libsamba-util0-32bit-4.6.7+git.38.90b2cdb4f22-3.1>t  DH`pY_m/=„64& %-Q1B[kF NuI4S}E ~V iзwnOJ#U69H`BCeF?x=0Z;( /㔛'g`찝(tB~7H02nO~_vm{my"N=>Q\c,`##„ ڦ*"یFF^ԈA}Ą#q\%Jt4ii`vu9 VxIkr챂`?$6V䬚:nއHxBAAFF!~tbmD b)឴W tQhGd UP.D\7,\Q klh4ظ(CG(2"g>:v?vd0 4 S ,4 8 < D f <"""(89:= >sGsHsIsXsYs\t$]t,^tVbt`ctdueufuluuuvuwvHxvPyvX Clibsamba-util0-32bit4.6.7+git.38.90b2cdb4f223.1Samba utility function library Source Timestamp: 3761 Branch: 4.6.7+git.38.90b2cdb4f22Y_cloud101eopenSUSE Leap 42.3openSUSEGPL-3.0+http://bugs.opensuse.orgSystem/Librarieshttps://www.samba.org/linuxx86_64/sbin/ldconfigeY_Y_5c3fdf1a02261a0fba43939e08996ab6libsamba-util.so.0.0.1rootrootrootrootsamba-4.6.7+git.38.90b2cdb4f22-3.1.src.rpmlibsamba-util.so.0libsamba-util.so.0(SAMBA_UTIL_0.0.1)libsamba-util0-32bitlibsamba-util0-32bit(x86-32)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@   /bin/shlibc.so.6libc.so.6(GLIBC_2.0)libc.so.6(GLIBC_2.1)libc.so.6(GLIBC_2.1.3)libc.so.6(GLIBC_2.2)libc.so.6(GLIBC_2.3)libc.so.6(GLIBC_2.3.4)libc.so.6(GLIBC_2.4)libc.so.6(GLIBC_2.8)libgenrand-samba4.solibgenrand-samba4.so(SAMBA_4.6.7_GIT.38.90B2CDB4F223.1_SUSE_SLE_12_I386)libpthread.so.0libpthread.so.0(GLIBC_2.0)libpthread.so.0(GLIBC_2.2)libreplace-samba4.solibreplace-samba4.so(SAMBA_4.6.7_GIT.38.90B2CDB4F223.1_SUSE_SLE_12_I386)librt.so.1librt.so.1(GLIBC_2.2)libsamba-debug-samba4.solibsamba-debug-samba4.so(SAMBA_4.6.7_GIT.38.90B2CDB4F223.1_SUSE_SLE_12_I386)libsocket-blocking-samba4.solibsocket-blocking-samba4.so(SAMBA_4.6.7_GIT.38.90B2CDB4F223.1_SUSE_SLE_12_I386)libsystemd-daemon.so.0libsystemd-daemon.so.0(LIBSYSTEMD_DAEMON_31)libtalloc.so.2libtalloc.so.2(TALLOC_2.0.2)libtevent.so.0libtevent.so.0(TEVENT_0.9.9)libtime-basic-samba4.solibtime-basic-samba4.so(SAMBA_4.6.7_GIT.38.90B2CDB4F223.1_SUSE_SLE_12_I386)rpmlib(CompressedFileNames)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsLzma)3.0.4-14.0-14.4.6-14.11.2Y3YYu@Yg`Yf@Y7Y7Y, @Y"X:@X:@XXsX@X9@X@X@Xg@X,XƉX@XYXe@XX@X@X@XWXAb@X-W Wv@W$W;Wu@W#WW W@W~D@Wj}W_WYZ@WYZ@W=W(W!@WW@V3V3VV'@VՄ@VՄ@VVIV@V`Vl@V@V@V<@V<@V@VjV]VI@VG"@VG"@VG"@VG"@V(V'~@V V7@VBUYU@U@UUAUĝU@UU@Uy@UUrUq@UhTU_@USaT5'@T5'@T3T12T->@T->@T%U@T$T!`T!`T@T@TSS<@SS@S@Sہ@Sہ@Sہ@S@S;@S.S@SSSS@S@SS8@S}SxSg}@ScSZN@SXSO@SM@SM@SG@SG@SG@SG@S:@S:@S5d@S2@S,)S L@SSSS@S@S(S @S S 4@S?S?S?SK@R@Rb@R@RRR@R@RRRRRURURURRR&R@RR=R=RʚRʚRʚRʚRʚRʚRSRR@RjRjRv@RG@RG@RRRRR RiRu@RpRW@RUE@RUE@REs@R:@R6R4OR2@R(r@R%@R!R7R@R@QQQ@QQQQޞ@Qޞ@Qޞ@Qֵ@QQo@QzQQɆ@Q@Q(@Q@Qzl@QdQAQ,Q+R@Q@QQQ@Q@QEQ@Q \Q \PP-P-P9@PPDP[P@PѬ@P @P @PPP}@P+P@PP@PBPBPPP@P@P*P6@Pd@PoPoPoPoP{@Pb@Pb@PWPWPQP,PPP H@P H@PP@OjOjOORORO Ọ@OȮOȮO]@O]@O OE@O!O@OOO@O OoOc+@OaO`@OKp@OB5O>A@O=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2.- Rebase File Server Remote VSS Protocol (FSRVP) server against 4.2.0rc1; (fate#313346).- Backport upstream master fixes for samba-regedit; (bnc#896536).- BuildRequire python-xml on SUSE systems only.- BuildRequire python-xml. - Exclude unwanted texpect binary and libhttp, libsamba-cluster-support, libsamba-debug, and libsocket-blocking shared libs. - Add vfs_fruit and vfs_worm man pages and ndr_dcerpc, smb2_lease_struct, tstream_smbXcli_np, idtree, and idtree_random header files. - Remove nmblookup and smbclient4 binary and nmblookup4 man page.- Update to 4.2.0rc1.- Fix small memory-leak in the background print process; (bnc#899558).- Modify samba-regedit so it displays correctly (related to ncurses). Changed code to use menu sub windows, seems to fix problems with display not refreshing; explicitly BuildRequire ncurses-devel; (bnc#896536).- Exclude unwanted libdnsserver_common and libdfs_server_ad shared libs and the man page of the unused findsmb script.- Skip groups that aren't mapped by idmap_ad; (bso#10824); (bnc#897969).- Update to 4.1.12. + s3: winbindd: On new client connect, prune idle or hung connections older than "winbind request timeout". Add new parameter "winbind request timeout". Please see smb.conf man page for details; (bso#3204); (bnc#872912). + Fix smbd crashes when filename contains non-ascii character; (bso#10716). + s4-rpc: dnsserver: Handle updates of tombstoned dnsNode objects; (bso#10749). + passdb: Fix NT_STATUS_NO_SUCH_GROUP; (bso#9570). + s4:setup/dns_update_list: make use of the new substitution variables; (bso#9831). + build: Fix configure to honour '--without-dmapi'; (bso#10369). + provision: Correctly provision the SOA record minimum TTL; (bso#10466). + s3: Enforce a positive allocation_file_size for non-empty files; (bso#10543). + lib: tevent: make TEVENT_SIG_INCREMENT atomic; (bso#10640). + Make "case sensitive = True" option working with "max protocol = SMB2" or higher in large directories; (bso#10650). + Samba 4 consuming a lot of CPU when re-reading printcap info; (bso#10652). + lib: strings: Simplify strcasecmp; (bso#10716). + Allow netr_ServerReqChallenge() and netr_ServerAuthenticate3() on different connections; (bso#10723). + 'net time': Fix usage and core dump; (bso#10728). + sys_poll_intr: Fix timeout arithmetic; (bso#10731). + s3:idmap: Don't log missing range config if range checking not requested; (bso#10737). + Fix flapping VFS gpfs offline bit; (bso#10741). + s4-rpc: dnsserver: Allow . to be specified for @ record; (bso#10742). + s4-rpc: dnsserver: return DNS_RANK_NS_GLUE recors when explicitly asked for; (bso#10751). + samba: Retain case sensitivity of cifs client; (bso#10755). + lib: Remove unused nstrcpy; (bso#10758). + Fix a memory leak in cli_set_mntpoint(); (bso#10759). + docs: Fix typos in smb.conf (inherit acls); (bso#10761). + libcli/security: Add better detection of SECINFO_[UN]PROTECTED_[D|S]ACL in get_sec_info(); (bso#10773). + s3: smbd: POSIX ACLs. Remove incorrect check for SECINFO_PROTECTED_DACL in incoming security_information flags in posix_get_nt_acl_common(); (bso#10773). + Don't discard result of checking grouptype; (bso#10777). + s3:libsmb: Set a max charge for SMB2 connections; (bso#10778). + smbd: Properly initialize mangle_hash; (bso#10782). + dosmode: Fix FSCTL_SET_SPARSE request validation; (bso#10787). + vfs_dirsort: Fix an off-by-one error that can cause uninitialized memory read; (bso#10794).- Wait for network-online.target to prevent caching of pre-network failures; (bnc#889175).- Use domain name if search by domain SID fails to send SIDHistory lookups to correct idmap backend; (bnc#773464).- Prune idle or hung connections older than "winbind request timeout"; (bso#3204); (bnc#872912).- fix FSCTL_SET_SPARSE request validation; (bso#10787); (bnc#893774).- Remove pre-11.2 patch which by default uses the smbpasswd passdb backend.- build: disable mmap on s390 systems; (bso#10765); (bnc#886193); (bnc#882356).- Create the cups smb backend as sym link pointing to smbspool; (bnc#891220).- Fix winbind service parameter usage; (bnc#890005).- lib/param: change the default for "winbind expand groups" to "0"; (bnc#890008).- Update to 4.1.11. + A malicious browser can send packets that may overwrite the heap of the target nmbd NetBIOS name services daemon; CVE-2014-3560; (bnc#889429).- Fix "net time" segfault; (bso#10728); (bnc#889539).- Update to 4.1.10. + net/doc: Make clear that net vampire is for NT4 domains only; (bso#3263). + dbcheck: Add check and test for various invalid userParameters values; (bso#8077). + s4:dsdb/samldb: Don't allow 'userParameters' to be modified over LDAP for now; (bso#8077). + Simple use case results in "no talloc stackframe around, leaking memory" error; (bso#8449). + s4:dsdb/repl_meta_data: Make sure objectGUID can't be deleted; (bso#9763). + dsdb: Always store and return the userParameters as a array of LE 16-bit values; (bso#10130). + s4:repl_meta_data: fix array assignment in replmd_process_linked_attribute(); (bso#10294). + ldb-samba: fix a memory leak in ldif_canonicalise_objectCategory(); (bso#10469). + dbchecker: Verify and fix broken dn values; (bso#10536). + dsdb: Rename private_data to rootdse_private_data in rootdse; (bso#10582). + s3: libsmbclient: Work around bugs in SLES cifsd and Apple smbx SMB1 servers; (bso#10587). + Fix "PANIC: assert failed at ../source3/smbd/open.c(1582): ret"; (bso#10593). + rid_array used before status checked - segmentation fault due to null pointer dereference; (bso#10627). + Samba won't start on a machine configured with only IPv4; (bso#10653). + msg_channel: Fix a 100% CPU loop; (bso#10663). + s3: smbd: Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056). + s3: SMB2: Fix leak of blocking lock records in the database; (bso#10673). + samba-tool: Add --site parameter to provision command; (bso#10674). + smbstatus: Fix an uninitialized variable; (bso#10680). + SMB1 blocking locks can fail notification on unlock, causing client timeout; (bso#10684). + s3: smbd: Locking, fix off-by one calculation in brl_pending_overlap(); (bso#10685). + 'RW2' smbtorture test fails when -N is set to 2 due to the invalid status check in the second client; (bso#10687). + wbcCredentialCache fails if challenge_blob is not first; (bso#10692). + Backport ldb-1.1.17 + changes from master; (bso#10693). + Fix SEGV from improperly formed SUBSTRING/PRESENCE filter; (bso#10693). + ldb: Add a env variable to disable RTLD_DEEPBIND; (bso#10693). + ldb: Do not build libldb-cmdline when using system ldb; (bso#10693). + ldb: Fix 1138330 Dereference null return value, fix CIDs 241329, 240798, 1034791, 1034792 1034910, 1034910); (bso#10693). + ldb: make the successful ldb_transaction_start() message clearer; (bso#10693). + ldb:pyldb: Add some more helper functions for LdbDn; (bso#10693). + ldb: Use of NULL pointer bugfix; (bso#10693). + lib/ldb: Fix compiler warnings; (bso#10693). + pyldb: Decrement ref counters on py_results and quiet warnings; (bso#10693). + s4-openldap: Remove use of talloc_reference in ldb_map_outbound.c; (bso#10693). + dsdb: Return NO_SUCH_OBJECT if a basedn is a deleted object; (bso#10694). + s4:dsdb/extended_dn_in: Don't force DSDB_SEARCH_SHOW_RECYCLED; (bso#10694). + Backport autobuild/selftest fixes from master; (bso#10696). + Backport drs-crackname fixes from master; (bso#10698). + smbd: Avoid double-free in get_print_db_byname; (bso#10699). + Backport access check related fixes from master; (bso#10700). + Backport provision fixes from master; (bso#10703). + s3:smb2_read: let smb2_sendfile_send_data() behave like send_file_readX(); (bso#10706). + s3: Fix missing braces in nfs4_acls.c.- Reduce printer_list.tdb lock contention during printcap update; (bso#10652); (bnc#883870). + Only update the printer share inventory when needed.- Add missing newline to debug message in daemon_ready(); (bnc#865627).- BuildRequire systemd-devel, configure --with-systemd, and modify the service files accordingly on post-12.2 systems; (bso#10517); (bnc#865627).- Prevent file truncation on an open that fails with share mode violation; (bso#10671); (bnc#884056).- Update to 4.1.9. + Fix nmbd denial of service; CVE-2014-0244; (bnc#880962). + Fix segmentation fault in smbd_marshall_dir_entry()'s SMB_FIND_FILE_UNIX handler; CVE-2014-3493; (bnc#883758).- BuildRequire krb5-devel, libiniparser-devel, and python-devel in any case.- BuildRequire libxslt and perl-ExtUtils-MakeMaker and BuildIgnore libtevent on CentOS, Fedora, and RHEL systems.- Update to 4.1.8. + dns: Don't reply to replies; CVE-2014-0239; (bso#10609). + Malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549). + s3: smb2: Fix 'xcopy /d' with samba shares; (bso#3124). + Extra ':' in msg for Waf Cross Compile Build System with Cross-answers command; (bso#10151). + s3: nmbd: Reset debug settings after reading config file; (bso#10239). + Fix empty body in if-statement in continue_domain_open_lookup; (bso#10348). + script/autobuild: Make use of '--with-perl-{arch,lib}-install-dir'; (bso#10472). + wafsamba: Fix the installation on FreeBSD; (bso#10472). + Use exit_daemon() to communicate status of startup to systemd; (bso#10517). + Fix adding NetApps; (bso#10524). + s3: lib/util: Fix logic inside set_namearray loops; (bso#10544). + s3: lib/util: set_namearray reads across end of namelist; (bso#10544). + idmap_autorid: Fix failure in reverse lookup if ID is from domain range index #0; (bso#10547). + build: Fix ordering problems with lib-provided and internal RPATHs; (bso#10548). + Fix read of deleted memory in reply_writeclose()'; (bso#10554). + lib-util: Rename memdup to smb_memdup and fix all callers; (bso#10556). + Fix lock order violation and file lost; (bso#10564). + dsdb: Do checks for invalid renames in samldb, before repl_meta_data; (bso#10569). + Fix wildcard unlink to fail if we get an error rather than trying to continue; (bso#10577). + byteorder: Do not assume PowerPC is big-endian; (bso#10590). + printing: Fix purge of all print jobs; (bso#10612).- examples/libsmbclient: avoid some compiler warnings; (bso#10624).- Fix printer job purging; (bso#10612); (bnc#879390).- Update samba-pubkey_6568B7EA.asc which will expire 2016-01-17.- Fix byte-order macros on little endian Power8; (bso#10590); (bnc#871701).- Pass through vfs_btrfs snapshot manipulation requests when "btrfs: manipulate snapshots = no" is configured; (bnc#874180).- Clone the base share security descriptor when exposing a snapshot share; (bnc#874656).- Use appropriate HRESULT return codes; (bnc#875046).- Update to 4.1.7. + Make "force user" work as expected; (bso#9878). + Fix build on AIX with IBM XL C/C++ (gettext detection issues); (bso#9911). + Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942). + s3-printing: Fix obvious memory leak in printer_list_get_printer(); (bso#9993). + doc: Add "spoolss: architecture" parameter usage; (bso#10188). + Make 'smbclient' support DFS shares with SMB2/3; (bso#10200). + Make (lib)smbclient work with NetApp; (bso#10230). + SessionLogoff on a signed connection with an outstanding notify request crashes smbd; (bso#10344). + dfs: Always call create_conn_struct with root privileges; (bso#10378). + 'net ads search' on high latency networks can return a partial list with no error indication; (bso#10387). + max xmit > 64kb leads to segmentation fault; (bso#10422). + Fix STATUS_NO_MEMORY response from Query File Posix Lock request; (bso#10431). + Increase max netbios name components; (bso#10439). + smbd_server_connection_terminate("CTDB_SRVID_RELEASE_IP") panics from within ctdbd_migrate() with invalid lock_order; (bso#10444). + Fix 'wbinfo -i' with one-way trust; (bso#10458). + samba4 services not binding on IPv6 addresses causing connection delays; (bso#10464). + s3-vfs: Fix stream_depot vfs module on btrfs; (bso#10467). + Don't respond with NXDOMAIN to records that exist with another type; (bso#10471). + pidl: waf should have an option for the dir to install perl files and do not glob; (bso#10472). + s3-spoolssd: Don't register spoolssd if epmd is not running; (bso#10474). + s3-rpc_server: Fix handling of fragmented rpc requests; (bso#10481). + Initial FSRVP rpcclient requests fail with NT_STATUS_PIPE_NOT_AVAILABLE; (bso#10484). + lsa.idl: Define lsa.ForestTrustCollisionInfo and ForestTrustCollisionRecord as public structs; (bso#10504). + Make 'smbreadline' build with readline 6.3; (bso#10506). + smbd: Correctly add remote users into local groups; (bso#10508). + rpcclient FSRVP request UNCs should include a trailing backslash; (bso#10521). + Cleanup messages.tdb record after unclean smbd shutdown; (bso#10534). + s3:rpc_server: Minor refactoring of process_request_pdu().- Create a new DBus connection for every vfs_snapper request, to ensure correct snapper UID detection; (bnc#866354).- Fix "Invalid read" in method reply_writeclose; (bso#10554); (bnc#873658).- Fix minor compiler warnings in snapshot code-path; (bnc#873177).- Remove references to the obsolete samba-krb-printing package and get_printing_ticket binary.- Fix malformed FSCTL_SRV_ENUMERATE_SNAPSHOTS response; CVE-2014-0178; (bso#10549); (bnc#872396).- User error strings instead of hex codes where possible for FSRVP errors; (bnc#866927).- Fix remote share shadow copy request UNCs; (bso#10521); (bnc#870957).- Add krb5rcache directory to the winbind package; (bnc#870607). - Cleanup and consolidate the sysconfig and systemd service files.- Extend vfs_snapper man page to cover permissions; (bnc#870570).- Fix RPC server handling of fragmented requests; (bso#10481); (bnc#869707).- Default with the cache and lock directory to the same path to have both non-persistent and persistent data at one location; (bnc#846586).- Depend only on %version with all manual Provides and Requires; (bnc#844307).- Update to 4.1.6. + Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224). + smbcacls can remove a file or directory ACL by mistake; CVE-2013-6442; (bnc#855866).- Password lockout not enforced for SAMR password changes; CVE-2013-4496; (bnc#849224).- Call update-apparmor-samba-profile via ExecStartPre too; (bnc#867665).- samba4 smbcalcs --chown | --chgrp dacl regression; CVE-2013-6442; (bnc#855866).- Retry named pipe open requests on STATUS_PIPE_NOT_AVAILABLE; (bso#10484); (bnc#865095).- Propagate snapshot enumeration permissions errors to SMB clients; (bnc#865641).- Properly handle empty 'requires_membership_of' entries in /etc/security/pam_winbind.conf; (bnc#865771).- Fix problem with server taking too long to respond to a MSG_PRINTER_DRVUPGRADE message; (bso#9942); (bnc#863748). - Fix memory leak in printer_list_get_printer(); (bso#9993); (bnc#865561).- Fix stream_depot VFS module on Btrfs; (bso#10467); (bnc#865397).- Use libarchive to provide improved smbclient tarmode functionality; (bso#9667); (bnc#861135).- Depend on %version-%release with all manual Provides and Requires; (bnc#844307).- Update to 4.1.5. + Fix 100% CPU utilization in winbindd when trying to free memory in winbindd_reinit_after_fork; (bso#10358); (bnc#786677). + smbd: Fix memory overwrites; (bso#10415). + s3-winbind: Improve performance of wb_fill_pwent_sid2uid_done(); (bso#2191). + ntlm_auth sometimes returns the wrong username to mod_ntlm_auth_winbind; (bso#10087). + s3: smbpasswd: Fix crashes on invalid input; (bso#10320). + s3: vfs_dirsort module: Allow dirsort to work when multiple simultaneous directories are open; (bso#10406). + Add support for Heimdal's unified krb5 and hdb plugin system, cope with first element in hdb_method having a different name in different heimdal versions and fix INTERNAL ERROR: Signal 11 in the kdc pid; (bso#10418). + vfs_btrfs: Fix incorrect zero length server-side copy request handling; (bso#10424). + s3: modules: streaminfo: As we have no VFS function SMB_VFS_LLISTXATTR we can't cope with a symlink when lp_posix_pathnames() is true; (bso#10429). + smbd: Fix an ancient oplock bug; (bso#10436). + Fix crash bug in smb2_notify code; (bso#10442).- Remove superfluous obsoletes *-64bit in the ifarch ppc64 case; (bnc#437293).- Migrate @GMT token parsing functionality into vfs_snapper; (bnc#863079). + Improve vfs_snapper documentation.- Fix Winbind 100% CPU utilization caused by domain list corruption; (bso#10358); (bnc#786677).- Fix memory overwrite in FSCTL_VALIDATE_NEGOTIATE_INFO handler; (bso#10415); (bnc#862370).- Streamline the vendor suffix handling and add support for SLE 12.- Fix zero length server-side copy request handling; (bso#10424); (bnc#862558).- Set the PID directory to /run/samba on post-12.2 systems.- Make use of the tmpfilesdir macro while calling systemd-tmpfiles.- Make winbindd print the interface version when it gets an INTERFACE_VERSION request; (bnc#726937).- Fix vfs_btrfs build on older platforms with duplicate WRITE_FLUSH definitions; (bnc#860832).- Check for NULL gensec_security in gensec_security_by_auth_type(); (bnc#860809).- Ensure ndr table initialization; (bnc#860648).- Add File Server Remote VSS Protocol (FSRVP) server for SMB share shadow-copies; (fate#313346).- s3-dir: Fix the DOS clients against 64-bit smbd's; (bso#2662). - shadow_copy2: module "Previous Version" not working in Windows 7; (bso#10259). - s3-passdb: Fix string duplication to pointers; (bso#10367). - vfs/glusterfs: in case atime is not passed, set it to the current atime; (bso#10384)- s3: winbindd: Move calling setup_domain_child() into add_trusted_domain(); (bso#10358); (bnc#786677).- Default sysconfig daemon options to -D; (bso#10388); (bnc#857454).- Add /var/cache/samba to the client file list; (bnc#846586).- Really add the WINBINDDOPTIONS sysconfig variable on install; (bnc#857454).- Correct sysconfig variable names by adding the missing D char; (bnc#857454).- Update to 4.1.4. + Fix segfault in smbd; (bso#10284). + Fix SMB2 server panic when a smb2 brlock times out; (bso#10311).- Call stop_on_removal from preun and restart_on_update and insserv_cleanup from postun on pre-12.3 systems only; (bnc#857454).- BuildRequire gamin-devel instead of unmaintained fam-devel package on post-12.1 systems.- smbd: allow updates on directory write times on open handles; (bso#9870). - lib/util: use proper include for struct stat; (bso#10276). - s3:winbindd fix use of uninitialized variables; (bso#10280). - s3-winbindd: Fix DEBUG statement in winbind_msg_offline(); (bso#10285). - s3-lib: Fix %G substitution for domain users in smbd; (bso#10286). - smbd: Always use UCF_PREP_CREATEFILE for filename_convert calls to resolve a path for open; (bso#10297). - smb2_server processing overhead; (bso#10298). - ldb: bad if test in ldb_comparison_fold(); (bso#10305). - Fix AIO with SMB2 and locks; (bso#10310). - smbd: Fix a panic when a smb2 brlock times out; (bso#10311). - vfs_glusterfs: Enable per client log file; (bso#10337).- Add /etc/sysconfig/samba to the main and winbind package; (bnc#857454).- Create /var/run/samba with systemd-tmpfiles on post-12.2 systems; (bnc#856759).- Fix broken rc{nmb,smb,winbind} sym links which should point to the service binary on post-12.2 systems; (bnc#856759).- Add Snapper VFS module for snapshot manipulation; (fate#313347). + dbus-1-devel required at build time.- Add File Server Remote VSS Protocol (FSRVP) client for SMB share shadow-copies; (fate#313345).- Do not BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp as they're part of the minimum build environment.- Update to 4.1.3. + DCE-RPC fragment length field is incorrectly checked; CVE-2013-4408; (bnc#844720). + pam_winbind login without require_membership_of restrictions; CVE-2012-6150; (bnc#853347).- Make use of the full gpg pub key file name including the key ID.- Add transparent file compression support; (fate#316266). + Implement FSCTL_GET_COMPRESSION and FSCTL_SET_COMPRESSION handlers. + Add FILE_ATTRIBUTE_COMPRESSED and FILE_NO_COMPRESSION support. + Extend vfs_btrfs VFS module to utilize get/set compression hooks.- Add support for FSCTL_SRV_COPYCHUNK_WRITE; (fate#314770).- Remove bogus libsmbclient0 package description and cleanup the libsmbclient line from baselibs.conf; (bnc#853021).- BuildRequire systemd on post-12.2 systems.- Update to 4.1.2. + s4-dns: dlz_bind9: Create dns-HOSTNAME account disabled; (bso#9091). + dfs_server: Use dsdb_search_one to catch 0 results as well as NO_SUCH_OBJECT errors; (bso#10052). + Missing talloc_free can leak stackframe in error path; (bso#10187). + Fix memset used with constant zero length parameter; (bso#10190). + s4:dsdb/rootdse: report 'dnsHostName' instead of 'dNSHostName'; (bso#10193). + Make offline logon cache updating for cross child domain group membership; (bso#10194). + nsswitch: Fix short writes in winbind_write_sock; (bso#10195). + RW Deny for a specific user is not overriding RW Allow for a group; (bso#10196). + vfs_glusterfs: Fix excessive debug output from vfs_gluster_open(); (bso#10224). + vfs_glusterfs: Implement proper mashalling/unmarshalling of ACLs; (bso#10224). + VFS plugin was sending the actual size of the volume instead of the total number of block units because of which windows was getting the wrong volume capacity; (bso#10224). + libcli/smb: Fix smb2cli_ioctl*() against Windows 2008; (bso#10232). + xattr: Fix listing EAs on *BSD for non-root users; (bso#10247). + Fix the build of vfs_glusterfs; (bso#10253). + s3-winbindd: Fix cache_traverse_validate_fn failure for NDR cache entries; (bso#10264). + util: Remove 32bit macros breaking strict aliasing; (bso#10269).- Let gpg verify execution condition not fail on non SUSE systems.- Add systemd support for post-12.2 systems.- Allow smbcacls to take a '--propagate-inheritance' flag to indicate that the add, delete, modify and set operations now support automatic propagation of inheritable ACE(s); (FATE#316474).- Unconditionally create the CUPS smb backend sym link pointing to smbspool; (bnc#850656).- Update to 4.1.1. + ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101). + Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).- Private key in key.pem world readable; CVE-2013-4476; (bnc#848103).- ACLs are not checked on opening an alternate data stream on a file or directory; CVE-2013-4475; (bso#10229); (bnc#848101).- Update to 4.1.0. + pam_winbindd: Support the KEYRING ccache type; (bso#10132). + Fix PAC parsing failure; (bso#10178).- Unify the defattr lines in the pidl, python, test and test-devel files section by removing the optional directory mode.- Verify source tar ball gpg signature.- Update to 4.1.0rc4. + dsdb: Convert the full string from UTF16 to UTF8, including embedded NULLs; (bso#8077). + python-samba-tool fsmo: Do not give an error on a successful role transfer; (bso#9461). + dbwrap_ctdb: Treat empty records as non-existing; (bso#10008). + Raise the level of a debug when unable to open a printer; (bso#10118). + Add "acl allow execute always" parameter; (bso#10134). + vfs_shadow_copy2: Display previous versions correctly over SMB2; (bso#10137). + smbd: Always clean up share modes after hard crash; (bso#10138). + Valid utf8 filenames cause "invalid conversion error" messages; (bso#10139). + libcli/smb: Use SMB1 MID=0 for the initial Negprot; (bso#10144). + Samba SMB2 client code reads the wrong short name length in a directory listing reply; (bso#10145). + libcli/smb: Only check the SMB2 session setup signature if required and valid; (bso#10146). + Better document potential implications of a globally used "valid users"; (bso#10147). + cli_smb2_get_ea_list_path() failed to close file on exit; (bso#10149). + Not all OEM servers support the ALTNAME info level; (bso#10150). + Regression causes replication failure with Windows 2008R2 and deletes Deleted Objects; (bso#10157). + Netbios related samba process consumes 100% CPU; (bso#10158). + Fix POSIX ACL mapping when setting DENY ACE's from Windows; (bso#10162).- Require libndr-standard-devel due to gen_ndr/lsa.h from libpdb-devel.- Add libdcerpc0, libdcerpc-atsvc0, libdcerpc-binding0, libdcerpc-samr0, libgensec0, libndr0, libndr-krb5pac0, libndr-nbt0, libndr-standard0, libpdb0, libregistry0, libsamba-credentials0, libsamba-hostconfig0, libsamba-policy0, libsamba-util0, libsamdb0, libsmbclient-raw0, libsmbconf0, libsmbldap0, and libtevent-util0 to baselibs.conf.- Add or polish the shared library package summaries and descriptions.- Update to 4.1.0rc3. + Fix working on site with Read Only Domain Controller; (bso#5917). + Add man page for vfs_syncops; (bso#7364). + Add man page for vfs_linux_xfs_sgid; (bso#7490). + When replicating DNS for bind9_dlz we need to create the server-DNS account remotely; (bso#9091). + Winbind unable to retrieve user information from AD; (bso#9615). + winbind_lookup_names() fails because of NT_STATUS_CANT_ACCESS_DOMAIN_INFO; (bso#9899). + Build Samba 4.0.x on AIX with IBM XL C/C++; (bso#9911). + Add SMB2 and SMB3 support for smbclient; (bso#9974). + Add man pages for ntdb tools; (bso#10000). + Add man page for samba-regedit tool; (bso#10001). + ::1 added to nameserver on join; (bso#10030). + Fix memory leak in source3/lib/util.c:1493; (bso#10063). + Fix segmentation fault in 'net ads join'; (bso#10073). + Fix variable list in vfs_crossrename man page; (bso#10076). + s3-winbind: Fix a segfault passing NULL to a fstring argument; (bso#10082). + smbd: Fix async echo handler forking; (bso#10086). + MacOSX 10.9 will not follow path-based DFS referrals handed out by Samba; (bso#10097). + Honour output buffer length set by the client for SMB2 GetInfo requests; (bso#10106). + Fix Winbind crashes on DC with trusted AD domains; (bso#10107). + Handle Dropbox (write-only-directory) case correctly in pathname lookup; (bso#10114). + Masks incorrectly applied to UNIX extension permission changes; (bso#10121).- Implement shared library packaging guidelines. - Correct interpackage dependencies; (bso#10129).- Define the source URL differently in the case of a release candidate.- Update to 4.1.0rc2. + Add vfs_btrfs module. + Add support for server-side copy operations via the SMB2 FSCTL_SRV_COPYCHUNK request. + Fix replication with --domain-crictical-only to fill in backlinks; (bso#9029). + Windows 8 Roaming profiles fail; (bso#9678). + Fix crash of winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + Do not delete an existing valid credential cache (s3-winbind); (bso#9994). + Fix segfault while reading incomplete session info; (bso#10003). + Missing integer wrap protection in EA list reading can cause server to loop with DOS (CVE-2013-4124); (bso#10010). + Fix a 100% loop at shutdown time (smbd); (bso#10013). + Fix/improve debug options; (bso#10015). + Rename regedit to samba-regedit; (bso#10040). + Remove obsolete swat manpage and references; (bso#10041). + Fix crashes in socket_get_local_addr(); (bso#10042). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Remove a redundant inlined substitution of ACLs; (bso#10045). + nsswitch: Add OPT_KRB5CCNAME to avoid an error message; (bso#10048). + dsdb improvements; (bso#10056). + Linux kernel oplock breaks can miss signals; (bso#10064).- BuildRequire pyldb-devel.- Add libnetapi0 and samba-libs to baselibs.conf.- Update to 4.0.9. + Fix crash of Winbind after "ls -l /usr/local/samba/var/locks/sysvol"; (bso#9820). + s3-lib: Fix segmentation fault while reading incomplete session info; (bso#10003). + smbd: Fix a 100% loop at shutdown time; (bso#10013). + Windows 8 Roaming profiles fail; (bso#9678). + Add UPN enumeration to passdb internal API; (bso#9779). + smbd: Cleanup disonnected durable handles; (bso#9930). + vfs_streams_xattr: Do not attempt to write empty attribute twice; (bso#9970). + Fix Windows error 0x800700FE when copying files with xattr names containing ":"; (bso#9992). + s3-winbind: Do not delete an existing valid credential cache; (bso#9994). + Fix excessive RID allocation; (bso#10014). + Add debugclass for DNS server; (bso#10015). + Fix/improve debug options; (bso#10015). + Allow to change the default location for Kerberos credential caches; (bso#10043). + Linux kernel oplock breaks can miss signals; (bso#10064). + net ads join: Fix segmentation fault in create_local_private_krb5_conf_for_domain; (bso#10073).- Update to 4.0.8. + Samba 3.0.x to 4.0.7 are affected by a denial of service attack on authenticated or guest connections; CVE-2013-4124; (bnc#829969).- Require krb5 and not the non existing krb5-libs package.- Update to 4.1.0rc1. + Directory database replication (AD DC mode) + Server-Side Copy Support + Btrfs Filesystem Integration- BuildRequire perl ExtUtils::MakeMaker and Parse::Yapp. - BuildRequire libxslt, libxslt1, or libxslt-tools depending on SUSE version. - Require perl-base on SUSE systems only.- Adjust group setting of the test-devel subpackage. - Require perl-base from the pidl subpackage.- Remove libdir/samba/ldb after install if we're building Samba without Active Directory Domain Controller support.- Remove unused ccache switch from the spec file.- BuildRequire docbook-xsl-stylesheets and libxslt-tools to build the man pages and add them to the package again.- Build from the package from the top level directory; (bnc#794744). - BuildRequire pytalloc-devel, python-tdb, and python-tevent. - Also use out of tree builds of talloc, tdb, tevent, and ldb for pre-12.1 SUSE systems.- Remove the empty data dir from the doc package filelist. - Explicitly use samba instead of the name macro to define the docbook dir.- Update to 4.0.7. + Fix a core dump with invalid lock order while opening/editing or copying MS files; (bso#9794). + Fix crash bug from search of mail=; (bso#9967). + s3-rpc_server: Ensure we are root when starting and using gensec; (bso#9465). + Add support for MX queries; (bso#9485). + dns: Delete dnsNode objects when they are empty; (bso#9559). + dns: Support larger queries when asking forwarder; (bso#9632). + s3:lib/server_mutex: Open mutex.tdb with CLEAR_IF_FIRST; (bso#9805). + Use of wrong RFC2307 primary group field; (bso#9880). + Check for system libtevent; (bso#9881). + is_printer_published GUID retrieval; (bso#9900). + Doc fixes for 4.0; (bso#9906). + Build fixes for 4.0 found during autoconf or debian packaging work; (bso#9907). + build: Add missing new line to replaced python shebang line; (bso#9909). + PIE builds not supported; (bso#9910). + s4:winbind: Don't leak libnet_context into the main event context; (bso#9929). + Fix a bug of drvupgrade of smbcontrol; (bso#9941). + Check for netbios aliases in ad_get_referrals; (bso#9947). + Fix tevent_poll on 32-bit machines (Coverity ID 989236); (bso#9953). + docs: Avoid mentioning a possibly misleading option; (bso#9964). + Fix build with system Heimdal of samba4kgetcred; (bso#9968).- Use SLE as product prefix for SUSE Linux Enterprise, oS for openSUSE, and OBS for any other operating system to define the vendor string while build.- Remove ldapsmb from the main spec file.- Adjust ldapsmb and nmbstatus man page syntax required by a newer pod2man.- Don't bzip2 the main tar ball, use the upstream gziped one instead.- Explicitly BuildRequire cyrus-sasl-devel, libattr-devel, and libopenssl-devel.- Fix libreplace license ambiguity; (bso#8997); (bnc#765270).- Update to 4.0.6. + Fix crash during Win8 sync; (bso#9822). + Fix segfault when loging in with wrong password from w2k8r2; (bso#9834). + Fix the username map optimization; (bso#9139). + Add support for PFC_FLAG_OBJECT_UUID when parsing packets; (bso#9382). + SMB2 server doesn't support recvfile; (bso#9412). + Fix the build of vfs_notify_fam; (bso#9545). + Fix adding case sensitive spn; (bso#9699). + Properly handle oplock breaks in compound requests; (bso#9722). + Properly handle oplock breaks in compound requests; (bso#9722). + Cache name_to_sid/sid_to_name correctly; (bso#9766). + Fix 'net ads join' when called via stdin; (bso#9767). + Fix segfault for "artificial" conn_structs in vfs_fake_perms; (bso#9775). + vfs_dirsort uses non-stackable calls, dirfd(), malloc instead of talloc and doesn't cope with directories being modified whilst reading; (bso#9777). + Fix panic when running 'smbtorture smb.base'; (bso#9782). + Use specified python for runtime installation of Samba; (bso#9785). + Change '--with-dmapi' to 'default=auto' to match the autoconf build; (bso#9803). + wafsamba: Display the default value in help for SAMBA3_ADD_OPTION; (bso#9804). + wbinfo: Fix segfault in wbinfo_pam_logon; (bso#9807). + Package new dbwrap_tool man page; (bso#9809). + Old DOS SMB CTEMP request uses a non-VFS function to access the filesystem; (bso#9811). + Fix 'map untrusted to domain' with NTLMv2; (bso#9817). + SMB signing and the async echo responder don't work together; (bso#9824). + Fix panic in nt_printer_publish_ads; (bso#9830). + talloc use after free in winbind4; (bso#9832). + Function called in unix_convert() path can overwrite errno; (bso#9833). + Fix NULL pointer dereference in Winbind; (bso#9854). + Fix making LIBNDR_PREG_OBJ; (bso#9868).- Remove disabled and anyhow obsoleted net-report and net_rpc_migrate patches.- Update to 4.0.5. + Fix large reads/writes from some Linux clients; (bso#9706). + Add 'samba-tool dbcheck --reset-well-known-acls'; (bso#9740). + Can't delegate adding computers to domain; (bso#9267). + Fix GNU ld version detection with old gcc releases; (bso#7825). + Never try to map global SAM name; (bso#9039). + Certain xattrs cause Windows error 0x800700FF; (bso#9130). + Samba returns unexpected error on SMB posix open; (bso#9519). + Fix build on AIX; (bso#9557). + libnss-winbindd does not provide pass struct for groups mapped with ID_TYPE_BOTH and vice versa; (bso#9617). + Reauth-capable client fails to access shares on Windows member; (bso#9625). + PIDL: Fix parsing linemarkers in preprocessor output; (bso#9636). + Rename internal subsystem pdb_ldap to pdb_ldapsam; (bso#9639). + Fix the build of vfs_afsacl; (bso#9642). + Fix the build with --fake-kaserver; (bso#9643). + Fix compile of source3/lib/afs.c; (bso#9644). + Make SMB2_GETINFO multi-volume aware; (bso#9646). + idmap_autorid: Fix freeing of non-talloced memory; (bso#9653). + Work around FreeBSD's getaddrinfo() underscore issue; (bso#9656). + 'make test' hangs; (bso#9663). + Fix correct linking of libreplace with cmdline-credentials; (bso#9664). + Fix filtering of link-local addresses; (bso#9666). + Fix crash in 'net rpc join' against a Samba 3.0.33 PDC; (bso#9669). + Samba denies owner Read Control when there is a DENY entry while W2K08 does not; (bso#9674). + Fix several resource (fd) leaks; (bso#9683). + Fix a memory leak in spoolss rpc server; (bso#9685). + Fix a possible buffer overrun in pdb_smbpasswd; (bso#9686). + Fix several possible null pointer dereferences; (bso#9687). + Make sure that domain joins work correctly when the DC disallows NTLM auth; (bso#9689). + Backport tevent changes to bring library to version 0.9.18; (bso#9695). + Remove incomplete samba_dnsupdate IPv6 link-local address check; (bso#9696). + DsReplicaGetInfo fails due to sendto() EMSGSIZE error on UNIX domain socket; (bso#9697). + Fix vfs_catia and update documentation; (bso#9701); (bnc#824833). + Fix build on solaris8: Do not force a specific perl on pod2man; (bso#9703). + Fix nss_winbind name on FreeBSD; (bso#9704). + s4:winbindd: Do not drop the workgroup name in the getgrnam, getgrent and getgrgid calls; (bso#9711). + Set LD_LIBRARY_PATH in install_with_python.sh; (bso#9717). + s4-idmap: Remove requirement that posixAccount or posixGroup be set for rfc2307; (bso#9718). + Allow forcing an override of an old @MODULES record; (bso#9719). + Do not print the admin password during 'samba-tool classicupgrade'; (bso#9720). + Make samba_upgradedns more robust (do not guess addresses when just changing roles); (bso#9721). + Add a tool to migrate latin1 printing tdbs to registry; (bso#9723). + is_encrypted_packet() function incorrectly used inside server; (bso#9724). + upgradeprovision and 'samba-tool dbcheck' patches for 4.0.NEXT; (bso#9725). + Fix NULL pointer dereference; (bso#9727). + DO NOT install samba_upgradeprovision in 4.0.x; (bso#9728). + Fix 'smbcontrol close-share'; (bso#9733). + Fix Winbind separator in upn to username conversion; (bso#9735). + Change to smbd/dir.c code gives significant performance increases on large directory listings; (bso#9736). + PIDL: Build fixes for hosts without CPP (Solaris 11); (bso#9739). + Make sure that we only propogate the INHERITED flag when we are allowed to; (bso#9747). + Remove unneeded fstat system call from hot read path; (bso#9748). + Don't leak the epm_Map policy handle; (bso#9758). + Fix incorrect parsing of SMB2 command codes; (bso#9760). - Update to 4.0.4. + Remove forced set of 'create mask' to 0777; CVE-2013-1863; (bnc#809624).- Fix periodic printcap cache reloads; (bso#9650); (bnc#807334).- No longer use the cifs- or smbfstab named configuration file on post-12.2 systems; (bnc#804822); (bnc#821889).- Shift the smbfs init script nfs dependency from Required to Should.- Fix SMB1 Session Setup AndX handling with a large krb PAC; (bso#9658); (bnc#802031).- Point LD_LIBRARY_PATH to the just-built libraries while calling testparm to generate the default share snippets on pre-12.2 systems.- Explicitly configure --with-ads.- Fix smbclient recursive mget EPERM handling; (bso#9633); (bnc#786350).- Remove superfluous quotation marks while setting the SAMBA_VERSION_VENDOR_SUFFIX string.- Do not restart the smbfs service on pre-11.3 systems during dhcp lease renewal when the IP address remains the same; (bnc#800782).- Update to 4.0.3. + Fix ACL problem with delegation of privileges and deletion of accounts over LDAP interface; add documentation; (bso##8909). + check_password_quality: Handle non-ASCII characters properly; (bso##9105). + Fix 'smbd' panic triggered by unlink after open; (bso##9571). + smbd: Fix memleak in the async echo handler; (bso##9549). + defer_open is triggered multiple times on the same request; (bso#9196). + Add extra attributes for AD printer publishing; (bso#9378). + FSMO seize of naming role fails: NT_STATUS_IO_TIMEOUT; (bso#9461). + Downgrade v4 printer driver requests to v3; (bso#9474). + samba_upgradeprovision: fix the nTSecurityDescriptor on more containers; (bso#9481). + s3:smb2_negprot: set the 'remote_proto' value; (bso#9499). + waf assumes that pythonX.Y-config is a Python script; (bso#9503). + s4:drsuapi: Make sure we report the meta data from the cycle start; (bso#9508). + wafsamba: Use additional xml catalog file; (bso#9512). + samba_dnsupdate: Set KRB5_CONFIG for nsupdate command; (bso#9517). + conn->share_access appears not be be reset between users; (bso#9518). + Remove superfluous bracket in samba.8.xml; (bso#9528). + Fix typo in vfs_tsmsm.8.xml; (bso#9530). + terminate the irpc_servers_byname() result with server_id_set_disconnected(); (bso#9540). + Make use of posix_openpt; (bso#9541). + Fix build of vfs_commit and plug in async pwrite support; (bso#9544). + Fix aio_suspend detection on FreeBSD; (bso#9546). + Correctly detect O_DIRECT; (bso#9548). + sigprocmask does not work on FreeBSD to stop further signals in a signal handler; (bso#9550). + smb.conf(5): Update list of available protocols; (bso#9552). + s4-resolve: Fix parsing of IPv6/AAAA in dns_lookup; (bso#9555). + Fix compilation of Solaris ACL module; (bso#9564). + Adding additional Samba 4.0 DC to W2k8 srv AD domain (in win200 functional level) produces dbcheck errors; (bso#9565). + Add dbwrap_tool.1 manual page; (bso#9568). + Document the command line options in dbwrap_tool(1); (bso#9568). + ntlm_auth(1): Fix format and make examples visible; (bso#9569). + Fix file corruption during SMB1 read by Mac OSX 10.8.2 clients; (bso#9572). + Fix a possible null pointer dereference in spoolss; (bso#9574). + Duplicate flags defined in the winbindd protocol; (bso#9575). + gensec: Allow login without a PAC by default; (bso#9581). + smbd: disk_free: sys_popen() failed" message logged in /var/log/message many times; (bso#9586). + Archive flag is always set on directories; (bso#9587). + ACLs are not inherited to directories for DFS shares; (bso#9588). + Correct meta data in ldb manpages; (bso#9591). + s3-winbind: Fix the build of idmap_ldap; (bso#9595). + Linked attribute handling should be by GUID; (bso#9596). + Fix timeouts of some IRPC calls; (bso#9598). + Use pid,task_id as cluster_id in process_single just like process_prefork; (bso#9598). + Add 'ldbdump' tool; general code and documentation cleanup; (bso#9609). + dsdb: Make secrets_tdb_sync cope with -H secrets.ldb; (bso#9610).- Update to 4.0.2. + Address SWAT security issues CVE-2013-0213 and CVE-2013-0214 which both don't apply to any SUSE Samba post-3.6.10 as it isn't longer built. + Don't build and package static libraries.- Drop separate build-source-timestamp file as it led to a second, incorrect Source Timestamp line.- Add server-side copy support; (fate#314770). + Implement FSCTL_SRV_COPYCHUNK and FSCTL_SRV_REQUEST_RESUME_KEY handlers. + Add vfs_btrfs VFS module for optimized Btrfs clone-range ioctl usage.- Add filter against shlib-policy-name-error for /lib*/libnss_wins.so.2.- Disable SWAT during configure and don't package it any longer.- Remove dangling references to Heimdal from the spec file.- Remove /lib/samba prefix from the localstatedir configure option.- Update to 4.0.1. + Samba 4.0.0 as an AD DC may provide authenticated users with write access to LDAP directory objects; CVE-2013-0172; (bnc#798364).- Add the missing get_printing_ticket binary path while calling the set_permissions macro; (bnc#783375).- Use the version macro while definition of the branch macro.- Remove references to no longer used devel macros.- Update to 4.0.0. + Honor password complexity settings; (bso#9414). + Install SWAT *.msg files with waf; (bso#9415). + Fix netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES; (bso#9438). + developer-build: Fix panic when acl_xattr fails with access denied; (bso#9456). + Fix "map username script" with "security=ads" and Winbind; (bso#9457). + Install manpages only if we install the target; (bso#9459). + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Users can not be given write permissions any more by default; (bso#9462). + Fix MMC crashes; (bso#9470). + Fix SEGV when using second vfs module; (bso#9471). + Support FIPS mode when building Samba; (bso#9479). + Fix ACL on "cn=partitions,cn=configuration"; (bso#9481).- netr_ServerPasswordSet2, netr_LogonSamLogon with netlogon AES broken; (bso#9438). - s3:auth: fix create_token_from_sid() to not fail in the winbindd case; (bso#9457). - s4:dsdb/acl_read: return the nTSecurityDescriptor attr if the sd_flags control is given; (bso#9470). - Support FIPS mode when building Samba; (bso#9479). - s4:provision: set the correct nTSecurityDescriptor; (bso#9481).- SEGV when using second vfs module; (bso#9471).- Update to 3.6.10. + Respond correctly to FILE_STREAM_INFO requests; (bso#9460). + Fix segfault when "default devmode" is disabled; (bso#9433). + Fix segfaults in "log level = 10" on Solaris; (bso#9390).- s3:smbd:vfs_acl: fix a PANIC when setting an ACL fails with ACCESS_DENIED; (bso#9456). - Install manpages only if we install the target; (bso#9459). - Users can not be given write permissions any more by default; (bso#9462).- Fix MD5 detection in the autoconf build; (bso#9037); (bso#9086); (bso#9094); (bso#9418). - Use work around for 'winbind use default domain' only if it is set; (bso#9367). - Allow smb2.acls torture test to pass against smbd with a POSIX ACLs backend; (bso#9374). - large read requests cause server to issue malformed reply; (bso#9422). - s3-rpc_client: lookup nametype 0x20 in rpc_pipe_open_tcp_port(); (bso#9426). - Fix ncacn_ip_tcp reconnection code for lsa lookups; (bso#9439). - Allow to force DNS updates using net; (bso#9451). - Respond correctly to FILE_STREAM_INFO requests; (bso#9460).- Update to 4.0.0rc6. See WHATSNEW.txt from the samba-doc package.- On uninstall remove winbind from the pam configuration, invalidate the nscd passwd and group cache and only recommend the install of nscd; (bnc#792340).- BuildRequire libnscd-devel once.- Remove obsoleted references to pre-9.4 SUSE systems; (bnc#792294). - Add SUSE version depending pkg-config requires macro; (bnc#792294).- Define library names and use it instead of libldb1, libnetapi0, libsmbclient0, libsmbsharemodes0, libtalloc2, libtdb1, libtevent0, and libwbclient0; (bnc#792294). - Provide and obsolete libsmbsharemodes for post-10.3 SUSE systems.- Don't clutter the spec file diff view; (bnc#783384).- Fix fd leak causing 100% CPU in winbind on certain dc connection failures; (bso#9436); (bnc#786677).- Fix spoolss segfault when default devmode is disabled; (bso#9433); (bnc#791183).- Update to 4.0.0rc5. See WHATSNEW.txt from the samba-doc package.- ACL masks incorrectly applied when setting ACLs; (bso#9236). - s3-kerberos: also try with AES keys, when decrypting tickets; (bso#9272). - lib/replace: replace all *printf function if we replace snprintf; (bso#9390). - lib/addns: don't depend on the order in resp->answers[]; (bso#9402).- s4:torture/smb2: improve the smb2.create.blob tes; (bso#9209). - lib/krb5_wrap: request enc_types in the correct order; (bso#9272). - Fix net ads join message for the dns domain; (bso#9326). - docs-xml: fix use of tag; (bso#9345). - s3-aio_pthread: Optimize aio_pthread_handle_completion; (bso#9359). - s3:winbind: Failover if netlogon pipe is not available; (bso#9386).- Execute the run_permissions macro on pre-11.4 systems and else the set_permission one if available.- Ensure adding the winbind group never can fail.- Create ntadmin group only if it doesn't yet exist.- Update to 3.6.9. + When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). + Winbind can't fetch user or group info from AD via LDAP; (bso#9147). + Fix segfault in smbd if user specified ports out for range; (bso#9218).- quota: Don't force the block size to 512; (bso#3272). - Fix poll replacement to become a msleep replacement; (bso#8107). - Fix wrong test == syntax in configure; (bso#8146). - Fix --with(out)-sendfile-support option handling in autoconf; (bso#8344). - Fix builtin forms order to match Windows again; (bso#8632). - Fix RAW printing for normal users; (bso#8769); (bnc#790741). - Initialise ticket to ensure we do not invalid memory; (bso#8788). - Fix 'net rpc share allowedusers' to work with 2008r2; (bso#8966). - Fix crash on null pam change pw response; (bso#9013). - Connection to outbound trusted domain goes offline; (bso#9016). - Increase debug level for info that the db is empty; (bso#9112). - 'smbclient' can't connect to a Windows 7 server using NTLMv2; (bso#9117). - Winbind can't fetch user or group info from AD via LDAP; (bso#9147). - Open printers with the right access mask; (bso#9154). - Fix makerpms.sh on RHEL; (bso#9165). - Remove non-existent option '-Y' from winbindd manpage; (bso#9171). - Add quota support for gfs2; (bso#9172). - Make SMB2 compound request create/delete_on_close/close work as Windows; (bso#9173). - Empty SPNEGO packet can cause smbd to crash; (bso#9174). - pam_winbind: Match more return codes when wbcGetPwnam has failed; (bso#9177). - Fix crash bug in idmap_hash; (bso#9188); (bnc#788159). - SMB2 Create doesn't return correct MAX ACCESS access mask in blob; (bso#9189). - Fix service control for non-internal services; (bso#9192). - Don't take 'state->te' as indication for "was_deferred"; (bso#9196). - Parse of invalid SMB2 create blob can cause smbd crash; (bso#9209). - Bad ASN.1 NegTokenInit packet can cause invalid free; (bso#9213). - Fix segfault in smbd if user specified ports out for range; (bso#9218). - Signing cannot be disabled for SMB2 by design, so fix the documentation instead; (bso#9222). - Fix NT_STATUS_IO_TIMEOUT during slow import of printers into registry; (bso#9231). - When setting a non-default ACL, don't forget to apply masks to SMB_ACL_USER and SMB_ACL_GROUP entries; (bso#9236). - lib-addns: ensure that allocated buffer are pre set to 0; (bso#9259). - Make tdb robust against shrinking tdbs and improper CLEAR_IF_FIRST restart; (bso#9268). - Add support for reloading systemd services; (bso#9280).- Warn via the smbd log if AppArmor and "wide links" are in use; (bnc#783719).- Do not write the build date into the header of the default smb.conf as this causses superfluous rebuilds of packages depending on samba; (bnc#781601).- Do not prerequire SuSEconfig.permissions as it's already enough and more generic to depend on the permissions package; (bnc#782293).- Update to 3.6.8. + Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). + Fix Winbind panic if we couldn't find the domain; (bso#9135).- Backport FSCTL codes and fix segfault in smbstatus from master; (bso#9058). - Fix bad call to memcpy source3/registry/regfio.c; (bso#9065). - "Domain Users" incorrectly added as additional group on domain members; (bso#9066). - Use correct RID for "Domain Guests" primary group; (bso#9067). - Fix crash bug in smbd caused by a blocking lock followed by close; (bso#9084). - Fix smbclient/tarmode panic when connecting to Windows 2000 clients; (bso#9088). - Fix refreshing of Kerberos tickets in Winbind; (bso#9098). - Fix identification of idle clients in Winbind to avoid crashes and NDR parsing errors; (bso#9104). - Fix compilation with newer MIT Kerberos which hides internal symbols; (bso#9111). - Fix flooding the logs with records we don't find in pcap; (bso#9112). - Initialize the print backend after we setup winreg; (bso#9122). - Fix lprng job tracking errors; (bso#9123). - Fix setting of "inherited" bit on inherited ACE's; (bso#9124). - Fix Winbind panic if we couldn't find the domain; (bso#9135). - Make 'smbclient allinfo' show the snapshot list; (bso#9137). - Fix nfs quota support with Linux nfs4 mounts; (bso#9144). - Valid open requests can cause smbd assert due to incorrect oplock handling on delete requests; (bso#9150).- NMB registration for a duplicate workstation fails with registration refuse; (bso#9085); (bnc#770056).- Remove backup files caused by running configure in examples/VFS.- Update to 3.6.7. + Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). + Fix migrating printers while upgrading from 3.5.x; (bso#9026).- Correct documentation of "case sensitive"; (bso#8552). - Printing fails in function cups_job_submit; (bso#8719). - Fix kernel oplocks when uid(file) != uid(process); (bso#8974). - Send correct responses to NT Transact Secondary when no data and no params for the Trans2 calls are set; (bso#8989). - Fix build without ads support; (bso#8996). - Don't turn negative cache entries into valid idmappings; (bso#9002). - Fix posix acl on gpfs; (bso#9003). - Make vfs_gpfs less verbose in get/set_xattr functions; (bso#9022). - Fix migrating printers while upgrading from 3.5.x; (bso#9026). - Fix typo in set_re_uid() call when USE_SETRESUID selected in configure; (bso#9034). - Using asynchronous IO with SMB2 can return NT_STATUS_FILE_CLOSED in error instead ofNT_STATUS_FILE_LOCK_CONFLICT; (bso#9040). - Fix resolving our own "Domain Local" groups; (bso#9052); (bnc#779269). - Fix build against CUPS 1.6; (bso#9055). - Fix bugs in SMB2 credit handling code; (bso#9057). - rpcclient: Fix bad call to data_blob_const; (bso#9062).- Create missing doc directories while install. - Remove no longer existing Manifest file from install. - Don't creat a link to non existend html man pages for swat. - Don't call the no longer existing libsmbclient testsuit while build.- Configure with option --mandir instead --with-mandir. - Remove obsoleted --with-rootsbindir, --with-nmbdsocketdir, and - -with-swatdir configure options.- Update to 4.0.0beta4. See WHATSNEW.txt from the samba-doc package.- BuildRequire gcc, make, and patch; (bnc#771516).- ndr: fix push/pull DATA_BLOB with NDR_NOALIGN; (bso#9026); (bnc#770262).- Fix shell syntax in dhcpcd hook script; (bnc#769957).- Add missing int declaration to the net kdc lookup patch.- Update to 4.0.0beta2. See WHATSNEW.txt from the samba-doc package.- Update to 3.6.6. + Fix possible memory leaks in the Samba master process; (bso#8970). + Fix uninitialized memory read in talloc_free(); (bnc#764577). + Fix joining of XP Pro workstations to 3.6 DCs; (bso#8373); (bnc#787983).- resolve_ads() code can return zero addresses and miss valid DC IP addresses; (bso#8910). - Can't join XP Pro workstations to 3.6.1 DC; (bso#8373); (bnc#787983). - winbind can hang as nbt_getdc() has no timeout; (bso#8953). - Fix crash bug in dns_create_probe when dns_create_update fails; (bso#8627) - s3-pid: Catch with pid filename's change when config file is not smb.conf; (bso#8714). - Possible memory leaks in the main Samba process; (bso#8970). - s3: Fix uninitialized memory read in talloc_free(); (bnc#764577). - Treat exit_server_cleanly() as a "clean" shutdown; (bso#8971). - Avoid crash with MIT krb5 1.10.0 in gss_get_name_attribute(); (bso#8988). - Winzip occasionally can not read files out of an open winzip dialog; (bso#8311). - s3-winbindd: call dump_core_setup after command line option has been parsed; (bso#8975). - Directory group write permission bit is set if unix extensions are enabled; (bso#8972). - s3: remove dependency on automake for "make everything"; (bso#8978). - sd_has_inheritable_components segfaults on an SD that se_access_check accepts; (bso#8811). - smbclient's tarmode insists on listing excluded directories; (bso#8922). - Notify code can miss a ChDir; (bso#8998). - s3:smbd: add a fsp_persistent_id() function; (bso#8995).- Call autogen.sh even on post-12.1 SUSE systems.- Don't call autogen.sh on post-12.1 SUSE and post-14 Fedora systems. - Recompile all IDL in any case.- BuildIgnore libtalloc and libtdb to prevent a package conflict on Fedora systems.- Install talloc.pc only on pre-12.2 and non SUSE systems.- BuildRequire libldb-devel, libtalloc-devel, libtdb-devel, and libtevent-devel on post-12.1 systems.- s3: Fix a segfault with debug level 3 on Solaris; (bso#8861). - s3: wbinfo --lookup-sids "" crashes winbind; (bso#8904). - smbd crashes when deleting directory and veto files are enabled; (bso#8837). - winbind_krb5_locator only returns one IP address; (bso#8897). - Wrong assertion/comparison: Compare value not pointer; (bso#8859). - Inconsistent (with manpage) command-line switch for "help" in smbtree; (bso#8831). - Fix incorrect debug statement. - Setting traverse rights fails to enable directory traversal when acl_xattr in use; (bso#8857). - Syslog broken owing to mistyping of debug_settings.syslog; (bso#8877). - s3/ldap: remove outdated netscape ds 5 schema file; (bso#8869). - s3-docs: fixes several typos; (bso#7938). - s3-VFS: Fix building out-of-tree modules; (bso#8822). - s3-docs: Add hint that setting "profile acls = yes" on normal shares can cause trouble; (bso#7930). - s3-pam_winbind: Fix the build with a newer iniparser library; (bso#8915). - Avoid null dereference in initialize_password_db(); (bso#8920). - s3:registry: implement values_need_update and subkeys_need_update in the smbconf backend. - s3:registry:reg_api: fix reg_queryvalue to not fail when values are modified while it runs. - s4:torture:rpc:spoolss: also initialize driverName before checking it in test_PrinterData_DsSpooler(). - s3:registry: multiple cleanups, fixes, and optimisations. - s3:auth/server_info: the primary rid should be in the groups rid array; (bso#8798). - s3-printing: Add new printers to registry; (bso#8554); (bso#8612); (bso#8748). - Fix the overwriting of errno before use in a DEBUG statement and use the return value from store_acl_blob_fsp rather than ignoring it; (bso#8945). - s3-auth: Don't lookup the system user in pdb; (bso#8944). - s3-passdb: Fix negative SID->uid/gid cache handling; (bso#8952). - Fix typo in pam_winbindd code; (bso#8957). - Fix remove_duplicate_addrs2 previously it could leave zero addresses in the list; (bso#8910). - Slow but responsive DC can lock up winbindd; (bso#8943). - Broken processing of %U with vfs_full_audit when force user is set; (bso#8882).- Disable included build of ldb, talloc, tdb, and tevent on post-12.1 systems. - BuildRequire libldb1-devel, libtalloc2-devel, libtdb1-devel, and libtevent0-devel on post-12.1 systems.- Add PreReq /etc/init.d/nscd to the winbind package; (bnc#759731).- docs-xml: fix default name resolve order; (bso#7564). - s3-aio-fork: Fix a segfault in vfs_aio_fork; (bso#8836). - docs: remove whitespace in example samba.ldif; (bso#8789). - s3-smbd: move print_backend_init() behind init_system_info(); (bso#8845); (bnc#730769). - s3-docs: Prepend '/' to filename argument; (bso#8826).- Update to 3.6.5. - Restrict self granting privileges where security=ads for Samba post-3.3.16; CVE-2012-2111; (bnc#757576).- Remove all precompiled idl output to ensure any pidl changes take effect; (bnc#757080).- Update to 3.6.4. - Samba pre-3.6.4 are affected by a vulnerability that allows remote code exe- cution as the "root" user; PIDL based autogenerated code allows overwriting beyond of allocated array; CVE-2012-1182; (bso#8815); (bnc#752797).- s3-winbindd: Only use SamLogonEx when we can get unencrypted session keys; (bso#8599). - Correctly handle DENY ACEs when privileges apply; (bso#8797).- s3:smb2_server: fix a logic error, we should sign non guest sessions; (bso8749). - Allow vfs_aio_pthread to build as a static module; (bso#8723). - s3:dbwrap_ctdb: return the number of records in db_ctdb_traverse() for persistent dbs; (#bso8527). - s3: segfault in dom_sid_compare(bso#8567). - Honor SeTakeOwnershiPrivilege when client asks for SEC_STD_WRITE_OWNER; (bso#8768). - s3-winbindd: Close netlogon connection if the status returned by the NetrSamLogonEx call is timeout in the pam_auth_crap path; (bso#8771). - s3-winbindd: set the can_do_validation6 also for trusted domain; (bso#8599). - Fix problem when calculating the share security mask, take priviliges into account for the connecting user; (bso#8784).- Fix crash in dcerpc_lsa_lookup_sids_noalloc() with over 1000 groups; (bso#8807); (bnc#751454).- Remove obsoleted Authors lines from spec file for post-11.2 systems.- Make ldapsmb build with Fedora 15 and 16; (bso#8783). - BuildRequire libuuid-devel for post-11.0 and other systems. - Define missing python macros for non SUSE systems. - PreReq to fillup_prereq and insserv_prereq only on SUSE systems. - Always use cifstab instead of smbfstab on non SUSE systems.- Ensure AndX offsets are increasing strictly monotonically in pre-3.4 versions; CVE-2012-0870; (bnc#747934).- Add SERVERID_UNIQUE_ID_NOT_TO_VERIFY; (bso#8760); (bnc#741854).- s3-printing: fix crash in printer_list_set_printer(); (bso#8762); (bnc#746825).- s3:winbindd fix a return code check; (bso#8406).- s3: Add rmdir operation to streams_depot; (bso#8733).- s3:smbd:smb2: fix an assignment-instead-of-check bug conn_snum_used(); (bso#8738); CVE-2013-0454; (bnc#811975).- s3:auth: fill the sids array of the info3 in wbcAuthUserInfo_to_netr_SamInfo3(); (bso#8739).- s3:client: ignore SMBecho errors (the server may not support it); (bso#8139).- Be more strict when using PAM_AUTH API from winbind if Kerberos auth is enabled and don't unintentionally use a bogus domain name; (bso#8734).- smbclient fails with posix large reads; (bso#8727).- Use the smbfs init script on versions pre-11.3, or cifs in later versions; (bnc#744614).- s3: Compile IDL files in autogen, some configure tests need this.- Fixes various deadlocks in if-up.d / if-down.d when running under systemd; (bnc#732395).- Update to 3.6.3. + Fix memory leak in parent smbd on connection; CVE-2012-0817; (bso#8724); (bnc#743986).- Use spdx.org compliant license names for all packages.- Update to 3.6.2. + Make Winbind receive user/group information (bug #8371). + Several SMB2 fixes. + Fix a crash bug in the spoolss code. + Add new contributing FAQ announcing acceptance of corporate (C). + DeletePrinterDriverEx deletes files in use; (bso#4942); (bnc#742504). + Fix cli_write_and_x() against OS/2 print shares; (bso#5326). + Fix 'smbclient tar' for files greater than 8GB on BE machines; (bso#563); (bnc#726145). + Remove pointless use_memory_krb5_ccache; (bso#7465). + Fix perl path; (bso#8176). + Grant credits in async interim responses (SMB2); (bso#8357). + Make Winbind receive user/group information; (bso#8371). + Fix Windows XP clients crashing smbd process every once in a while; (bso#8384); (bnc#731571). + Make VFS op "streaminfo" stackable; (bso#8419). + Add an allocation pool to idmap_autorid; (bso#8444). + Fix SEGFAULT from net registry export on not zero terminated REG_SZ values; (bso#8528). + Make DSO_EXPORTS_CMD more portable; (bso#8531). + readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). + smbclient posix_open command fails to return correct info on open file; (bso#8542). + winbind_samlogon_retry_loop ignores logon_parameters flags; (bso#8548). + Fix setting the machine account password; (bso#8550). + Make SMB2 handle compound request headers in the same way as Windows; (bso#8560). + Password change settings not fully observed; (bso#8561). + Fix double free error in talloc; (bso#8562). + Fix alignment in the non-extended-security negprot; (bso#8573). + Add systemd service files; (bso#8575). + Add systemd service files; (bso#8575). + smb2_flush: Don't send uninitialized memory; (bso#8579). + Enable inotify if sys or kernel inotify is available; (bso#8580). + Increase a debug level; (bso#8585). + libsmb: Only align unicode pipe_name; (bso#8586). + Fix marshalling of samr_ChangePasswordUser3; (bso#8591). + Don't limit the number of open dptrs for SMB2; (bso#8592). + Fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). + Make cldap work over IPv6; (bso#8600). + Fix intermittent print job failures caused by character conversion errors; (bso#8606). + Improve configure.in so it can be used outside the Samba source tree; (bso#8607). + Winbind: Don't fail on users without a uid; (bso#8608). + Ensure we correctly calculate reply credits over all returned SMB2 replies; (bso#8614). + Fix migrate printer code; (bso#8618). + Fix crash bug when trying to browse Samba printers; (bso#8623). + libsmb: Don't duplicate Kerberos service tickets; (bso#8628). + POSIX ACE x permission becomes rx following mapping to and from a DACL; (bso#8631). + When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636). + Fix the vfs_commit module; (bso#8639). + Add an update function for Winbind cache; (bso#8643). + vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). + Document the "ignore system acls" option of vfs_acl_xattr and vfs_acl_tdb vfs modules; (bso#8652). + Fix deleting a symlink if the symlink target is outside of the share; (bso#8663). + Fix renaming a symlink if the symlink target is outside of the share; (bso#8664). + Fix NT ACL issue; (bso#8673). + Fix buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). + Fix Winbind segfault if we can't map the last user; (bso#8678). + recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). + Try ctdbd_init_connection() as root; (bso#8684). + Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686). + Fix typo in 'net memberships' usage; (bso#8687). + libads: Fix malloc/talloc mismatch in ads_keytab_verify_ticket(); (bso#8692). + Make DeletePrinterDriverEx remove printer driver files; (bso#8697) (bnc#740810). + Fix major leak with SMB2 in connections.tdb; (bso#8710).- s3-spoolss: Pass the right pointer type; (bso#4942); (bnc#742504).- Use correct license, LGPLv3+ for libwbclient packages.- When returning an ACL without SECINFO_DACL requested, we still set SEC_DESC_DACL_PRESENT in the type field; (bso#8636).- Fix incorrect types in the full_audit VFS module. Add null terminators to audit log enums; (bnc#742885).- Prefix print$ path on driver file deletion; (bso#8697); (bnc#740810). - Fix printer_driver_files_in_use() call ordering; (bso#4942); (bnc#742504).- Buffer overflow issue with AES encryption in samba traffic analyzer; (bso#8674). - NT ACL issue; (bso#8673). - Deleting a symlink fails if the symlink target is outside of the share; (bso#8663). - connections.tdb - major leak with SMB2; (bso#8710).- Renaming a symlink fails if the symlink target is outside of the share; (bso#8664).- Intermittent print job failures caused by character conversion errors; (bso#8606). - ads_keytab_verify_ticket mixes talloc allocation with malloc free; (bso#8692). - libcli/cldap: fix a crash bug in cldap_socket_recv_dgram(); (bso#8593). - s3:lib/ctdbd_conn: try ctdbd_init_connection() as root; (bso#8684). - s3-printing: fix migrate printer code; (bso#8618). - Packet validation checks can be done before length validation causing uninitialized memory read; (bso#8686).- net memberships usage info was wrong; (bso#8687). - s3-libsmb: Don't duplicate kerberos service tickets; (bso#8628). - Recvfile code path using splice() on Linux leaves data in the pipe on short write; (bso#8679). - s3-winbind: Fix segfault if we can't map the last user; (bso#8678). - vfs_acl_xattr and vfs_acl_tdb modules can fail to add inheritable entries on a directory with no stored ACL; (bso#8644). - s3/doc: document the ignore system acls option of vfs_acl_xattr and vfs_acl_tdb; (bso#8652). - Winbind can't receive any user/group information; (bso#8371). - s3-winbind: Add an update function for winbind cache; (bso#8643). - s3: Attempt to fix the vfs_commit module. - POSIX ACE x permission becomes rx following mapping to and from a DACL; (#bso#8631). - s3:libsmb: only align unicode pipe_name; (bso#8586). - s3-winbind: Don't fail on users without a uid; (bso#8608). - Crash when trying to browse samba printers; (bso#8623). - talloc: double free error; (bso#8562). - cldap doesn't work over ipv6; (bso#8600). - s3:libsmb: fix cli_write_and_x() against OS/2 print shares; (bso#5326). - SMB2: not granting credits for all requests in a compound request; (bso#8614). - smb2_flush sends uninitialized memory; (bso#8579). - Password change settings not fully observed; (bso#8561). - s3:smb2_server: grant credits in async interim responses; (bso#8357). - s3:smbd: don't limit the number of open dptrs for smb2; (bso#8592). - samr_ChangePasswordUser3 IDL incorrect; (bso#8591). - idmap_autorid does not have allocation pool; (bso#8444). - Add systemd service files. - s3:libsmb: the workgroup in the non-extended-security negprot is not aligned; (bso#8573). - s3-build: Fix inotify detection; (bso#8580). - SMB2 doesn't handle compound request headers in the same way as Windows; (#bso8560). - Disconnecting clients swamp the logs; (bso#8585). - s3-netlogon: Fix setting the machinge account password; (bso#8550). - winbind_samlogon_retry_loop ignores logon_parameters flags; (#bso8548). - smbclient posix_open command fails to return correct info on open file; (bso#8542). - readlink() on Linux clients fails if the symlink target is outside of the share; (bso#8541). - s3-netapi: remove pointless use_memory_krb5_ccache; (bso#7465). - s3:Makefile: make DSO_EXPORTS_CMD more portable; (bso#8531). - s3:registry: fix the test for a REG_SZ blob possibly being a zero terminated ucs2 string; (bso#8528). - Make VFS op "streaminfo" stackable; (bso#8419).- Fix incorrect perfcount array length calculations; (bnc#739258).- BuildRequire autoconf to avoid implicit dependency for post-11.4 systems.- Remove call to suse_update_config macro for post-11.4 systems.- Use samba.org for the ldapsmb source location.- Fixing libsmbsharemode dependency on ldap and krb5 libs in Makefile; (bnc #729516).- Do not map POSIX execute permission to Windows FILE_READ_ATTRIBUTES; (bso#8631); (bnc#732572).- Add ldap to Should-Start and Stop of the smb init script; (bnc#730046).- Fix smbd srv_spoolss_replycloseprinter() segfault; (bso#8384); (bnc#731571).- Fix pam_winbind.so segfault in pam_sm_authenticate(); (bso#8564).- Fix smbclient >8GB tars on big endian machines; (bso#563); (bnc#726145).- Fix typo in net ads join output; (bnc#713135).- Ignore a potentially missing AppArmor snippet helper script; (bnc#725256).- Update to 3.6.1. + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Several SMB2 fixes. + The VFS ACL modules are no longer experimental but production-ready. + Fix 'net ads join -k' when KRB5CCNAME is not set; (bso#7465). + smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509). + Return error of cli_push when 'put - /some/file' is used; (bso#7551). + Fix usage of cli_errstr(); (bso#7864). + Fix 'widelinks' regression; (bso#8229). + Empty notify servername; (bso#8236). + Add man vfs_aio_fork; (bso#8256). + smb2: smbd logs "Invalid SMB packet: first request: 0x0008" and crashes; (bso#8334). + Add a fallback for missing open&x support in MAC OS/X Lion; (bso#8338). + While migrating forms, don't fail if the form already exists; (bso#8351). + OS/2 sends an unexpected write&x/read&x chain; (bso#8360). + Fix build of vfs_prealloc on SLES8; (bso#8363). + Fix the build of gpfs.c on RHEL 6.0 with gpfs 3.4.0-4; (bso#8364). + Fix the fallback to the deprecated spelling idmap:script; (bso#8368). + Fix vfs_chown_fsp; (bso#8370). + Fix smbd crashes triggered by Windows XP clients; (bso#8384). + Fix smbclient access to NT4 shares; (bso#8385). + Optimize serverid_exists() for Solaris; (bso#8395). + registry/reg_format.c must include includes.h; (bso#8401). + SMB2 server can return requests out-of-order when processing a compound request; (bso#8407). + Fix a Winbind race leading to 100% CPU load; (bso#8409). + Fix "saving as" of MS Office 2007 (Word) documents on Samba shares with SMB2; (bso#8412). + Fix 'getent group' if trusted domains are not reachable; (bso#8420). + Fix infinite loop in ACL module code; (bso#8422). + Fix wrong reply to DHnC (durable handle reconnect); (bso#8428). + Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429). + Fix segfault in iconv.c; (bso#8433). + NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442). + Be smarter about setting default permissions when a ACL_USER_OBJ isn't given; (bso#8443). + Check the wct of the incoming SMBnegprot responses; (bso#8452). + Fix smbclient segfaults when dialect option -m is used for legacy dialects; (bso#8453). + Fix uninitialized memory problem in group_sids_to_info3; (bso#8455). + Samba PDC is looking up only primary user group; (bso#8455). + IE9 on Windows 7 cannot download files to samba 3.5.11 share; (bso#8458). + smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473). + SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474). + Don't call smbd_terminate_connection in smb2_validate_message_id(); (bso#8476). + Samba asserts when SMB2 client breaks the crediting rules; (bso#8476). + Map to guest can return uninitialized blob of data; (bso#8477). + acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480). + DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493). + Remove "experimental" label on VFS ACL modules; (bso#8494). + SMB2_OP_CANCEL requests don't have to be signed; (bso#8503). + smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507). + Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509). + Disallow "." in can_set_delete_on_close(); (bso#8515). + SMB2 create call returns incorrect file allocation size; (bso#8518). + Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520). + Winbind cache timeout expiry test was reversed; (bso#8521).- s3/doc: add man page for aio_fork vfs module.- Fix uninitialized memory problem in group_sids_to_info3; (bso#8455).- s3: Samba PDC is looking up only primary user group; (bso#8455).- Add script to create or update an AppArmor sniplet with permissions for all Samba shares; (bnc#688040).- Add "ldapsam:login cache" parameter to allow explicit disabling of the login cache; (bnc#723261).- Retain the smbd startproc return value for correct startup status reporting. unset was incorrectly being called prior to rc_status; (bnc#723724).- Prevent deadlock in systemd triggered by if-down.d handler on shutdown; (bnc#721598).- smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; changed defaults and documentation (bso8473).- Empty CIFS share can be blocked for other clients by deleting it via empty path (DELETE_PENDING until the last client); (bso#8515).- winbindd cache timeout expiry test was reversed; (bso#8521).- Fix SMB2 SMB2_OP_GETINFO and SMB2_OP_IOCTL parsing requirements; (bso#8520).- s3:smb2_create: fix allocation size return value when opening existing files; (bso#8518).- SMB2 create doesn't cope with an Apple client using NULL blob in create; (bso#8474).- NFSv4 DENY ACLs always include SYNCHRONIZE flag - blocking renames; (bso#8442).- s3-docs: Fix bug (bso#7908) and typo.- Return error of cli_push when 'put - /some/file' is used; (bso#7551).- Read-only handles on SAMR allow SAMR_DOMAIN_ACCESS_CREATE_USER; (bso#8509).- smbd doesn't correctly honor the "force create mode" bits from a cifsfs create; (bso#8507).- Default user entry is set to minimal permissions on incoming ACL change with no user specified; (bso#8443).- smb_acl_to_posix: ACL is invalid for set (Invalid argument); (bso#7509).- Handle the SECINFO_LABEL flag in the same was as Win2k3; enable Microsoft Internet Explorer 9 on Windows 7 to download files; (bso#8458).- DFS breaks zip file extracting unless "follow symlinks = no" set; (bso#8493).- s3-docs: Fix typos.- s3:smb2_server: SMB2_OP_CANCEL requests don't have to be signed; (bso#8503).- Remove "experimental" label on VFS ACL modules; (bso#8494).- acl_xattr can free an invalid pointer if no blob is loaded; (bso#8480).- s3-smbd: asserts when SMB2 client breaks the crediting rules; (bso#8476).- s3-libnet: allow to use default krb5 ccache in libnet_Join/libnet_Unjoin; (bso#7465).- smb2_find uses a hard coded max reply size of 0x10000 instead of smb2_max_trans; (bso#8473).- s3-netapi: allow to use default krb5 credential cache for libnetapi users.- s3-docs: document -k switch in net manpage.- Map to guest can return uninitialized blob of data; (bso#8477).- s3-registry: registry/reg_format.c must include includes.h; (bso#8401).- smbclient segfaults when option -m is used for legacy dialects; (bso#8453).- Fix 'widelinks' regression intro'd in 3.2; (bso#8229).- Compound SMB2 requests on an IPC connection can corrupt the reply stream; (bso#8429).- s3-spoolss: Fix bug forms migration; (bso#8351).- s3:libsmb: check the wct of the incoming SMBnegprot responses; (bso#8452).- s3: Do not fork the echo handler for smb2; (bso#8334).- s3-spoolss: Fix bug empty notify servername; (bso#8236).- SMB2 server can return requests out-of-order when processing a compound request; (bso#8407).- Remove smb child crash fix. The issue had been fixed upstream differently.- BuildRequire ctdb-devel version greater than 1.0.105 for post-10.0 systems.- Fix samba duplicates file content on appending. Move posix case semantics out from under the VFS; (bso#6898); (bnc#681208).- Make winbind child reconnect when remote end has closed, fix failing sudo; (bso#7295); (bnc#569721).- Spec file cleanup as suggested by the spec-cleaner tool. + Make all BuildRequires, PreReq, and Provides a separate line. + Use %{buildroot} instead of ${RPM_BUILD_ROOT}. + Use straight commands instead of macros (make, install). + Use -p in post and postun if we only call one command. + Use %{_localstatedir} instead of %{_var} in the filelist. + Remove superfluous AutoReqProv on lines.- Remove %release from all Provides.- Fix segfault in iconv.c which caused a null pointer dereference; (bso#8433).- Use /var/run for the cifs state file in the init script too; (bnc#710304).- Microsoft Word from Microsoft Office 2007 fails to save as on a share with SMB2; (bso#8412).- Use sys_write and sys_read in fork_domain_child to fix a winbind race leading to 100% CPU usage; (bso#8409).- Fix wrong reply to smb2 durable handle reconnect (DHnC) request; (bso#8428).- Fix infinite loop in ACL module code; (bso#8422).- Fix getent group if trusted domains are not reachable; (bso#8420).- smbclient can't access a NT4 share since 3.6.0; (bso#8385).- Optimize serverid_exists() for Solaris; (bso#8395).- talloc: + check block count after references test. + added test suite for talloc_free_children(). + license info erratum in the manpage. + fix typos and better differentiation between versions 1 and 2. + preserve context name on talloc_free_children(). + ensure the sibling linked list remains valid during a free.- vfs_chown_fsp returned in the wrong directory; (bso#8370).- Remove irritating "." targets when recent system libs exist; (bso#8369).- Correctly initialize "idmap config * : script" with NULL; (bso#8368).- Add missing include to suppress compiler warnings; (bso#8365).- Point the chain offset beyond the current request; (bso#8360).- Fix gpfs vfs module build; (bso#8364).- Make vfs_prealloc even build on older systems; (bso#8363).- Do central cli_set_error and return the actual NTSTATUS; (bso#7864).- Add a fallback for missing open&x support in OS/X Lion; (bso#8338).- Update to 3.6.0. + BUG 7462: Make SA_RESETHAND conditional on its existance. + BUG 8303: db_ctdb_send_schedule_for_deletion() is not defined. + BUG 8324: smbclient cannot list directories from a big-endian machine. + BUG 8326: WinXP cannot join a Samba3 domain with a 'even' hostname. + BUG 8327: Fix the reload of the configuration, also reload activated registry shares. + BUG 8328: Cleanup of idmap_tdb2 code. + BUG 8330: Fix NFSv4 ACL merging logic. + BUG 8335: File copy aborts with smb2_validate_message_id: bad message_id. + BUG 8341: Fix segfault in libsmbclient. + BUG 8343: Fix SMB2 crash reading with aio_fork beyond the end of file. + BUG 8347: Fix regression for HP-UX, AIX and OSF. + BUG 8357: Make sure we grant credits on async read/write operations. + BUG 8358: Fix a bug in run_poll_events(). + BUG 8362: Fix build issue on old glibc systems.- Remove references to disabled vscan build.- Add missing define, includes, and initialization to get_printing_ticket.- Use /var/run for the cifs state file; (bnc#710304).- Fix #ifdef CTDB_CONTROL_SCHEDULE_FOR_DELETION issue; (bso#8303).- File copy aborts with smb2_validate_message_id: bad message_id; (bso#8335).- Fix reload of the configuration and also reload activated registry shares; (bso#8327).- WinXP cannot join a Samba3 domain with a 'even' hostname; (bso#8326).- smbclient cannot list directories from a big-endian machine; (bso#8324).- Update to 3.6.0rc3. + BUG 7841: Explicitly pass domain_sid to wbint_LookupRids(). + BUG 7888: Deal with buggy 3.0 based PDCs. + BUG 8083: Fix "inherit owner = yes" with vfs_acl_xattr or vfs_acl_tdb module. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8102: Do not allow to change file ACLs from normal domusers. + BUG 8193: Add new command 'enumerate_recursive'. + BUG 8195: Make rpc client code working against NT4 servers. + BUG 8211: Fix "inherit owner = yes" when "inherit permissions = yes" is set. + BUG 8213: Fixes in idmap_autorid. + BUG 8214: Fix smbd crash on printer driver upgrade. + BUG 8215: Fix Winbind unix username lookup. + BUG 8216: Make Winbind returning correct results with 'sids2xids'. + BUG 8217: Do not stat-check the share path in 'net conf addshare'. + BUG 8219: Fix SMB Panic from Windows 7 client. + BUG 8224: Fix the build on FreeBSD. + BUG 8226: Use c99 initializers which are supported by old gcc 2.95 compilers. + BUG 8230: Move .nmbd socket directory to non-hidden name PREFIX/var/nmbd. + BUG 8231: Fix crash bug in 'net cache get'. + BUG 8235: Fix smbd crash on startup caused by migrate_printer(). + BUG 8240: Fix Valgrind warnings in winreg/spoolss code. + BUG 8244: Fix copying files larger than 2 GB to a Samba share. + BUG 8247: Fix Coverity ID 2582: FORWARD_NULL. + BUG 8253: Fix Winbind panic if verify_idpool() fails. + BUG 8254: Fix "acl check permissions = no". + BUG 8260: Fix DCERPC responses with fragments larger than 1024 bytes. + BUG 8262: Fix build of vfs_commit. + BUG 8263: Fix build with --with-fake-kaserver or --with-vfs-afsacl. + BUG 8264: Fix Valgrind bugs in svcctl. + BUG 8276: Close all sockets attached to a subnet in close_subnet(). + BUG 8278: Fix smbd panic when CTDB is unhealthy. + BUG 8281: Fix build of examples/VFS/*. + BUG 8286: Fix smbd crash on premature end of smb2 conn. + BUG 8292: Fix a major architectural flaw in the SMB2 server code. + BUG 8293: Fix log file rotating in SMB2. + BUG 8304: Fix uninitialized variable in error path. + BUG 8305: Fix segfault in nmbd when using 'smbtree ...'.. + BUG 8307: brl_close_fnum does not call SMB_VFS_BRL_UNLOCK_WINDOWS on all locks. + BUG 8310: toupper_ascii() is broken on big-endian systems. + BUG 8314: Fix smbd crash with unknown user. + Mark 'time offset' parameter as deprecated.- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site scripting vulnerability; CVE-2011-2694; (bso#8289); (bnc#708503).- The Samba Web Administration Tool (SWAT) versions 3.0.x to 3.5.9 are affected by a cross-site request forgery; CVE-2011-2522; (bso#8290); (bnc#705241).- Fixed the DFS referral response for msdfs root; (bnc#703655).- Fix CUPS print job IDs; (bso#7288); (bnc#701257).- Make use of the actual library version as part of the package name on post-11.3 systems only.- Fix winbind internal error; (bso#7636); (bnc#659424).- Improve ctdb vacuuming performance with use of SCHEDULE_FOR_DELETION; (bnc#705170).- Specify nmbdsocketdir at configure time; (bnc#700953).- Build the tdb, talloc, and tevent libraries ahead of anything else.- Update to 3.6.0rc2. + BUG 6911: Fix Kerberos authentication from Vista to Samba. + BUG 8166: Don't lockout users when offline. + BUG 8200: Add support for multiple writeable ldap idmap domains. + BUG 8148: Default to protocol version 2 for SMB Traffic Analyzer. + BUG 7054: Fix X account flag when "pwdlastset" is "0". + BUG 8144: Fix setting timestamp when touching files with CIFS clients. + BUG 8153: Fix setting up getaddrinfo on IPv6-only machines. + BUG 8156: Fix 'net ads join' using the user's Kerberos ticket. + BUG 8157: Fix parsing a cups printcap file. + BUG 8175: Fix smbd deadlock. + BUG 8189: Support shadow copy display over SMB2. + BUG 8197: Winbind does not properly detect when a DC connection is dead. + BUG 8203: Winbind needs to reset the DC connection if an RPC times out.- Make cupsaddsmb fill printers location; (bso#8132); (bnc#698209).- Add "winbind max clients" parameter to remove 200-client limit; (bnc#697461).- Disable logon cache for password lockout consistency when running in a cluster; (bnc#694836).- Fix logon of AD users with many group memberships; (bso#6911); (bnc#657026).- Don't lockout users while offline; (bso#8166); (bnc#692607).- Update to 3.6.0rc1. + BUG 8111: CIFS VFS: Fix unexpected error on SMB posix open. + BUG 8112: POSIX extension opens of a directory are denied with EISDIR. + BUG 8132: Fix filling printers location field when using cups. + Remove fstrings from client struct. + BUGFIX when converting from safe_strcpy to strlcpy. + Fix off-by-one calculations with strlcpy. + Ensure we always write the correct incoming mid into the share mode table entries. + Fix the SMB2 oplock showstopper. + Convert user-specified domain to uppercase in libsmb. + Fix Coverity CID #2302: FORWARD_NULL. + Fix cups_pull_comment_location(). + Fix double free of cups request. + Make cups_pull_comment_location() work again. + Fix potential crash bug in display_print_driver3(). + Properly clean up in pthreadpool_init in case of failure. + Make plaintext session setup async. + Reduce fd load in Winbind children. + Avoid a potential 100% CPU loop in Winbind. + Tune broadcast namequeries for unique names. + Properly deal with exited winbind children. + Fix dup_smb2_vec3. + Fix return check in nss_wins.- Fix to renew the kerberos ticket in samba after expiry; (bnc#669949).- Fix a 100% CPU loop when ctdbd dies during a traverse; (bnc#693945).- Make dhcpcd hook BOOTPROTO check cover dhcp6 too; (bnc#691969).- Handling of large (> 256 bytes) ntlmv2 blobs in winbind; (bnc#529946).- Package static libraries with 0644 permissions.- Add Requires libtalloc-devel to libldb-devel and libtevent-devel.- Rename libldb0 to libldb1 as 1 is the current major version of the library. - Add libldb1 and libtevent0 to baselibs.conf.- Don't call the suse_update_config macro before building lib ldb and tevent.- Update to 3.6.0pre3. + Listen on IPv6 addresses with IPV6_ONLY; (bso#7383). + Fix wrong output in 'smbget'; (bso#8066). + "inherit owner = yes" doesn't interact correctly with vfs_acl_xattr or vfs_acl_tdb module; (bso#8083). + rpccli_samr_chng_pswd_auth_crap segfaults if any input blobs are null; (bso#8088). + setpwent() actually does endpwent() and vice versa on FreeBSD; (bso#8099). + Fix the build of 'smbget' on HP NonStop; (bso#8106). + Fix build of tdb2. + Correctly detect and deny symlinks anywhere in a path (not just the last component) if "follow symlinks = no". + Fix timeout in rpc_pipe_open_tcp_port(). + Fix the build of "--with-profiling-data". + Fix Coverity IDs 986, 1340, 2047, 2299, 2307, 2325, 2335, 2336, 2470, 2471, 2478. + nsswitch: Add 'wbinfo --lookup-sids'. + nsswitch: Add 'wbinfo --sids-to-unix-ids'. + Fix smbd with the async echo responder. + Fix the build of vfs_gpfs.c. + Add a 10-second timeout for the 445 or netbios connection to a DC. + Many pthreadpool fixes. + Fix transaction recovery area for converted tdbs.- Add PreReq permissions to the krb-printing package.- Remove _libdir ldb and tevent from file list. - Explicitly state not to bundle talloc or tdb while ldb and tevent build.- Always use the actual library version as part of the package name. - Exclude shared python modules.- Fix printing from Windows 7 clients; (bso#7567); (bnc#687535).- Update pidl and always compile IDL at build time; (bnc#688810).- Update to 3.6.0pre2. + ID Mapping changes. + Implement SMB2 support. + Add an Endpoint Mapper daemon. + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Quota only shown when logged as root; (bso#7080). + Fix printing from Windows 7; (bso#7567). + Retry DNS updates when connection to one nameserver has failed; (bso#7690). + Unlink may unlink wrong file when hardlinks are involved; (bso#7863). + Fix 'nmbd --port'; (bso#7875). + cmd_spoolss_deletedriver() returned without checking all architectures; (bso#7880). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix cups pcap reload with no printers; (bso#7915). + Fix bug in chain_reply; (bso#7917). + Fix problems with "kernel oplocks" option set to "no"; (bso#7928). + Fall back for utimes calls; (bso#7940). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let winbind try to use samlogon validation level 6; (bso#7945). + Sgid bit lost on folder rename; (bso#7996). + Fix getting username in 'net rap session'; (bso#8009). + Fix inode generation so nautilus can count total dir size correctly; (bso#8010). + Use jenkins hash for str_checksum; (bso#8010). + Add explicit configure option whether or not to enable dmapi support; (bso#8033). + Fix smbclient segfault with Cyrillic netbios names; (bso#8040). + Fix file creation on OS/X; (bso#8042). + Add "--option" to 'testparm'. + Fix crash bug on smbd shutdown when using FOPENDIR(). + Ensure we don't return an incorrect access mask. + Fix bug against the new Mac client. + Fix leak in error path. + Fix error where Windows client spoolss returns WERR_INVALID_DATA. + Fix a segfault in the krb5 locator plugin. + Enable sharesec for registry shares. + Fix memory leak in "security=share" and "force user". + Add "net idmap check", a check and repair tool for the id mapping database. + Add new 'net idmap delete' command. + Fix segfault on missing input file in 'net idmap restore'. + Fix 'net usersidlist' not to skip every other user. + Fix potential crash bug in spoolss_PrinterEnumValues push path. + Internal restructuring. + Don't wipe out all printer drivers when only one should be deleted. + Fix winbindd_dual_pam_auth_samlogon() for NT4 domains. + Fix memory leak in print_cups.c. + Remove duplicate cups response processing code. + Follow force user/group for driver IO. + Initiate pcap reload from parent smbd. + Reload shares after pcap cache fill. + Fix numerous Coverity IDs (2041 and others). + Fix a memory leak in check_sam_security_info3. + Fix a segfault in the nss wrapper when libnss_winbind.so is not loadable. + Make "net sam list [users|workstations]" list only the right things. + Fix a potential memleak in secrets_fetch_trusted_domain_password. + Use the right credentials in check_netlogond_security. + Add support for AF_NETLINK addr notifications. + Fork multiple Winbind children per domain. + Fix a deadlock between smbd and ctdbd. + Add 'wbinfo --dc-info'. + Make "nmbd socket dir" configurable. + Fixed valgrind errors. + Fix a memleak in receive_getdc_response. + Don't grant SEC_STD_DELETE always to the owner of a file. + Fix segfaults on addrchange errors in Winbind. + Allow machine accounts as members in groupdb. + Add IPv6 support for the endpoint mapper. + Free unused memory in the rpc server. + Fix possible segfaults in svcctl server. + Fix possible segfault with client_id in rpc server. + Add a 'svcctl shutdown' function to rpc server. + Fix a resource leak in net_afs. + Fix a resource leak in smbta-util. + Fix possible resource leak in net_usershare. + Fix possible resource leak in 'smbget'. + Fix possible resource leak in 'smbfilter'. + Fix a possible null pointer dereference in smbd. + Ensure we send the direct levelII oplock break to the correct fid. + Fix private libdir and codepages paths. - Add RFC 3454 to the vendor files.- Fix idmap_tdb for big-endian systems such as ppc and s390; (bso#6901); (bnc#675978).- Fix smbclient -M NT_STATUS_PIPE_BROKEN failure; (bso#7635); (bnc#681913).- Replace jobs by _smp_mflags macro while calling make on post-11.4 systems.- Don't crash when publishing a single printer; (bnc#643119).- Carry error status in printer list IPC message, do not refresh printers if cups is unavailable; (bso#7994); (bnc#675478).- Define the libwbclient packages ahead of packages with a different version.- Use %_smp_mflags for parallel building.- Update to 3.5.8. + Fix Winbind crash bug when no DC is available; (bso#7730). + Fix finding users on domain members; (bso#7743). + Fix memory leaks in Winbind; (bso#7879). + Fix printing with Windows 7 clients; (bso#7567). + Fix 'testparm' return code when EOF in encountered in param name; (bso#3185). + Make "rlimit_max below minimum Windows limit" notification less scary; (bso#6837). + Fix "Your Password expires today" message for users of trusted domains; (bso#7066). + Fix maintaining of users' groups via UsrMgr; (bso#7262). + Fix 'net ads dns register' in Windows 2008 R2 domains; (bso#7356). + Raise debug level for "reduce_name: couldn't get realpath" messages; (bso#7409). + Fix updating the time on close in vfs_gpfs; (bso#7498). + Fix "log=>ndr_pull_error" in 'wbinfo -u' and 'wbinfo -g'; (bso#7594). + Handle Windows 9x adddriver calls without config file; (bso#7641). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix memory leak in the netapi routines; (bso#7665). + Store unmodified copies of security descriptors in acl_xattr and acl_tdb modules; (bso#7716). + Fix incorrect unix mode_t caused by invalid client DOS attributes on create; (bso#7733). + Apply appropriate create masks when creating files with "inherit ACLs" set to true; (bso#7734). + Fix "dfree cache time" parameter; (bso#7744). + Fix a getgrent crash with many groups; (bso#7774). + Fix requesting lookups for BUILTIN sids; (bso#7777). + Fix smbd crash caused by expand_msdfs; (bso#7779). + Fix atime limit; (bso#7785). + vfs_scannedonly: Switch from mtime to ctime which is more reliable; (bso#7789). + Fix copying files from a SMB share using Gnome vfs and SMB signing; (bso#7791). + Make Winbind recover from a signing error; (bso#7800). + ACL inheritance cannot be disabled in vfs_acl_xattr/vfs_acl_tdb; (bso#7812). + Fix "force group" with ntlmssp guest session setup; (bso#7817). + vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835). + Make WINBINDD_LOOKUPRIDS asking the right domain; (bso#7841). + Make WINBINDD_LOOKUPRIDS returning the domain name; (bso#7842). + Expand the local SAMs aliases; (bso#7843). + ntlm_auth: Support clients which offer a spnego mechs we don't support; (bso#7855). + Fix 'net ads dns register' in cluster setups; (bso#7871). + Fix 'nmbd --port'; (bso#7875). + Make 'rpcclient deldriver' delete drivers for all architectures; (bso#7880). + Fix flaky Winbind against Windows 2008; (bso#7881). + Fix SMB session setups with Kerberos against some closed source SMB servers; (bso#7883). + Fix stale lock in open_file_fchmod(); (bso#7892). + Fix sporadic Winbind panic in rpc query_user_list; (bso#7894). + Don't set SAMR_FIELD_FULL_NAME if we just want to set the account name; (bso#7896). + Don't return "-1" on success in 'net rpc vampire keytab'; (bso#7899). + Fix connections from WinCE; (bso#7917). + Fix opening MS Powerpoint files; (bso#7940). + Fix endless loops caused by inotify; (bso#7942). + Catch lookup_names/sids schannel errors over ncacn_ip_tcp; (bso#7944). + Let Winbind try to use samlogon validation level 6; (bso#7945). + Revalidate the pathname once re-constructed from a root fsp; (bso#7950).- Require a particular library version even if the major version is part of the package name. Using the same major version does not guarantee forward compatibility.- Fix a fd-leak in libwbclient at dlclose-time; (bso#7684); (bnc#668773).- Update to 3.5.7 + Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431).- Disable separate build of samba-doc for post-11.1 systems.- Protect against possible denial of service caused by memory corruption; CVE-2011-0719; (bso#7949); (bnc#670431).- Increase the log level for missing PIDs on SIGCHLD, printcap child processes are not added to the children PID list; (bnc#666460).- Do not require a particular library version if the major version is part of the package name.- Use the actual version numbers of the ldb, talloc, tdb, and tevent libraries on post-11.3 systems.- Abide by print$ share 'force user' & 'force group' settings when handling AddprinterDriver and DeletePrinterDriver requests; (bso#7921); (bnc#653353).- Remove pcap_cache_loaded asserts from (re)load_printers. pcap_cache_loaded() returns false if the pcap cache contains no printer entries. correct call ordering is already enforced. (bso#7836); (bnc#625936).- No longer force activation of the cifs service on post-11.3 systems. - Add X-UnitedLinux-Default-Enabled to the cifs init script on pre-11.4 systems. - Move the cifs init script nfs dependencies from Required to Should.- Recommend to install samba-krb-printing from samba-winbind on post-10.3 systems; (bnc#661845).- Fix error paths in cups_async_callback(), an empty cups printer list should not be treated as an error; (bnc#661842).- Abide by printcap cache time, reload parent smbd pcap cache on expiry; (bso#7836); (bnc#625936).- Fix race in cups async printer services reload; (bso#7836); (bnc#625936).- Don't tweak with baselibs.conf during %post if not present; (bnc#652620).- Don't make use of baselibs.conf on SUSE Linux Enterprise 10; (bnc#652620).- Don't use --tmpdir as this option isn't known by mktemp of SUSE Linux Enterprise 10; (bnc#652620).- vfs_fill_sparse() doesn't use posix_fallocate when strict allocate is on; (bso#7835).- Replace Requires samba-client by samba-gplv3-client in the gplv3 packages; (bnc#652620).- Fix Dolphin SMB share IO with SMB signing enabled; (bso#7791); (bnc#656112).- Add Conflicts to the samba-gplv3 main, client, doc, krb-printing, winbind, client-gplv2, and doc-gplv2 packages; (bnc#652620).- Add Provides samba-client-gplv2 and samba-doc-gplv2 to pre-3.2 versions; (bnc#652620).- Obsolete samba-client-gplv2 and samba-doc-gplv2; (bnc#652620).- Remove Provides samba-client:/usr/sbin/winbindd from the samba-gplv3-winbind package to avoide an accidental install trigger; (bnc#652620).- Add Provides samba-client to the samba-gplv3-client package; (bnc#652620).- Remove all Obsoletes from the samba-gplv3 packages and only keep the Provides samba; (bnc#652620).- Add fitting Conflicts to all samba-gplv3 packages; (bnc#652620).- Reduce unnecessary ldap round trips and eliminate invalid DN messages; (bnc#654719).- Exclude cifs-mount and ldapsmb from the samba-gplv3 build of SUSE Linux Enterprise 10 SP 3 and 4.- Add the _build_arch at the end of the vendor version suffix.- Provide and Obsolete samba-gplv3 to replace potentially installed packages.- Change package base name to samba-gplv3 for SUSE Linux Enterprise 10 SP 4. - Do not package libsmbclient and libsmbsharemodes.- Update to 3.5.6 + Fix auto printers with registry config; (bso#7280); (bnc#617153). + Fix SPNEGO auth when contacting Win7 system using Microsoft Live Sign-in Assistant; (bso#7577). + Fix 'net idmap restore' setting HWM to avoid duplicates; (bso#7578). + Fix "admin users" when using vfs_acl_xattr; (bso#7581). + Fix using cached credentials in ntlm_auth; (bso#7589). + Fix Winbind offline login; (bso#7590). + Fix Winbind internal error; (bso#7636). + Fix mknod/mkfifo failing with "No such file or directory"; (bso#7651). + Fix smbd changing mode of files on rename; (bso#7693). + Fix crash bug with invalid SPNEGO token; (bso#7694). + Fix smbd panic on invalid NetBIOS session request; (bso#7698). + Fix smbd crash caused by "%D" in "printer admin"; (bso#7541). + Fix 'smbclient -M'; (bso#7635). + Fix scalability problem with hundreds of printers; (bso#7656). + Fix crash bug in rpcclient; (bso#7688). + Fix file corruption when setting Samba "write wache wize"; (bso#7715).- Let startproc wait for nmb, smb and winbind pid files getting created on post-11.1 systems; (bnc#520036).- Include the reviewed french translation for pam_winbind; (bnc#499233).- Fix smbd crash with CUPS printers and no [printers] share defined; (bso#7297); (bnc#637755).- Fix printing from 64-bit windows clients; (bso#6888); (bnc#640870).- Fix baselibs.conf for libtalloc.- Fix buffer overflow in sid_parse() to correctly check the input lengths when reading a binary representation of a Windows Security ID (SID); CVE-2010-3069; (bso#7669); (bnc#637218).- Use cached ntlm password in libsmbclient. Prevent lockouts when kerberos tickets are lost; (bnc#602418); (bnc#606304).- Add a dependency on nfs to the smbfs/ cifs init scripts as they require the en_US locale and /usr might be on NFS.- Complete fix for trusts with Windows 2008R2 DCs.- Fix authentication dialogs when connecting to older systems; (bnc#632055).- Adjust position of conditional ldapsmb %package and %files definition.- Create the /var/run/samba directory on the fly and package it as %ghost.- Fix preexec scripts; (bso#7104); (bnc#632852).- Add missing netapi, smbclient, smbsharemodes, talloc, tevent, and wbclient pkgconfig files and BuildRequire pkgconfig; (bnc#632770).- BuildRequire python-devel for post-9.3 systems.- Only create precompiled headers for post-10.2 systems. - Remove mkinitrd scriptlets.- Add vfs_crossrename man page. - Call make basic and remove conditional proto target. - Increase libtevent version to 0.9.9. - Remove wbc_async header from the file list. - Remove remaining cifs-mount pieces from the spec file.- Fix printers not auto loading with registry config; (bso#7280); (bnc#617153).- Update to 3.6.0pre1. + SMB2 support is fully functional despite managing quota using the Microsoft management tools. + Internal Winbind passdb changes to use samr and lsa rpc pipe to get local user and group information. + The spoolss and the old RAP printing code have been completely overhauled and refactored. + The SMB Traffic Analyzer (SMBTA) VFS module got added.- Intilize workgroup of nmblookup as empty string.- Fix net ads join when using parent domain users; (bso#6364); (bnc#630812).- cifs: do not restart during dhcp lease renewal when IPaddress remains the same; (bnc#573246).- Fix "Too many open files" when trying to access large number of files; (bso#6837); (bnc#619787).- Update to 3.5.4. + Fix smbd crash when sambaLMPassword and sambaNTPassword entries missing from ldap (bug #7448). + Fix init_sam_from_ldap storing group in sid2uid cache (bug #7507). + Allow previous password to be stored and use it to check tickets; (bso#7099). + Make ea data checks identical for trans2open and trans2mkdir; (bso#7188). + Fix editing users' groups via UsrMgr; (bso#7262). + Fix Winbind over IPv6; (bso#7341). + Samba sends "raw" inode number as uniqueid with unix extensions; (bso#7410). + Fix printing large formats; (bso#7423). + Fix spnego returning incorrect mechListMIC string; (bso#7449). + Fix some crash bugs and missing error codes in AddDriver paths; (bso#7459). + Fix crash bug in _samr_QueryUserInfo{2} level 18; (bso#7479). + Fix 'not a string literal' warning in netdomjoin-gui; (bso#7500). + Fix calculation of st_blocks in vfs_streams_xattr; (bso#7503). + Fix numerous build issues; (bso#7504). + Fix session setup from linux kernel cifs clients with "sec=ntlmv2"; (bso#7517).- Remove all provides and obsoletes samba3 from the spec file. Packages with this base name have not been offered as part of a product.- Fix a NULL pointer dereference in smbd of the 3.4 code base; CVE-2010-1635; (bso#7229); (bnc#605935).- Address possible buffer overrun in chain_reply code of pre-3.4 versions; CVE-2010-2063; (bso#7494); (bnc#611927).- Update of the SMB Traffic Analyzer v2 VFS module- Fix trusts with Windows 2008R2 DCs; (bnc#613459); (bnc#599873); (bnc#592198); (bso#6697).- Update to 3.5.3. + Fix MS-DFS functionality; (bso#7339). + Fix a Winbind crash when scanning trusts; (bso#7389). + Fix problems with SIGCHLD handling in Winbind; (bso#7317). + Add replacement for IPV6_V6ONLY on linux systems with broken headers; (bso#7196). + Fix cups encryption setting; (bso#7263). + Fix exporting printers via 'cupsaddsmb' command; (bso#7277). + Fix SMB job IDs in CUPS job names; (bso#7288). + Fix segfault in mount.cifs; (bso#7315). + Make TIME_T_MAX defines consistent; (bso#7352). + Re-fix a bug with smbd serving a windows terminal server; (bso#7357). + Display an error on 'net conf import' failures; (bso#7378). + Fix bitmap leak in dptr_Close; (bso#7384). + Fix rename problems with full_audit VFS module; (bso#7398). + Fix setting of passwords via 'net rpc user password' command; (bso#7417). + Fix 'net rpc printer list' command; (bso#7418). + Rename mod_name to module_name; (bso#7421). - Fix unnecessary traversing winbindd_cache.tdb in SIGHUP handler. - Added EN ISO 216, A0 and A1 to builtin forms; (bso#7423). - Winbind not working over IPv6; (bso#7341).- Honor "interfaces" list in net ad dns register; (bnc#606947).- Exclude the RPM release from the vendor tag for openSUSE Factory; (bnc#604049).- Enable the build of the idmap tdb2 module; (bnc#600822).- BuildRequire keyutils-libs-devel for Fedora and post-RHEL4.- BuildRequire pkg-config for post-10.2 systems and else pkgconfig.- Add "net conf import" error messages; (bso#7378, bnc#598189).- Define cups_lib_dir %{_prefix}/lib/cups for post-11.2 systems; (bnc#575544).- Update to 3.5.2. + Fix smbd segfaults in _netr_SamLogon for clients sending null domain; (bso#7237). + Fix smbd segfaults in "waiting for connections" message; (bso#7251). + Fix an uninitialized variable read in smbd; (bso#7254); (bnc#605935); CVE-2010-1642. + Fix a memleak in Winbind; (bso#7278). + Fix Winbind reconnection to it's own domain; (bso#7295). + Fix segfault if hide files or veto files has no ".AppleDouble"; (bso#1206). + Fix parsing of the gecos field; (bso#5198). + Fix several printing issues; (bso#6727). + Fix valgrind warning; (bso#6814). + Fix race condition in mount.cifs that allows user to replace mountpoint with a symlink; (bso#6853). + Fix bug in vfs_scannedonly rmdir implementation; (bso#7075). + Fix handling of bad server data returns in client rpc_transport; (bso#7159). + Never mark external domains as internal in Winbind; (bso#7170). + Fix access by multi-threaded applications; (bso#7202). + Fix 'net share' command; (bso#7203). + Fix DN parsing name was always null; (bso#7204). + Signals are processed twice in child; (bso#7206). + Fix returning of group members with 'getent group'; (bso#7212). + Fix the build of net_afs.c with --fake-kaserver=yes; (bso#7216). + Make Winbind logs more verbose for troubleshooting; (bso#7225). + Fix a NULL pointer dereference in smbd; CVE-2010-1635; (bso#7229); (bnc#605935). + Fix automatic building of vfs_tsmsm if gpfs and dmapi are present; (bso#7231). + Fix race conditions in CTDB persistent transactions; (bso#7232). + Symlink delete fails but incorrectly reports success to client; (bso#7234). + Fix "printer admin" functionality; (bso#7255). + Fix value-needed calculation in_spoolss_EnumPrinterData(); (bso#7256). + Fix _winreg_QueryValue crash bugs and implement Windows behavior; (bso#7258). + Fix job management commands for CUPS queues; (bso#7269). + Fix smbd segfault if using vfs_acl_tdb; (bso#7283). + Fix core dump in 'ntlm_auth' with "gss-spnego" helper; (bso#7290). + Fix smbd crashes with CUPS printers and no [printers] share defined; (bso#7297). + Fix DOS attribute inconsistency with MS Office; (bso#7310). + Many disconnecting clients render clustered Samba unusuable for some time; (bso#7312). + Make 'net conf addshare' atomic; (bso#7313). + Eliminate race condition in creating/scanning sorted subkeys in the registry backend; (bso#7314). + Winbind possibly segfaults when trying a trusted domain without inbound trust; (bso#7316).- Add SMB Traffic Analyzer v2 VFS module.- Document "wide links" defaults to "no" in the smb.conf man page for versions pre-3.4.6; (bnc#577868).- Fix workgroup enumeration, for client printer and file share selection; (bso#6880); (bnc#586215).- Fix tdb validation for offline auth; (bnc#587014).- Fix "printer admin" functionality; (bso#7255).- An uninitialized variable read could cause an smbd crash; (bso#7254); (bnc#605935); CVE-2010-1642.- Ensure to have a valid talloc stackframe; (bso#7251).- _netr_SamLogon segfaults for clients sending NULL domain; (bso#7237).- Merge missing pam_winbind message translations; (bnc#499233).- Remove cifs-mount subpackage for post-11.2 systems as the tools are now part of the independent cifs-utils package.- Fix join of Windows 2008 domains; (bnc#567013).- Update to 3.5.1 and 3.4.7. + Fix security flaw on Linux platforms if built with libcap support allowing file system access even when permissions should have denied it; CVE-2010-0728; (bso#7222); (bnc#586683).- Fixed libldb.so link in libldb-devel.- Fix argc handling in net_share, making the command "net share" work again; (bso#7203); (bnc#584253).- Update to 3.5.0. + Fix duplicate sam and unix accounts; (bso#7145). + Keep the the correct negotiate_flags on the cli->dc structure; (bso#7160). + Avoid calling cli_alloc_mid twice in cli_smb_req_iov_send; (bso#7166). + Fix 'net ads dns' usage calls; (bso#7181). + Fix uninitialized variable in wkssvc_enumerateusers; (bso#7182).- Update to 3.4.6. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix printing with 64 bit clients (bso#6888). + Fix core dump on 64 bit Linux (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio) (bso#7067). + Fix string buffer overflow causing heap corruption in smbd (bso#7096). + Fix bogus ip address in SWAT; (bso#5885). + Fix vfs_full_audit; (bso#6557). + Use the first "uid" value; (bso#6157). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix DFS on AIX (maybe others); (bso#7052). + Fix pdb_search crash as non-root user; (bso#7068). + Fix unlocking of accounts from ldap; (bso#7072). + Fix vfs_expand_msdfs; (bso#7081). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Fix reading of large browselist; (bso#7122). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix listing of printjobs in Windows 7; (bso#7130). + Spoolss getprinterdriver2 level 101 marshalling is bad; (bso#7136). + Make idmap cache persistent for "ldapsam:trusted". + Also fill the memcache with sid<->id mappings in ldapsam_sid_to_id() not only the persistent idmap cache. + Shortcut uid_to_sid when "ldapsam:trusted = yes". + Make pdb_copy_sam_account also copy the group sid. + Shortcut gid_to_sid when "ldapsam:trusted = yes". + Speed up pdb_get_group_sid(). + Try to build the full unix_pw structure with ldapsam:trusted support. + Optimize ldapsam_alias_memberships() and cache ldap searches.- Update to 3.5.0rc3. + Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; (bso#7104); (bnc#577868). + Fix vfs_full_audit; (bso#6557). + Fix crash bug in 'cifs.upcall'; (bso#6868). + Fix duplicate initializer in the rmdir module; (bso#6876). + Fix printing with 64 bit clients; (bso#6888). + Add cross option to samba_cv_linux_getgrouplist_ok; (bso#7047). + Fix core dump on Ubuntu 8.04 64 bit; (bso#7063). + Fix failing of smbd to respond to a read or a write caused by Linux asynchronous IO (aio); (bso#7067). + Fix 'smbget' error status; (bso#7069). + Fix build of 'smbfilter'; (bso#7071). + Fix unlocking of accounts from ldap; (bso#7072). + Cliconnect gets realm wrong with trusted domains; (bso#7079). + Fix vfs_expand_msdfs; (bso#7081). + Fix storing of create time on directories in an EA in new create time code; (bso#7084). + Fix an early release of the global lock that can cause data corruption in libtdb; (bso#7085). + Fix string buffer overflow causing heap corruption in smbd; (bso#7096). + Fix results of 'smbclient -L' with a large browse list; (bso#7098). + Normalize "Changing password for" msg IDs and STRs; (bso#7102). + Fix malformed require_membership_of_sid; (bso#7106). + Add pdb_ldap performance fixes; (bso#7116). + Change ldap filter to what really was intended; (bso#7116). + Add new "nmbd bind explicit broadcast" parameter; (bso#7118). + Fix nmbd problems with socket address; (bso#7118). + Support large browselist; (bso#7119). + Fix reading of large browselist; (bso#7122). + Fix listing of printjobs in Windows 7; (bso#7130). + Owner of file not available with Kerberos; (bso#7139). + Fix IPv4/IPv6 problems; (bso#7140). + Fix get_acl_blob in the acl_tdb VFS module; (bso#7148). + "mangling method = hash" can crash storing a name containing a '.'; (bso#7154). + Valgrind Conditional jump or move depends on uninitialised value(s) error when "mangling method = hash"; (bso#7155). + Fix some wrong newlines in de translation strings.- Take extra care that a mount point of mount.cifs isn't changed during mount and don't allow it to be run as setuid root program; CVE-2010-0787; (bso#6853); (bnc#550002).- Check in mount.cifs for invalid characters in device name and mountpoint; CVE-2010-0547; (brc#562156); (bnc#577925).- Don't invalidate cache for uninitialized domains; (bnc#538923).- Signals are processed twice in child; (bnc#538923).- Allow forced pw change even with min pw age; (bnc#561894).- Change parameter "wide links" to default to "no"; it's also incompatible with "unix extensions"; CVE-2010-0926; (bso#7104); (bnc#577868).- Fix enumerate domain local groups for primary domain; (bnc#573813).- Fix malformed require_membership_of_sid; (bnc#525123); (bso#7106).- Normalize "Changing password for" msg IDs and STRs; (bnc#499233).- Build libtevent and libldb and put them into separate subpackages.- Update to 3.5.0rc2. + The Using Samba HTML book has been removed. + 'net', 'smbclient' and libsmbclient can use logon credentials cached by Winbind; (bso#7062). + New vfs_scannedonly module has been added; (bso#7028). + Check password history before increasing "badPasswordCount"; (bso#4347). + Fix changing of ACLs on writable file with "dos filemode=yes"; (bso#5202). + Restore Samba 3.0.x behavior and use the first "uid" value in pdb_ldap; (bso#6157). + Fix deletion of an object whose parent folder does not have delete rights fails even if the delete right is set on the object in vfs_acl_xattr and vfs_acl_tdb; (bso#6876). + Fix large paged search with DirX LDAP servers; (bso#6981). + Fix a segfault in winbindd_dual_ccache_ntlm_auth(); (bso#7027). + Disable sanity check in NetShareEnum for better compatibility with Windows; (bso#7029). + Fix SMBrmdir error message when deleting a directory fails; (bso#7033). + Fix segfault in vfs_cap; (bso#7034). + Fix 'net rpc getsid' in hardened Windows environments; (bso#7036). + Fix a Winbind segfault in "trusted_domains"; (bso#7037). + Complete and improve some German translation of 'net'; (bso#7039). + Fix compile error with WITH_DNS_UPDATE. Update .po files; (bso#7039). + Fix crash bug in libsmbclient; (bso#7043). + Fix bad (non memory copying) interfaces in smbc_setXXXX calls; (bso#7045). + Fix libsmbclient crash against OpenSolaris CIFS server; (bso#7046). + Lock down some srvsvc calls according to what w2k3 seems to do.- Update to 3.4.5. + Fix memory leak in smbd (bug #7020). + Fix changing of ACLs on writable files with "dos filemode=yes" (bug #5202). + BUG 6642: Fix opening the quota magic file. + BUG 6919: Fix remote quota management. + BUG 7034: Fix internal error caused by vfs_cap. + BUG 7036: Fix 'net rpc getsid' in hardened Windows environments. + BUG 7043: Fix crash bug in "SMBC_parse_path". + BUG 7045: Fix bad (non memory copying) interfaces in smbc_setXXXX calls. + BUG 7046: Fix a crash in libsmbclient used against the OpenSolaris CIFS server.- Free unused memory after a packet got processed; (bso#7020).- Add timeout to rpc call to prevent infinite loop when network is down; (bnc#538923).- Update to 3.5.0rc1. + BUG 6837: Fix "Too many open files" when trying to access large number of files with Windows 7; (bnc#619787). + BUG 6939: Fix long filenames when "mangling method" is set to "hash". + BUG 6991: Create symbol links to shared libraries. + BUG 6992: make test for getgrouplist cacheable. + BUG 7014: Fix Winbind crash when retrieving empty group members. + BUG 7020: Fix smbd using 2G memory. + Ensure dos_mode can return FILE_ATTRIBUTE_NORMAL, then filter the returned attributes by protocol level. + Vector correctly through reply_openerror() (which uses the same logic). + Fix bugs with the full Windows ACL support. + Add a few missing gettext calls to the 'net' command. + Fix up a share type translation and translate some more strings in 'net'. + Allow to call "pdbedit -N description -u user" without specifiyng "-r". + Add spoolss_DriverInfo7. + Fix rpcclient after setprinter IDL fixes. + Use generated krb5.conf in 'net ads testjoin'. + Add some German translations for the 'net' command. + Update mount.cifs man page with nounix option. + Fix _samr_GetAliasMembership for results with 0 rids. + Fix an error case in cli_negprot. + Add a lower-cost alternative to wbinfo -t: wbinfo --ping-dc. + Restore correct timeouts for SMB requests. + Fix a 64-bit error in libsmb. + Replace IS_DOMAIN_OFFLINE by a function in Winbind. + Simplify/cleanup Winbind code. + Fix write behind memory block in libtalloc. + Fix result check for getaddrinfo(). + Add tsocket_address_bsd_sockaddr() and tsocket_address_bsd_from_sockaddr() to tsocket. + Always set tdb->tracefd to -1 to be safe on goto fail in libtdb. + Add TDB_DISALLOW_NESTING and make TDB_ALLOW_NESTING the default behavior. + Fix standalone 'make installdocs'. + Output %p as unsigned in snprintf replacement. + New attempt at TDB transaction nesting allow/disallow. + Remove swig stuff from libtdb. + Reset tdb->fd to -1 in tdb_close() in libtdb. + Change the way mksysms work in libtalloc. + Also build and install tdb manpages from standalone tdb. + Fix infinite loop in NCACN_IP_TCP as there is no timeout. + Make winbindd_cache.c aware of domain offline to avoid unnecessary backend query. + List trusted domains from wcache when domain is offline.- Update to 3.4.4. + Fix interdomain trust relationships with Win2008R2 (bug #6697). + Fix Winbind crashes when queried from nss (bug #6889). + Fix Winbind crash when retrieving empty group members (bug #7014). + Fix "UID range full" error in Winbind (bug #6901). + Fix multiple LDAP servers in "idmap backend" and "idmap alloc backend" (bug #6910). + BUG 4832: Fix iconv checks. + BUG 6338: Do not always display "none" in 'net rpc trustdom list'. + BUG 6851: Add pdbedit --kickoff-time/-K to set the user's kickoff time. + BUG 6828: Fix infinite timeout when byte lock held outside of samba. + BUG 6837: Fix "Too many open files" message when trying to access a large number of files with Windows 7; (bnc#619787). + BUG 6841: Fix "map acl inherit = yes". + BUG 6850: Fix shadow copy display on Windows 7. + BUG 6867: Fix listing of directories with a lot of files. + BUG 6868: Support building with Heimdal we well as with MIT. + BUG 6875: Fix DOS attributes on OS/2 clients. + BUG 6880: Fix listing of workgroup servers in libsmbclient. + BUG 6898: Samba duplicates file content on appending. + BUG 6918: Fix krb5 build problem on Ubuntu karmic. + BUG 6929: Fix build with recent heimdal. + BUG 6939: Fix long filenames with "mangling method = hash". + BUG 6967: Fix 'net ads join' with OU. + BUG 6981: Fix paged search with DirX LDAP server. + BUG 6982: Remove erroneous out of memory error path in lookup_sid. + BUG 6997: Fix _samr_GetAliasMembership for results with 0 rids. + BUG 7005: Fix "mangle method = hash" truncates files with dot "." character. + Fix the build of the winbind krb5 locator plugin. + Fix enumprinter key client and server.- Readjust the _libdir/cups/backend/smb sym link only on uninstall of the samba-krb-printing package; (bnc#568603).- Add BuildRequires to fam-devel; (bnc#564260).- Prevent winbind crash; (bso#7014); (bnc#566119).- Fix processing of open modes in POSIX open; (bnc#530683).- Add baselibs.conf as a source.- Update to 3.5.0pre2. + BUG 2350: Add LDAP Alias Dereferencing support. + BUG 6288: SWAT adds a second share when changing parameters of an existing share. + BUG 6435: Fix minor memory corruption. + BUG 6710: Only install the cifs.upcall man page if CIFSUPCALL_PROGS was set while configure. + BUG 6802: A created folder does not properly inherit permissions from parent in vfs_acl_xattr. + BUG 6837: "Too many open files" when trying to access large number of files from Windows 7; (bnc#619787). + BUG 6860: Fix shared library build on QNX. + BUG 6879: Fix crash in Winbind. + BUG 6929: Fix build with recent heimdal. + BUG 6938 : No hook exists to check creation rights when using acl_xattr module. + BUG 6967: Prevent glibc error on 'net ads join'. + Fix vfs_acl_xattr which was failing to call the NEXT connect function. + Restructure the ACL code. + Refactor reply_rmdir to use handle based code. + Fix the build when no external talloc and tdb are installed. + Fix detection of CTDB headers on systems without system-libtalloc. + Fix several printing issues. + Fix the build on Mac OS X 10.6.2. + Fix net and rpcclient after setprinterdataex changes. + Add full support for level 8 printer drivers. + Add more spoolss architectures to IDL. + Fix enumprinter key client and server. + Fix crash in EnumPrinterDataEx. + Prefer posix_fallocate for doing "strict allocate". + Restore "fake directory create times" as a share parameter. + Fix explicit stat64 support. + Add support for NetWkstaGetInfo 101 and 102. + Add rpcclient wkssvc_enumerateusers. + De-deprecate "write cache size" to prevent its removal without a proper alternative. + Allow more than 1000 users in BUILTIN\Users. + Complete support for NetWkstaGetInfo/NetWkstaEnumUsers. + Fix the build of the example VFS modules. + Fix crash in free_file_list(). + Give the user a chance to change password when password will expire soon.- Store the smbfs service state if enabled and restore it for cifs while upgrade on post-11.2 systems.- Prevent cifstab from being overwritten while upgrade on post-11.2 systems.- Give the user a chance to change password when password will expire soon; (FATE#302414).- Rename smbfs init script to cifs for post-11.2 systems.- Allow Windows 7 to connection to samba domain controllers and member servers; (bnc#551811); (bso#6099); (bso#6100); (bso#6680).- Error on joining windows domain (invalid pointer); (bso#6967); (bnc#553622).- Add PreReq /usr/sbin/groupadd to the winbind package; (bnc#559165). - Simplify the winbind package %pre script and suppress stdout only.- Update to 3.5.0pre1 + Add support for full Windows timestamp resolution. + Experimental implementation of SMB2. + Add encryption support for connections to a CUPS server. + Major windbind asynchronous refactoring. - Remove using_samba from the doc package. - Increase major version of libtalloc to 2.- Fix kerberos refresh chain; (bnc#546162); (bso#6872).- Hardlink duplicate files on post-11.1 systems.- Add BuildArch noarch to samba-doc on post-11.1 systems.- Use full 16byte session key in make_user_info_netlogon_interactive(); (bnc#551811).- Update to 3.4.3. + Fix trust relationships to windows 2008 (2008 r2) (bug #6711). + Fix file corruption using smbclient with NT4 server (bug #6606). + Fix Windows 7 share access (which defaults to NTLMv2) (bug #6680). + BUG 4675: mount.cifs: Do not attempt to update /etc/mtab if it is a symbolic link. + BUG 6529: Offline files conflict with Vista and Office 2003. + BUG 6532: Fix domain enumeration if master browser has space in name. + BUG 6606: Fix file corruption using smbclient with NT4 server. + BUG 6690: Fix wrong error check in profile. + BUG 6703: Allow smbstatus as non-root. + BUG 6704: Fix syntax error in avahi configure test. + BUG 6707: Fix an occasional segfault in config file parsing. + BUG 6710: Adjust regex to match variable names including underscores. + BUG 6711: Fix trust relationships to windows 2008 (2008 r2). + BUG 6726: SIVAL should have been an SVAL. + BUG 6728: BSD needs sys/sysctl.h included to build properly. + BUG 6731: Fix reading beyond the end of a named stream in xattr_streams. + BUG 6735: Don't overwrite password in pam_winbind, subsequent pam modules might use the old password and new password. + BUG 6764: Fix timeval calculation. + BUG 6765: Add a "hidden" parameter "share:fake_fscaps". + BUG 6769: Fix symlink unlink. + BUG 6772: Allow outstanding_aio_calls to be decremented. + BUG 6774: smbd crashes if "aio write behind" is set. + BUG 6776: Fix core dump caused by running overlapping Byte Lock test. + BUG 6781: Fix renaming subfolders in Explorer view. + BUG 6791: Fix linking order in cifs.upcall. + BUG 6793: Fix Winbind crash with "INTERNAL ERROR: Signal 6". + BUG 6793: Fix segfault in winbindd_pam_auth. + BUG 6796: Deleting an event context on shutdown can cause smbd to crash. + BUG 6797: Fix a memleak in libwbclient. + BUG 6804: Fix hpux compiler issue. + BUG 6805: Correctly handle aio_error() and errno. + BUG 6807: Fix a segfault in "net rpc trustdom list" for long domain names. + BUG 6810: Add support for finding alternate credcaches to cifs.upcall. + BUG 6811: Fix reference to freed memory in pam_winbind. + BUG 6815: Fix Windows 2008 R2 SPNEGO negTokenTarg parsing failure. + BUG 6824: Fix avahi activation. + BUG 6826: Don't fail authentication when one or some group of require-membership-of is invalid. + BUG 6828: Fix infinite timeout when byte lock held outside of Samba. + BUG 6829: Fix displaying of multibyte characters in smbclient. + BUG 6840: Fix crash in pam_winbind. + Fix an uninitialized variable. + Only ever handle one event after a select call. + Conditional install of the cifs.upcall man page. + Fix warning occuring when building the manpages.- Let smbclient show special characters properly; (bso#6829); (bnc#544204).- Don't fail authentication when one or some group of require-membership-of is invalid; (bnc#525123); (bso#6826).- Allow winbind to ignore certain domains; (bnc#539506).- Update to 3.4.2. + Fix unresolved home path; CVE-2009-2813; (bso#6763); (bnc#539517). + Fix potential denial of service; CVE-2009-2906; (bso#6768); (bnc#543115). + Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).- Fix potential denial of service; CVE-2009-2906; (bnc#543115).- Fix potential mount.cifs password leaks; CVE-2009-2948; (bnc#542150).- Fix unresolved home path; CVE-2009-2813; (bnc#539517).- Don't overwrite password in pam_winbind; (bnc#515444).- mods for winbind (when used with squid - ntlm_auth) o winbind adds group 'winbind' o permission 0750,root,winbind LOCKDIR/winbindd_privileged- Merge two fixes from 3.2.8 and 3.3.1. + Adjust regex to match variable names including underscores. + Conditional install of the cifs.upcall man page.- Remove supplements from baselibs.conf while %clean for pre-11.1 systems; (bnc#520579).- Update to 3.4.1. + Fix authentication on member servers without Winbind (bug #6650). + Nautilus fails to copy files from an SMB share (bug #6649). + Fix connections of Win98 clients (bug #6551). + Fix interdomain trusts with Windows 2008 R2 DCs (bug #6697). + Fix Winbind authentication issue (bug #6646). + BUG 5879: Update LDAP schema for Netscape DS 5. + BUG 5886: Fix password change propagation with ldapsam. + BUG 6105: Make linking of cifs.upcall and rpcclient --as-needed safe. + BUG 6222: Default to DRSUAPI replication for net rpc vampire keytab. + BUG 6437: Make open_udp_socket() IPv6 clean. + BUG 6496: MS-DFS cannot follow multibyte char link name in libsmbclient. + BUG 6506: Smbd server doesn't set EAs when a file is overwritten in NT_TRANSACT_CREATE. + BUG 6532: Fix the build with external talloc. + BUG 6538: Cancel all locks that are made before the first failure. + BUG 6560: Fix lookupname. + BUG 6564: SetPrinter fails (panics) as non root. + BUG 6568: Fix _spoolss_GetPrintProcessorDirectory() implementation. + BUG 6585: Fix unqualified "net join". + BUG 6593: Correctly implement SMB_INFO_STANDARD setfileinfo. + BUG 6601: Avoid global fd limits. + BUG 6607: Fix crash bug in spoolss_addprinterex_level_2. + BUG 6611: Fix a valgrind error in chain_reply. + BUG 6615: Fix browsing of DFS when using kerberos in libsmbclient. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 6650: Fix authentication on member servers without Winbind. + BUG 6651: Fix smbd SIGSEGV when breaking oplocks. + BUG 6655: Fix 'smbcontrol smbd ping'. + BUG 6620: Fix a bug in renames of directories. + BUG 6664: Fix truncation of the session key. + BUG 6673: Fix 'smbpasswd' with "unix password sync = yes". + BUG 6680: Fix authentication failure from Windows 7 when domain joined. + BUG 6688: Fix crash in 'net usershare list'. + BUG 6693: Check we read off the complete event from inotify. + BUG 6700: Use dns domain name when needing to guess server principal.- Update to 3.2.14. + Fix SAMR access checks (e.g. bugs #6089 and #6112). + Fix 'force user' (bug #6291). + Improve Win7 support (bug #6099). + Fix posix ACLs when setting an ACL without explicit ACE for the owner (bug #2346). + BUG 6387: Fix Winbind crash when multiple IDmappings exist in the LDAP directory. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6089: Fix SAMR access checks. + BUG 6112: Fix SAMR access checks. + BUG 6279: Fix Winbind crash. + BUG 6291: Fix 'force user'. + BUG 6099: Try to fix domain join of Win7 Beta. + BUG 6386: Groupdb mapping fix. + BUG 6421: Fix POSIX read-only open on read-only shares. + BUG 6476: Fix more smbd-zombies in memory. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + BUG 6504: Fix SAMR server for Winbind access. + BUG 6520: Fix time stamps. + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6465: Fix enum_aliasmem in ldb branch. + BUG 6484: Fix searching for users while adding them to groups via Windows usermanager. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 6526: Let parent_dirname() correctly return toplevel filenames. + BUG 6627: Raise the timeout for lsa_Lookup*() calls from 10 to 35 seconds. + BUG 5798: Preserve CFLAGS info in configure. + BUG 6382: Case insensitive access to DFS links broken. + BUG 6481: Don't require "Modify property" perms to unjoin. + BUG 6628: 'smbpasswd -a' uses algorithmic rid base with 'passdb backend = tdbsam'. + BUG 6560: Lookupname failed, cannot find domain when attempt to change password. + Prevent creation of keys containing the '/' character. + Fix join of Windows 7 RC to a Samba3 DC. + Fix bug in processing of open modes in POSIX open. + Fix the negotiate flags. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to 'net'. + Fix a race condition in Winbind leading to a panic. + Add workaround for MS KB932762. + 5945: Fix out of memory error with Winbind idmap. + Avoid duplicate ACEs. + Fix profile ACLs in some corner cases. + Zero an uninitialized array.- Unable to browse DFS when using kerberos in libsmbclient; (bnc#528271); (bso#6615).- check in .po files for pam_winbind; (bnc#499233); (bso#6602).- Add ntp and network-remotefs as Should-Start dependency to the winbind init script; (bnc#515629).- Update to 3.0.36. + Fix Winbind crash on 'getent group' (bug #5906). + Excel save operation corrupts file ACLs (bug #4308). + Prevent segmentation fault on joining a very long domain name. + BUG 4308: Excel save operation corrupts file ACLs. + BUG 4370: Clean-up entries in /etc/mtab after unmount. + BUG 4640: Fix guest mounts in mount-cifs. + BUG 5906: Fix Winbind crash on 'getent group'. + BUG 6066: netinet/ip.h present but cannot be compiled on Solaris. + BUG 6099: In order to allow Win7 to connect to a Samba NT style. + BUG 6279: Fix Winbind crash. PDC we set the flags before we know if it's an error or not. + BUG 6085: Fix build of vfs_default. + BUG 6098: When the DNS server is invalid, the ads_find_dc() does not work correctly. + Fix logic error in try_chown. + Correctly use chroot(). + Fix bug in processing of open modes in POSIX open. + Don't install the cifs.upcall binary twice. + Fix mount.cifs handling of -V option. + Prevent segmentation fault on joining a very long domain name. + Don't try and delete a default ACL from a file. + Add workaround for MS KB932762. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Fix a crash during name resolution when log level >= 10 and libc segfaults if printf is passed NULL for a "%s" arg.- Use a conditional suse_version macro in front of the SUSE_ASNEEDED export.- lookupname failed, cannot find domain when attempt to change password; (bnc#520645); (bso#6560).- Don't link with --as-needed flag on post-11.1 systems.- Stop the smbfs service if an interface goes down; (bnc#517768).- Disable build of static libraries on post-11.1 systems; (bnc#509945).- Fix missing zlibs for cifs.upcall and test_shlibs.- Update to 3.4.0. + BUG 6431: Local groups from 3.0 setups no longer found. + BUG 6459: Fix build of pam_smbpass on some distributions. + BUG 6481: 'net ads leave' needs to try account deletion, NetUnjoinDomain not. + BUG 6497: Fix calling of 'test' in configure. + BUG 6498: Add workaround for MS KB932762. + BUG 6499: Fix building of pam_smbpass. + BUG 6509: Use gid (not uid) cache in fetch_gid_from_cache(). + BUG 6512: Fix support for enumerating user forms. + BUG 6514: Improve error message in 'net' when smb.conf is not available. + BUG 6520: Fix time stamps when "unix extensions = yes". + BUG 6521: Fix building tevent_ntstatus without config.h. + BUG 6526: Fix notifies in the share root directory. + BUG 6531: Fix pid file name.- Package /etc/samba/smbpasswd as %ghost on post-11.1 systems.- Fix net ads leave; (bnc#511695).- Supplement pam-32bit/pam-64bit in baselibs.conf (bnc#354164). - Supplement glibc-32bit/glibc-64bit in baselibs.conf (bnc#354164).- Update to 3.2.13, 3.3.6. + In Samba 3.2.0 to 3.2.12 (inclusive), the smbclient commands dealing with file names treat user input as a format string to asprintf. With a maliciously crafted file name smbclient can be made to execute code triggered by the server; CVE-2009-1886; (bnc#513360); (bso#6478).- Update to 3.0.35. + In Samba 3.0.31 to 3.3.5 (inclusive), an uninitialized read of a data value can potentially affect access control when "dos filemode" is set to "yes"; CVE-2009-1888; (bnc#515479).- Uninitialized read of a data value; CVE-2009-1888 (bnc#515479).- Update to 3.4.0rc1. + BUG 4699: Remove pidfile on clean shutdown. + BUG 5456: Fix "net ads testjoin". + BUG 6081: Make it possible to change machine account sids. + BUG 6253: Use correct value for password expiry calculation in pam_winbind. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6305: Correctly prompt for a password when a username was given. + BUG 6328: Add support for multiple rights to "net sam rights grant/revoke". + BUG 6333: Consolidate create/delete account paths in pdbedit. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6451: net/libnetapi user rename using wrong access bits. + BUG 6458: Fix uninitialized variable in local_password_change(). + BUG 6465: Fix enumeration of empty aliases. + BUG 6476: Fix smbd-zombies in memory when using [x]inetd. + BUG 6487: Add missing DFS call in trans2 mkdir call. + BUG 6488: acl_group_override() call in posix acls references an uninitialized variable. + Improve pam_winbind documentation. - Install a vendor copy of samba-common.dhcp as dhcpcd-hook-samba-functions.- Samba 3.2.0 - 3.2.12 smbclient commands dealing with file names treat user input as a format string to asprintf; CVE-2009-1886; (bnc#513360).- Fix a bad memleak in vfs_full_audit; (bnc#510035).- Update to 3.3.5. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix joining of Win7 into Samba domain (bug #6099). + Fix joining of Win2000 SP4 clients (bug #6301). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5853: Add keyutils-devel to build requires to fix build on RHEL. + BUG 5897: Fix shutdown script example in the smb.conf manpage. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6297: Owner of sticky directory cannot delete files created by others. + BUG 6301: Fix joining of Win2000 SP4 clients. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6315: smbd crashes doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix 'net groupmap set' segfault. + BUG 6361: Make --rcfile work in smbget. + BUG 6365: Re-Add the "dropbox" functionality with -wx rights on a directory. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6415: Filter out of range mappings in default idmap config in idmap_tdb. + BUG 6416: Filter out of range mappings in default idmap config in idmap_tdb2. + BUG 6417: Filter out of range mappings in default idmap config in idmap_ldap. + BUG 6441: Fix the compile with --enable-dnssd. + BUG 6449: 'net rap user add' crashes without -C option. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent infinite include nesting. + Mark registry shares without path unavailable. + Also handle DirX return codes. + Fix Coverity ID 897. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix a race condition in winbind leading to a panic. + Some man pam_winbind improvements. + Zero an uninitialized array.- Update to 3.2.12. + Fix SAMR and LSA checks (bug #6089, #6289) + Fix posix acls when setting an ACL without explicit ACE for the owner (bug #2346). + Fix "force user" (bug #6291). + Fix Winbind crash (bug #6279). + Fix joining of Win7 into Samba domain (bug #6099). + BUG 2346: Fix posix acls when setting an ACL without explicit ACE for the owner. + BUG 5798: CFLAGS info lost in configure. + BUG 5832: Fix build on RHEL when ccache is not available. + BUG 5835: Add keyutils-devel to build requires. + BUG 5945: Fix out of memory error with Winbind idmap. + BUG 6089: Revert the extra SAMR and LSA checks. + BUG 6099: Fix joining of Win7 into Samba domain. + BUG 6279: Fix Winbind crash. + BUG 6289: Revert the extra SAMR and LSA checks. + BUG 6291: Fix "force user". + BUG 6301: Fix samr_ConnectVersion enum which is 32bit not 16bit. + BUG 6372: Fix usermanager only displaying 1024 groups and aliases. + BUG 6386: Groupdb mapping fix. + BUG 6382: Fix case insensitive access to DFS links. + BUG 6465: Fix enumeration of empty aliases (ldb backend). + Prevent creation of keys containing the '/' character. + Fix bug in processing of open modes in POSIX open. + Protect netlogon_creds_server_step() against NULL creds. + Also handle DirX return codes. + Fix a race condition in winbind leading to a panic. + Fix a crash bug if we timeout in net rpc trustdom list. + Fix profile acls in some corner cases.- Default with passdb backend to smbpasswd for SUSE products older than 11.2.- Explicitly use 'tdbsam' as passdb backend in the default smb.conf file.- Update to 3.4.0pre2. + The default passdb backend has been changed to 'tdbsam'! + Samba4 and Samba3 sources are included in the tarball. + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Made parameter syntax of the net command more consistent. + BUG 2346: Fix posix ACLs when setting an ACL without explicit ACE for the owner. + BUG 4271: testparm should not print includes. + BUG 4831: Don't call openlog() or closelog() from pam_smbpass. + BUG 5681: Do not limit the number of network interfaces. + BUG 5859: Fix renaming of samr objects failed due to samr setuserinfo access checks. + BUG 6099: Fix NETLOGON credential chain. + BUG 6136: New AFS syscall conventions. + BUG 6157: Fix handling of multi-value attribute "uid". + BUG 6253: Use correct value for password expiry calculation. + BUG 6291: Fix 'force user'. + BUG 6292: Update config.guess from gnu.org. + BUG 6302: Give the VFS a chance to read from 0-byte files. + BUG 6309: Support remote unjoining of Windows 2003 or greater. + BUG 6313: ldapsam_update_sam_account() crashes while doing talloc_free on malloced memory. + BUG 6315: Fix smbd crashes when doing vfs_full_audit on IPC$ close event. + BUG 6320: Handle registry config source in file_list. + BUG 6330: Fix DFS on AIX. + BUG 6336: Fix segfault in 'net groupmap set'. + BUG 6340: Don't segfault when cleartext trustdom pwd could not be retrieved. + BUG 6357: Use Samba default command line arguments in 'net'. + BUG 6359: smbclient -L does not list workgroup for hosts with both IPv4 and IPv6 addresses + BUG 6361: Make --rcfile work in smbget. + BUG 6371: Unsuccessful 'net conf setparm' leaves empty share. + BUG 6372: usermanager only displaying 1024 groups and aliases. + BUG 6387: Fix a crash bug in idmap_ldap_unixids_to_sids. + BUG 6415: Filter out of range mappings in default idmap config (idmap_tdb). + BUG 6416: Filter out of range mappings in default idmap config (idmap_tdb2). + BUG 6417: Filter out of range mappings in default idmap config (idmap_ldap). + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Fix the core of the SAMR access functions. + Fix SAMR server for winbindd access. + Add dbwrap_tool - a tdb tool that is CTDB-aware. + Hide "config backend" from swat. + Fix linking with --disable-shared-libs. + Fix issue with missing entries when enumerating directories. + Map NULL domains to our global sam name. + Fix driver upload for Xerox 4110 PS printer driver. + Add "net dom renamecomputer" to rename machines in a domain. + Inspect the correct computername string before enabling/disabling the change button in netdomjoin-gui. + Fix join prompt dialog test in netdomjoin-gui. + Only gray out labels when not root and not connecting to remote machines (netdomjoin-gui). + Allow to switch between workgroups/domains with the same name (netdomjoin-gui). + Add NetShutdownInit and NetShutdownAbort. + Fix samr access checks. + Add a security model to LSA. + Also handle DirX return codes. + Do not crash in ctdbd_traverse if ctdbd is not around. + Fix Coverity ID 897. + Fix a race condition in vfs_aio_fork with gpfs share modes. + Fix bug disclosed by lock8 torture test. + Fix a race condition in winbind leading to a panic. + Detect tight loop in tdb_find(). + Fix chained sesssetupAndX/tconn messages. + Fix strict locking with chained reads. + Fix two bugs in sendfile. + Fix memory leak. + Fix file descriptor leak. + Fallback to the legacy sid_to_(uid|gid) instead of returning NULL. + Always allocate memory in dptr_ReadDirName. + Fix 'net' crash during domain join. + Zero an uninitialized array. + Allow child processes to exit gracefully if we are out of fds.- Enable cifs.upcall on versions newer than SUSE 10.0.- Add BuildRequires to keyutils-devel.- Remove redundant Requires to keyutils-libs for cifs-mount.- Detect tight loop in tdb_find(); (bnc#450974).- Fix lp printing with kerberos; (bnc#476913).- Add BuildRequires to ctdb-devel for systems newer than SUSE 10.0 and all other build targets.- Update to 3.4.0pre1. + Samba4 and Samba3 sources are included in the tarball + Changed the way smbd handles untrusted domain names given during user authentication. + Various fixes including printer change notificiation for Samba spoolss print servers. + The remaining hand-marshalled DCE/RPC services (ntsvcs, svcctl, eventlog and spoolss) were replaced by autogenerated code based on PIDL. + Samba3 and Samba4 do now share a common tevent library. + The code has been cleaned up and the major basic interfaces are shared with Samba4 now. + An asynchronous API has been added. + Change the way smbd handles untrusted domain names given during user authentication. + Replace the hand-marshalled DCE/RPC services ntsvcs, svcctl, eventlog and spoolss by autogenerated code based on PIDL. + Fix several printing issues and improve support for printer change notificiations. + Add 'net eventlog'. + Add asynchronous API. + Make Samba3 and Samba4 share a tevent library. + Add two new parameters to control how we verify kerberos tickets. + Add 'net rpc service' subcommands 'create' and 'delete'. + Make merged build possible. + Move common libraries to the shared lib/ directory.- Update to 3.3.4. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix usrmgr.exe creating a user (bug #6243). + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6279: Fix Winbind crash. + BUG 5329: Add "net rpc service delete/create". + BUG 6238: Make sure wbcLogoffUserParams are properly initialized before freed. + BUG 6263: Fix domain logins for WinXP clients pre SP3. + BUG 6286: Call init function for builtin idmap modules before probing for them as shared modules. + BUG 6243: Fix usrmgr.exe creating a user. + net conf: Save share name as given, not as lower case only. + Prevent creation of registry keys containing the '/' character. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Don't access a freed structure when logging off and re-using a vuid. + Try to to fix password_expired flag handling. + Make sure to grey out change fields in the netdomjoin-gui when not running as root. + Don't look up local user for remote changes, even when root. + Use procid_str in debug messages for better cluster-debuggability. + Use cluster-aware procid_is_me instead of comparing pids. + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Do not use the file system GET_REAL_FILENAME for mangled names. + Fix a crash bug if we timeout in net rpc trustdom list. + Add '--request-timeout' option to net. + In net_conf_import, start a transaction when importing a single share. + Fix writing of roaming profiles with "profile acls" set to "yes".- Update to 3.2.11. + Fix domain logins for WinXP clients pre SP3 (bug #6263). + Fix samr_OpenDomain access checks (bug #6089). + Fix smbd crash for close_on_completion. + BUG 6089: Fix samr_OpenDomain access checks. + BUG 6205: Correct sample smb.conf share configuration. + BUG 6254: Fix IPv6 PUT/GET errors to an SMB server (3.3) with "msdfs root" set to "yes". + BUG 6263: Fix domain logins for WinXP clients pre SP3. + Allow pdbedit to change a user rid/sid. + When doing a cli_ulogoff don't invalidate the cnum, invalidate the vuid. + Fix resume command typo for "printing = vlp". + Fix smbd crash for close_on_completion. + Fix a memleak in an unlikely error path in change_notify_create(). + Don't look up local user for remote changes, even when root.- Don't lookup local user for remote password changes; (bnc#493507).- Update to 3.3.3. + Migrating from 3.0.x to 3.3.x can fail to update passdb.tdb correctly (bug #6195). + Fix serving of files with colons to CIFS/VFS client (bug #6196). + Fix "map readonly" (bug #6186). + BUG 6195: Don't let smbd child processes panic. + Add backend_requires_messaging() method to libsmbconf. + Add methods is_writeable() and wrapper smbconf_is_writeable() to libsmbconf. + Fall back to file backend when no valid backend was found. + Fix a memleak in dbwrap_rbt. + Provide transaction_start|commit|cancel fns for the registry tdb. + Speed up "net conf drop". + Speed up "net conf import". + Add transactions to the libsmbconf API. + Reduce memory usage of "net conf import". + Registry cleanup. + Fix handling of SAMBA_VERSION_VENDOR_PATCH. + Fix build of pam_winbind.so with static linking. + Tidy up some convert_string_internal error cases. + BUG 6224: nmbd waits 5 minutes at startup before checking if it needs to run elections. + Allow DFS client paths to work when POSIX pathnames have been selected. + Try and fix the build farm RAW-STREAMS errors. + Ensure files starting with multiple dots are hidden. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6193: Avoid messing with sync_context in libnet_samsync_delta(). + Fix notify_printer_status_byname. + Fix Coverity IDs 722, 762, 774, 775, 776. + Fix build on old Heimdal based systems. + Fix compile warning. + Use parentheses in if condition to make negation clear. + Add dirsort module. + BUG 6147: Fix detection of the GNU ld version. + BUG 6097: Fix smbd segfault. + BUG 6130: Don't crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6139: Add missing whitespace in mount.cifs error message. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix a valgrind error. + Speed up "net conf list". + Add sorted subkey cache. + Use StrCaseCmp in the dirsort module. + Document the dirsort module. + Disable dns_sd by default. + Add avahi detection to configure. + Add event avahi binding. + Use avahi to register _smb._tcp in smbd. + Fix two memleaks in the encryption code. + Fix a scary "fill_share_mode_lock failed" message. + BUG 6228: Fix SMBC_open_ctx failure due to path resolve failure doesn't set errno. + Don't use reserved words in smbconftort. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Parse_packet can return NULL which is then dereferenced in match_mailslot_name. + Format the header check for netinet/ip.h more nicely. + Missing break in conversion function prevents tdb password database update.- Update to 3.2.10. + BUG #6195: Don't let smbd child processes panic.- BUG 6195: Fix crash on passdb conversion.- Update to 3.2.9. + BUG 5920: The length of the memcpy was calculated wrong. + BUG 6097: Fix smbd segfault. + BUG 6098: Fix ads_find_dc() with "security = domain" when the DNS server is invalid. + BUG 6099: Samba returns incurrate capabilities list. + BUG 6100: Implement _netr_LogonGetCapabilities() with NT_STATUS_NOT_IMPLEMENTED. + BUG 6102: NetQueryDisplayInformation could return wrong information. + BUG 6130: Fix crash in winbindd_rpc lookup_groupmem() on unmapped members. + BUG 6133: Cannot delete non-ACL files on NFSv4 ACL filesystem. + BUG 6161: smbclient corrupts source path in tar mode. + BUG 6193: Avoid messing with sync_context in fetch_database_to_ldif(). + BUG 6196: Unable to serve files with colons to Linux CIFS/VFS client. + BUG 6224: nmbd waits 5 minutes before checking to run elections. + BUG 6228: Fix SMBC_open_ctx failure when path failure doesn't set errno. + Numerous Coverity fixes + Fix double free caused by incorrect talloc_steal usage. + Backport delete semantics of alternate data streams on a file truncate. + Allow set attributes on a stream fnum to redirect to the base filename. + Fix use of streams modules with CIFSFS client. + Fix more POSIX path lstat calls. + Allow DFS client paths to work with POSIX pathnames. + Ensure files starting with multiple dots are hidden. + Fix guest auth when Winbind is running. + Fix memleak in get_remote_printer_publishing_data(). + cifs mount fix for handling -V parameter. + Fix guest mounts. + Clean-up entries in /etc/mtab after unmount. + Add fakemount (-f) and nomtab (-n) flags to mount.cifs. + Enable total anonymization in vfs_smb_traffic_analyzer. + Don't try and delete a default ACL from a file. + Fix remotely adding a share via MMC. + Fix resume handle for _samr_EnumDomainGroups. + Fix a buffer handling bug when adding lots of registry keys. + Fix a O(n^2) algorithm in regdb_fetch_keys(). + Fix a valgrind error / segfault in dns_register_smbd(). + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a malloc/talloc mismatch when cli_initialise() fails. + Fix two memleaks in the encryption code. + Fix "fill_share_mode_lock failed" message. + Add S-1-22-X-Y sids to the local token. + Fix smb signing for fragmented trans/trans2/nttrans requests. + Don't miss an absolute pathname as a kerberos keytab path. + Have nmbd check all available interfaces for WINS before failing. + Initialize the id_map status in idmap_ldap to avoid surprise.- Obsolete change from 2008-03-05 by removing the needless examples cleanup.- Update to 3.3.2. + Fix "force group" (bug #6155). + Fix saving of files on Samba share using MS Office 2007 (bug #6160). + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + Fix corruptions of source path in tar mode of smbclient (bug #6161). + BUG 6082: Fix renaming and deleting of directories using Windows clients. + BUG 6154: Make ZFS honor admin users. + BUG 6155: Fix "force group". + BUG 6160: Fix saving of files on Samba share using MS Office 2007. + BUG 6161: Fix corruptions of source path in tar mode of smbclient. + Fix some NetBSD warnings. + Fix bug in processing of open modes in POSIX open. + Fix use of streams modules with CIFSFS client. + Ensure ACL modules work with POSIX paths. + Use fsp->posix_open in preference if we have it. + Fix more POSIX path lstat calls. + Fix a bug in message handling for the change notify code. + Fix guest authentication in setups with "security = share" and "guest ok = yes" when Winbind is running. + BUG 4640: Fix guest mounts in mount.cifs. + Fix displaying the version string properly when no other parameters passed in in mount.cifs. + Prefer gssapi header files from subdirectory. + BUG 6176: winbindd -n should disable the winbind idmap cache. + Add a vfs_preopen module to hide fs latencies. + Don't log NDR_PRINT_DEBUG at level 0, this always ends up in syslog. + Fix a valgrind error / segfault in dns_register_smbd(). + Fix build on SLES8. + Decremented by 1 for ntcancel requests. + Fix creation of core files. + Fix first mapping of uids/gids in Winbind. + Initialize the id_map status in idmap_ldap to avoid surprise. + Fix initialization of idmap status.- Only call '%find_lang pam_winbind' in the samba spec file, not samba-doc.- Ignore return value from subshell to fix build./bin/sh4.6.7+git.38.90b2cdb4f22-3.14.6.7+git.38.90b2cdb4f22-3.1libsamba-util.so.0libsamba-util.so.0.0.1/usr/lib/-fomit-frame-pointer -fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector -funwind-tables -fasynchronous-unwind-tables -gobs://build.opensuse.org/openSUSE:Maintenance:7167/openSUSE_Leap_42.3_Update/43a98e90f110320a7f757105cb4cd3bb-samba.openSUSE_Leap_42.3_Updatecpiolzma5x86_64-suse-linuxELF 32-bit LSB shared object, Intel 80386, version 1 (SYSV), dynamically linked, BuildID[sha1]=bec832e92bf20862914568d64d0f989437c5b8c4, stripped PPRRRRR RRRR RR RRRRRRRRR RRR RRRRRRR?`] cr$x#̣J]6~,mrY"|D> .@ZE]Ttex-; RxeN顇o" g] }3l2R=FR.ʦ39%WRv0sxU$"_%)>v_ 2~~Z%Y4Wu[nLJ!sÝ#CK^R,-pe PW~A vfd95xv%eqzӹ<<( :STl -N̬.)N]rdOBˉBC9'/ΐq/$KMkĞTeV]$qax6ݩ=H@dD _&"IC$# (}Gv_3i-;bۍ΁Id˵n]R$励=`$O_vb}a ^͜"R EYΧۑ\sā㞯}x,m-j Mx^je3,̺&a-'\`9q G,AZemtl 6a̞ xet㏙ɐXjr2 p?q ٣! [(gKG}|*IK/#˫eKi!m3b~s Aog8.s-|CoPxty-W\ TyFl!'0RhB=Uͻ7`Hxz|B7 AĞQm=iQH+)緪mkn:F7cS|1C;d?pGSG8ѳkv&FGblQ8$@&4!*!7 σ0 x3GPtɃ/'ĚQg&k7RWu~(}&dxb '.vJ?V6e38ϨÀOMk2K'Ieˀq(R oK oQ+R2\遻ijvtJRzBb<{d2e5X*@ ˶(WiՓkɹ>lc)+;]pų% swecʦ4#'$$LipQA3>}ΉOͨ|:כ$Kz >e4w5%lM!鍜\i~>pk%lбIiNGĕ߈%np0֊x 7”m.fbp94zf6 23n|-'pJ(p:BQLA Ů|ȘJ\E_B=vws+J`+p][kc3_@\E-NE3t1RF*6)4̯йZL*tKuc!kfv~'Z^cѹX^q/kwy=oy" 9HX!UG>%(ou=#Tg&,ߢ1:h>E%Z~BZ~oW*ӡ|7Qk{)j4eRaۇ!}㖒S("X9j-fu0'sŗrh,S LŌqs9嗞T1:ĬiPD+)g%xB`ge.ܝŬJQ1J_xu"ZjS>Y'?\Yvn '30;FF#!^3cn1>pc F9 q͍9mMo(v>5˚ =gwnLhMS x akI8-S[Qm/84-rJB-| mAJ[a;‘khAiͧFMiqXd]2D{c3Tb?pҠDS]}M ?k2G1_}gFE{s ׅ5(QÉU@NKBj/DRNGr 0KodQXlYbm_;ܹ>%mk=UÏa GrOk+_ >^W1 @j£,w7\mpa}%/}>Fnvk]Dm3:ݕEL'0+w&v֋E|h!^4I:jap30C+MaIu 9} i\H,9^g5LA{1yvc[?UრBe[_VؚZGވ}d+Q*(Y+Lwy؅A <`ծ)CY$@Ez#t>43s$ b!+>27AH?kNNEY6D̍< Xl8;v:J=ڸ8Tb_ rw%- +C'(H(mEҴqt {qWݓ9B}˴AݳDu`儷~ 1ՙix2,H}v鎉ȅT@ %HMQ>ph;G&ެ[8֡0ۏݩj: BByrՃuH*=bI;D sm~o" gPI #$]VBHe!QSZx"\ *FUgSۢMil!֕€$h|34=^7x9?]uUOUR&IY|"=1B`GkrwT ne W%z]{P,[UpspYyqTM^ !bWq ~|>{* Oo%\z_6A aCݒ@=|MOX`Q\®0^ T X!j[Nwt:+lO $z7(:oP猗pc#r'dL!Fz=?.O_blduA.N&:T*z'ciG^QIۜd/agEC_WUAP omk:m3kve'!yKL"Q4<:d\-#ByqJ* *M/59TOM Ǻo:Ky{Q;$c'JmA}ݒ1Q>3$҉0aU~< i'|&D+u $!Y 3{aQK0n*t5!'ie9Ymܽ  agkk~q:Ղ _*T ߜGf~,2'~;}E33vVPD(1:9C-ԯuq !ffB`>JF~:Q/F (;N4)ZϱsE;_yZZfEszzz8Vר$R@@ "A뮼1&n8ĹB9in?I8Ŝ"*%t規L lvh2f4Z 30Bh[j"hB $ӻxvkþP,7isn< NJnio9hrLiR|b"acJ$\`X=%/7o%HbNtnx x>TXq!=$!kY9OfBnݖؤJvV+zLs|0ȺR-K ThA)-tIX'ZrVNR : "W"qA$|RMtns|h4S"|(ur"XzWp]a§ho(ZuK$B9[GQ胦%UHɈ E hXmDJZ$ DHP>mv2wM/Y' 5Sk*byI2ҋEV)Ƃj7ESJI(pIko//sʯ-d#mDWl ]_#o]wDvƂ߬Jm6y7EJT~97iV:8Q&6Ds] i擑D ʿux R~l𧀟r"A]fFU=_D2@+n[lƋP7~ߛ@*2l*p3{CoLLmJ5@?7{1uى:/*2 DXFRbmܞZziz0U?Rgv T;fZĖeoJjzz7;iqv΋ƭS0;rӝP҄ҊK>b @l.,Qm<'Ͽ/>V+xrOqepʼnք>/(wI_ Z7&fj3|;;] FDX8 ?y!ɠC6=:-{ ޯ ˧)D#AMf :*¹jFvCySX_ qlJ̳^NjrOm.u*d&?sU!U5כlUm\tD/{̹"Qy+(eh߱ jUdКDŽd Dfhl\Y'{u4]K~`7?WxKiCf"blpmP,@IX9~stPy>GM޲l4ݮxŻ<8owӦ31A4TKN|pȗϾdE 9G8MTЁ8#H}2QH 7{O65Ȧ缨B!<JJgʂ=u+ &qUHpYQ:jd<] "]&JJZduɑ ՟\l -o@hkw= jVD(U4uV&,Sş.eWq|hlS3? e?7tF횹jkc[CKd 3;JGz." Ȩ́T{wBk;l;uZT+t\b&R)*|S.j3U?N*10JR{D1V/p/<{E+̪\7Jت\pZuHb3Em 9deM^E'2'CVI?zm4Gg)LEA;E~W~J'=zc+m AJ#_>Lx)^hF\bvRJUBB- !pMZWqNށu7m{zj{GGcbYj aв'e@_(@-0z><>&Ŵ I6;lEL sN#L#fTZ^` <5 }SQ@&jbh-a߱@e Y]mSZ.JD#ڢX{ 99Qb 3= >Syn' 9X|bw ?*PM4/O! v aoQ)/iNav•֐PrpUYCѮ4Y$O&̊%n-|pfp\#w%=V[ 3/鈴`yhEhxeO4 OIc(iKǙK4eld:̹MT0b?? c2crzp۟!hE+=>`1Oيō'IŞ5F(Ȗ챭b_USlK>ߠg 9ҹp"!!VFeMl+ _+\4Scț." 7CaQw;G:Ȗ{,ٰ9UV',աv0L\hlc"1WsH6CP"z\hRBPhv.^)h9rt}M3vMt/J*M31Yh]P8d9!huzlbg,EQ0WH++٢`f儩w9)\F0̱S0/Wqd3Syd2b!u:}. d~oKp}V70ͮC9'{#:2/S]Á0[1^{6 x7g@ɓ ;k:&EƤ$oq#}a.9l@<!V~r&:kb#b{~@LxR`}k>$h_@/ނVd읊 >-T: knK,fwdk_Ȓ'ɠu)y ꉨ$~wT1Ss\ -O9$|ėͳR4YeԢɾg(/ HK絸?YaJoDF^O :5OdhtOzڛX+g 9F-ͫQhd" K)lK`XJT(&2+DW<;[~ˌ(sS! AL1t=B`u8L4D^c9i<\ˉur~Ycwϲoڞ?MNG)뜿нppNҨŗ%vg2fn<@v )IlGE" QS[!;:L3h5K1?#=XGDB΃SZnw4g,5<`<|_˜LXH~߭H$.VLJSȃ}'ua/,\t؉\֗~Y5B鵅Vd[@'a8[/ΔaœߙqzمV" bt8}"`QmUEG=$֟\)d@#}Dd)ܽ$3HeUY&!nXh-hЛ՗ q_@.>es0̹<\Z{WXZ,h|칕6 Yɺԥ`˃M:ȽVu.7ْ&󐍾8qlԀ$D|i.+!0 UH[W(ی[x I!@tIdn_Iu+8*3b1~=ZR_Ad[?HK1"'5e?2ҫ8@[`:B3̖94183Tڥe kdz-.vco bѡ&R y̞"lXvNr4%O&?v3ojts=aHA&MsKum ˩ӔSB l8LUrΉ[X3W0HtE^IK5C_^p^Q~]TS,1'P:$:QD%J-R./?eˋ`?, Eտ#>hvDnsޛ evtDݾX_ȥ`Ѹ)Ot[H$ŵ&hQ%b^i; V[W)?W{|t7lpBA.s|ڄgᙬ`&QǾV*ݧ"Z biOѓ,YvHF쩸gcq!!eaq`^NF 9P(C2fٗiMu.I*9JNI)njLe[G<6oД4hr7<1n%iW:ВZUQT4k0SY&xn2ލ]ba1W1Rev]vK^9{o@2P:ξZ]jÕJT."X{<#K^߄3ѿTgm +jy)\Mj9¦W?6zOqY M~Xދ*Oyj7SW3f!hrQw;mG͗-~>*OL15-uK`ؽ8d}G;*thJ"4in%#.L,m7"2wC_m>>W:;"!LW1(>uq]z5yHO9`mr `\J(qI*FJgfCNT8cGeB'"bnUyX(۪T`{:'Hn0/%@\b3 D"6*fP*w8rx&(LM- |Q;;N)2ZQ6r%jCE),]LFڨc/7hl E@F}lN:KoONEK+<"Dts]ʝOi?sBF#Z>dꢵ[}1&v1_~{xK6$lA)fs٤gW^mu+ eNǨ0'CA̛,![n/WݣEw)ըXj ' eԿTHZ8 =d|R+J[ Й50Q!;6y0ctI [s ^ei (HDĞAUs!}D b &y5JDZKg{%,%DRs(d\9&1O!DaL;NO20 պvvs^_ }aEgdG r$.k)N[DBwc%ȋOwHth|7-kGq\OҢ[JUp2UVzܧ^yWöưU2Lۉb~C*D Tk!)sGߧi? A'{[! ܃'9RQLߎ/~oW_TDZWvzUfnH.cy:3[b?M@S6n9 N! e'-O0i3b yi(N'pe2_ &Hpp7_ە#(Qk2NV;pKcrZiR+TG#3>75;΅`r-)kk!g,!.oF5zr{tC_ON)X:rziOWބ䠆. }Q`Fy/8_,ss&AFa;g2%ߢ葸Cb.v-,zѡ\'μCM/ ے{p xT[ГU4`)fX /䠙\^.~6#S>l7Tz;B/pEرeJH^kZ8^r@npw:G+^8̢[/}_F"(_R~Vp 5/-yn'jq8/JW.tUh8'FSqȫ`4ilC %kI*7S`'2O;<˫6Wjz *㒒b]DZä"HC\C aΑi>,hR<wlX5W!ϲ]F#RxERs"K4pj<m h3\Z?}>&qhFoJ  .Gz}q*d_ \.)1Yw D ZOK#g\Q*G[xaÑ߆?Ѽ m5]tm4 И nLsmAe/ԛϓ~f:xŞd|I Sdӓ0,)F-ELtzNدr6άgm.F]R@=kfoݟ.#DhMw4CDnMft_*#}J*0$1-4!_Z,RkQ]m1rY5!{,"Fi+0a 5vu|i ?U.B\TvڿYuV W*#p?a`Wʂs~Lƿ7U8yH~^TlB .^x8.ĨӰJY* O?T`y||u|\ _nވ7Z{ԭCw]ըBMaO ӋRU+y (Z84HSU%mHNWRP< }kUc{|wge{i"eʾsg2zx|l/0$2ԃz2bRՄR,58""9:}{en5{QV-.[pJ7YNE3&>ߢ=$i]\}49[>fN E g^ x6>o쮖a Xz?I [ԡB**D[Lr!JQc;7q {-O`DB vn|>PN1#cΗ; N]e٠ZkLM\P.T"v 26QܜZCk+!0Y־3η  [&Ax9 fn.@Wx|]b@}o`uy(H/ "AD\ߣ/sgA^S ܘfgXT^HAuy?Hp7M}ldGìb shz2dcE,y*ƣm;V$ g" ^Es$PER =iB#_hz:}zA%Jm9܂  t fH2/k])_c͝`0-bCCluG]8d"6.گ8-eRK4&l? 9 ad_F.-'yl:hhߩUq,v9N9*Ȑɕߠ)4g?Z(cŸK~A~T'|s#E{8{l') O f-V;hqTqh!(!ʉ5aoy>C-:ueD&6<' b;tԚj^` ]=8eXE0nӡvv(-7:YR՟Mz7]RE Zk˫9XrjAѦX~ĎDClsnDsӏ~]н ,銧h`j%nk-RuպM'+&[]>:ھn]>xBUMemaN 4,锧H&T0Uno3+A42A`dunQijH@VqzF~8ڧI I-`6?̼zEe 8msFO;P#2UgE,!V48wZ`oW9!b%(!.Ң\b$! d߰ {;Vی2oʓ#&. %_yM:'yw#  2ģ-8K 1Hv I9yGeRG6t l9ʋ!qD˨_K@a&/̺ YC JKػaI12oU"kijOC\EظBVE}kjؓxJeOGajxm\%SRkh,.],T: mhH趐F/\t/ VRH^?6Ĉ wX[Tu:#k!͙ɥTEcuZoa\XC%[ǽm0 n` O<\8_ oLIWc9 . Ry46&޺^Ňn_o,1S)-cgg٫)`]SzIE&mLԘnVƏpmx4S9-+r{:n|BĂO|uWM˃bohXEG<;w__1z|zRΞӤèsn !7Ql~ t<$> TKVeSH],5R GhtP LfO| pۚ ݬ#%nvMȡ#|#&݃ɢlΗ]uf'5dO9*Q3GzrӋ5qdh+iLOۛNa>.u`>7d:+i1u3$.,#x 3 ŏү YttI+mAk֎$xXhꦛ@lM$W@%I*e㣐0tfGg+;ekUk<=@H*t<3ADNNx} LСDfC@6k>Nb/'C.~Y{nա@b8PʊrUW[rrFyh?wBJD\@ݤ!ZkSbX6;Z_{wQެc[&WpNFb5sEŃ*ܜ tla,@J";1@&?:UB}?N@Rp"(_Q&Ooe(m9n½_{OvCo8,3}`4ږ\nN"ĈVVh?c @?IM|qyQ%|H!6jA̝hUHq^&j9Eʑ򬱌3*|}eg46.δcKA#U¼#jF,׶^$n[_}zpI+A#UM)bu  %wf Whc)'%0zVNLTc@)֑F"-&Olo)Ex7WoLd~:\O4 !Hjx 3uB. ;GƳ܅V?Lt(䟔^հ=L#/#T]a%w;faIDZu6ib|?r_9(EUFcf!G\JAJ79jd|,-`dr*mC_vN -O_M`FDUF>L:k*`.s03ɩi`;KpQJSvABnK]e߭ _5˫c:V#v1LbFgj:T`|FtDl+F Fjp[E:8Y9^`6+jABOnX|)聢p|ˆ>yP:7=O@ Inz+3zZ_P0Dk&*1 0]kG.@c1<@0ycB] 5 H:ti,$u]V3mVM~jNVZp_o Chsd΂;wQ玝!r>&:pZ'?ßGL?s)1nhax k(Or Tc-##NS)h&m.+Wzx} Ě|!T {/~Iি:t;R0Z,sV] m8>{&RdzyfN!Xhbv8)V#d; ?Yne~漒j^f J:>ibbYH\!hh5bȕqkglM`i6ǜGDJ#*Ijrݞ}i|gYۗ)u8KW9ǰ7*וU 6 V1^AaWGmaHJU( XT y'lK"&0D)ֽYC506=4XN[ GNJvGLT8X3'AҳNx3Ȟ v,Sc};̒ cb=mTx 8ݯ2gnyU9Ftq^쉔ªGuΩM&a=b&rXuܛil=n(PG0e^/_7'0DIG$ALS1g9$di˅v<[uV1P$Qfi8~)r"ln#Jƞof\[ f4>&AǮN{-pj0]hm^'4B?2HI1荳Z$AEHsm:n'q)nL`SZA|Z֛R'/wɮbOz>H- fy.tJ} ,|l# HȊTjnc#*2vn/h{>E _H,c(c//x95\eڵF)"P(Eq ѐrY~ Ddk#,kVw5YZ>VwVJCMpGQ~URMgM@FuNhEװ^ ITSS22Iu6.+nb gؠfS|U ^d*@N4ޘ*YVv?Cg/6+<>sd&j%]Qs f?,ujγ)7UJ1M`۠Cl'GE)@Fi}Yz>pWQ?ōY.zͼ -"`#2FT½^Bf}Y44<6 % ,e?q)<`=+.H"EkdA@>t!=9W~j@wxmY#XG(;@mBCX\YAN|??L guuY?#FCQVh'ĺMDْuu z1"@c 8i=謸e*K BM0L.%g^:D$f$5]''Lg?KQ2IMxK e}C7}?h,c;S>qeB`=8!)E :lh&C'ĐqbQhϽ3b )J]rE|+bLA_.'aq1`؉Z #P2@CmJژR#J!7kD*3<@^z-)8(i'=g{PL¿F6H4CKx^M46_e)"OzxWyxZ^eo%"5+ 04>WPc䠀֬$.Ek ,b .$;#0M{z Eᇎ(-'3@dV5-j4vmdOui64t$Wfdx~ǽݚ4t 8|˗C_VWWDzHJKf$ếT}I+amaf%㮋ֳh XM V]|<_'#&j.:{ Psgz2+UOWb nز3 = 0IsYK74?]?.د0[5m;;J~#F챪E(9U]i`Y*Jov &89q)eC;^/LEt)+p֢_q iKmu*k9v"6HX1kɸΈ?ᰔX~дJ=cۚWS^`|WI⻤X9SrYa DP5ND?=l櫵{]kҝLᗯ[xWeߙYeP?}Gwcʇʰzs \y(J4N Z+oOң9~4X_AF#7^*> lo:nF>Mfڸa`"uY5qPcD{J{c:zȏ =n7(ˮ9H:cBA?`JW$=G1RC.)DD@wgmEXQZwy[2-jc. szQT}h<;{4)L*SzŒ:AGa@mQۓ _*&Qjbft2Tv+ P{+ K`=t$J+Xn N^7ݏAԖ;\s\]Jvw-J&t'2Eiw6:8tb< X]C-D3Ž趽WͨZ؅; R-|}R eTs~F WW]QƢo'$OHZ&jmDK0ӝ/e1~~C/+ ncJc?f[}&hM"%,#[WRWEj0CbngYʃ"e "RWk➶S+k׷>b]]i_G/_='Ѳ6i4w\˱r4x,1ŸKir[/烕V_λ+p腬_kY5ZȨhePeJK'iԵ]"563̀T)e l{-) *uK?61M^ɢ[io%ۻi=_|]NC!,PMe|Eb|a=soݦ Nzh3CNXPnPP^]d|!KjK7TxJC8[EV }mȲ@iˋ08O^"\4DOTuk(s.aqafcG.(Rɴ4ʴ :;ٟ8ǃn/V v3 Y%:rC5(l0VU@̌F4's`"p|bof2K?N e%&yUKK&|wiibO=sGY(JOBbgf/M*qH5+6x<#}8#MJW7/_] Υ/`R?+:+`))=4/yl9i5L{kXhL&GڄI5CBmtu:5g W;O&i7P1ˢx?/,#\3 ݺpR\:^7 ԇ M6eE(m=جz.)@ ,HAMP 2V񐦛O}{>X=r1Y;ڝc25揼OISP%NJS ;Ԃ ޺lx-#P=*ڲ|%Wyƿ]  &w@zoψJn'za{1,U :r$p9ф3 !1NBMq:1M'Xf0jq$%ՂϐV˭G ʇδ.# ۜ͸mDž*&h9QA0B-1deR]JCw~\51ʯ5-̛1? ޢ.l[IU!f8 zk6 Ny:/PޣlYw7DQgkhV?Wv.:]! frpTz=bٓ;ɗƤ<92!g4Ҩ$q=yk:?kivb&Ҷ`*s&Ñ&4g7@~}B(EsH;D;:bZ.}V T{o:Tuſؕy:9e/HL7B49›YܳOo(2A3Y~guWǹţܶa[~vStͬ=Egie5xNiZvV^ ;OAFȃIÜ*ftl~GdhG-inG|-v5gZ6RςXHKx%:a0 ߁G!馀¼՟ Vn='H`1T=J䌼@$ khPۈm8ދ~!PSW[ py%8UX6ptょ& 0ϊT'[0YT 'xl{It9KksX`$ 扖UC[)yI\1TDN,͗DVyupptKkqiЋ*8-<2$Q!g߳lKh]WErɒze4Oh'X^Q4F$+ɥeJͷA5?z/^RҾ{l0w\gӌ}׍ ꩅ@]57ӆ-۝;Bԥ0FjMt@,W |'K.g"})nԣـ9Bۑ%0s$t5XM,=1@~yDp~FAFTȗ )-gO&o/ceiʣS;G~d\W*Md18o҇>ZUe#Ɣ㔩BDuB4_B1M(UEji0^ShDXWH4 rGH_y^1> ePm ͺ՗m+|Bϝ@錱#3dIܻ&KUu!OzuHEx.h{Gtlb]]"ߌjј9qu,Gm~-,P̮ 'Vw${QxsM9v.Ԗb,"sH&.iyM>%D[')-Muр)M\O"a[XM.P)dDn&S:1UHPJȮ/4NS)/ʐohs RVbfUO_H:zl17k=/[[k9`E4-4v6lk to,M8k$36txP(\a<˒'3lcG[ V[Ii=#-Km͖!m 5Z_}My-T1H } &,ǜ {ǬM8^9s3ũ ƕl/O)7Up/^X{WkCd,97+ўA^\اLp1`=d^=l6W|USԢ=1,~+h N5p>l߹-#>$Y'0]ˎByxVˆz1Ey-o``S-os|[^ȖwSHV;FW`KfFK9FŤ@E*qȭKCJ.Ḋcd%u&GxAu_|$mW藍8x`)$ג&"DLK#bo˨IOֶv۹sBYu1J4\^,Nw0``ÕrT>K7FLӢi)0 (ip&^iXf`Yvv5j #aNs¦W"/"AٜǨ S+$Bxt˦%MS݋V@6-+(i|BՓ6VƦ䃙 }7BHrn6ů"@ĉT!c)i_Q&‰UY a{HS#d}(^^?y7Mc,X>:&±Aa؏&WNPuBi\/|%IS&* 焑ܥ${5w$$2.Aogs/X5ח 箍Ţ{GvYy#'Pa+0ꞔkN~ <67&iG}ҿK6]F1r҄LmZlU9&ɘA cP8ugBWPs]"#cv45Бr)u«wYQ)|yʗӖ82&\]GO%5 ۉB7!ψ\jWP f2Ĭپ!`|H:(q"%~H.[lS = @L'N)nսa f/Va潎wN5IQF2Ea5Фl@UYdsH2X[EۻD=({4C܎anl$3Յ'KǸ r!ַ1^^idђA׏)k̀yShe"PL^4l2# PLD&zqvQXt>MsuߛŘK [ XbX|2%dzPWfkX{|)W]4)ڰU5%!D_J*mJw/W ĨiMMnCS<&v^%{[6 busvK,7G 6t~@8e1%F/5%չ*9sz-wwvKf )%5jkXk>p#~.tHzr=5R^^0!HKe/?rg*ęFA]5Yld͕mz0_J>YAR-K&MipjaMە.GQUr<K4E%}I{=i,Plo>kiz|Ȟcग़E$SC5*k+8՗9CxGrSY=q6>O kn^res cDdJjez3cb=PR9hxQ+ h.J́hwI%fQ ҚD7f`GL[/eE^ODG}%jZp<_Cr,FvM05Yᑞgc&*[_? oʎ9ñe!y^ȲP95Km~6xݮevzε]RkHv<%TB7JKr4lm.;=7̅H V}w%Sl7Btkd{{Rjt f&˧q挣g22|_`e3s%˘-:5\U܎b8EZ17bN5>3_萢m,Kkᐝ`znBuf9B2"®/,}<ˍI l5׿0>mNM‼9YJ .Dj혬ܬfgH);d;hLj`0DN\1ܩ܆"^NtO{Cy cr.Hs $95x+h % ilijphS$6%\25ZT&QPU/u}\ YB)ޥlIekP+E+(3*w'ʌڅV`O)Ŝ.]\ߒ3<Ҳ~vcoҸ7R7i1ʮDh1Nh_E`*A7V}ʣmD`NM C(Я%A+Sh|J'm!%ʷ>KeU hn:b^xq&C΢2#{`'ս),:1?\SgVa,-&43YG <|@PSq^Τj3z.s5 BUMͦk2NI1 d#{}i:@͍-'H (teIIW>^DA4dgHO F&s`px99c|]bu>|vŜg$0l&pyQS.NtVVZ848%Vs`Fvńwڹ2z ƫ׍Aa 4Ym>"'WWi2TA!0yQ $8ܤ0oHb \ppUKz}wJ蔙ƶՖlV8b$ahf'xiBґFh㚋@y(&%JAd$oF g1lu2.Bzt~ʸhTe}kj&,s=} ]ZAXb[?lcZKnNfZriP^QH^eKԁ2.IJ3~[rl4;Cƺe=|be4g?"Fq*.Pה?PHGqn=tȄ-.SТ%ΙDBcWVogdɗUY{.ۧ@Cu MM֯dN~b6G@Sj\ ,=^uwJRLä^(<1"AS]Ѡά͚韨 IT 4vqnC|eIQxZi[oxj&ѻMδ^P *!ܡ-+ eΑԭAQ4 |RG"Ƅ(-. wf τi@,tݒLtI8kT!"^ HHaAv2S)D !wtE4ƕS͘j斒y>xkBXͨ]x2w읋Vewkn`v*X`x}Mkrx|7D Q]济*gjHrp iAoRZjf$VHYqɘ}.V0k5IFW8gLMP@-wA W]Dy! ®G3%V"..v|\$PM| Ge1[.w͹A92#Siuma}(yZ c[4)?~Xn C 8G6ת: &YO7":NBcb42 m I4ml& P4slhŤ+)gG;"Lչ2+l=WP0|7AVٳ͒"'NFHRy^g_\npvR*3̱sA [7U} 'yk>6G. ` WWQ!c:^V5y'v\EēV/ ƣu!C[ѣg,ɫQNakzV698÷x.+2ܔT=;3Wh, wi#viB]phuiZ\td%-ck#quF|u=2]gs{L&. EpC"|;-+<6f$,ԝf'@x3V۲"+$ct?zQ ۸X~3y781"8#ϦI6)Y+~.`]'TLi%ȝ*xY]H\@K#YTqC~D3ḣKeU<>AǍ_ Ae%3Bpϝd}bqs^cnrX&tM&6$Vx;G6ՙ#bJBRMf0|GH{ 5ym&ïto0QJ(-&QW%8gFX0'D9*ZuL=NZ:F |XjjBP*;r-ƺ˶뢜Y܉@(" j>%Ċ[%47a <f3KCBV&a=T#s x.c\A"~B,uTrgzwC=1'qZl^>r |Є/7AqePy ŏ56'G7 h_LZ=z'pG]:dSЙ ]Q UQMɖ(ʂL+7ύL6nd{x\/Y> zu}ܷh@9 @n4´0yi/N"bq*VLy%SN>E#dVjy#JsuoZX< +9 {-SFBY l)؈fzqo!Hm|U<9?:2D5 ^g!3ZUY&jLsfyBTwf׎A/4Y/&Yyˊnjʊ-P^ FSޓej;JRtg M ڣ?6>e[3jh'1r uVB$(@JbxdEr)[_Dv~Y4樠"wM g/ <-TIAG]j{i`toEu*y $䢩+O4֘RP^ph0@69bA/fV7%klGF*:vfVWt[*QVe~ua_@`0R <N~;)8ac +rgk;0Uk̕BXL-9ӧNE[UV* K ӋDQ{DHw5 Y'HT7͜ oJuVb;cvۄ>.h_ A0VsXބ;"F}ekRgSIq0qr[t-ђ[Sb=U*n4BG4QVh@$*3BCFɒ[o0@@\#Bgt͋9![&UW$Qfn,gdqdȄo\Q1~[K1j+1$L瘫k  Y(7Q'bǾ2Џ@oAFީ! |ګSFGARkꋽzqhH`w -HywRʧ!9nG*z*hX9,ְ\>_Ez_pՉsrԱl&=yS]%U'Sd\Łj9bem&Ѹ0^Ƣ(TcD :xB/ՉSjA8\άhgFȧX /ODw-Z?p{rՊmB(Ĩ-f),.1Gq9Cc?3ywc3Z6R>Y<ۚvDX.1;=?dS.$oUx-nX;HDY(K=:0opDWmIM? Ѐ.]@9T\A>A.Q5 InEVזhy*Zev0B,Fg-̾R_U2ocGBdgB $D'Fy6 (sx&[tҨ?`燭3]\waMXd*}Kag(_" aHoQjt"m&{zZт`eĻ.]+-2VRKq "ߗ#KXކ*s-&O=o̱A$\TtnIu'k>:2S ofs<eKmZLYw ="`p0N2ڋnhʥ~~'>X J߻;LukBU,,ˮ_HyJK8}irb*,JB .P!whg)Se*859KQaY13Hfe#Td;"XP9T7M79k,Ġj ;L=cJj1Oj8=9|]0Z%˶}NV|mmZD=ڑ≪^ $S>3,- 0rMTj9a<A_~"@t &Αcza*sY^Tl"8UcJgJ. Uؑ#BOHm5M:6&ِ/FbǏv3 0;tE6nJ}!]X.֤ܺ0 ~|V^f*sZh~/EUNɩI暴q$400~%uoBCQ a2ċF:Hz`D)Fy(vH i&ރ|"2MW^n^e UԗKRM"cEL^ Lw-%@@ҵCn_&Uh[͐$Zo6Ɲ@\a{ۚ $Tl:<(#h)2<8~؏-Q $^0OfM3L9RM!VJn-ҎQ`1)/ɑC7`?lkpœc"^fg!(V\vuvJc4bI5"}[t^\Qs`C?JA"! ћo=0EkdMU[γxa0@ݣ*ƭqi0y!M P0@pϺD"@Z~*Tg(ǕKCrqx/*-p"Qho4R~.MԚte(XG4&2bޢ}6RYSW*i 7]Nv\oPQV@hG.MlXP@sfmU`x'n='#/4'1?53iz[ۗHh3)0tpnߦfPrkƐp尜HbN v̱ϗE# ؿgt[P$py}(ȸ")OVԸ¨)(bpLj ĕL75u1DFV.p^FFBG`/Yλ-W^W h.ǔw;jR5a{чc֍8J8@IAF/OddX-)W9(m3_45-Ԭ+QKPz\97;:A1.J>4&#-+~o<4a/ j"w5T) +19/k;F@a!DoO sMВf"=ehdx Tx(P9]{BY&UIKm&'+{f_&])T(3Ɣ\8XO j$dpb"g#]ue6)Wy,pq4mHPO\d)pxグnO2M'#o5s8 kŐ"6ÔkoQ3C귾(qR=^>3툽$-M @0:-o,Ԉv(AH#JNv@\0ߡCʍK' GD&ˎ՚zڋ18oXsnw (f#R,N]"N l Wb`ltj¢RDX_W(FSUkv/ZF:ܼgQMQ!JxR=o.@Q9M]Bѱ$jHZ)!O `]lKi] JEkľIA̞| 3"[ɀ2*Nmc5d|3-v{u̎S%V$Rd,=Gwl޿tSz=Ԭ*q&I(M+6愞H*z1 ۀDۂK<MVD!cfJ,T2#9>͡=gѮhl|SİvNwp<-fx]ñ&Mz0 1?}X {Ii!(+惿 rk@z,I]N JJvu9 91K9-ærwn )~Zo߇\t͏ ͙*^ qwGvCR](@j)CN%oVg[j}# _ p~n ;*DaX'ӓ[@OusTFGs$HN9S]-$Ϯ2[<@Wݛ{j$QeS.ozoKH]X=鐄r⸎7\P 'L_~_1m0Fq$?t >(θBuX ڜЁWHiqeX2> j5DBC`O0-XJZc$Ӻ h}Um%7V$#ҴIScݐ&O˒Wf(GAY_m(Ο+d%i鲥PBB .;!'QaIBc)\y Q; 4<%G-F׃9$Hc1'BAq9CawUԍְI0h&96 2hM\Mm"af=@ҶYے3R| ΈmY7ȟsm}I HIh@r)e#LA#XY>T̢cuyrt +CqjOdZ^0N=i[ݺ U&092bMtܪt.ɀ-=jЕ"R+,i4+W*(̎0فj;1md*ZOqӷb+ WdM2ga5z;Ã'l FP]u֐;%HɁ{_ e}I; F/p :?l A2d6:WN)5R%/~y%3}ÂGU6fm*: i'ٗy2&Ӡ:7B0$C"nYns=QcuyO =&,Rh6o(rJ4ΛԸP_*J8j*lTC~nmF_<~cB1$ eG7GmBoD@ʄK,92sdD C@[*O〳fP d@h&-l-N̵8jka%K_Iݰֽ1s *{" -~en\{}ay~3#]/~\=rSk~$_LnV`< ve1mrKJ.Y/B+0rs>ȭk us ^*9Rhu1sŒ|#q[ cPukP e VjC]&r/jQݎG̬:~𸟽 DL=1@ѳ74֣=bi%Ÿ& Hi}2Mz2s ř tWm=buovX懲,30 vQT.sxGz#O-q_mK_%d  yPԜ\='ĉ_7i¡pqsAu6_f VޕsD^2\4&Ŷ1c+@7L_Eô;r"V[wy#vrLI?0"ݦaܠJ| E&@sM+2qM6Oqz#Irر|i((%._J "Eywx#ԧbU{~렴'D?+'-?p;phP`~ $?Hp \MW M5LP .XvRyu,dcB=t֢~0gei[&!xG<3̃QsYů dW>'U3 <7+ |q}du׎ݺ? l7 $PED@(|gツX8BB.FpY\҆%F3Ts>*3W\UzUR*![ 5cE@6B#dPNK BgS4mX8`" olY?})plaq]2QP/=+wXZ;p%>PuăK'9@`>Np x%ZC>(K#YMXx?~D]eY o*.:b`)^5vUeK!@T6JYr= fG+WbWpQ^W t-YXm*,UD\ɨZ,6Zp© rn?kyZeۙ!'jfeWڗk̡|r@?JtK t?O^YaNw3n=ٻB<7[0_@7#,>SSjcTgތլR#`K.D0 Ͷ(c6LO\%SX#ff@שȓ[2G^B%L7^fG%2pՁerm]s@5`sOqx+ /!=㤯] @lP {?R̍uA8`qdrfyx.+P~2VX#ns~(o2Lq"%ޫg MHHs+lDkLy=mIm Ghp)g$ ~ ?UyN-oPEdĞƟ>Cb2y7 I}eS֭%K#ǡLqJ}L:wTK*8'&v'}Ndɳ :$;I1[ːQqn !x*CRboGgCꕩ(. 3%@sVӊKp.hr9w#TsӞ?ȤhgUxh4QLUr+}'dEᔨ{ͱ`ǫR{i^E\%>=ms;IO(yVoue^k_3u5(<ޔ±Aͦdzz;6='%S]+&'KǩD)I)כBq{^,X]#j҄pR+]=Ht[f$Rʒ'|282mOǢ+GE_#g _J"vxdiĶ' esFZ_Bi/ӫ`drRLLptf`5m؆Ӡ|&!jHy/8\I(s0c+d-)I:w`GuoMy ? z=*jڐAlnVM|ڑM,ܯ< H6ޅ &}o)'IKRbvȻEGΦ"{C]+}`FI^84S;(?W!Haty,o/n)\5I~iG1] 2 o5MNJxsPs d{-b]ZG]5mDM pSw*=3m-$V F_Yһ]+mu @100@'SxC}PWU @d,L:[WfjkKhhr3eI,¤d,,u-*fL6R% O{a<\R pCCmu! XgP#(.wlTeuOv1~K4-gzɩ̲mkWIL KJԦlX%*%)7UB^кtPFi;}M*Xh;i=be1ȝyL^QŞv{Zo4`S'@I[=}mܖV'ӾHysdtw~kG?̽s$R[Giw.~)ك1G/>Q$kӡl .^l. qr^,uۻ>= Zx&a[0toQR fU(|4"Ru.}ZnV O0vӨ -}9a19i*k_~8gNdQ4qca(SG[(n7^gn} ;U nnWz4LGGOS'b>ٵ`W c _LKEA%׾2uʬ`W9Is?'/kv(Bmj$ڃu۔C F|:XX_6}%qVax;3ftl|3>U(2҄Sh j&Wu2,-KU <ȕ@y\ώDixRwj:4 ɚj6kLyRG&WudbE<5w/BQdX+j~iMnMP敄P Ӈ1^>*u hR!2tuu.uYTee .> 3)HzS\GWdVzy떞Ef@ރ3 2Ȳ";FV.**lD|/%~0ir%MX!XiLt$JtYAI؍e@A\v+oi&Idף{yu ŵą~11Qޚհz AoWwn0jU}%oP`=p/<'Z>&W嘛ܭKCm$gwSIrWÌE9Մ`J*&]Wܠ¸AoG@+ w"ڶc&#Pu&=T./<沍IH'-VOySN0QԌs E;F+WyvVlz֓ArTz0y/`E tp@2.a-.MJk8ie‡bƋbwJUx-HqiGT'`?78)do-x~w[C{ Lpfx;FBfS6cCQ$HQeȳ(czHvA<x/RXÊ ãQL#kgUTáåjz/Lќ|Iҫni: >r dquu)&}ա&sPj]WB<w#R'M씐Lj;(4Sm y״ȢRsխ5'eVN.#sth|{n"k %@ J"` ] ř%SQ+d6+JD3О0;*>#lJ[eœD;wY7Ft l,{5XN*{mm!bՌ bG2 r~h9"PBO/1mH5S8ԠWc<ǖJޓ\HtT&xepqlyFamQKr*O7oTWE3BM05 p` 7X\Xq8q:4"͜w.d[k^bƴ@>vЗQ{x6=p9)@ٺAx`plQˍ JWn F3|DjPZ@r| jx4/c ;p1cSڭ/:vcik9GIw ^τ ̫kC!H{ sᜏw}| C) J6P_ wep=+a#(VV'TU!am0~-aW&GR/h(~9O3;)s$RpVqw/m̱ :uSB!:sL3I5Pb`2'qBg4SMF{4/=yB3cN/ٛ GMo'4̂HI&%`~,sómɔq9]q/#z"/L@*H/ZBXKdxl$ G'Ju%\NLC" b KXw1v܃67+~6[?[e:ɀVl<8XϢyzb?mL4$gL=E UW$?n5mLw|S6"9Yi bIYmxK✺K=poQc"@JTsfII|cRqr@sE\md->>2ғ2_ozh=p[p$Ʀ~7"AѰ 3ȱh<]Lg §2܍$ĜVa{Vem kNԻH7$}݀cO=ch BݹLŞJ r#Zc% Ds9,k269P?kЭ ,.vZe, r i+@SX#na- .BPsly3H ǻ&塀3[d⩥ʈKݡhS!A~-25}v.(/SoQ/+-߮!=^!gLt~ZtZ6jZݞjE &Y]Lٙ 3U9˭0lPQ.GZ)ٸ3`f;IӲ_TB+n7NJwduB`rDpai9. <‹(ང 9i/T9)MIWn9vs4.QYw9kQ,S/W㪟oeTʻLMV 2Tyc YNZ昏&:MRQԃ"r*ՁKQ쾍(L=UmBÄb#͐ir\nĤrܲO0DLlq ;O!Z5dzHpIUwa#&2OaR;Q *6r+GIEiYT9 J&D8Y1OIy"qhnojqtQHҼ]4v!c6reSKE.-}MrRJZ@УFW)&l@(F0%a0F3oudքHc\KFVu>OIıi@jQ[TN"ĹI5 |M54ZUhEyLH?b'Jާ+ӮsRIifӿkuZ6[ooUr^UCcv%:h:^5=%P@Vb:mbrhAek 숩<&5Sqs)[C;:'tڂ_vAkhZR7HsL+G|1RDedcRG$x\E.(qq홞i9҆A#6FeȜui햂¹t-,3gc5gI)UoV#OYaG irjw r IMfQ_nCTu%'7z]I-6 jaLy[}3I!,w %jA-wĤg:,Ɛb*La]KxLOP`z,=DΞƧe u5?2uDe g"F#[O~F-"[ՌZma,) W=q XwsA`ǐ0wxL?<{ɯ=qc0iCu(|Nf o#MمҔ8qF();G9g{b}>I]|;2UEE1 cCc8pdG$_4wJc+P^^F5c2QD~7o:+@ ]yKjv2䆎Е7ʢq_o<#\@620/J?4`|qWtAQQQZRv> ah^IG-l11[o{fMwYlq8W^T)}4FPRS:̀JdudQ- 0zk 6/~˧N$mNkɞ;9Q==ꊙ3$}!6L𫮉ډ i̠c>.'zk+QOro3uӾ3l_.z/0. ;$y΢9V:+,xU?@}PQBP Թ<') J ]h%Z$ [k <@40&~Y W?js|||f(삗G|,{omxd1ey ~hCJ˅L{leL#ZM3ENXHoVaSdU>,8)I</Z)^wzmACw?[6^nކN!}:~?=Ԅ%LnHv"췽\oCH(|i9RCֈK4R1IP/i?ă')`èj\3н|*`)(UeX13YtϬ:<$2ޟŹLL{ X {P:יqeaT,o~D⩝x㍈?B_ $ 6lʓ ZZ-KFbPFA1@CXXkUWЫL`fmeDsMÞ=LQ]%;סl{. %moCW5}y%̵~({(]N#pSZdLݕ$NLx6<A۫]*H/)S^3gA 8۬K<u $kt+ϝ^X2e׌2.ڔ ?櫚*2vJ2䊭?3C^rb`(ZF uKJk:6{nU]* kl;Y4}1P8w@01%yۭfk [y0.W|koܿ<_YNRCbl0-.pTN֬֓+L5g}JbޠchX 87[Pr1\WH╯ 90;\Pj@Te` V P ITǦ e@$?ZV#O %d d"\5\5,~%{nLS];1{`q' >-VD{hh UhK?:;xEpjz^]PMi=FvA DpVJX);İ+4|N?bX9)|R]~QC[Uf&w[)WCNt]/b˵F=rGɶ[uő6GxHg+Gs;~" 'i2B 9[`j+{RFߠpɣ NyqמSl)sPt3yݩ6/#xVFt$Z'UI7kJ 2Ee;9as 4b  ,}ycQ2,nt~Eo1Qb ĉ^kARK{>>x0^Xx7tXDkͰa] XT|v# [qN-2oyk/os8-C⳼jFPH^93Dcf'(*xiY];DP\wʦ&M6LWUk9cPv1gXA[z̀8Hl 稟?]K ^CAYd;k~tOp_d,RDPN#Ia㱨*(P@R7;9tG뺥ԱyOf+txTsXAA^;vcfö@* *n7ߴb7!٠J=x槂u5uqlL0&F%aWƇe=޻l-Fkei&F .K` 7L2<>\9"Y]Y !ܩuFjcz )>Y@~l\ZscZ0tUv%J%Csb뜩:c%|}`ő#Kx~tBωr3dt6ˬHDzymL B#Z6G b.^!߅Q9=]# *%A>*v`OfwXhJyG`L[H 3uV;bֶ4%Y[(0Q i0N]ǹeAeMB/k$7RQ"3Ù<2ܴVA|}eeon U;6Idw@4?8#Y6\ $-:4D53Q ٤'SWV 1To_zo}cdܬmPрoN{QV{CV.)\"$b{2%cW j݄N6j!N qǘː"m "qEaXZ&Hj(]%>%7՞=NHy4cEŞfRW\p[8ow/M׫rg6w߈sQ=r4M(${ A2i!,Z0#3v/kz[RlG'~+.v`˺N² l.M@iʓ Ȑ!U %z4pldk,9E#YnWsw 5:o\g}~Ep\GbSװΫ9`$ C<7+1I{ ڃ,}uS =T##@z5ТJ>;?XV| L-4+\z>ӥ~:B-mWoeҲ(7UwRG"`z*#1Hl Ͱ);1K?PC8[ jvݩAqgA{Z EOY7'5ƏDž;GQor!mW{fݚPeA"sȡ*]1d hV.  iMWZ薔ϔуT Fi}9iM{6e1 O$<iO,[]U0%v6}WeW QDD"?7UvpW$`eI,0v/YJ7ƥČ浕`K >z*\6_rJY\zҸΓϺs-S[sEz(plR(C6ꨝ<.3%llb=/FlZwiC~L!3aVa+%@j9<&ODN pn nc%n@w{;pXn w'T]0GU ]Ē}Huqoax#DRgТ9znPE<`O:عIn\n<u"qsNpqxj)+򂧮Z&Ngi3_o,8kԡLҎ;Ubٓs6?ؖhpM?)% LYi=fcjxSH)ʳAt|3S VZ#wJnJarWr?{4y̦EU+ϼ,OJSҢ}G@_\C|leq0#޿C%]j } @:QC1;ׁ_(a.z$ocT`8I9LJȳWxȫA80۲3-jdʞ;Qs#o4hMr֗iH6<֢I~X(E4OFBVxN\BR .CScźx xF5:d!&~9d}R j!b7'=+ASwj\,hr25Pi1,`e₉"JGvI䒿wbjį<@ML/Z`w?K5D *~>x[8&cNɍE"IPPSi/AB\8c˯ÎT|ωB;<p"+S &}ΪQQVT$Oh@wyChYŢx%,^noldߤ-r,tg~V+kf#wNDGZ.*\w~lh, n1]=L"Q 0]4JNt?TGYd09:׎*.&^Q.$fM3dP.4 s'雺J@b|S !a/ b~c\c_nHSEErvJ.511B}nK*p lG7AiSsMd+'u,m`B$] i:xOp8" A.ޙ/p>̑rԱ$P'AtH %%(B+N~~T\5E:R\[*穥G-?4:穲[F /d%C]gx+3?Gx5l66Oy[H4WS3 aR] $j͸sE`1P4 rbREcޜʫgU-a1Sg:c p:8:[6Cȍpa##v Ѩ.24gtYLf)BXYsT /;Bu f4&)1=5zO* x64Nƛ@5-_E7u4Qda4y~!ּYG,#⨬> m3ni|&50:<]*S:Y);M {Wqpի,/AqAT QmvF!6C d$WʲrĦ -1&New%6 7A Ί=^NѤ;XbP8_B"L; *XJkw2j5o}Cp.he-7Y*k7V`=Yȓ48uXgYDVu^,t \'dxP&ЊQ-#N)nӞoHcDc`e(r w!nUœ3);j.a _o58oT[{As&-\QN85^j=s.+mB6:ieX•I}CmێZ)N+ᓸG8ֿesT &>Y/ґ4,^:SV:CPzw}L4;Yaoyq<-@eNd|b ܲŽ@@>^ DƦ) ͭ:qWZ,aX"(6G9Wp ^v:3+oFBJCS-,|ybn~&?w7:KP3Z/WEQ0U'8$SD(~D @ )"W ۧ?ǮÓS2c [OS_)Gת.Dnj$bL5v] ^/JNJx=wc2DA%t c(mp5N@l$nv)H ڎL28<\&1qF5̥/2ȥJmYӒ~9FQCI3Inu(Wx.c9"aUh9Tzm !z9N^b)Q=MvZ -8 -g/+Z ]?*5|H3G2bڬŊO'wR"%=AfBp0q&v1'| t(s} %}Gmg_D͛sy0ޘihf@~-:8Ae[C~INy>;*RuZK^*48%i t49ӋU9$:4C `C#Hp1;ۛqP ELvf( wAFl*uPiVG'NFy? oYLm<$%Y{]0Yf4C|apBv7hK꧕W3v䣮1B1wЂ^p@!Blq;{zjIHV+s7?J N. Y rPDNPGْFv}7Z>iErڮ"\o0ϣix&cc݂wJ,R,!]Pkdrf)-ui̓"E9C6F! '7qJcׁ;Wo$nreZhS٠_ZLyh.ѨAuxSv~k;1֥</H)6 { M 1_oV?pͺL-XݳA`uF{m5zTZ;1H`j^˽jvbeڃwxI]YV@ߵX$Ř㩦X%gQ=Z#^hzqIEqR Y2Ef*WS~7j#wYC%{u;Z6M.]=>R k~I@[ɔ%Yu^Y)xUikl;2uC!r|qZաj'oow$n(bBO`EUS/q~ks aA՝My6z'LJaPĒ\ؒȚBJĄ1KavswVI@t_ju Qǥ .J>F~7jT#GyZ\_{ܪyC-S,|I* Z9vÌ5d%{LatY_7~ L0:YT8O@ׯ&C#|q ֙߆la<{u`E`gƫZQG ~D܁ =d? >瘎Y(͂ԋ6#Y|7s#S- lkښ@QR/q]9nqΖ)}mq -f]{ݿjh H83}j/6Iv#a/nTXe%j{ |*)Sɴ|W/+^vwF[ʾ w1F=GĠP05 NP:k}zq2gKRi)8q/ i2YЇ/;UzVK;ˍqW5Z4ZT/־̱s7'0biE]L0#U?`0`4mQBãh9 8( u-Z֞Aj3@^R.`)pj~pMV6 !έ=TᓧD}p0N qJi+j[.EPV_iV~ jT ]i]9AJkD\H 2 zIpŒ dIhTC ~:WG4[+äqj􈟫7i!?zрDn[mtx }T*8OgY [ f0lTm~,#Ĭ ӇM{tH gYM(S:UE 51 ~rQuQ5jJꇾڼg4YD):"Oa8]+.Lzaϴ;H`BsK]>ҖOYW ^SbbK׻n[yq,Y.c &_IT_dL|?0-IC;Ԣp!b+v+k1EkDA 3nkwDGli1},ͬZ Np8_2 M \fEx0Rv8MHX\.F#ٽ}w9gI uڀؤ ZlK1 ă]dCӝ볯7hX’ gfmRoĵ}gH _tZ3N%`)uWX3eQνhvm)$f *{C3Wvх~Rȓ͕Pa,{!-gN>j x Y6c<㔨#j5I(DB` 5'd-@*0@8'̽͢x@mV4a mmqfƛB ׃-/1f˩;Tw赉g &`b=YO;T6g]eE̐@4 *"q80aRqCk؎sGV;b!J- w^q`\jqQė(^pB;b)ti8~b$Pa3^(Pc@ "оRqߩY$×m~InjEbl9ڈ=@QbV7=aeN][N1f%ā;,'Ģ oYgTd?S(.w75N)>T}%NGesX fbx޵G i? 8mӯD-BfX|r=$T,EFbmP<'( uQcso+;+4b~6oD՞OV/ \@MN>#5OoFKl tZ8>bKp;UҹY\,IWz\,avk!/oϞ(}_>qL+*e/'LQS e c$35Lk;慎Do~1,a^뫓q`$W$X' ߍV'A (/:\1^-a[hTr|Q5/8CrH7Xr$l~yR[$9QAdT F}nK[s&5dSR`OԒgcy/>Z"=T*g98ХCwB=¨$8YYPG?=%J)dn{1w%fHZ|EI`OY$If }dOYn4.%-}3GC0"DFrwp[W by;  HG&: Ο7E~ma1I*N?sWZ֮pƈhIO**1Hs6V46~${k"n-DNRvcPthTOh瘧xnűgjeacp4/Z{F cxFY>`u h5L",wRw+Ф T3WIU/G=<_[&X0l$ #`G ÈV)X?*ӭ L,\뛚V շ-'JwQc㋒)z%un$gPྣZX];zAbC|hbwJ~^1ՅwU'#",2xzgE<Lj@EݹA1S pP\ }G[fD׵58; D}'р2oU ju+;+Ռ/7R nǽ:57$>x>I0Wܧolc7n{YQMVLDAE}O 堛Ĕ&yqqyQr#Bq/g"{Į!̝ VAGV8S(/8 4Êdk8;sJ>eC9)|uEpт#SJгӯfիFOPx|x|>Օ|ZYqMZ ^hq|{$n>aS-[~5BPY) tr>T枖4 ^|: m|Sؠs)` |.0װ?M"8/nr'.G[, ` +RfO2͇=b2h7sj7ݨSTS Âi>bY|ȮQ8|jhdC_Wɩ_x)rC<V'Vl#H-;%+u wjSi .hQCxthW,ʼz}Ӂ? tYE%a:B48XwZ+ mǬ^33޵6P1Z!:htM )r2pe2gkg-m~)1`?7hNJ|77RR?Fl`LϒdUŮAUɁKӀ\HA޻g,xKl>-s.ӳ Pursg(7zx꥝RlZ\+2N8~} R );2 g_ݕA,h2CS'GL Ph8|yZf0DҼr>.kbO k )R/ku A6$[̟a"0p+e6˫RHv9X5C\ '^i@wWQ>{@{IlCYiD_>&oUA!K=u{@]u;ZswA{5 rך(^B.ÜݺHO50K=P.gmSWCKұ "&v:ˍ*N逸EE$5 ő6#M3V ѣ .6Ty[-& /5EDLha6*X+fs \Qi1v]YԵdtc4w*p_!? ֚jC.l0X'c: 5b:^/{s D%sɝ׈fG'I3$ ZpH "W[O,lgg9yYؤuuY_&tނ8ba]RdZk!h-&}msSo h:S-ӠyYu#:0JuN}QTwdayBSᛱk6p~e}/{r;|=8IXY͖0b4n؝VGGn:YՐ#tc 5_%ti|' jK,ُeү񓾄 N\ |A6 "%__fpoT24؃8F2q.x4p،D;q0~] LG:B=X7h'/Fqs볎ayQ{p=zѴ ʥ5 /Aֆ> h30|c7^Bt#K3iˊ!tʝW#x !m5=KnY??KVST5@|o)6\C_O;w>SK*}gs4mePm翻Sn;Bxj4Hkn}J+d)"ˮGGRM?\l U&~?H;wƟ??oII5Va 5%`ˎrJ" Ό6M!Xy>dœ[D忌5$-krKḑ Ȋ}rn+Nw?3[y@)D'S5z4'd.*$G2<D- 'BNSsT˺Z+ⴞ٩s,߬xZ9Gnk+GHeo&06r JQSɢ1EWϢP+ NV6&8pՃa5 THrN0( F,b'A^@cj g}0l5Y8(ko2#Fїwd1\Hzk14b>bU$W-10.{U"ux_(6C/̎If)gb= }eoK+U w*"ѣ dLRy[.>;B g(TAkY;֜/j#h<-\4UGc!df.˪ϟy/u{UJzH&(CyG`c{H(q T qYӮ( (ƾM0KV5˲\z9JHiC)l&?~yIJW@&f۶ 86[I;mxc,Bd6i:}JCkrvUOe dki=3eֶz>ۄy1ur\p3"b¡(f7uiPi3fʾ68AL 6~G|TXȔ31p2^Lk_wQmڛS$ zIqc{jڂ=*mWO"AY3Ɣ.ĝE!9 O؜ݡ|a3AI 5Ić11Y!] tĪC:a)A>AL38A8˭R, T cv-O;S'y 5E'A8[<שMBa(UO[B̎!3Ӯ+o3:,CGژ,R'[ŜuexO8D5Xr1Bx" f::G"eA*,K'I^yOllmT_+R[Y!*T̪‰M%߲͡j琝\,WqNPraax(.yb T{q?< ';.KBшm1vyi7yze YL"Nufٙi*|F&mAKuNIo X1b/bf'iQvC#qN4z T` Pʷ/nڥ=[EKѦqDLʜ ɉ j&u[*9x)fE[FT}6ܐ]1|z'Jmv9xa=ƨL6/__"wsT@$ VImE '<\\,n`~~JVycþ5qF h+nX(Pvz! lA<)jG Hozeޅ Mǎ쁩DьW7pAf-;ΒFqyW v%3+v,+뉋o?;pF3򯐥gXm[_Ѷ-+>BS 6ՙa_Lfv5ouK/=_8 n^j_WJV,}$Z1KhpnbJħǞ3Xsp4|dhƲ>?7&x:[).blPz0?Qj=؝H편x$X;kq+(V3Q9,n5:WXAbo=O4L}YS.Q$G0҉թsa.7b3`z~4f#X5M2u?-6hw!-RWbg7=^.l|x{ܱTi O+$y-ᜉTL]ewQg}a@chV#%U4ބK&1\hػE[S 1ZZd#iTp_|5Y6W -NY񉉅DXTGFOVĺ&1پ OE爉OLs {S3"]QtL­`|+z1ߝW_ښ9H 36q*bsJ5kK_خV\C!2V"]dUvφ%+23pE,.ܺ2C!;HFejd"6!cO3՛lk3|J5H@V~qٕn=s`X9)A8BХf6D Ǯ-Ff?)v؉(,=R^0U ǯ|&I-ۘ q E9!CN4پLQJ\"Hbz^&lN g1\?BI!44sR36:8Xjjl[U}zNN@6г%_Jvb +sS$e%*of+'9UzoYǨr|[Y8*{KTEp<)hBB$E$t6?0Ԓ\4i}mc}}\'x1]/qA#|^ݯi@K4 lQ,Yj=4p˕~s(zV.](B~ݳRKa|M=Qu١l Lٙf$BO㪣Ȝ.:Z;(,q>7B=j'Y; ;- !;MzUlA_`AE@܍aϒ# E=[Z }X`Xi8"fB7?.fC%@47;MlG[(,XW BdDH%ՈHαOTj@aL/̝ A̠4s3>b[qZRDFp /`CWgWٗdf-gyN,ޙq=.S9MoiǍyVKE#4~S*nǢ uB<͹&7UxwxI|?TMU\~9=OoN3x<:6gqS0q&,OhcHHxQ*"Pf;W2K0P5eKMvdbT @ /Hy#zZ>tKjQ\XrCey+@!;qK&yCv#+¥}$hv ibn8|J?iOep09N)ZjIkIKvEӤa*mAơZɿh };\Oegh1áLauL?lF@W7&$gؿ{%WJ)Dt?_fC!ay5h.XN\>݇ W!}eZD/ehaNl}}qv(h<lL?ܙn>uV̸qޑ~LX`d6~SYgR,T"+Rh#n|Ny%[G)yYO/t@@Z'V]$EYɑ8x_2p@qkF]QPr Ή}趉-xMv3aEj0Е+ݰc/*2HP`7@Ls_(q+%DF;Rۖ7\ìԈJq 6x-9(dQb٪dVIXc}!F7J$Îzj K`>VSk3w ;v.]F<.cʺ<|ANx !oh9ۥ7]Ɉ b.'$,̒j 񖋀R8XqMyP1i 㲗l^t.;  Ҕ#CN>:aK@Nrt;@g<*"oЉ|~iytVKڽ]-> (0?iD ZAMJY#I/89&i!򢿝-@O\dQUkI -eW9mY8֥֘eX74@㽮'cD.P<kTV'(9{i.Q6C(QzTܤODCH]zr0i0 /i5̕xuzx:HLUchp:u΀B,R1W}C)cw@|uA92 [ UU̽˯d!biܣ0K+S>2_&[1Lq7kIGAAJ Gn 5L$QOpYhƕ~WD LNKM!)ti4Z(nf7(& d3欧NA}FRLmj)I}VT_w]]HuHXUy>H4B9,#[M  CrbjwObe~1G w%]9F?wL =\=fg3҂_9/dd}(3KTuD p_0lE%8JP~4 f5V 5GE\ :amcB,[uQj=Ry-.)ݱ 5I!H *4e$-_kE;$L-54 Y\UR`^h/qgfSE=,a_y;9B}+8֬$JjpNWbLA ftc97H??bS5::̃腎E)J}Єl\~S M4@bp:sq EȨ`92e^!f")<ж~HTdlBd 528k#3p`? ߍP`Zr|v>0K( r qxf(#Ikc|ȑܛyiPrƚQ*?]\yՏd#JjPo;ƢADfVk!6T?/64gny`Cr@K.٨J#į7KU3UDIQ6ft7#C@ɆJA-=?)䖶*&(5>t'pXΞê=ejkZ!Py~/x˳{;[j&_=U35j$܍;vm s2DU bG0%?HуX~ Z*f!)$Cs8 *)c {V_##`߄_ -tmswz΍8<E*ly&w su䗚E@:0tISPɑ ‘S?RZ4,&,Q^JYb]  tZO(m 39jD]M3mgEP ݁ئ4Tgpeq`z$,}rL 710;6y.0kƓ%go+i<(JU8xzAvT,JCөd)squ =Mz SO7i6D=T>QЩ.H{4֊3Э$x+)iDs a7pvԥA7X(fӵ}>m<Ҹ8AGNp@P05Ui#"η!N9=3[2owwd.VNdu uD#^f2t96 )6,F9>U A¦fmWϋvQ\!Cl* `50v^YاdG,H荂/uH_13wP ۜlÒk̦)VY|'vnO+Lj_TH@dH@+^g!BO%NŔF]oubGN(%.P :ƍYL t))f<b>IFQnIE`s޷ap ڎqoB ]U;Y{j䉬:YRK N]ѫeLXũ[1TeQlnюEUbf05օ`3 cH~O@Y.=VHr1sٶx頟$l-3=|Ox<M%e)Ye/hS{Wv(MUT:M] i">/P(|Jٔ;7aӼHJ9_= YnoZUƻ^TQ̫bt߮0)Gn;s&'\Omm֢]vaK2JP?>7.iH; R z;df&Lug;u/$YiTݢnV+垾Hnq=\8I[m $tMYbd#hqj2pLX;>\]'8HEߏ e3O seL l Agd+Y!1yԄQ/+;K HƋ1>n@gSJ‚'a2koj׻ :ֹХXY|f*w*Q 5xŤNҚC$d鳖`l.ugD .kCM)}ЕKgP (VodZxpָMiIՈ=\b=3/? )F 푥ňhqq_Xz:Hclo$Q1:=on؀Wk{6mp2?{Dd)H` {+3 7o,%.i{0DS-(m6ӟ5n`',plƺjB6]M3T"v|?Ϯ& e8OW1%ϳʕ?6$ քV7 e5ͯIQ'wp ȶM:ʺO𻫖sJ]ؠyu>gdQ8 A M31Q7^R70: #̤͐z]odpXLFtu) dV:*d,@h ;$viLet-m`V# bp`W\ENP9JX.w+94V#}JJHyk/feP:R@`h`{K B]h_T;z7Gotֺon1{"_q!o=2.#BhgC^"5em$aJf֙J &dkEYCPu{B#mMbˈ1ؗ$%8=t:I. TԱ gi[Aʤ}kY}Ǹs(Ըԅ<'m3xEw</VʒҷRj+YcN[%":GgFά#$G5'rHciq`c%ېq $hRJ$vDM#nH]AUI|__)1a?"-vGXd=gl8vmNj;8f fAEs@.md@wІq0pIi[#x<bg])Xti'DD|UiagT|͝QGCpc14nU"_/oVcT89L7[~9 8X8$̉ aPO2U/ј̄V:ٱORdKtR &6m [Z[nIU ɔv)Դseߠ0S1Hjg `4.enƊq5l@.쉳q 9`#E$@{hOgbb456&9ʮ-$멕_e$*1Lx2 _~ ZTJKQUIRāaqM޺1B`gf^ߗ"AsB"%B1. s-ޘK!ʄJ9>[l/O-5y'"R[4pd_8T>Xfo#3 LD)'hąB Ztю~*M;6|k= =^=)RA0샦JS K1Q}莖} 7çAG]IvŒ uɬ[!N;WF m Hwj\9A0tв&&s#kKK$"'28#:iJ ·5FMɰ;<@՝TVO}?=Yq7p (R$ wgYpKɣ`oRvv's*C~ThŶw }hiyol=#Mgm:G[TeOy͟0֝; ,k*2<#7ԯ].5eQX+q#$L53*ƒJIRyUb͔'Ot T`2w;Ldj6c'!~X=E!||fMs к]I=6(lc#{:P̀"SiȨqF 1PԊk̬4MDGG-p)+>4n58N;}M X- WR98 3PoERj$4 N| Fx ֡ K)G"YKJNnJsTV%kM\ fMtQ^}9^k.r|Fdg_@+e/|JK yϏ~@F3]l>B*7MyMkytE' ؍/&edD81<+U2K R5< ݻ& Z"KA-ܑRށ1PZDM`\6}+]/rIHbM@t}L? /a FN?*>C ōe*lʭE0(G ~ bߔQƐ o)~,O%j P`/?ukĄaSa'kb離+{(iK'+2L;0ـ_НS`?TJ$MMpm,1=wP31$A(Rz#nBh )ZHJC3qވ|sv JmfWc S 鮢:a 񠓁F#<=8£c<{Ry鑲Q/Na==TGͫS06\ 9Lݿ2z|1Az&39J buridc My[18A5<΀{[*o,J QZE^w8?(V*6!Q7"]RR/uELH6c!< ѐ(=\ aޮ$Dܽ}MR S;8Rpؿ3Vn]LI(i%FoRS$!xEq4co_GºLY*S槞:Xlp(J# ~.8o{NZmǴGd?V=I]>9'=Ͳ |z n#4լ-ٸ 2󆴓rrQ\P:L/99`1[OH-85%M =ElNDr{IίdwJ0_4P.@Hck:hƅtW^V}3' jZ4J,;۞i(mg~X|zI((~uT&ڌxqeZi=AsJA賠dt H*խWq[y\u2lXhF̻xmxkֶ.zrvq"_C/ "+;|'%'NDG} K՗Bt\'%|;Z'SO9$$pxF4hyGŒ8̰cd%H@4xty OCdxgQc ` $ڵ-QRnQz^$- _+p`#!pL*gģ e4՘tFQ+ Ts Cgk.LR;ȱoڢ3P]5*JoAB yj tLvq˛G$yȑN@_B C`R9]EVrW*,F5`jAt++s qw\k4|:h^<u֌{g-+R[򕹉DaFHG5a{ɱ0]qoׁ!iZ%,K;x-I"1!ug͢ݘX9=7D5Ug@06-Sڏ]~M89v8"@]8dA+0p1F‰pDm;tH bֻ]XQ.O8aT<::SNTV\" B!ƭ:@k` ]I͋:qa[Bwf6fk (Ss E\&|[!o,Nl[9Da3 |x$cF*1NS6,?x *`ei/76-DUW}-h jܲM؍-\#a$ʛ bO! pF!_?U#n8Eʿqsoiy#,}1)魘xq!\K4+*) ,Ƀ vx# "t <^ʱYy{rnmy1_IZќYyn9O $@2riBs6pi%|>D~(GvBy5s+\e 8H* *|X(mlHp~e?80e)l1p,@4ͧ)#r Or.rgզ mmiZ10j0%J|iivoכ4yISbN##Ie2~pHbF y-李Me kCۻhd!Uo[@}d{M(rXЏ#ޞYa3#џ3@CΎ5nG%Lf|R]G 2G Mq++R<RtZ-B&2+Ӭ w~%Ei7pnM̦:5?H w\BׇApY2c9QG9ʚ´Sw BU6*c \ >N4+J-Te?.!co#p׌MK& %vXkX6 #Eu(χQnPglSևpw^3F{E @^Qezo4z4G8VqΊ]B/ފOdzz$ifai:# 5zTIijmA,wDVb1aJq&}UV*h`]e\f8"ȃNeC2 Ǟ8? ] 5+m\z c?}s=g (FBe'Ihp^{s=\͵fC -Gt=1+HXJں!_ħ#6UTi€qJڨdOb#|$ty S* B EYۙ8˭4>ȭ4N!sg;2헼I+@]ËfoIf/n[p˯Fΰ:.;AghLd,C5Щұ7.$-+#ζ0":uS\7ATz?Y]6=#<-p|-F|͜,Ԭv򝦰@`h`}sU#V|пa?3йPX(&d gU/ոƼȌxТ[2Y'>_D"]ћ[LRF#a@l>ؔlXmH{{@w#=b~`U;)=9i%AO}z%h̓tXb\moHA]h.E؞5R0rHZD *bsv],Glޠ8*‰a5.2a=A%K6QP8L^2OS x=u5QF3>m 4=!4t1KTW;A:&/(2Ȯ]),7z0Ҟv/^ (v5oТ xrުN!v FgE.\#>gi߯g$s){S A)XBFʙGdq\YZ NV V1g@SLP9m uD!w~\N3iȚ@hHsE茤S. Ӥ u{@:sxsheV"66#rtYϼ8B~48GDl᎞&-]-MSJ9a|>=GޤLՔro1uf11t"Lt?lGbqvAlbϐ0\L*^8Ҹl3!hz?d^õӮKVwtfEЌUq|?~3|9Iu53xArq.KJ܊,B0A%7Wݒ&?HoR6ޮu`C7մΜw@h2xh SF@{I뾤|HvE7 ﺔM ʿlݰ4M#ˁ\}ϧ_L9qt CSLulY(9ΒI БBbhtu鈺4$4Aq6kMmE^^s(fZ:}6ReQ#qE+w1S1U!`9atj"3Szo] Dd{5^E g@Zqd2{Q&x:|rCE)s8azXNw K&~0F>J3H* 4(j?ōālw0𦣐 ofL/M$ #>J{} XNkcuk/,)N4wo{ޚK'\tJX8^wֿUabp- 1(8*db:#GG,&g Hm) NV1f7u޿eu**,cX >8 PB 3Mz* q(~SA0'35p/D5<ZqN_!&,ҏS|s/6CPzehruH j^q16J~@eSO1{b@d`-e[wq'SOsf5(`2)Hu6}zi=[<*u \lTZtؕ<Sb þbaHC]tne֜[.kj`e1]Q^6e%$yL\5_*~lcI|!:ڷGaڎ^Zȥ -+-TXԫiGi_)(6_M!W$jES'DiwD؏  yFJE \xbP*=vyȓ()GQOYvLN-̭dv} >bq7Zx?qmEQpv`L|z>V$NwbVtN1k`'a3uDB`hjZ8 Sb>)td(Y}/x-ۿ;KBV3^}s`s-wUeDo߶iDu§&9(ÈNJߌ/39bv)1 W)ZKNK}3xc(Fxhb kCZ8@q CHf͙۬34>X&MT/C]n8NjR啍?=1@FJ6ZBE~ے1; (ims%{fg8n.Kf9[F0L|h[;@wZr[uyאh4ΐ)Leb%B4ˠ1`lpV{JXj=fŶFjM.ԥ ޒ` bT Hm '1++WoH`]s"gc.eN$ӎ+f}ˬL|@ x~wD[EuB|/@f,\ CxYW!% ')O$y<#uDP΂~>dF򪕉7=x]+% ,<x[X^7Ix N oRA2lQ(qϋ}QXKf19WvAa , |?1/dhOi3/.w+1!b/x\dA*/x@¾ַ!qH.X-+WPRe,~UG?_n6l(e/i: !r~)jk{;?.deu@`P:BT9+/o@@UD(lV0Kg,V ~oknWn1y_6" Xr6("D#j+3jY[ W`}Mv,PpzF{[ &wMl—%uưu*MD(QY%(J!̝⍠B=ZG׶ #P*O#S%Erge.uk1e!N6gvo,j-F,3XSqR7!I5w^Md-~탽= ]^UdL͉)K?E},JJ(X/P cKBBɢ}^jry ArH8רDw\+W}W.N6Pf>12V !Ȍw}J:zmY&Z:}T\ oI|&0̙ ٛ)@RN&`}^ݪU2yV\"yd _4IK6%S,HB%[J44F\KA|4;RR˿L1PP^j 8xp/&cA"#$'/#oڵ4sQtud]eqfuZ5$z :Y]aYo6GhMwCY /$Ҡ#yPFX#%ȢkIH grB6S(_R;sӠh#\ ¡B<VJ ׿Π4G 'zrb\4?S;(jTR,@?&3`;JY&q ɑPf6j>T/2'" r>_ѥXh(}"$wWI{f1?u11cM"fr m1:]>Z5i߁^tD2S aw_[lp EFMB˫vhch5_lLR@+p$+9 )Tn 8Ǖ nGEUR ٦;#EP;]I^)5Rna5=f[Mf3ӤvOUq< P7X+pr<:ݷ6h(ZvQK*e>F?RC]ѿ+Jyt.¯e Mֻ;l Djxz\f7tyq:"?ҴorF[SU6c)LAj!Geh9nƠBč1)N_᎜[E6߸?R @h 5x=0oh*d4ΥĪ}1.'f:Ya!.58RcQ%ȗmF@ث fC NY]}?mx%1d /k'"2lP=oU ְQ}Z u6.ɛƫ2j_)h}xu6T^O3J}Z"cU, a P9~ڂXzp.I~~wGެ7Sp7>o?KDi+Qn[Gjo9@7nemv8(0V ,b?o'fꏢɾ N1`go1Q_twKdqI] M&uGm1{x*|D4KRd[jƐED>Ox]'PCfUЪZgؓ% % iѻ BWZ=UK7)Lo*b$u㢿bzRPA(/p[7.XjQoSZ !9ШmhȴSf;?=φsE޹&!ՅBb Zʷ#"jᾈ=Ty{b̶~q \MN +U[GV%ϫlT7)+Lb>vgp6O{(qÛd0)}+`Zm I |y¤1Ƌ!Yt6דd߇BD-F6._ a+ٵ~(!i"%d #hE5w ]w?h< :vҴyk[ a%dpL\[VW%+/ {|qcv̳oJ)4oq@B#osI>7ܺӽ4!̤ 39Y w'z[LwR`1;_dmKZ-xdY!u8}||OL=ת~qQֻp xl7;3"`1 7/74] 80&~_E ;8}]Rh=so'bywB);^h"G/>4Tv|b~L `-h s`O#+->;'S>Wz#us M?dk͇58܄ -@NR :E:dR|]M +晁CqR HFZ~8[];_̏D(Cx$dX|Nl\{30\Bcv"vP*{-n="4T7vNz*dhb΍S@/饔ټyU xov;Ra]Xzѯ>JX-I"PO†9,Rx3'?7s8 >r4vsRa6QM\J+Uѧ/Soe~ ߧ@?l o75u{0kaGK (7]w~?11B@+%3Qӕrysx&l "(}K'px[ B|1nJ. BE=7 N9Pl@ @?v%,W,OHm6"8j•FϏӑ~-b!$~@D|܈J DN0%A%:rn7^SGqqxS_'4;>!bTbH $RƛrjԜ)n@ߺ6> oI:ne'Rb"(GÓ'&hPw[W.zzxw;wz< B/.1up]`D;b9&bȵ8? tЙ:s'Û¦daݙy , w /) zzhO}*7"D׽g ^YOv샫\ Y!Hl*5G F͡Dz٨eN +Gթ үS?0BBm%>>X =]%C J3 Dj:7/Qyj4T7?`䶣%Ub]Svɐ 4Zm m0k$+|Wg{ND٤?z7ox*( x#n>d|p܆fTmj :{W驪x1,4e :@hpbI}"RJ30!9py]L F)\GZ_"ARX_~麄_K9oQAYhFaLt9_Yh]^Yғ)9Fcߵ~$? S02CBp[K %Qh:cxp wa4luw\)DdtD3>/6noxz Y, ~vNZa}M;AΙe/':-Z0 XzjBI-HYw1_r=n,B̲G͔XtLX;CvwѺ-Yf>tV}$ٹca;IۏVGxz_ހ#b^ ʚf67K]o/p")bEPy絯7"pfXލbzJˍHTHRw{]ݥmF&$q]Z@fP<Xؕ7‰#A9X(:ס ފy(:xάsmE-[>P=toPcI5P_G&,PYe`)І( x/oW.=)g$}fŬϡSrLOLFҲZPNy fp˗+Dǧ]4a&-$oxiCh r”o$o[!>nUR5^Mڜ0q !UBpV9AH;4QxWbC%JpFIFIˣPp]k,caR^2`%.P FLk^%dUku٤cإPߗw?IK0$o+O,츺'n|X'c ak[6Ar`)w*V]cbhkp<^lއn,xk \~EU|zQ;BOI= >-ߘ0m ҃[usXʫ0ߦն=_v1FK: Z.T͘ ,BuHTjyEtx,w[F&kf"o@B?nb9&EayMT$J{b2Yv(h"F-&M)STN_p"7"Ic&*y0ڟb4ԌA4zS!oX5ж`UUʀ1'E1ct*bJV)d?ƙW⊼$$h(O`o.Afb,h Ba $,b @{yU0jl_vB1u=7S?Q!ፔuPa){f/@f%S5B%]o:ۗ9Y y;+ZQ+$+>{B9rz I&k3[ФOp1zhobr1-˲º6K8DuABciiuL4 Xa0Jp &eT^\uu0J9ՕeB4X%7:j:P"j\@$_ Ʀp- udBh6)Pyy v̔L&WOO펾l0 ^r a|B5-Er~ãf.zWӕFQ<F,I)Pij Vj`\wwh_cm]Ȟ ڝ^3km%Ƣ͐gTgwCT"ot}Xx-LgF: DM/ZE`K[ߎ\HT^ToK>r "n谪z 70Du {>WdwLOYL9C+7=qH$IE5+=D~0]2ARazVLtrq27=+포K+ny’aXV$-4yIc";w.9\ 6G,)kK$ǒ8.#gR݂ׄĺ8sLKz؀YQ:^ۛذ񠿋Rbb`ys+jlq^医Mܟ;rکÿCvޭcO!'O tLE,R gU5ƞOfw&V4ȑ} )JCPLQϑ.71 qG-52r|33RpJsAOM%ZKlB26@(|?8j͢ ǺSWYQfNCJmvUecN* B^CWcд7`θ1&:_h}/k0p֠֌ɀ\f+^IgP.QSD\ +䧓1159g \qH6A޵>QVl8[d?ZCUv qco5Io%HEH~W{D:Ţ4_QɃ2Θk꟪VvNLzwr0Zc(.^(6W8;aq#}`0i8p,5_t0㖆WX8GÆO KZnGuQ|KX©3 <0!C%vAMV(-0B yB ݝ:\Zb!$q4/ sBS}0߶{[5aWK֚<銽d:19̣%Hl+mil-s cbkzJfrixgnPWr%kgt{АxDm7 HP.4?x]W>Pl*Į)5ՖnRP P3P4I9Io>wHw<ƶ |c}ٞ~nLmwumGQUUˆ F&AoǽՎЧnޯYHm+~]-4e}07񁌵,Do-+xaM~id8ӑAF4^t37aU0 ;4?f.jY=((U'%! ê2{`bos9 -eI_XɄܼ^ě&|'[xflΑІVTFMߩmIacrZ_‚_AYU0qx莝^Uhw0 lN:^%Z@^d=+[yW|*ET\f|IYɀ b%Ys"< ]L^ 4OǷ]g~ NoWo s[K`ْ۲"%nItO3۴@xȵ|m3R!4%m/6!G B ө879 TYe[7- V/ r}N 9.`'lCܤW)e 9`O~b㞤 OP8Ah 6[ Err/-H8=_)H'f o+҆H#Nh\1EPmj*^iw|FAbB%]m5?~$g I fry6uzI/9w˙O$ϏQF;:R xڶ-ʒuC㖏7MrKզYkx&`y3p 3u(`;4n^;J3; g$"u$0܀,ʤRcٵm}]vR^Ot+Zc]<WR=q$SVm8eR0ϱ?@p}ElXEw^0n)g5MbA) w%k!VPe?Cq-@#7H3ڭ;s 9T OoT÷,r%$*`lmҪTj6.w>J ;@ )vCӷsNSCKj@m{Z>0Yή?kS5t[SAݦX 4seS{u= 2记Nm'= (FS$xEZ1hw٩j>z 2G!M@ %*`)ܐ?g8~[E mQ ,{ ʖGD\4lvhg{ U&ʞn|fl [f$"{TYh1 %$IYD"8_4z1ݎ%(FOHTNX7he hڪ\*]ʜ#B*wʊ*˦qnmjVO&BpϊY^>FKGBQW5@ˉ2¼mI.?JoG[UTDoy2O%XQ'|򽇕|gƃTʙ4KÇd_ VK:.ufFe& P OY&Ck"E r1¨zp:EaET+LRɫvݣA*bAU@qLQ؟oBu38QˆRoT}A ī !AZDO>@9ZxRrF >3]Koz4{A5!:7yu^;O)3g wDsphXuXx#K} tRl'Ou|PT˛U•ޑio5wJ'kEvJYNS3y: qhq/4\ | _|]T;K>WGዔϹ, !N}a~0,Ҧ N{U,֠RT0 fx+aI [/#oؤe @^ߟhB tt lH&Qm])RC^^Ѹ(HϦԴ͎1E!rC/ krK}5 ^|,udL* 񰦛NnkS(b# =I3[8Z4ڃT^  pW%B0}DetgI`LG>yCH`Q :dڱ-9+r #Cϕ)L5gN: KU: 7[HL"Yz[fW#]ʸ8}rSڨU9< CRqqQ*;FxZFzӝFD˶JO᭝BTeG18nˠtUҷG xP"@eҵ aW>&.(!=`HQImw_wbtj=>d\}nÅP`F{ĭ >7ZQr6[r79YH~]#td ? k ifQ m𒃫'`";S9-V-;A=?4ϴCtCME"k܋nu:;A4t1Mh0XO~,&x@Z^zsM[ Ͷ_/RA$K xivl==Rf'v($۸#ۦ))\|PW#);}7dԘ[Y γR*RipI"@ZG/YLw)͂{GʖW$ČparZF]D'p15L!6<a YjeJES S#4I#L v k~ Dj_ h7pTcW Nidt NZoT3va[i:U]@VWjB,D.zAH0i+4h:I\ 3ΧAO~ =AÄqaq(~6dž0VqJʵ{dt`jexA`xM,@4R+^ )8|TK4d*YF-!/\H ½egv0=&?fM\ksnMV7V WRBōA7|hdmZP i˹~80v$Yx>Z]D+N'T Yi/skVz>eAovAUB ]ԃ=sh>^Xs%`~[vZ#CP-jgw?)[-?81uۯQ@c1:…)9,L/4qYxӏ?=&m*_%ʁ Ӄen*$~-%T6y7B DbsWT73jtΩ'j=\ήѿcË-"!+l IG:<4W^ۥȗ~T`VM!"n&`mK1wbo֔f~?y擦I s,l7)ؤCLJ?{8)/:*M D  UMGX&>fΖK֚CHTЀN-Isy+.J!^\k-`9Q5sbX](=7 b]\6&0U}zkGk V~jݜ0VPv'$Ok c6 }9*wRbHۚkH`\Ni֝_{L틼@Zj 8U{ _T3B М+hwj{>N אYwyjr`;vX9l?ڪ@Vg,ኳ1eEf/'H&0PҷG}:`: zuz "RuX֠)̶)~,ڳij84Pure|& hufzyǃLdvrj]wH8wtyr!=}Df+TwM< " A`Vix;vl'08 T/&N<ٔVX5J;#g:[rSVk:͑tKAqb0Ml8p|bǑlv} n=V0k0` Z$D]kVTm%vQ;=}V gmW'xHޟue4k9 52uyCPT7˛Re7U4X}\Ou%bܪ㥓^n G D1݇)#=JGbaS&`s9byk4\JD `1*UOL1<~275Sr0..G{A^|AP~ jz m&:1ʃndY@OH-%%_֓rI.uƎrB36F4g@D5^Z#.o&Duzko7^dIю;(۾:Q.V\eǂ |Qܸ̬@gg{=sB8^4nZRaScy>IAW:uuSqH.8].$7K(iL)giɚy8?_\2 AP&d)WIُj^Y5\pѺL'sԗ.^$[A&xm/L=6 we.1j߆WTH bC#ac~~n1ɛ*fJ} D40, &NE={ךDMM9WgD|E"qڀy`"UX8X}DXrypiSHϹ@/ ;)t .mAT ~)KK<7?^ U .|euqeR 9&V%[%f%bR8kK1 g- B')"q]L!)!Y8yA?81dBNh{3ea +ե%xcs>>8 My% vꉻ|;g)*{=~# dW\ KjGZ1q2hoo{FՖ੫kQ>vc'`kGĽ;T>}UcQO .\8eBXG$\Ơmt3y!s@n/]4B4sc00^cUvؖln;n- ճI9kF~Ɵ7TDybNS~X5^'_(9{F6\upb=i8_ ћY6iY*D)Pp[؂ɴB]ؖBVM0=a>Pߎ\KA5o9vǎ/1I7gicsmHB&Bw = 5}94kyhucց)c<.A+mŌ !S8 WIK'Uo|s¥:¥N}`l V?$T1:}wS}רgeu0;(=! :TР{Ƣ dVz׎/lP_n*CA€T72eԭs;:u:QBꨎto"oB#Qn:,;->4)x=0(`W3sa+JnG3-Gf2'\̡ʼnLLC\CKͫ%|5ˢٰ]ռ=yGaJ} ;3t.XVgBr\=~9 u}*HVr6.5vԂEp4"bA_m+ӗz]h`jb{~}}?%/uAL3a_mK&f+C[3Q3fc1PcDIW_Od{蒻?6rqƆ( 0cHo&R2`Eܑ~:`C-6Xѣj/'Zm &S-}osu * T_zjmOpx hZ*F )ŪzpTrNW`W,r%KjuGuEH=-v)=`V~xM8n#2z߷ظB1cB>jR!7S״1[քX2p.-b_NQ**uGv,(d_ ug=Q<. L DO664N9ˢbY [1¿ë:9K$ -_bNͯV5,@lِ97S e=x lE@ޡKfa:|L_`5vc?ql:0>5}ݨXƘ(@8?,r_~ӟЊ4d"C]vqM_tc.S}8S*kuNgA1&awu {K0EZJiDs ;#R.8IГALU Yq 3j"0-:("õ0%vKV8Ӭyo9/4xL"l^&("害og>4zཚڃ*ʿt GŗPPmYeH;uNh?c9.+֬l۾x>ʸuCyjaHZ]@AMBƋ X\Eb@eKːۘݝI#̉jO.8`gNlmaJlqj|qr/iQVK"O PaOUEیk8=e{7w̫`=_`4 *kF"^!#Qj|ci;29`LhAcqLq}=nI>dwy+QhvgcoܸNL:xقJwJr}FB% ]V]+l+SUQjEg%ofz+3nDG4Q]-W6ʢxz 8dу8ߘҖhovd冱9T@* dr{\ d\eeing:%b͵އNR 5oMsZ|{4 (~_]eŦ,AÌћ_i,TǘH {y8'7/DA|;D}w6;% `Jy}f֞ fmeHY3-fm6"ۿ޵k0@?}rj;1i%$+;G̈́eD?6juMqS1$_сٳ*˦IfʻR Dv50()`}ucMPY]ez&fdÅY>x$C8>aҶwlcOr7,N`!f h_lRD=Iælw1P`#HԀb6b~kӋMyx&HӎA ccQ aGx(c/\?rS\w|rH>ߣ8gJHO|$bs&dRJuF$fD03/"$M\7gNaӪc 8@L2t Y?T_ۋ /RLdR_\;&.z*ģ"0"~ՀTY?}Q́`nj +¯]Tb2ó*`SB>˄qE赌cBAO m,ȰmO ? H!BcIK2F-گu(+v2y =&@+0lD{*(eB[gH9:k>pkcYJX#m@=QW17#%:1To|pUw 5!?xw!ۧ3QYB.+X" |A;G3_#}28wn3y^=0*f+u1ڀ:@lpHƓrݝ0}F s5T1~`c2Bg e g~#bGLǕxEԐ$tKYfC%s7[`&YKd_ 7=8d MgQP=6h*z1c;nw¾toLSi«[e&"VQ 9ufl>Yxhfmn-&.{7Ы%a8-u{+<ݰ ڢfAsl>\1s7+j- v'7ZWYݦ)zZx6rDzHg9gV脗a-kX* kbIlaثڋ1 t964dPݗX<_*>@N݊gp .x"P}D2M4V B\Q~vN9ܝ_t '6lXBoz/k2LC$-ue:#}Vu'!_v!$@ 7tؒvm:[%׹7g=@„@|_z,i,n^`:&{~vٞ^,}_nrrq^@۳k<Ĩ.=^B'JE;4`eW} h,:TPǚ Xv1Yb sML[pzxz'MU=^ wXT(ebhOL#[ H2OPÙnݞ~E$*mb"5g8C ih1uѳw+;Ɓe-d3.? 96MFOﳷT:&ne#;&56wC共5yu2جV3pՏXZe.D9+ق:hIj˜1^&Ԟv(ưu2#6ooIW҈hOqk+-\Y󀡣˵ tadv {=Tж ZzKnWpSwR3[긃A[}eZ S$uhWcx%RG܋2V0٩Pg ēq͵2,ZVu"5$"+)fePzY0TvWY1X- zQ|Dve` W$AzHh$lZ[[˻K!|\ &waz1.FXqя %K q`u?u jli)Yɉ _2U WI_Y[‚m̞mF?jS8jAt4 /p;׳:=-dcf(TSBm$2yA?I(Elph*'%Og2I?+ɹgT$%x-Rh*,BАͨ1l^@/Q /̛ΠM:OkW˓:fԀi|w%;B]իbeq]gJLx QJOa\}<Ջgܲ78<5NmI}^oO6F?ۭptx"䏭i80W'3Bp@ w -kG/2BG ڼ4lha Ս;nıWL P C:SPkf "~.FEZ7+e˸bUU3)/O#!r") Du=„=}nfTbgN'GwmLfn{:.1!O k%b~|AďЁJzpqÜ0IV\(/vJz>jef-=ZbGG Į0I2D|Kດ9tU<$/SGؼ8Q^(ZE$J游dࡸV4Ҫ}ѧvAU%Y6`ǐ ic6=U* Q#<`Ժx,:NX@rh$ T:>]{e`胰r"o'bx{$ޘpˆikIؚm\;-%pdO-촉AE׫l"I{Am,<@$iKhh)wԟT=y+]!Je'u-cFGnuJkC$x#}4T%DŽws?=){s{m0z+f9VlO`n C|SA|푬subs<U0:Es]`w2 me.3ez#;;4+7.DR(vBΚI C02}a)I+/Rph2{;\ոX}]6Q[:(lHJt}H t]8) ^i:7 Õ GOk?,j9f}hyg^.d߷Fd׭/Nteq+PCyЯjAQ =,h@lс.|7GJxj$>\}avqu뚾\]2nto/8p7ai#v+3/9n<$;cGDbPdyr ?ʳq=R+ .Amn߲YR`؛)kƒ+ޕ( 9.sv)$-nfQ']*3wfI̞(/騊h}jn~ FC)xTocܨiyNÌC2)/:&9p F}kV;YSWA=Rc#4`3p2\ o +C~4ʒtkyPڟܥݝ62dZ1F[~7lO+Q9cPK (TIʢ45u,tf t4wAA#gd&KĆ̩y`%-ӵ\bB{ostO^(iWb.({M`ElXw-\B$[R%@ {=^΀rm`1:v>Eghl*BᗜO&HIRP{{t/iBځ!£j BQր(gytr [StG_r @ E/4kk񲱃0#@\ac@= ́_fRv%s( 0,GфhL_":\ٺLĬl<H5`!&aOx-L*EzTB|y2LMo^H%~Qx]YEEc e+s;jM䀋Vs{9;&!8dޚ\_KvpZlgU~BHkx˝4w !d?s[YqbƯʢkP;nȑ6Ӝskl"t'L\OP&3v (I_7aԮU:1UQĉ%ŠvmsP}@Qq7 hBJ!Br!Z5P 6 ' `%كFBDTt/1Ђ 3 $wzm(9<1Y3b~EQNԛoeox;i_plޜ\\(3&fCL]xAuwiG~*~/tܾ4tƲZ?\2*bQɇ2ۇ>¥y"4fv+Ӻ,}/)t, ֹlbF2ug'p RtѨ\1 ubl u;Uh,%q}hr[ f].kl#};t\lᾄ›z^QV5߽m^y)#}EC;iŧlo!je-g bAjeu*A66i@ưiӓ q5@gc2(l9 bx>$ъW?)ըuǛ|1;E _A 9sB7z(\ H8JT~% !7vDY;uoaH=%a)3?999\E-4`J'yU؃xXj$.B_a7RT#r*JumxJ ŬĽ_~Gx'Xz8d:+L?Gy3S ic=`(ٸ%i B_Fc6ƟH I: aͼ/3- Y?zS sDD /o4`hK< `ѭ ] w-d d箭p$T)3R^1s8 iyҙH~N ICJ#μLwD!3\kx+)2T$|`[|軠MS{uJm%{8X:7cW[0=fv$U|F>%+La&8ҟf=8}%X^ϳwÊ%f$"U2<0Iyˑ^yJB[u sló(ݦm_Bvx X,NIDMDw'=n<[7a{ }*/z(/UozK!C-p LkһNbš{ᇆpTDQA<樻t!oXemq4G@8XQ~isFAR;lbđGQǺo{3gOѹ٢dlOp-N{})c)nJ9H3Ȣi޶7Nʧrp;k+`bHa|\nH1l)t kk`rfDJ %3}}Y F%'AS *44͂9~͉Is1LxOOT;h.6Zo.r7*=6M\XLtϚ@H=TlbImnO`*|uPo^iC:'49qdM 90N@Fe`m%5O)+~F!4.y 5^!~xUqm'令fhT|0GUOjǫ '5{EB\ҽ|$ oh ,{7#g<~8$ʆ:c.K+zZ ?G\uNF˻σLF1?!Wm#h<"?TK^(aUc =3'߰]˩r{-Jbwd+NEk^ GO^ٰe07?`[/۱/+´bY,/EN/j]T n{ rpɿ qmC+V '|YBUwxӧaW~8@wl|+Kqݦ$6=KZ8qm +V@ WeZ(V5É3!$Hg ~4Lm![^~C9;%nA8]jE9{]Z$=j:+G&J bk΄Lg^fߠ"f c4d?xwrF8f>vw X LWN)vtiH~l@ TE%x77(:6## 4 je#_;rʁpaFvB<*+.j푛=9|8Us@fE6l.('px4B,CQC瘣eퟂut9z#A4i`mA#c1Nl)o ?Wz,D4b q_SR p\~nK!'OP}սOQ\y8( b4hm^䳳YjJj]!cETB-moeI$+N{[as੽بRR/ޗ# O]MTȅU/&Q~,:/ȣCzZ0uuKM4Թ*ږ~*tpiۤ !gb'֡)%goYaO!UQY #cIrJpW&)}ۿx{e(N_.c9qGr`i_oYfq:F'KY.=LPrjhlQ{uWQ k^$l/7ҥ/ُ$!rC3vtĸѾnH|azW#ky.,SȰpˁ3| u@dnmW.cikbGˀY]|Cxfxɠhpk/C ytRJXauPc}^JtUsM/p˘5p?ވ8e܉lgAAk^Gn,}.2|f'@*LOYb%w"\&m nThtA Njvi:w^و l7œ13:TF:I*awU L:2(ºhhh`N[~,Z<16_sK} DZgHDFŻeӪᱲIbpkp5mk/XB" n{)4( d =׹+TRuD;*J5ԜOC ߫po! s'9q h^ K)7N0U z408S#lDr$8(rوҭ+F>;NPJ".nL 4nMȍ`Ͼu+x|ңtjQϫqr0gEQ(>/}H-Z225~B=Nڋ *}{(Af <8pj/]LM &RžCtfX6+KcGT\{G5_gd#~KY8,^Iպ&f)^m֊ñGT7T> 19*o)kwANkM4,'p"q ԓL{Fʌ-7&sK.q ;e_ΫZ9:CXs QDaW s%;@B}Ar#9EvWM̹ ^FPo\*Y_V%>hTl|#V3':0M4mddݝFwCm3DP.$i,6%pi9A] Eđʤ}lo}~l 5?R. 4cx ;\RW޸u!1=B9W9=/Aō}bJ͐!chRE:qg"W!n#/l0w}W+wϭ; #!#lj_kOtxq'MRyxZ5~l'ڳDSU-?$ed:-L븶,ϟ NMOs t3R3{nj&[65{ECꂦ(}Պx9@ՆE<nr5V{]O,,90(\'ǚS|@*t/|-^%R[g\Y#^yM1}KC YfBIzɤ q1=pGҍ uW88~n)p4tVg&]gBhv"M·ᡂRTpXM]((KikT_K?T[S2c0j&.l7i P-|`j{ja02(!3%Y5bm++W=ފC^69H%TvX"2t(< *Ml3'1{q{yE-K6Aqk [ LiOo%,#iJ3jhDw̦E8ٚtBTQݫIrS괟%Tr0q{࡬GUBn!nğ@E)s[@KH*|uQiK=,MK_-t=qDZzUL)A3h&s~߄%1f{Lb9w)a~$ax '*+6F8=sl:K-oRhty58,JݸZ⓬hT .srhiu@G* ʑq&B`ǯO;;DP4`?ƷaܾwXӐHyDqo/FR$x6$˂ (DE⤽Xq, Eyn _Sl]amxݼ|aGHma6_^cOf?fiV&!Z/N3Vj_#bP kp翍X cGFp!/ITw$E_*A'cOd⸗-Ք+agV󄌡;ev'-k ^) }Z>pHRJÆT?RX{z {w _e nrOQB]^ID "8q(*lf6d|A}@mYhHt#C f{7Xփ (`3ʽo'i8-oۺ P EljʓMؾ@* skTb7{iY|U"2NN2*+"72|tU۞)Qg]FQ#xz8CD u!(;'$jR:~H%.9'nKQ,K^~. tVTe\J. *$bGrhcI9^)U3;/ę=1bȗv46Ft7#ZS̼:f8ϼni3d*6v慏q?%i:ڃ[249\ĕ ERK;d=nq:x]H޲ZX "Շji11?p;XG9o!57gl섿_ y̻Fr:'ϫty`S!;|< !eBx$̱ID1 5yGnc  oc3?Lm Kn@1|ǟ\-x^Jj9ST@x;> ѶԞ<(~W J'ZE}LixI_ۄ,}O5 ^P;^?>ŧamzG$PH5zweNAa{6Z*̝ydM*{EOJ)lר;Ynowbmrres_U~^5 pvÕ$%iLʊ )? ._{S@e>>GQmpy @k.}bw`;2"zHpÀxΠ~r_\IԲmrqm`b+gwqHΜ~P֨ \RR$9N2ѯ% 4&^CuI]RQbA^&Wu:D YBID;h}mnTzt_̊zn&½ =2,<=|= Rz=x*R GKII,5p/#1.'A~j&G$.-8N$R5ǟ9܋2xx,sݿYFNXO4OC̫;6h<gS6 2ye? K|o )EEz`C lDykyW?(W:&[[]_[C2Cp[ؠ8% ?Ƃb6p2aנAF`wҼ&GCg.tW<D˗i`#l4B hT7z-3L!RD,S>K>WXPE^8TExe 2IK3蔏m}m?[9c Lsɡ1J=vrA [8 = 킂4w\B5:kt"kuS&5G_Dz+P!7R8y[w$e ϨB1އQocprFmiu#/P V))K7+8\P^8 ˪s,?#"QɵP>]( 97 gKX\T˸⩙W\9N\Wgkdëæm 6Әaw@٦6΃х?BgϿT1 e&h'&jΚwa?[u)vn{1F!-eŊKlTGaXG *秝{h 5f/\Ppr!G6w_tc 헐ཾiW͟6zF:Dg:-ֹB[rZL~XD\dna09'g XRMREb@xyrE@ׯ^۳AX ɸAc w~ځu/DC1ĿWj)cgLǑgi7B<{"Tn2A[ 9S[ƻ$m6oxm$_ ~䝨)6邼p?ֻ lUtnkL*] K^]y[Jc - E"g@˰2&pƯ+1%I(xFko*fH)YT{.ҺL X`fVxwIg;h+I>ޒIJe³=X'4u`NRR501q=F{v) $"27eKX.(9C#~k BP(O񢾿`K+a#(,D<\/eZ~_en'Lܩ(px"3LLJg{`|>C2ȩA2\wv*th6Iag[1)sd5)/ ݍ yq?H*? h3 uj2tOQCؚF T*TSod}졽@(_uNȋ3+cIm)&\ٌa+]a1n'VYAfHJ[^{hYf sZ_bT B݅w<DDEzxNe`l8WnaovR{zh(GEm kՐS\\wD ъ [m9Wxr+ɛFo/d_!.Z,m)mptX9}d8ɔOӥ 洂V!G O0d~#?;W6_ol*4 7WE#FHte8Ep6᥁g]'Y!=Qs[?Ml7>zQ_, 8:t1|b*},XYKZ6qW M344>XF[ş7XȔ$gš0sIƐ5^Y ֌"Vg [×M(dR,~q_šVZ6:* I~?= BeIq1Y#)/n2H E;΀! yT9~㒁FGo d$ҳ=5+;)Gs|0Y[F,¼f ,iQ|}z'9mheNPfζߤ(崷9$Wn\x{҂[[{\ T5 |KUvԋ&$vX7N`f3b#GFjƃiS g^2st1: EQjZ!5-YmBXV_M })M 6d'l(e%R9CT"0OpjE`Wm&pg$!fcӐlNJeDb,xxAcexE*ׯ;Sd4Jd@CN"94-u*& @%w9۴g$DR]rUt?4jG]+p9M7A^XO_6Ɗ\NzD.;.(wΏw@qG}2Ec{ROCw޲"* I+)%mto^'N6c憚L>uUQnR^/8|DVJpQYJG ?~3)X+7,|,\1OɌ9\/h38:g+ދ]>kuITq vz+(b9:?u~~?Ş&7_ߨ=pDZTV׈"K)Y }E"[@KċH3QB,fpFTBjwcB!?0O?;ԚH﫸{G:Rmts CڋDBdNP-\>;oe(tDTu=sMEW 2)~-E}O2SLC-Idף>in068 Ti*beޤ:?b6tFa zI?+đA֟D oU7`t[d!\t}3Rsi}kwmM|'ji,{_<%(>[k)'rcRN6[mb$z )=ORQxjd,jk sȜ1윪թ ˖E; Ҭn{+R׿N/0byjsυzCjF{DNtH goi?_` `?w`4$#-'B;={F,H툃, RO懖!Ō lE(:ء(e*'$^S'X64#h:)-N&/{7XgŮs0g}*zOHHMΰ')"j T'͜@0bL֠cGNWd(jf1˽Mqtz [{ޜ*5%%`pZ `/;{sȠK'IP< Gu칵 5LTl%}7bMBC4}.U 'PCV"\Mc܌́19k&fQsr>m~l ;IYiIQYI?>)0/JT0kw~@BŐs㝀8lEp3uD`[. K @]jEtv yiS"IpjrtJ/i3:{s&;:_cSW)bnze41@xm:YYΗ~;u,IVa=^pq0\ZVe4D27@h[eVi0s%eo.a0'A)v%x .I:vľ]&ڏ; +u[oLW(zvP)Lmh$2R:Jkl jjyZjlE^#eqjߵ0nW{EQCUjEc}c"z[IFMzizUbRZJVĴ E !_r'1 P.uur=CJ z;wޚVwRs쿏s! ߉=Ox6V?sH`Ʀ*d|lkZV|ksVq A7;. ]ݢx혌kwخɃaӜ< ip0z=_نWU /[̒aiJ ġd*״8q L`$F)2U OM W7 f?Sj9 N CM!Yǎ2}0gĕ̺bxA| Odz9Srrp/k.PsCi\u;'̋@p} ǐ5~:4cƒ'U}x:uh#*Cķ$1Y9cJW&hw[m@)ڑL@YZƞ=3OD Rn A}tE7%/q"&lj_,6v'rWBEtCD7ôN^I Aw}@f|3gZKw½A[ x[<[: |X_qo ˉV?Tvnfu. |@,cxo'-DC^Qi]޸#74wYяlIuyz`z~ET+LR<=;eyHsp'k4iS\^ g`NU;Λ=^_0til(S?wP2e4P'>Dx:hf0n]B%cy̑au~ǒvOGĦ ([ Y]!G w jʳ_E7i![6Ŗ2BJh4k r8 ީ}R:ƱLv֜IGE,; !Xhcqؚ#]MXre6Dȫ_5y9sbBp05 &dԅ' yh)\f8ٮ02ŋ^)ʹ< :GZlL/&JFVq3"8Vfgs+ewGLɲO Ҟ3_ORuwsa|XUO:|BOcVBk65(m7SUwD`Vإr\@v hD5Wq/m{P &8`!q}e*$lCڼ <;]CDm#X54SFIi\N,v,|j}*|J}<xkgZ/z"D[!R#t&|2YGu5l?)Lכ8l*@Ŵ~4OʷX t\~ˬУGB:HXM^TJ%b66{gPHU(Xhua *#'.T]P<,-MZ77O|t.;.l#hd'ķwϪhvV#p-,J;*B(*ʁ(CBLdǂv(2:8Ѡ[OC}Y-?,¨ȔduW8b3ZT%_ Ч0>AA7%{h6Aڎj]p6{\Sje==nkjQޫP=(tIIŸ+o[P6$FM=Ή_I[)iT  \Ė6>Rn߼Ч!ԛ2qEbq%|'50#_5&:aȀcqFQ)k 3#~6P`@/o f1&Z$%dTwxM"tf XPN- "1 ZQ)|F3f" AW`'zdZzH|bى*u wqMD4yM5k$ 'MeˉΎ`'V m9w!wuZƧ{9';qa4iЦePU=QE)=Z9PptS{> NMf|G&:Z{ҔNB{>Cd=NBGR11 c| lh ^]LE!>/أt}o#&z<VorkyW} LvU]Pdg.~=s6ȁs1Ax)hZ#֬c1&ƹjpOXH*VI(i> 99.y ?H+7u8͙4q-1%P8].7XڰS\-0o(1&B%ѷy\M-*;|ݙGlXU1 Jmk\(U%p%b%r;`̬'VJ b#;_]vW.ݟ,#F{iG C&+}NDfLQ-P/ws|{k%15Fz.6$mɎBlBa`e GY4B0O,Tn56yd*\;1yIP! &3caRC~S d kK@jrfO!RK6 gSV(^@4%kK%KcPPrTR|cӖpnKmʨ^HI4Inݾkybtx^-G.T@f'5 ]ps{*%l40 .]ĥ܄QHV %Dh=򙞚M[ſ u&R&9(HӯSmj wwF;qՔxK~}v8 ۱`bnV@ǔkB2h PX@t&|C ƌWbpCN dC)墔r[ LO#5P"tV=x/xU q &'"ěo7Zw5,nGyx:GTpp-V^<j%MlY>!~C'f汕Jvy4IGKO2sAQ7͌vlTۛF(e µ[xo'gUe>J?3E VɎa5q YmFwN|sLaQ$MDV{~k2/A[:PMiqS3ckWuѳ^ģuN`P `7Yi;qs>D݀|rx׋$kZfМ^fmfIwX/vV|3lr;mF?n>}JDG&-IۯGެ]k.L~aGu#+ a 9 ='kr&>s[9uxAjΊ'$~y(pw TȹdVIL"'6aKOxY<=X 5u׺;w\[zqra7?yPf>1#U(B Rdx:-ZT;BFG&JPC`Vj·3g XDhGYz@ޖ/JCȼO-[W2q)r`6r J ۯbGeW kxvݣ/GߋSH_PӈLcg ;!H܌ե:`5AzkkHSE2'f l:tk2͘MYCrġJV:};ccb5YYn iWFua,yiԌ_>?ᢚF!ݪߕla4դL `{n9 ˇPl4̣.^#D5[Gf"i""eĖ}4igw)ջ/:-+G{q od2Fi1-xVoAmoGCerw  ^/*~j͑5?Gii[ik D<ꥎ%(*"ohiğcQj`"32q5/ *T=$Є[KW\pnpJ71%%߄8Sj\IFx…gh7Xӿ'x"-PŘ(_oo}+\8E b*/)t+/]1p/Ʒꤻ+1ؘFZ^VfU9nFA6k0`F |=&DlRFf;;À j#6v$+%l057l;{WDXvsbwzxjGq̑;%gK6^GKDWN;:IP{Js>;uP\gmT*Mիmp.!f,C ,=ax5u/\W˄dGdo³-l0EwBe`wxŕ ׅ!}}&^WdcD} # D#fN(Y_\De3Bn'`p<)_neqt m/u>>rp9>fe23&sw\^v9v~t0x,%Jz /.L?L}YY$5 eIǸih?r y$mA/1Pvjc3Zc"KPurj~Qm 0$yOp$K ;` Xk)?㎓&3 猞pLe2TԺҳXAKlC1oĵR\i3)OųΜ{A ߃}2_DY([ @KfÉwT~W5oVЪҚޖ!}VTFP1at~]r>-; v*ńG1bߓ@@^3BM /˲ p:4_7&Y<+oM':P+cj] ft [L l""A/ aSR^(Q ' ȻL%!ЮFy:/*:xpQz)q { Y37xToO6LcD|]T@+b +J®IܓT.lH1b˚@mԟO5 |[9-m%ISa(f㛡>8!E[Yw0uLm-C_+qz˯m̕Ş-O|j'c@}ezߊ/HVfLZfIv \IE}lL('M54_s6ǀdT(q7.OH(l4 _ Z\E!ڂh~{;P)tS)Pt)eP:&DNhe'Yj[ ~{E?([6/< im !M,VyK^ٷ p>sLt b7&sɏ!۽?Vl̮z5.}(:Ye>M`hmU܇JHӯ-0Yys4ő+B'Egf}QMJMHKͻ[QA75h; m"Wҋ+q׻+/ZH$@ge3+An5rUǢ3m#iSRad<79 )(4+V!0٣+H/XbbK**x <>ۏEKM}S>i~(Lm(N%0NC.VW>B0^9iFf}_5#TUX-$#EtX<؅9ogU%ƇG;$8E4d'ہ8 *[pr㷐O~O?7Nk`$cev,G= t G]F^FDy563> hXhar$'S j?s.E@),>N3բG0Ϳ#TiځPOqIm,KW 09nG=r잔6OV'O:8n W,+[owi)$k*dV@)2ݼ٤#G\P[?8,5&ACҹz(4dA- qX$C({v!sfQYKb6pY#3Fbg0+fg;S~脮8a)z~9'D?k`^ ΋}>gKu愀%+fR/я#ҟ0'%+-vk?H4M–!e,9l}(EG%̉ڿL."0_jïi/bCDKABbMLW/r(r}`u2m!&{'S4|kba]#`rn+MN v#ۯ0I:??X\9(uO43WAzZ#Ñ/@rA-5~;*j/N{aԘ#F2p(Ms|ђj[cq,7 I?"9=d ޙL=ޛdS=VosCrG׻1m]⵩E|֥ ~/Ryx}$n]ɤ;~Y `(]Rz8}Z2N)pNOu\521{4br-r~w?ux9PM pj-"04%_].TiH3z;a|3EMS^oVWXdd$`䞬(׼n]wwK)2h(p< a+. ۵mgd#PY{ %7>)zԲeg/sEh%h I,4塘al&ZVfRN$!zMXDLUD>bJtL>EiZB{sWvtynfGLi]xfP(Yt+%#+K+6G7D0i%W] RV t9djcG߈0;=-y֮JxtG(r'^5%-Ng -_*ԿL"AeHNv0_J7PLiCptw1c:}dC1Y, ~O C]8Y .@}*m.c%C.z{P1.|2m=`OJ: S7|4˖tC3xdc5z3mҠx!$k/{I8=_jM!ހbYB@r?rbGUTF@CPN )[ɵl?Cb(|uICN.:xp \L&vbzY3Rl[p7nf051ئE qFtq!5`ƮOA׸/Ӌٱy &/ ^?1q,@| Swoo[uCCk%cnlʰe#9%Vy}?b̒^[ybӪ}v<l<,A%OAml@;"V+? u7EI6b_"nFҶdJSyvg((mqWYRM1Ҥk\-[bɛ `ȷ~zХ[E |Hz 2Zŀj3p*,YA {R-8CK.eL"y enM0zK9 /?@q^rgjL?c>Hj~X{ BW ~{UӒzi{ٷҏѫ˜73{Wj ЃrT :-8Jx@ .рA9pTkv7q6cUt ̵MG 2I4u 78۶Ko u>6B{!6R` `dxh-2$~~m>IO,",iN#p>ۣ5baucd*CQRbm}]ygHa#}wqn3J'E{+h#SY6}ch(&+^Q(L$>l~G`_;$ugќs8´ER%vT]s#J_<"G|9>\nk p &^=O$ gƤ%HC:^葧YqRV5ܲ" p"piњ妪Zp?,+?UI?To=|M2: ET{V%fG,7-6O1ӂA~.V6Qu~m5}qCb=nڷפ |  t]#THID7K L7vu]dS\ghY#'+xo/:!R&f\j 6@Q_m}}qe:;뵇D>ִ@QBmG/Q`iyX#t89, |&j Ѝ-{DRI[w P|VX,{,OIV7< b]ê߈Q:fuadFfMM8 !/T'<.(!rVL>H27 u?ݥP hTЊ⯢F@R1ͿPKUyj{2Ґim]HMVɤ4Kay-NE9Gs=axm>DZ*j2ɼثIyX[3_x>at)7rE՚20@AINdg2>z#ǩmyHjHs*Eqea=K5Ş PHLYA %)>-,E4sI䏴8O+b)'J%@+]`**&ChI`K>L ǯ _I\C#D&NqnwG.Ң`?Gߔ&G'\}|,[7V/Œucܹ( +XF izחIZ}zO,[Ӓ'>T@+N.Ϭrg33#vU5j'jn3զg/6p`=F1`%11ĝ, }':62>F(d8GEҷnĵJ;M~FpQGwtcJlIVȱutJӐΡz /q2NRϕ?М73~nA|'8B9tWqhD6ɨD C0f#-wD%BwV>iz6"M&zrd`}N<$黉~GV1O^bѲ]',6uhg>U Tv#yq7ki@9^FK8оbL*럚,Zv^ӊXrë9D ^mޒʲ6;]ԙz,jQ!].C001HRɢ`+^0[Pi0EN9;o qLbf+ E4PHAhZ,?ICg[іo/?8B|Ov}CN:~XÕ+7JLWtLϓ-&<3j.}eOuApg}_UGSs_r|\E";$|}>( 2^^N&DI>, ػ*7*6")`܆\!`/adNd [^d @ qaܐű P*. Q)L"+Wa2h߳g|4J<~v{ `0h;*>V#Mv/z*o#a|d܋hKdIQv 2C#&~nv\'rMIƒ"14>b7 )@Xo?hO~xz(Վp^+6 y ; q?y/Sf!2<9*:K8 ie\ D{(d ÷ Lw2P ӅVYn_{&$ e%툈6X1K^_sI e4 L nIwc^¾#DO`4$RzZJ̜ȅD( >ki`$bcwLRf}8ǭ@8.!:GU@]>qlE c{kB&oYM.-H)#ǃN]Bch3-d`"d7aI[Q35ae~k۠t> u{э;Ga鏧cxk zy7hDZk4EJ զ[.{ arh \.I$=o5Tc0.& ^u=Q~=g SjluME)E(`bSH~2zP_6PZD$B8vh?^tMIЈ2U`F9]9C5g^0}5-3? .~aT2R#39Ьys_nfhɿ)+wwԒ 0|'sy ,ͭ5ƒN6 9e tV ¾[ z;8Z$RHMW`Z2-Q`2#^z?7(vȰf'yJkay R 18RXOm,ha \$dy]o0ʇUK3/qD7v90C@rnJ>Tz41LxS3圞j;-v;|cKA6նdD6Z,0P r{IܺةPt?>qd-9!fJOv;X0Ke?T?zU߀ΖLe[ۤcU$6k!q$ķ%-؀&>kPS+\k쬸$D[_N#dѷur.McAF;E+Bavdv0h5a%Kgz"e䇇F\&c뉬Ek#3JhvOڏ ^M h^JotA)k<{.oqBC4.tZhmt*<37Zv'卑%dCFʟæ1>φ̬z=gS yvEw<TdxjPUF |?;jyO1Bqz<+` tx]|>jh C<@oFJf#)Ħ9a>hPWu$"g~j gIZxe `:㬟)z;s^8Qa#ȣYd]*j jx?P%t4!qK{StC23NμBP$¥ZIj)\ԗ|;ccs 0}R{8ŔS@D4I\s cIy,Sþmą8D>k;h8 xϢ;9*qϋ- %."g4&>fA)W攕&ib7ZTX"a2IYX es<;Uq,cN\"~Dĺ-a:AdEDz | } G߿ 2[ԭq+ xFT T߿䗃5cTL)S>/ ~ $K%')=VmO|29BJy.8}~+FG3[BdSg#18$*i&z̏W[x<jskZ&" ޞ,>3iƾ(t н 'ZJVZO fWoѾ/A3>X:3ە^jErO  im0ZY 7^fO`rVRǰ9"gksJiq@ܿÝPJ쟞K%[\@4-2ꁊh S(D1#G>?|+Zfאm:T!xceע9t9Bԃv*ܩiQ9(g zhհ4O6c.+1Ey \,0H yJsО o㴔ÍXy]!X 69i>|/ fwC2Vg{'(d9 B#Bj@jj-0򜄃-.]Z*ѕ˕ew'@̸T@or3SGBC-F夠Eubr.+x(GHi$QـA~TRu)~T͍-G wTfĔG'[t|BVb62[g&Sᑈ?HD&];4";/GYwdu jޥ)_,>iJmC1I,P$!z-4лzIR_3ZӐM};8(6븆DB%-ys큷V zX5ItʊU#fvqW-cWR0*k#0M"ۂ-g/@*I y)[~$m ꖢX| r&J,_ 〠A=?x !h f Ow3xI6 P'ٕ^L.@IG[T1~/R77K&҃$-V{tAZuPWGyFۆ~O8Ɇ6l1oifl0%kFvx\t%=g ws6@[JWF_x2"ܧW3ӿFIozczeF,td=f\RiX;"&̭E>%)UT ܇YvgJd=ƅT XR+}w=`ȹS$"hSKDz$,ȴ:l);49y!KjBD4ō#k~ %#eDnWqv%v`25zJ"T1L\/ifnc0Et}+@V'߶3O愷a@J۔ n}F5B8CI6Az|2CQƱu KZr0rBdK~@aԓ@3bćKi nL := cghW6X9qG|wj'. ·T+қ2r+Hv|W/'V+{a=yVp>VcN|יv?WUݓRUIl`OJ:'ɎAFV{^ɶ"K8KxQ'7C(}8 `Dд0Jʐgsuؖ` ޺:[jZm,H~ _ڤ=}B/m҅_Ӛ F~R«zތM~4&֌{tk\=dyYJu!dѣ"-ʍiruF.^ѣ V2TIP 悸 6BQu}$:ى\]k&dvfeVPN<<(E)nuUk9U_!Inb7Z&{EBU#ij6W }~c;UOR\{mKkr__"w"8QصBR(}7#yD%V'2MC>b39$jԧj&9ᯖEuI_&mK$Of`Li_6@%ldS]D+qmR@zZ<-92h(e) ?9Bv:x Z`]W=|W;vk4׽7[fz["킉Vȫ/042 g៵ HhnuޘePͲ{R*Z.F:'5Za-_;]W~ܢ0Csj¾-d땛9ֱ{aAFxu_.W̢#xMc/|pv) gj@ڽ P8Ӳ7s$7NNy ϯ.c|4IL?O$O  EFTWbc\Ul|K@mؖ;Dr`%@঱QV!]9?ْ*$HoTGGC6-ΤPXGhL~NʈA >X>\NJԱXZ!=ӻp}yh!COS&Y)5]_#[@V%?\3 a8<7dCK V@bŴz8+=v>L#k FSH )!!NR'%)M&l oc]P2YCAqeOGN98X1&4C"ͪ_unH.찗h:~‰Z\ɌRrp V܁=lbA_Li &4=K#L6bDesP0L hj&uQI5|m쾼Q{/N?F֟cgmn.Y}. ] YI/?AQH+Z؝y_b]xaB.RlUPY{_k;|HLnU2CUl0Ú."X;Ʋ(L'iBlK]P$nOW!b+$xD@~dHR5Vm%╈WYL3$ ul( )`8|IYzuj\:FoGXSX4Q=ЂэbY>}qq+wL]s`\8Fgp?#~ŭv mb i2b'mǾcPp\a1*J$߰(e4&nf*)>l B76Ӕ:qpi BU Bj&#Ѹ9#;s ]ښcʌ5qHH{$J-PJ3|O#@mVEraO"~R+ikQֆ5@U=D[5#a+;T$Uw=~ZS10+Wg}TU|."o; V3X|4^Μwi!>^wp/Bg]2"7*"HJR9Mm}#]쀕Z3,p5KBjwȽwOL,:NlAj.lT 2^{) K4tRʯ7IyQu`~vvJ`J3~R8!}N4NYqBlsVjof:ZL+BbG' P"Z'e.skmHvk'7 IZ+P|ҕ=e,HSKx $+_}QPeoγi'u3D`1cs=")8hdk&B9u 7ѰdPac$" bstA-"YyH$ 5//vEk mz)ݠm4Ь͚S T"2/;>;:Ӎ(gu7 }( q펢j r\1M`Wzvsfnzƕ{ao}RD(9WP<$v\ztx0A?ޞn7RUƞO,;RXPS]bߠ[s6vx:ɥJ=Qv(Gos$ IzCp҅w!F'_[OI  JB% R[|'ݨ=V"dRrUڕb $KrCunJ\ Wmq-⚗Sөa b6B̚$[EA}R4z GĻnّG8<{H|~ϿMd&b 1gkO,GΌ9PV ,pۇ*5yv@=iBl6=+D:jZyQ3 ;[OARtvϤ(~};q9Y-q0`|ǿ*Y!n<} Q 6ò=>}2fNh՝֢mi0UdžVG=$I( 9-ߔh4T-;JKY7?d+Q`\CS)Pm<|#NM+yUAUQZcC*gpCǸQW5q;192[hA(^ 7k*l3ZCK({n>d]OkpcװasRvؽ(/_X#CAmzv*᝚xBo1-C \TC*CAfkDTw](#(-TyBKǽDJid:ZETmNKW#7힗HsV)6//VfTӁ4 >?n86%aig.f頑_EpNY,|k%#EL7j Pa`vAax_~@ۚ -_d')OsSdN7 Pc-ɶ^cz{H<1v-fp(ѓvdPڭ`[99s ɱv<)n4߶c}X܈YҼ"*ńJ׸tɤ0 a¸M9;A }7>+Of.YEPHs?)Kb3ey5@, o?,/#։ڎDp!Zu|RXV?kcNwYV)vk_E8i~E$-R&l!w0SKA" eH43'`w-"8 zCZ~dD(O})^>fRwjƬAg#v[d38goLor{GlV6ۨ01̨jIBG;5x [Q4̻H-wBi%q}LEGBLMj/4ѠN0x ]wW&4snZdRsWzLea:8C쨘! _ojgb-m8H>k+ Q߂^K\0:ro10v%}C x{xD`u# &FOqw|јtA]!P29u?(,H];?(Ȑ'_mzD_]m+O!N"nl8g/5:J Ov=SҖZ>M+E[ORE.=VdI軼Xa{7tev^ޚZ6H ˂*WoYh.D<Էy:WЛ1*$9IyQ|Bi'xj?[NcOۄ5ID:DK՗X#'^BO,ex|yv>:fwos{ hi f#!I|ί_+Ď>" \x)pfG ^^(A5F<ϼyw,y6d)`$DRoet`E 7RVwZ@;SYBZܒ"/3y-gDD9XTVY\&j:gT DK^7 ^mZ($0fhU,󞭷{+=A 'uJc (7vd9I`sZՅwL V 6@9i¸.S:5FѬx5q$_ݷMK1t1FӶɟa{33w spL5"nHie*v]rZ;3 4Q-i鏀XchRn4(#!w&tQBkq$L!-" Ow[N/Wȫ7`2_&wxŞύsN;ڑ_O:^0~abqVY–bPڬKHZmda|K$3Jnnϯ4mU^UDdFM ,z6?i6}K6YWܣq gq~.eZ3xh7T纋lKY,]B8vOJ(;X؋ߠGI5~aS,?bUtVP]_(5*h$rVY۲ w,bȬX541^NұY=}alHz=6W|wqإLR֣9/ &ή;n-gN㚟hdJlwYh c|h{a`ɚ]m&Yb!U z B߅4n޴qu25yZ!TLX"t3 `@݄phKEONی/_99BzA _wۨ?,vf|O`}g1qA[\tJ+2I~vK'#4& ԣ:_M%_eE #Vf;=ahY|<%3ݸz@OnxF(>=>;>'7kJdho\},{0p?!{yZZ xs/y|CzG/a8 Ca^$ y0.H^TBщ HQ{džѤ@tEy%bp9vR)zfROkq]GZar-iH94mXa|%@{4wـڬν؀lCz28P5!H#7 g1ev;nʽ\16ʚtFGtf+j6;ow CYw;sKtٿLEu`wC}6|a)кdTk1ʚ N0PIm)r=6_ Qsc$#IđH*,ƽ}.T[ %HxMV6#Eh{-|.9)[1b[*^I'o)yE렐n[I@{Pcnj}A1sm3."Ju IH?cZN<`mcjl\ڿ'}LR,s։:sUpC.mp9CҽY.":mn+u1]3˿3Ҡ7uK廬Q)jKNHCw3|EY ԪѬ ʁwdypO/֩Ī]qt]-$W'P@#̱@'+"f6ć.]p8h5T12X'Nk.kaɥRH+ xMM촢-eWlbm"E6\drkn ȵnh>:dbQXnq!:!؝;&V̸u#oyTr $ \MOU22 bV|RYK*dbT-8Ū95R tXflU>~)];= ow=Ed<[a῕1SK٧+Ol=so?.j6DMuSU%=)rZ^xtO#.Z|:j}]삜~۳o)ʕ5䄢ʓ'4m2#۳~;v⪳ˊ<9=X%N,1>Z-a D3CPQ5Q: ey aIMvgEWXdːU!s[GzzJ>HD{i8iE0LI}Au$P _Hl3 r=5V?hS&#Umrg2u[ҷ? mtt^1DmMM-WR6?*v'rB]Wd(Sɚ`|qT1y|˥=Ǹϗթ :c](߀@)*==_d $.\> ^ F)Ɏww #7|'4ӛoDꃄTf3u1 \Z_kn ƵX;z6wW(faA ]ܹR({T\=ݲ/P"H$gP9)T~*E,8FryD_0 @ LgG$2QG,C/K$끰ZV~i[I炂nGNv0HCCԫ{i`|uᄣBs W)Ӥ4&LrwCM.iGVU%UrYڝ?,I3_%nCY@!:hrMV3h=zT8s(,;ǧ> P3r1Pb,{,e`=>dZTeSsɑ=>^u2cP'6ac6%섺iE zG]{!0Yg" BS\]KP' '_%kR3˨''ڪ%L ِ֔%nzkbsGUN!9k7ijmҖg2 <%[|EȒ=؁-&; go_x?YJV3q(]l9ETZeXD{!`Ĕ]X +UhPEba 3f[3!6{cy}`fj㫑,g*gi6ٗoSZ!՗[Oc45xio1WHT %t:SehꚴGJ̲|?߲#Dց=́uPH(8:hS i3M>epm\_q:*ߡQemJS=%C"nmסǦ?|ffjHQ3i'^_6g1$q87$F}8@FNґjћ-w$nM>謳˄in67no,DCogc-Irش{G%RDmNN eKƎT16=xX;lr M9&1 K lѓn\%I/":އ'X'YZ {Q#qVK^Aݰfa,f썏T+ڵ h'd8FqXc`#A;^i'c1Vp<]Cā\Qڀ3)]‡jDZ  v_{ _EL zBAyN+wEYR随Zׅy)6!8ŰzBm!i9cjia?N*C léЎ1C=]^wLC{T%̰pRs= qN\U>XVCWec({7TpًALs&UIUmqUW7QSzKMGx+Р,}g-v)9>=w1Ƴ= 3 {gIFQeNJ\b"INꇦ!EqVb+p>o;7WpȽ5*AP]"NCVM;aJ\E p;6Ea^)J8EC{jKO-SrtTaʹYr -<H&J ҫ(#t>XMH"k0qZa{Hm9hj.]} d)$:E'QX7pT9Gac܈/EUWuk HW9aN9-Gc]ˇg@/mD& OQQZ `q~^)&M#91qw8{NGBݨ*,bQǽ @-jNU|ս tpzPPww˝!>9YcP Cqm/82,6uOoPU C@'ٖ #H`\}nu"-Sv7lsLB+t GlI|R*('L\R[Uv/VX~sW9\{GSKkޒ;#Xz@yy&_~پ@/y0jDΊ޷oxWum\D|AY/.PA~B=d,v\UL\x4O9CUj ڣLu0qBF.1H=ҵLw/]l31G?vBguG'MIfX xW1$ svŹƾSˑmD`CXQZ{aM.I'@10-DO }f #7LT%d1@(.0ߪVA^d<؋h6g?+0aPB "wM4ZtJ|(sѣ/b CÎ`<FM%V]C ͨŶ?C4eF7Xб۩h aw8t-GЬ7ThBEI29KRN fF8kXA}0+&#%Tnlڷ\>raQv:RS֝('*XidӂDsMa H;;4]\9̌} (PsJJR^D%=ѫQJ; fA}RH4g(JlitLiP1 ڲh,9ԜӥxfLHOˆU04 BXMc!ZS2>AgYᄨA|[Feo'yB[}.FKDy403YHNGI~w~aրB&1+Č<|YڵT8-  ]|q^OVАre@Aɣ:ՓO5{e~zo qcUJo69 :ľNDݿ$0}裷ZPV="LOI?Vϩe"I3N3rOIׅ8\L҃17gPDӥlxSc4Vk*ex"m[|b6`85t .;4/MBp&MM: 8ZKRY&-lb)YR<d-cr$4+ AGTl8#!if:]{Z_^kH,ҽ rs ֕_c]V|,ǵOFNn.Ȯ GDW)WG;A譑>i (-=Dcv"4arG #q Joj O*S4w07⳴!% ^M>*UDn cBAEؚ~gwFh Y1.a>z"&wIླྀ ? TFuޠm}luZ_'-篪Tҏ'D!:[(e~z,9`T~51Vֲ߫pcmٙ˽$p; W8 w GHٵDηDH$lZ63g]\|~@D +LJNw\~`QT"wz42 ;W X)F"eK6r`IOb{X_CdMam:6ʩ{c".þ[0?¾Ï6PtuݑΨ6bBRR8{'zLF3<^ i}UރB{zZ!8t&b^QӝL=b*jQcAgύ?5-8܌I/\V~Q"_7c*w_c4{,BQɆ;9̽.TNʁ IudXޔ)ScU{ U SrpnMi,pAI^$;&&cI"mݣC{]mqk\(a9U>7}𱳋Y248lOAR*|`AFXP6{:mpƉx\[ YEiʞaKQ3!Gw8c7,P&$@Te@HAL}mu0\ig:L :ޔQϥD|+ƍQ)\$˱>]>;p7LO͂E> ~3 Mo5 uiuzg150!lS0#l 4HZ?X)tÉE՚ 8key, A]x*20" Q[5< pXG?n:L@`3~Տe.[tpoȁr6Ԟ9 ?j_aZ!ʿ7 un(imz2r zЌ'el#."KV: :aH&8zdIn]0>z_GP~l-,gKOlJ2AWy'\ӯȕP3?|^X 1{bD6~JJmPJ`:*Tݝ-eBC |][K .Sl˔˽]<]b[{#`F7n]?ݿN낆{u{˜pU'l)yZZR#h~ojFښ5D0ޮڻY„FT(lO?)% D&7XY= UҸiqpmL"@VKc$}2yku(rv21o e-9j_\ F9(l-?t~$Y7. fAbsL?R,ne=`| hxb¡GG $ma`9 Kq>rDX%r n+$H6"Oj]NS{eI<+_X6cᵹ{roRytUEQj3ٲWZ; |a~'y›~,r, / HG/Si'[/Pb4bA#^h&(F*]h)y>S%]NZ,)QI<^%X|lKo"XDK~͂SQМq~znӉK ^>bn,V㙩S+`IRƊLXqP+^On~ E~w9Z7.JI.9ht84̐uK.,NC9p ΃.W ᳅IGl= St[E}(q#l5` TSh}NL i00i40Vz*@Q|NxiZ/_8ajT'iROgN>X4gl5Z[?"ɓ>_vſ;mLjx5LX/\!P9CZu5 QCbz;VS7Z'*HzFѢDFvN|~=M-zXaL9ٺcVikܓ7ɛ5E e(;'d qDHGT:^Qۢ;WZoET0oG܏Fc_ F}ybf ܢjtbϧ[&q^~)  lLqxA!)#ʙBk S{|@5Gt5FX//h~&Fݩ^RK%j&Ki :'~*k3]˪|UQ_/FYk[5'/+X)kDU˴\B׿Ѿ-> "vX!gu ׶|y Bi,V6 ϵf̓sQ3)C-iȽJis׎]pC YΡT!{·gYy;X] xv%wT=t2 n ]9\]w4y[Dq!_\ E?r%3/&# Q)wڄ5|J'ŷ!I-n0ӾOavs˰خ~д$trB 3-+k+`X;'ueR{y ߝAd/[<)oO{uKO&z@ S&r~xWDk'#55J k_/AOu)gLIBcZQGő4QՖT%r&@t٤Dcp{0s 6BfuJt׶d~.} tqiR͞em!(k U9}9a &ן0+R.Q?'qpˡTXɡR}(N!;%k.a[a A/ֶE"|Al-+{dtOPCs^E$ȏ5)~ p ͧr^|TY9"@pʪ{>:L:$wijr3B3e7@]~݌IQ/{ *K71oCuC+ot2{0F (6Txv?J{Fw)ڦ:G$I]CIƹ j0я ϸp< V 0on癉<.b36i ZLh`&{^ z,EJV 9GmfL _ 0.{ٟ3UTuRbpZ?/a|]esHtH7 s{+uԛ upk9cZ^.ʤFuN6:̑![Yi޴A#!QQʾL'lx?yt5MgvE0p:I/+,m-5qeKw ٽiR!BZj`ӋT3jmPBAѤe)*R&#݅A1d9M'Z\k}B68nJYAť$w^:h3,>Yi(P0䫄|7Z@>J(1wO~1.c39-^OdE [꫿D[bzeJ*R*nAvVޭ}/#9򲴕5\`{gĽSu_&%_:LE7:J}qJÙ@dDHx)bU2o̓@VvYtsa4O}'#جG"Vwێ|SO߱BX2'@ݙoQ9wU6.KfkϦ;K}yv$[7+kp{*~ :\[#8iY*~_ SMk0MySI!$ۻڣD$Q%eB0=ܲxb~]/K8B֟ZbZ+>CD'+]ޥ&eё iGW=_)P"(< T)wz^kR.Zmz8cN8A\Ϲ.ZBnn#}?¤VFu"r8y3$b-EyX0ʴ~`d񳎢\9CؖkA)DDlDj}׶y Iws҆ o?KH8jyݴj?5TA+t.tO/1=8ɳ}nW$!֋mnיoU_Y 0`[5䅨9)Z}g:io]pkSoh7D\sQ֋ࢶBJkD6k@X3 7_oGa4:la7s,=֩ais;m*\6z&bPa/f^s # |ֻ]S<`)q6Aniby\7p_Rd'f/la 36DTl1͵KbZϙ; 5Gy@?N2‘EvaxLGݤsdYn]]f/(%8 ud2^bug@lk~&UtMu(jN$ Pr̢ei7*lm0|Nkn*Yll v+!RZVκ3L&8{D-t6.ADTt6Ϝ$Aq)$̣ǰ_3sySP?cS,{PNq mL|F ٭@>QĬWp\iQF ~EMC{"<&$L#1}0E54ĆԎH^\i>"1 ,*A{u#FyĤ ڨT̀IB tT m5~^ak&=@ zc[[I$hyS^y t:ihB}CTLS^˹F> C "xki*JCUITx!E^7HS(FE03A: hIp'sad5-I 1R%1_4$5 O Bx6ٷ \"Y]=N}:B, @J#Պt? jpTgxS\weEa#He6E6wUOЭ Vx`,c MMF^9eO{H:΀/=JJ\^ЈW:Ck`yRFIu<|[*'m]? 02HFFEfD"jeaŒ"b%~ "Nmy$zYA>~N6(jX!ѻjq]\~Ƃh\[ݥI la=@'3S|EjMSn nKt A ອ5=1jlZml[Nrj,n]mf"A~qڙblx@%CHND5R>T<1 hL&~Awоk*a!?`4[ 'pP _)¨" ]7CS Ĵ0N/'@/Y{1Fҙ(!<c)'wW%(~z5c1[a"$@1zZ)~8LqwJ*4qdWb"$aHuT^Y5o*90 6[#d-;RdkLaZgv1НPf-'.vKVUQ͙ÓNg,<7hШn¿ ˆid@O[u˻JE l}Psp ppJrрS1hQZ6"uնieG'>_"=* ,2DECL `|| ?&KUkZKLm7[PPN 2(թuyqv>'!W5J x5AKȎrxUqtKL*op_ua8ZbWcȽ}jJFҴT n]&ه7ѩT1|rZ$oS4'>lBL!\фI_B!k5:ث7R/{JK ^}S.,ŁmQAi ku随4BI:uF˗WA/sUm>2JumӡԽux#55tԒjG}i1KpaSwa%"nquY,)6a<wTS: R0U8e8MHTUd`*1xkJ$dO\꯯f][ot?θ#|nCnjvy{UHw"ƵODO,Mvmz} Y`vdM|;vw3jL;YmaRX}U)s_p'J('/{O6GᮻWX)%uV)~)9pdDpjjq{ c0塹~̻() `vZaji@ 7F~fYaVE/;z+F84A28ڽ# 