mjm\#r.`fYC41Inwk7l~@[ʪ0L9$( ;+\bvW05k-aV&@lݶW|YѐZ䆤h*9}í̐*;7~4xTn#ҁ,FGbZpHvMm^ qw6Z69o-ٕv2mC«GY%H.SU _| aI)C"6p$FWnV,&C1Sۍ Q] y4(F|z[.詫65wd8؃E|t6~t{Ve '"@LґۃWpX6D7;y2gq+WXCۜ5(PUw[7!^pv2y,؏m[#f` Sѿ#<a1YU7mMYy*DL!)7 TA$Ÿ6rKˀw|jf*V Yf96~#pƩh[гzD"_rȏ%ߡݯ>@FPa vu—*F0&+*~γ{ <,aV\jK bTӴz/D]eA4L-).f0qj,8XGG35zjlߋ49ʡs3\ C [}gHPX-Ƭ+Nc7yawE1*A'bvXE@6fNX:APhHX[V`!-G.B]HA. 7.x w˳^O#::^Kk|c}SL}&FLfL֜Ey.Qƽsi3;^{K,?]w Ğ0نdB\O_v;v>/3Hb\so69)轋Qm+Li 1 ȇI}v߃'*\H4!sU_H C+( Ek b#X-ZMJdr tX[{?8C^lJB=8d>%2)e,@a acمߴU<(ߒaߧr K* ._u '50MG@nF;y LKc^C?&^0 .PH1<{t Ble 'K]x +a&^%Ts_,KuA]#T$CpȻ{ڟ {EfkRDkUޚK3 ̒;;^PyƗ=tTy:X Ә/];Ҡ+>ɤ`*+T'z\, m ,η <ʹ%o~Y9B?[ɒM3XGܞ .+4!:PנzAAg\-6o0e/ӜLwg`q RI$RB֗.zޤyfau_PXZIknՌ'b *&0~ y+_Iģ0uS@ խ`n$SЙ6wd _vtp? @(?w[z%J[GW ,HT#dJҔ#b?⶷RPj#+_b7h4 `I I|r/qe♻vZ᰾>q lww4 ^_.Y"Tpڸg3ȸd)lŤe6lv/:F IċCʩFeDM:Ζ^:`R=#Jy$=EW.ũ'"@Qh}g2:; OUi^" ӺKyv57s hn!mL\),$ z^}F8ڒ:"13F2jU2l"qRpE).Ul.YSMQG\ǘKWUW]k.i {SX`:{".;Dc!|? u7_QV6F2zjF|q_?12$2wJ{&?uݞbm_uPs gcj<ڒ_JO^صcU&"/ QoqFIAEH.jɼ52kiCH i.ھ9"m?!j.>61${Dùa/u 4N;t l76g<`FӶ3'/ !I8BrmpMXؖqp!dʱ*:R?<]&66ѯט Y<S\f4BҢ\|֛T '0]N = #@j:~NOׅM+#gO.bg.M1\F{`̌F:<:&%aYZaBݬt$$uVxe3 lFc50Z{HRSŬD`p~vMbt04"؃!GD 0Zi{s-3{jtb,ОaY|'7L[CypJ&r1,u~}.whpNFћcWk1L J(;V uԌ2驓M-^| 5}3$6l%T6<~psA;[_nsI?#   ܠ;lRpMb/Ey%^m_[p'^D8(Ʌ^Z((6X91x>f?&‡xLRSZ|7^Yv,=Y8zzR"ñN@Պ ^tegŲdiMm#0lNL`jӟ<Ԟ Q8=^nv1bD?MQDSuUޱ7Ӡ[GrtU.$G_J%K#ަeA^Q 0Ŝ H*F&CIgjv'/ߎمeInͣµCBO5?%I/A2״0.*`鐆Y,B`Jqg Fv< Z31$-?yɇj0ؑB^F *ͯF$F I1>T5\9FQn# #, ؒfعj|:qփPr4֥(~}E@.>ClJӨf=i=)8 pB̶X_ݑ2DzF_3z5ɡ5wO2OOZp+(uZn-ܐXLƓ&=S$OIWjY)hQXt /pf z!nKIPS@;dS'KE23<#Ʌ&/ a3E$4']mVGTj""bTZ <_@  ͥ ;"3OFu*kD=sSJťe+ϥj潷: i~4Vyο K,9oY"#vޙ}nFL!o0-P}bly {K5 ?+'ȇey]oe:T2^ѧTߧ՜0g u\x+a-$eњša";T++q֠<.ӳQY[B'I%j5=#!}#kzvoUaכΕvfN4D9Is2߯^ެ 0yYeg=L ϵ2#)Ȭ`r@e(-}s3;; Z/yX9⯄h>q15yW'2SZ$8?/-e`V`Ąr `+o[:Kժmmoܖ&pRʜS= {$_F[K>%K/# X$n:A|XDCPF ^r _ 2FIx]IEb)NIZSUg3/Zy'5@D0SQe֒٨Y# Rzl0q~bɂi5"!/ߋ*1'9HK%&yS%fyd?PAœN!ExutUu&12H}S6BڭtXK9_pߔ%MHHX ˦up" x'`& KV7CҠ ` EԅGǑ Wv*RFAg Jr=GUxsK=6N/ )i)mn*Fhasw?+\WaYzh FBU.VTr5ʘJ![9*eN%KJB3VR@y8c+ڪ:hEgGv',lQĞQF/}FT̤$a &Ѿxy]}3#a"b)h&ـ !%Xӿ-!zE.ۘve ذ2nwX)vRdVWrEYW@rj0 7.4u"K0ne,BP(s OXhB.?;(|ӷEQΫPՐԢ~Gi>fvT`Ab R0,RWq"Ɯ@t]eCQX9 _ώwJ#)RFȬ< X( dE(3T;hnhZuhRS/5mJo>v{7`S\8b(5 RBo2/T5v/ RvM>5vwwӺу!Axq/V|F 3789;d[HAbq],&bHh(?`vP!q j;%g:Z[;y1.>ADCjL ^na;2f)qūѬiBy "=0s n(䑜 EogMPk(n:h,'b;}mQᝇΆh [쪈@Y1{ >MhņoJ9#f .I:MC$,Ȧ+`,6L/x耼 \ݞ\_~ў(;Vf+cM(aqD5n뇶+HBovWJ]ީs݇&d(2i+sI0tix]eXo}ͳcx^Q4O /ԇ␝e_xl¦+ ڋ^iPM 3EgMnyݨfg*eDU@IBZS_`[v Ȕ./]7_#Y>Љ14rdYJ=x729=F޶30?%Ђ!(J:<+s!TE'D!=k&,3nb$p+$iG9uie],߲ ⍗!$~XUwòzlp(cjRENŶjo~ ˆPmba~\RldZJJ9z0@_q-I8t,ܩ%26cF_noatzJ1v"!4I&,j2'$U1M:;фsҳ/8J;-LArP:)Q_mA wז4ՔIx =0^R-٠ `I >8O Q!p`XqDZK 8-a{1JB?rb,dN%tbQ}<WA8> !K}ϰ+[.ds3w _&9aZKLI ?m5ad%"/K 8[S:F*M/`ch,ֵGבDiR4S3O,/S쌡 覸]2[L9qŅPg=ďVC.:|UX]{AT|y= zvoB [N|D ˘;.Ֆ*qhQgR}8*}w7+G(*^17!K#~/ZSIWpiSoBZD&b;loLϏyXFڦ~ )d@' ;޴qfƿS|&a;Yw&Ds̔=6jeؗYm %0_kC)IvhA:mW [Tv)_f{,A:LHiQ4q\(=Pv^]gڤS,TZrV!u@@.rZrD—1ɲxQ\kd~&ECTY<0uKV~˱O>6% Eb/P0[}o71iY}#<΅Mb!pEΞx~> ]_4Ar`囅aV@LPÆa_UK|7,Ds퇹5t:t''҉!q¹Z~(FjAq׉&m^?ha EYfwnTI>K_MxEABK$KwZp)Rѩ&yQJ[@hMf93<'~ l0d7$1"\ؕW<2TXro @e!Hy펪p_:X^Ĩ4z-m]eL`/U~)) cx,%> gjVL =&Z IX)Bq iw% zv*Gdd1Ni5߽N!vY-{*DEB}QhxstՒ&b>''CS]2Yo}0JzaE mh49 Z'{kT6  GڞRkdqK*$zBP]ţ`]'q&AM rZ 3TE%aGYduM0xե׷0! AO/;vUkRd Tnfo,a{")wAmhФw='ѣ*~D:uYH-9iJ/$?s߼ݱuʼn8xk`/u&TgNOU GSE IXiW}a?`s!{nSG9"lXag(NDTuq;`sW!QT &A ,4=>EkkOST%ġۍR+Unnj,93s7fX:Y΁GHXvKI魯? VDMX6 {@mCanZlƤ3\5tϓxm!Hul+#f8ADi5HMx>nege@UC4%Bo^\~hcgd}@@pN9~uEl>'-*4SHr'\F0EZeE`nw}aFl|\jaU*Ɔ$kPH$; c5XiL'+4 ğ$ ;z~]?jNKaU:6#熲QF{eax2x7`ԇ3uuWi!Gf0hH6{Hf0QI2RcLZ:3'A @sqko twbveq%j҄Jሄ!o=Y |ڶ1z6*#ꢫRtx.VQ]0d6i鲼6BP\!xy pV%Gkdtt)e'"P4t+HӔ/+j ֻ4$2-Nʆ9W-(ze]ޑJ nirؠ3Qmtqz(@}KOKT#ԚDŽyNo833R99ސ*x3iwހI~OZS0֠yIwU~A?@ȝڊ)c7,Eɳ–XL|<{䯜9XtSQjɥAX" |%yA#8iHD.lfn `Siw7tÊƃ#˘5$q82cTEƞZxR2LXXR G9򇋱3KO%tB ).I3lЊh&f?>k . @5y]:1C˳ZFEC3\{SK=DTİC$[˾Q'k>TvGC>tGc!UŗM{c@Ù>ˉj~ːQf.U6٨E ޣ Q4ܪS &ēȻrA>@u8}M!J%x7#>[ǺRCӱ=&~O~gnw ;8W2m*BJd=Q^)}7nQ+| uj;:-u74iM7Ϲ T`_s=|%c8J- ӅsS"0UX&XfH Ub0x3vVlzh"P6# ]ST=`© !`ϵ1UO` 9ں5]c,o8#U7$#E2͵}ie@,l(&BJYIvSx!ƾ;<(\o .4uZ_O~OI$2Rpd'vŷ _-HW%l=r7 WlFIٵ=m -5z}S/v\=1ĥU յk*uggR,Vw }XW<_Eܷ-U# 75@ZM> |=0*ݕG<6^<{+(}8XؙpNVƹ%,C3q5 o>)}wjβ@j#1]co6*Wc"`TQV\wOa)t.?@{CJ>H?YU!QgkVxF7tQ=7Z4Ѝ=qY g" l|ⶍiG89Zn:9,.r\8m0T\N^w9$ JTg!f[<ѼN TO0~K-\ȇKiN9@X>eYȸ֡$QlKB@vkR&yhm8{'h9Beٰa=&€k%1֡+줶x"v$i`#*\]LvD2 U2=ɣwLXJzLx}ăs4o-{d6ߔ a[jfPA>NOaZQc֏u !-T2ė+TZbc--"V+V4y=;<5(֞_ӌ`!fm0\("~Lʕ=o.nd\epvِ9T=G;ZkpuN["k<o57.$ƃ}LxAHeVO]%,粫 w[w\q`Ym[˥' l,`v@J?Ei*Ev)~ОC9j;ʭI]ӥ68#aa-P1d-KYtG0 =s63== !bg}>ݘ#DfAOwrxRJ*ϧ PLR@ z=% yigyr? FIWxZKX%Ogdx%Ks !vQ9AY0F yU/O7a_C_ng,#ÎnbG5 -Oh!'EWر sZjpŵ3=;㙬JNh`L ʌG )֙@.8T脓6Sw<޸jЃcد 6Y6YTX6|ـf?/T*&huEi\|y>.ɹ5}XHcMOM@RۨL߽ fLPP 6$??ʞɀ^0EYfLl4>,X؋+V<`81XU?KOCV1ǢFG#m1ha.2B ad.]I[eUEMnz9r3Ib.ܦgSW 4VW,l93k%DQU>.hUOTFWu4^8IQHe !Xl:y .ݸ}RB>@Ez0_!5A5uZrH*jc9N@Q̘;;h+]OYmN oDOQf\|URp|C?ʊb@|qT$aLs.0o}xKUZU^ woP_ Nn*PQ!ap{c nΘxcp[/⊜ٱ4`Hm˜LYI:H%. vֶdɶ!h+w@`]7zMibviV{ޝDe% ..9.ݲk fO-zj"o V_:Z~> ]L-rb:ǼΣz"^AaZg8NPc}t6f§0-<6-R[Qމ14#V& ˡ1f}贤JdTg|ۏ$=fQ:!_[Jk<#z5%_Q-]ǜj>x\Eh$j[rV=vn7}*oytD KJtҌ(Z8m-hڊOy>V!B Y>ž W>}[,/ -ןJ"?ȋ6o^&}LxnFTZ.|Q-;HpbH,d)ȵ(Z{eE6șIT1*Z-mÙBdE%Ycl{`D1(]>O GkĎuxDgt,;|=}[9>QKd;3X@Džэ%ҊE#OA||ԈfѨ%0z}V}c\ K`lș΄_V2+Xc9B\H0kww6)a S"˅DtQ(ُ޶U41IVҥT'$UC XQj"Gx;RR/9*x^a+#m,Σ0N1*}`F/L}̰!2B} .]|-p g=iפ ? "<6Z X隣^ς½*gۯv#ܪ/aٞTGm-GaȲ42,g ԷQ#geDXeœ}yH\*jHSCs-ܠp|mխOEe22iPP=IB^)7o[Z"șxq9̐/Q:_7 nf4 ϱA짅)-X _&냹 ,ݬ) /(>ڇH4E&+$J d$>l_9" {E~HëMaNͮt"+7eX]Bpw-2m=914.Ԇ9x'G<4v`xj1īo&N4aّЧm<根׀P’*)ZыJUb[B%i|\*v b]GQ12=T-"olWO>&a+|&D"`='5%9 <,;Y@/Iizlg{ \gզ sO5TNSf,R,@`Y:4t?Z|mh׉etfߤW&YĚ7ÛTYl]S27sHlЋ;'X-Z~1fĚNϝ䪔GD;+ٝ")gH`?BQ.)%,i+*x#-v$Yr8N S6Ѱ,Y\7ib|6V&PA:Q'u!|}{[$6I͵Pk}܍v4ˬZߕ^ >n{|o ǀ#>uKg-i&Ouf lJEv4o7狩-UA93ͫ>C-pHT֫pvm [Z^-Inz9$&ɏBgfㄇLQ48gN^{uZmvY78$)>G·FifDO:%Ln$&YHǒ8' MV+WNixpUp.& :Ju`S%лZuo3*k?!(6,xY~,gYxqMk.|( Afq g~zqq\WW@4}D>ړu,c{(d*i?i`ડ'$ 50=zɩ0fL5dG* s( ..Aq%*I*ה uVBZ B~/k!\ -:A)킒w+Z>L`K8^ dw^8l aijQ54ֺ_%]^gЯ.Gz<(_-1Op]*@Fs G/+y&A쨠k2,sAtR_FkI+e^D/|A5]_O˾!HJcM U?6{G=N^+O(&|ٮF`қSG.&/A$RaH4i/x~M/=em1x%j=7 zv7V*.`E5#fΓWF;>"ݱ*V_R/'%>Y̼s{/b78AHhۚ:;:/5?^tL& ^kP<TI{vdK?d94elCy.!aK ΫQX>Z,xZO 9-0JW])\nܽ6|H[ƚZILk;#5wK#ԁBo-cz.dX N)΁Tn\yU8#;McIJs-Jge,&޵4P`X=<JG䊤DR"`ela+m};^uGl2 UM!1q"%na?2+=, $=\[ %K׎Fr_Hbٴ2ozz @d 7]5N,:|zsDN蟳|mUZkUc(q`YUi .e"[gHDdp[F5i/׆{޶) _rz?ڟFzPsF R']M:&0R3ju$ZJsålv޼#ҳ =NJK7["vl,0] %]`[c_C@A\b4-~W>wmג/8:wy\jEv(J$t0HY"~x[쀣.;۸0s%۾ aYIEsAQ>־_vB hR@9X*7% XWQ[n$j_[`nTR6dZŽF#`i8ō [ IY@+BS,N^ ZҬEe-Tsw_# Ԋ|cB LDn`diid& 345!_QsW*$/&4iE~^xchbqεp^ڱ[IB$|\z;k(A 778ݷvm9NԽN8wnk6n.0tCF ydcFyۃJUˀVQAĎQ5i ߃@p#MZ1vʬߟ (6X+y.Ӝ*i-[;LܬŪlv`[Y=o +SaTҾ3 賮xGݬ0(NhQu$ʏ< (RN. _cUuǨٞ$jK9IVk U<: A< FSQFA .x=$u1Akt`VOpr)~s] ly4_+1  ]I"<UbigSRkp}^zv.yi>ʊ#1[O̭e,=3ګ}K1R׹ )kXm8~ʨe拑|[P4@!!p/sȝL[ w'6h3ɽ Q\44},0 {lpRۃ9 >dDNеP{cG4g6 n`:9g) qA+ƃSf@cdE2s nMr ye /Y}_D9Hñ2Ds"x$s >="xEIT|l98"'+^w+ [@UnYn#wvHKmnW K 5mOqvr?'Z_kS^d>3SGJ>3xЫwwd#tx=ETyÝSZ+G E{;"'>P4A1>QZ80p4(ͽ^V3#̿Ad=VcS>*XW|Sqm1Gۇl愿IH%l}fI+;7;fBVs*ә4&1υlp~wU%DN8#㮵xR` 2P'-2-Y b9.(Hm7PzD{yJ60ݪ c 2ݯfn jeqmKnֳfD*˸M$C!_&X/ڷIH(h\ۍ,GR¶}6a]KޣU[gWӟcOҬ}J8k'zjh:T@क3Pr N%4 ^/RB6tהUE" ['l6X4"8& o {:%d:DZe`3>Xh|+?@Q\&E BF*Kl=DZ&o7"M;Xόٲkes\oेOZ30M;ۤo>?M%7{*p*Jz+Ϟ%ϯ|EԺ4 6Ldf -lnļ5H|&^==]wuo3Ce(D`ם,kƆmEejdxt{`#vɘxN~Md+%. 7t,z dz@Ocߎ"E~:1a㉦ Kc,B'.MZE* R_?\Έ4p׾Cq\fVڣ:`sGk8,c)Krĩ-HÂ)dteSj?,wʸRk0P@FMb0vZJA",^`f)Y20Y %Ibƣ^SK͉CV&Z]Sq3Rs Zl)v6 Ã6\IY9( Ay *Z航XoBYMdؙ Ơ< '\p)"s";B;Z*u]g G\%G47妤>ZR2kW\&n`'r_v}|[ѧISHAI[t4xY$/Պ0Dj7j =|1C>=1BJ (HWtjBݡv6F/cۀif1\F°c[L:& Tqܧ# `x܇`W eLn1._t~>sQ \cqX`?ǢWq>)&Bz!%Siǁtnyr{lcc([m[f2iKIU,85Vп5ߕȴ6YSdSi{z40ixW\/DTݪlyM7<[y.1X2\5HK#ѹ`; ,!P~d/69`=g»SIɈ1x)咻`^lC:lT{s ~dmL.; 2L,-Q`Rk8pYiA]]w|uѷB jA+eoP[g_ܽuIai)?PV J}O +ӓ2?`=j|.3 c5˥;xL LpgjS(! Gj# ̀b| C;HΎ?DVu<lbHunzїRS@x:57}(tE0Šz-*V魮؇g|" ,Sjl%!RJk&iU ⮄h?2b2'[({כyxލ}IRtmt/ Z?t~ ;IV?w;q֔s*(-G$Io975VJM^lx.˱;i^H\Nk*ZWFyۤQJhEcT|+VP3 0!*bsE"ƣ0 $6v%ͼθ<(%CPsHxBSo Lv iD矌[ʳ/*ZG+ime.Ty^]qɅ\!96ir &[/FHv<@8>sə-DУbA2+ Ӫ6%@Dʒͷ?2m艋lW-W+rV(AUh64@yNRMawDU넦pUMA}=flb={FkdX ˠ1Zb}a0Xzs|GC;;&({㴿!O 9š&8t NkMYFӾ~&dғ 9ۚú`ꍶ(lZ51yA#4B;TJo.i0{nx1'6y%]C99 QP}Ԅ ; S p>jgȹwЪT9Խ?2=K;.h>p;`?8E>↰ VV^'bKTss >6. xz1 Bぴ= m}:M /Hm"{2L>eMT%F$ BI7=|2)klHR]k_? j~QѨY&5eh S 8-&-B|rɧ Ayk\}] |* x <7Ecv;TYG?j1L8DAaUXf.p g=vxJGw];y@cY>hǫ5ݨL΁Υו;Mj/D AL R9va7Y!'s4TwְTyc`4ZrѶn"ͨ(b1ёY5:xV;Y}j^vHά-f~Ym9VcLVk^a9Ͼ.0cߗA>P$ CC5V`XXQl> `8faIU@\j̰bӝt܁ ~`"G FGvf xMufð_shGX9I@ЯCϙHTCOG{fVrd|R%-ʬaGdbՄ :U<:˪t9ij@ǯo(<R##nH) +RWmDAk}a6wr;O^_49kmB`3( >~RGUz\=U*Q;uĸ]2 vF!1xX$g JIjرL}g]#kOYqۢ׭Qا\D-QX.=z,`Ws)%3jja2z[5LӴ$47X ,R3ALPW`MM_U6Gڎ'SVF/D $;`=j#Q\)[)U^j-UC}wIeqXr1ZGس4o)Ekὡm9H`vklٺK2W=SvG5ԵjdksP|]M7:]'GlI*- .hz8'}z8:QMv:Mo&gmn\Q& ]xAPQDN΄inG8n~ C%Vg΀=[o]y dG$?˦fN{e4/`ʴBrQ<\dKTwxcYZqm~UUh()! pPZG}0OBBjdyCVz6ؠ`~z QdMmןP1o'l -YƅIuu ͕!ݵ O9^'g(͍4o)ĸ8^N@3MzLKX?Rh 1V))YM{Rfy1\CJӣ+ķZmFƬ%aסdvM⬌Tݚ,{B^tJ.v'eu] ԀʹBqoxLJ$Dsg&WC*U-VF`̤(_&9.qejFfI:DVv!iťK$7k ԫo|х,/sr˳1i)'t?p*,$p.xd|m6QEXn . 1̐tUa$wIF?gD<}NG _"ʹNz ҵ4 Pr9RYS |AA0dTARt1h>@mCr[\ް^;dڤ &jl]/@%aX6bϷxE Ҕ`S[3\զʑ##Vܾ-MPaiB^Z@٨:ԂIʶSxO E庼r;"#-gM/U3x,U70#w )Xrp| 1 ~xGLҨx),<>WǙҥ}y Սêyc:MCy!b0jmA3:z,ʫ-䆴 /}<TV[j+v(z ?r&?U7{1 lK  ΑX:OA^H p ^hJA #U~ F7FML~_qEEN k$e2ʕgu;-K 1ظNXV;lM bo14 ,6SjV1geި_;"R R6~%unY_=<(M%v7H]~(wz?hlgV]@ KJ0*S%Z'x dE fs$-!Z0\K}/d[صVQD ׊IWfOL= {w69rP ږGsˍ%eTGql."VJ=alkmho)A\2DYӦ/uNSvvÈ47>HRd@{$Ep"e,?w7jqn#X]F,A )4'_I/A*cek4 +}30*Y.]Xu><9 gPYמ\!_-^--)$r/t[%<:QI) $%Z :H'194oi6~]9_GkjQSVR b /G0Ft(Z7zn <#j+A^k:d 1]5ܠ|4bFglbH5{?_q>"߀QR5JG{4SG=Ǚ3 T:hf7 9h%#ӕ7nm; <|:9:6qg_RFtW@Ӡr_/c.V~kahCXy'n`TluEqdV$\?XyBzE(BpgyUFA.X P]&wMYᩜ >V|K:NFjI2Nu`ݷ¹8G_\EׄmjԞ.LrBuo}X&`̯_rOGh凾YiT(>LfMMp"iČg ̳_Yˁ 8G-'E W,dɈp Is`ωzhlNcMWV>]1҄|W %ohNMh bV9M''+/9H/hOwd$*@j]Kx^D"M󖔋|H~r& %VdA}vg|!h {$@]l˱~n7̮VCD%.+[H&E[SrhG`<罓SlEޟZ}ko+CVRczU$HeńH]+E==[VD)ʺ(b OdB.CaIg-v"3`$O1Uэ6?3'E!穩bwceCtU%"mZz󟥘6 kݠyM"}g%sME~#ğ7aUƓ &y9o7!:UXHa?S9,\}=^GH_o8t68+ƻq$XSȧtg| oޗTJ>jKQ⽠j"f|8L8H!N zK I]CjӒ I[Ҹo"յz!DE0 Bx !X ڪXAV,=P(LpoG̾(AgE%p8] ȤO#݁j 3c"f iz<Ǽ9TŸxh''})RO-? )͂,l[<5hρKDFRd.՝B8qcXF=@@uZ犬&e1ۂιN[懍}pPs b)o+C}f!lPMzgnewyspv(Q6IUl}=n9y0E?y:4Xj4^q>9aai5i{ճB8^em-.>וtp/+rt݅6R|w[dȔ_ǘͶ8zfO!㦷(ظwhxCt>k.#a.%9[E*̋13GK2_a: /"W @~.΍9U6X!;Xl>ǗfJ[vXF/<T`9rxjΟtk l.˫-*iRduĘ 1qRBUM7xQwÅth<0w#ֳѻW]X.d gԂX*f cýGshk.a'+^O(ۜvK>F> =1ɘ[*uڭrfhXבGroQyf/2'u k a7@ݳYVp'SXbnyɳ(e#_H!B<EQw䀿a-b.<(nڒ\* <㍘.'̓Hg`X[R}Y`g>]OyDo`GzblR O v4$O_И?c xpFPIW\d-Ez m߬!WI>3HO( ?5=9؟:Q& vj Q?,#vQHmёd_T"NPju`Ʊѝ/ڇZ̨݉g{ /V7[aA?*=}kR4d_mXޤ@t0{x0ӫ ᖡ;&/q2sL/T"S,d8!2b?MޝӺާ}p- ]tp8AA" 0tTKI6@׏nqSa&@ ,Z?|U;/) &3EVaʸhS3f< 3?c0D̜O@팭]pBDpfUd7?xWHeV kz s[dcN2K [R)0줷˺u #J0JFD-)wFė"cphRb8Uv?:4( ij?z59 #{#D;}N;sX>"L_ݰ6"܁@ fCcߩO M`!.OUUvz>x_~=[4fy$K`wHRYF2F'^=b7K<7*$5FU``ݘC#EefsqO[@_W<ۥvmq[Oy-%Xj$~\eL E XwA}֝hV !\0v빪f. UhArie3eshbAU ;mhPw4P-i}P:-uɚY1|tg4e;0Rs 恈@LIN5i" "› N^ػUftySKlQ@\YtюD\'6j>76_x3:͡پnM~L~5, mcc#K3\U^ NbF>_$({5iPΨa5JmUb$m k Iñ 'K!ڼQ4/m`8IUfagBwԑ ;mi]! T!l(V6!!v^:ՃDT_̻?W딑--ig o +\$ N&-{j`LZ@(~C0K֕ye ^GtθS!"UDn;bpb SisDRe ٝ#&@;5hbP)Rla*s$^&4/-w|LV#X@ 'ofWe ;oq3zLq1z6$\.*@dž . eM uf}2&"t!rO3u8$>*+O~ ^䌈joaC/v/|I.]gA*˷7~#b7U8/ tӡ#.u%(t \PxL|Ў"צNpK.aB#H=h.#0'>T(s)v`謺M7A/ĺ´!1BQL%UnwOxBT}H}6SUd?aj@09^7R  ^\ګB`_~fl"9mケVy 6{0ҳI@-ypWٱmap2bF.;H )esJj7ӐjM)Eo ej.JF8`F%wҋ<)SOn[}7 ]XYMs]@s2\ll†w Ʀ[c^.6x.0-nxmND/'8"41˨)#)uy J`gv('mY"c7].8$Ӛn8+f6` YNr偵Cu|"ܣyF=Vװ4 _nL$x +#kQU S_Ҧm_-15J f==*oԆ;DV(mg&tiZpDF8Yt헪IuG#aeˈئo&B<c&>pYkW&O1"jOvsZD'Bܛc)儦\ss[/6ap޻f wmT͊ꐸ3UIY԰Okং Эb=Ӛˑ-[3u{]=L: W<|$)Ə^ZbԍU ^&"on UlzZ"*Ǒ@{7(h͙Z(n x^90i=2,K L_m9fWa[Zʪ'"&rQ@u6%}J#eCtĆvnt(`|ts  \˿t/8K<=G )ʻH %EQY`r6w?);ʕ$YHD8'If -reVSIDn 53gvR_(LŽvju9lK/N]V0=fTܤ P hi?$կZxL!r, '⚖r_nb-|wSU7ˍTqCabI;YwtN[vA7+ݱVp/1Z>:* hYUOGjO0^5~ ߫l"~Irq9 [`k9&o&M0ڗ.? >,8l`C~?BN:=JםR-rI5qLi@e> :${0329o` Ii-akFJ6PLן,|8pg6cFLtwZ |wYEBr'K79@ϡyp"2_{炛2)e7|Gٮ| 7].3+E3u[UAW6M+vz s18kJd뺊v;zz7 /N`C tMg؉G{6<ܮkCAK*$F1 V&i^q{(kT-dˑM ucNq4.ӹWe' w<`Nj=3!P^rrx&\2J􀆳zIJg*[cUƇ2e㯲w1aK$q8i!ENX-Hu?gY{E^IV^ҏOX%gbI/J.5-_cC*dD57$f1<9}.V($].Jzwѿ]HiyWs9dܼQhL5ec> /k46;HAV@k8UG`޽rUPD]O7$:;th[_FDlf|ElBMcqx>P NB7$ ,4t/6-Y(:J1U:4+Kui+[2E"@{,N}=9<&= `N8eʀ ΠY/Gi|Ӎ"z&l0o #$oM*qN9NGI0l>Hoqg;0( x,_>H=x݁+6$#e޹Rj's$|w_6[Fz% ^'a)xmʇHP Kթrä{z (gK7o@ zl( >L;]h%;0 !'E{AeKm&ቑl 9x41sPtSԯE"2I.H\ø)sfW~1cxO'.:.矹hosi\d:GKJ|Ē3f%Va,"''%Ԛxx?Q^qG6q2,H,cD;ld6י80Z~P(“ Dޡw앃\u ,1*GYEzFTVb pAͷtkrHZ^V΅]o-r>I1Jq$۳$)!rIMiG?-=ԙOySLktz  ςQn DV7ӫ.ﳦXaO/{ټj# ,6`3)05%hu ^TAJVI6;wd`w*  ڮCtXskTt>p 8${Tf{=ɑn.4*v8@8R:T@EO(3йu&''|iE<ĵ\ &xebL5Pn>vcJ: 6Sڑ|"'Xǭnf $Z2ff% ZEw`7]ug3HV &w9b̸=hH=ކ]U̲A/ʢ~Z]( &F)G(o.Y SV- `6UV8Dy;% Hq$w]~z H4}k+V8\P,?`J`:AcXS~):]2 >0:ٗu,PsS^s"fɣq?qNKt}ъO>I,[+#mj. jP6Z;)AISBTˆX8t!H0YӌW-4,v(D_ ڴDw\PQGi7>^d05k:[HJJصҖlr@D%{m<MkvhFGsv^ !TN9mM|XdUJic% ӟ2._lQ8Si.!Ddp xYbFl\3`d_+`ʑ)-ĵy /z [Q*F$,\Dz$ҽpuQ.v%=Ef Z |)2&>h Ju܇yc^5RWb!]u,q& U 0ҕHaIr0RuGAzoHG?{\gs@${OMRg3_.22FI+,o]uTf) r-^o#ڻ;|/i1F V1n디T)8?}*,ͫʐ[pzֲ8adYƴZP #x%c>-_͡iv~N!'I3w$2_C1a?'~W5SI<ՊfX3!.ɞtIL&LE;ՁwM 6/PҿTe,"#M(R>%hKSwMǀX闇2ˍ&5s-=15;Crہ80Z*H<: n V$nE/s َV9bm>MLLah iNkkP VQ4 p$6Jq$ЮlhQDB\d}2Fc"9C97a2PV0Ւj>rb3K c\ˑG֧iDqJoUHpʐ\,o+*[Iz0(oj?(͗@ "'_YsDi*qxя .ٝ`]_QzJMJZ֬YK G ~;5a B8} \!r91KG٘> DQ}VP`:H!t\sfa4^д]t?e/YFg6sn_^ok;jExxFhC)/ucv MPt<dAi3j~&bU;eKzZ 3ֽ$T='o2U,pa(^^*0x(6c$s"萨e%[vM%\عL4DLzJ_"H?{@qj(I|"O9|CɥcُLX9g k;%>T" U5̇< ~Ew^C:L~{U\e~MPk(\n͹`-if*3Y} Tq&]BLiuk@3Ώ8D75>WC'2cG% 0XA*Bb龄u?B-h~jhBUL%|x 44˼ 96ŖU=:btNmcwP-JZ!YV/t.ProG64_׶mCޞH0 ~KT,1M<eH,hHtW 6koQns WQoKY!Q+!J>|g*a۠:; WбC'i'Ǫǎ))m{KƗU>jTs)`E8Y #yLP##MjI}م7%v~-o Ek\>`S~r)8)'Fz=w`1Y L-Mo[)o )ðz#ކnrqQUsVK0<qf#ݢ &S['fRBwmYg8_>̓88oǠyc1N4!o3Z RJ ]9&imͰKsqvKtzG0~8"yfNJLsr1q=idyP=/G?,rBaO hYO(IwZ)9;<#JtEW5tbbE 3@_G!|4%8ko_o$`L-pz4>hmxQbFyOHXf"&1Č@a|N Thi{-pԚKJDK .47 X^JӉl[߷cR`b(-|Pk v _[[iр?²eJZp˪StFKp=j2ggx{ӣer3 ?.w S9b|cU # v"yҕl(*h=[}P2Õ54y3P%KQ-yrE6*#y,j's/kNJ,|S^z=~h }-|Kfux_ is/pg1f8a{&ǵj0`Hraaz>rW該X >ٍ Ca_:?7sIkAcV]R'v->l R9~72NتrػZD0>='Ч1O1zYBmjK 5Ԇ}^~U3-ާ$9X :lyjIN6aYHPt~ʓt]Gn ,|D\rs/fZebpؔ4YĪĝLNk-@=qVNȜ ֑MЀ&~ tHrj[^$tںNq]tb!} d[Sf&C5P^Oprnh1P)O_Vq>q!uȶF (DLXԳ*9s{ٳa@.|rx Y+lẘD*I85lyv]\^HK<,-(THfȗhuLX3ЙNK}$[;}4u\MO$şVyl٬DŽB1(cbCྲ2ZbIE)$5c<[ceQ3к*-'RIY Q*ZPRy@CJ\@Xմ~EٷJI\QЊ& ')}RakaP`蓤[/ (0FO"t'Qz`bDu=@ 5RFU9~_gXlj`A]r! Msjm yF%qsT #@|[qn/} N8 uyL M#f{M7)`nou]zZf&=ooww+μWz$a݀:@0x/Z#_-ieȑ9nrKRKj =cږ'^2.ȊV{BBVs[9+wtxz"Qg Ue|&yi< NqdL?!9Q-Ưj"EQ!.kgy,Uu~Ez&ȇ{x!GNc"7g̛* S/l8Ǟ sB> yo 5,}뙘6֨et5Ci6Pi\E5Ez,zԵ9 c5R#

K"Ͱ_-6ǀa?lNQۙɪE{pdX뢮T|WՍ} 7>d_i Z1z/4TJ=.N!6A:yɅa4 4ڥOl̄.5C/Bp",q PO:pyF{r=ʏ#ǛBOrGD7]X++C>