������samba-python3-4.15.13+git.710.7032820fcd-150400.3.34.2��������������������������������������������<���>�������,���������������������������������������������������u�����ep9|����Ը�L�A�&�LE[
N�C+ml8�czIp8̗�GjQ�7�%'w4�rQCzM`~{zi]p5}(B�&u�jKm-h«�=E�FҊx�oHRɪ!>�p;/�"Aɪ{v��,="w�Ih�P]��w�!l`���>��#o�@H
�cOO��߶��!BAűsDϠ77w���>��������������������>��L���?������<�������d����������������������������������������������������+���������� ���9���������� ���Q�������������������������������������������������������������������������������������6��������������G���������� ���]��������������z���������������������������������������������������������0������ �������x������
���������������������P�������������{������
������}X����������������������������������������P������������������������������������������@����������������������������������(��������������8������$�������9������`�������:������k�������F�������������G������������H������x������I��������������X��������������Y��������������\��������������]������ ������^������(
�������b������+�������c������,R�������d������,�������e������,�������f������,�������l������,�������u������,������v������3���L���w������[������x������bd������y������h���z���z����������������������������������������������������������8����C�samba-python3�4.15.13+git.710.7032820fcd�150400.3.34.2�Samba Python3 libraries�The samba-python3 package contains the Python libraries needed by programs
that use SMB, RPC and other Samba provided protocols in Python3 programs.���eh04-armsrv1��r#SUSE Linux Enterprise 15�SUSE LLC �GPL-3.0-or-later�https://www.suse.com/�Development/Libraries/Python�https://www.samba.org/�linux�aarch64��������2z��
���`���h���h���[���:������������������!H���8�������8��4���/��P��H����A@��c8��
@�����Q0��-���I�����!����`��!`���������?P���P����1��
�����`��P��0���������������-��.x� ���7���P��o�� +��7��;��H���p�� ����������Sd��p���O����x��@���/���\��P��
���������������2������'���h��#v���*������Vx��
p��o��� ,�����.��������,��n��0-��W��6���M������`�����$��%D������9������
���8������&���S��e ��y���k��+�������ؔ����%���4��Q��[h����m��
N�����@���9���c�������/?���������$���E��l��]���������p���x��������
������
)���������0��H������/�������f���0���0��� ��
����'�� >���X�����!0������
H��`d���������h.�����a��3l�������|��������������3�����L����������)��
���������_���M��������������u��w��
������
m������M���;��I|���������X�����������e��
���������������1�������
j��~��@������C�� o��y���n�� ���(���������q��Q_�����9/��S������
��
������t��3��I���k���(��������
;��.��#������������}������#�� ��J�������WA�����i��B�������|������������ l�����6��&�������
��8g��(@��)1��c��u�����#����k��Z����a��},�������s��
���U��/g�����������#O���u���f�������K�������2���������F����������������Y�� *��
���P���L�� ������W��4O��"����U���������
����9�������S��1���Y�����/���b�������������@�������h��,��a�� ��
�������������L���������������R��?��T]�������������u������t��4w��*��m!���1����������,��1t��b2������~������}������������������������U����g��*4�����>��^��m��
>��
������#o���������Ke��%����������"����� N�������u��������3�������g��������0������N���i���j����������������������x���xA큤큤큤A큤큤A큤큤A큤큤A큤큤A큤A큤큤A큤큤큤큤A큤A큤A큤A큤A큤A큤A큤A큤A큤큤������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ee\reeee\re\re\reee\ree\reeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeeee\re\re\re\re\reeeascabrero@suse.de�scabrero@suse.de�scabrero@suse.de�nopower@suse.com�nopower@suse.com�nopower@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�nopower@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�ddiss@suse.com�nopower@suse.com�dmulder@suse.com�dmulder@suse.com�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�dimstar@opensuse.org�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�nopower@suse.com�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�nopower@suse.com�scabrero@suse.de�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�nopower@suse.com�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�scabrero@suse.de�scabrero@suse.de�nopower@suse.com�nopower@suse.com�nopower@suse.com�dmulder@suse.com�scabrero@suse.de�nopower@suse.com�ddiss@suse.com�nopower@suse.com�nopower@suse.com�jmcdonough@suse.com�nopower@suse.com�nopower@suse.com�jmcdonough@suse.com�nopower@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�nopower@suse.com�jmcdonough@suse.com�nopower@suse.com�scabrero@suse.de�nopower@suse.com�nopower@suse.com�ddiss@suse.com�ddiss@suse.com�nopower@suse.com�nopower@suse.com�ddiss@suse.com�nopower@suse.com�dmulder@suse.com�dmulder@suse.com�ddiss@suse.com�scabrero@suse.de�dmulder@suse.com�ddiss@suse.com�nopower@suse.com�jengelh@inai.de�dmulder@suse.com�scabrero@suse.de�scabrero@suse.de�scabrero@suse.de�dmulder@suse.com�dmulder@suse.com�dmulder@suse.com�jmcdonough@suse.com�dmulder@suse.com�scabrero@suse.de�dmulder@suse.com�scabrero@suse.de�dmulder@suse.com�dmulder@suse.com�vcizek@suse.com�dmulder@suse.com�dmulder@suse.com�nopower@suse.com�scabrero@suse.de�jmcdonough@suse.com�scabrero@suse.de�aaptel@suse.com�jengelh@inai.de�dimstar@opensuse.org�dmulder@suse.com�jmcdonough@suse.com�david.mulder@suse.com�jmcdonough@suse.com�aaptel@suse.com�dmulder@suse.com�scabrero@suse.com�scabrero@suse.com�kukuk@suse.de�david.mulder@suse.com�scabrero@suse.com�rbrown@suse.com�dmulder@suse.com�scabrero@suse.com�dimstar@opensuse.org�scabrero@suse.com�aaptel@suse.com�nopower@suse.com�nopower@suse.com�aaptel@suse.com�ddiss@suse.com�dmulder@suse.com�ddiss@suse.com�dmulder@suse.com�ddiss@suse.com�ddiss@suse.com�nopower@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�dmulder@suse.com�nopower@suse.com�jmcdonough@suse.com�aaptel@suse.com�kukuk@suse.com�kukuk@suse.de�nopower@suse.com�aaptel@suse.com�dmulder@suse.com�ddiss@suse.com�dmulder@suse.com�ddiss@suse.com�jmcdonough@suse.com�nopower@suse.com�nopower@suse.com�nopower@suse.com�nopower@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�nopower@suse.com�nopower@suse.com�ddiss@suse.com�jmcdonough@suse.com�ddiss@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�jmcdonough@suse.com�nopower@suse.com�lmuelle@suse.com�lmuelle@suse.com�jmcdonough@suse.com�nopower@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�nopower@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�tchvatal@suse.com�lmuelle@suse.com�nopower@suse.com�crrodriguez@opensuse.org�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�noel.power@suse.com�ddiss@suse.com�ddiss@suse.com�lmuelle@suse.com�ddiss@suse.com�lmuelle@suse.com�lmuelle@suse.com�nopower@suse.com�ddiss@suse.com�ddiss@suse.com�lmuelle@suse.com�lmuelle@suse.com�ddiss@suse.com�lmuelle@suse.com�mpluskal@suse.com�lmuelle@suse.com�nopower@suse.de�ddiss@suse.com�ddiss@suse.com�ddiss@suse.com�lmuelle@suse.de�nopower@suse.de�lmuelle@suse.com�nopower@suse.de�ddiss@suse.com�lmuelle@suse.com�lmuelle@suse.com�lmuelle@suse.com�- Add "net offlinejoin composeodj" command; (bsc#1214076);�- CVE-2023-4091: samba: Client can truncate file with read-only
permissions; (bsc#1215904); (bso#15439).
- CVE-2023-42669: samba: rpcecho, enabled and running in AD DC,
allows blocking sleep on request; (bso#1215905); (bso#15474).
- CVE-2023-4154: samba: dirsync allows SYSTEM access with only
"GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES;
(bsc#1215908); (bso#15424).�- Move libcluster-samba4.so from samba-libs to samba-client-libs;
(bsc#1213940);�- secure channel faulty since Windows 10/11 update 07/2023;
(bso#15418); (bsc#1213384).�- CVE-2022-2127: lm_resp_len not checked properly in
winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174).
- CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite
Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173).
- CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type
Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172).
- CVE-2023-34968: Spotlight server-side Share Path Disclosure;
(bso#15388); (bsc#1213171).�- CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords
in cleartext; (bso#15315); (bsc#1209481).
- CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be
deleted by unprivileged authenticated users; (bso#15276);
(bsc#1209483).
- CVE-2023-0614: samba: Access controlled AD LDAP attributes can
be discovered; (bso#15270); (bsc#1209485).�- Prevent use after free of messaging_ctdb_fde_ev structs;
(bso#15293); (bsc#1207416).�- CVE-2022-38023 Additional patches for the PDC role's netlogon
server; (bso#15240); (bsc#1206504);�- CVE-2021-20251: samba: Bad password count not incremented
atomically; (bso#14611); (bsc#1206546).�- Update to 4.15.13
* CVE-2022-37966 rc4-hmac Kerberos session keys issued to
modern servers; (bso#15237); (bsc#1205385);
* CVE-2022-37967 Kerberos constrained delegation ticket forgery
possible against Samba AD DC; (bso#15231); (bsc#1205386);
* CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak
and should be avoided; (bso#15240); (bsc#1206504);
* filter-subunit is inefficient with large numbers of
knownfails; (bso#15258);
* The KDC logic arround msDs-supportedEncryptionTypes differs
from Windows; (bso#13135);
* Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue;
(bso#15197);
- Adjust the systemd drop-in file for named service; (bsc#1201689);
* Paths are additive so do not repeat paths from named.service
* Prefix the samba DLZ directory with "-" to ignore this path
if it does not exists�- Install a systemd drop-in file for named service to allow
read/write access to the DLZ directory; (bsc#1201689);�- Update to 4.15.12
* CVE-2022-42898: samba: heimdal: Samba buffer overflow
vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126).
- Update to 4.15.11
* Allow rebuild of Centos 8 images after move to vault for
Samba 4.15; (bso#15193).
* CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3();
(bso#15134); (bsc#1204254)�- Update to 4.15.10
* Possible use after free of connection_struct when iterating
smbd_server_connection->connections; (bso#15128);
(bsc#1200102).
* smbXsrv_connection_shutdown_send result leaked; (bso#15174).
* Spotlight RPC service returns wrong response when Spotlight
is disabled on a share; (bso#15086).
* acl_xattr VFS module may unintentionally use filesystem
permissions instead of ACL from xattr; (bso#15126).
* Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1;
(bso#15153).
* assert failed: !is_named_stream(smb_fname)") at
../../lib/util/fault.c:197; (bso#15161).
* Missing READ_LEASE break could cause data corruption;
(bso#15148).
* rpcclient can crash using setuserinfo(2); (bso#15124).
* Samba fails to build with glibc 2.36 caused by including
in libreplace; (bso#15132).
* SMB1 negotiation can fail to handle connection errors;
(bso#15152).
* samba-tool domain join segfault when joining a samba ad
domain; (bso#15078).
- Update to 4.15.9
* CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
* CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
* CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
* CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).�- CVE-2022-1615: Do not ignore errors in random number generation;
(bso#15103); (bsc#1202976);
- CVE-2022-32743: Implement validated dnsHostName write rights;
(bso#14833); (bsc#1202803);�- Fix Use after free when iterating
smbd_server_connection->connections after tree disconnect
failure; (bso#15128); (bsc#1200102).�- CVE-2022-32746: samba: Use-after-free occurring in database
audit logging; (bso#15009); (bso#15096); (bsc#1201490).
- CVE-2022-32745: samba: ldb: AD users can crash the server
process with an LDAP add or modify request; (bso#15008);
(bso#15096); (bsc#1201492).
- CVE-2022-2031: samba, ldb: AD users can bypass certain
restrictions associated with changing passwords; (bso#15047);
(bsc#1201495);
- CVE-2022-32742:SMB1 code does not correct verify SMB1write,
SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085);
(bsc#1201496).
- CVE-2022-32744: samba, ldb: AD users can forge password change
requests for any user; (bso#15074); (bso#15047); (bsc#1201493).�- Update to 4.15.8
* Use pathref fd instead of io fd in vfs_default_durable_cookie;
(bso#15042);
* Setting fruit:resource = stream in vfs_fruit causes a panic;
(bso#15099);
* Add support for bind 9.18; (bso#14986);
* logging dsdb audit to specific files does not work; (bso#15076);
* vfs_gpfs with vfs_shadowcopy2 fail to restore file if original
file had been deleted; (bso#15069);
* netgroups support removed; (bso#15087); (bsc#1199247);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674); (bsc#1199734);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* smbclient commands del & deltree fail with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556);
* vfs_gpfs recalls=no option prevents listing files; (bso#15055);
* waf produces incorrect names for python extensions with Python
3.11; (bso#15071);
* Compile error in source3/utils/regedit_hexedit.c; (bso#15091);
* ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link;
(bso#15108);
* smbd doesn't handle UPNs for looking up names; (bso#15054);
* Out-by-4 error in smbd read reply max_send clamp; (bso#14443);
- Move pdb backends from package samba-libs to package
samba-client-libs and remove samba-libs requirement from
samba-winbind; (bsc#1200964); (bsc#1198255);
- Use the canonical realm name to refresh the Kerberos tickets;
(bsc#1196224); (bso#14979);�- Fix smbclient commands del & deltree failing with
NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100);
(bsc#1200556).�- Revert NIS support removal; (bsc#1199247);�- Use requires_eq macro to require the libldb2 version available at
samba-dsdb-modules build time; (bsc#1199362);�- Add missing samba-client requirement to samba-winbind package;
(bsc#1198255);�- Update to 4.15.7
* Share and server swapped in smbget password prompt; (bso#14831);
* Durable handles won't reconnect if the leased file is written
to; (bso#15022);
* rmdir silently fails if directory contains unreadable files and
hide unreadable is yes; (bso#15023);
* SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information
on renamed file handle; (bso#15038);
* vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback;
(bso#14957);
* shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes;
(bso#15035);
* PAM Kerberos authentication incorrectly fails with a clock skew
error; (bso#15046);
* username map - samba erroneously applies unix group memberships
to user account entries; (bso#15041);
* NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES
in SMBC_server_internal; (bso#14983);
* Simple bind doesn't work against an RODC (with non-preloaded users);
(bso#13879);
* Crash of winbind on RODC; (bso#14641);
* uncached logon on RODC always fails once; (bso#14865);
* KVNO off by 100000; (bso#14951);
* LDAP simple binds should honour "old password allowed period";
(bso#15001);
* wbinfo -a doesn't work reliable with upn names; (bso#15003);
* Simple bind doesn't work against an RODC (with non-preloaded
users); (bso#13879);
* Uninitialized litemask in variable in vfs_gpfs module; (bso#15027);
* Regression: create krb5 conf = yes doesn't work with a single KDC;
(bso#15016);�- Add provides to samba-client-libs package to fix upgrades from
previous versions; (bsc#1197995);�- Add missing samba-libs requirement to samba-winbind package;
(bsc#1198255);�- Update to 4.15.6
* Renaming file on DFS root fails with
NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169);
* Samba does not response STATUS_INVALID_PARAMETER when opening 2
objects with same lease key; (bso#14737);
* NT error code is not set when overwriting a file during rename
in libsmbclient; (bso#14938);
* Fix ldap simple bind with TLS auditing; (bso#14996);
* net ads info shows LDAP Server: 0.0.0.0 depending on contacted
server; (bso#14674);
* Problem when winbind renews Kerberos; (bso#14979);
(bsc#1196224);
* pam_winbind will not allow gdm login if password about to
expire; (bso#8691);
* virusfilter_vfs_openat: Not scanned: Directory or special file;
(bso#14971);
* DFS fix for AIX broken; (bso#13631);
* Solaris and AIX acl modules: wrong function arguments;
(bso#14974);
* Function aixacl_sys_acl_get_file not declared / coredump;
(bso#7239);
* Regression: Samba 4.15.2 on macOS segfaults intermittently
during strcpy in tdbsam_getsampwnam; (bso#14900);
* Fix a use-after-free in SMB1 server; (bso#14989);
* smb2_signing_decrypt_pdu() may not decrypt with
gnutls_aead_cipher_decrypt() from gnutls before 3.5.2;
(bso#14968);
* Changing the machine password against an RODC likely destroys
the domain join; (bso#14984);
* authsam_make_user_info_dc() steals memory from its struct
ldb_message *msg argument; (bso#14993);
* Use Heimdal 8.0 (pre) rather than an earlier snapshot;
(bso#14995);
* Samba autorid fails to map AD users if id rangesize fits in the
id range only once; (bso#14967);�- Fix mismatched version of libldb2; (bsc#1196788).
- Drop obsolete SuSEfirewall2 service files.�- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality;
(bsc#1080338).�- Fix ntlm authentications with "winbind use default domain = yes";
(bso#13126); (bsc#1173429); (bsc#1196308).�- Fix samba-ad-dc status warning notification message by disabling
systemd notifications in bgqd; (bsc#1195896); (bso#14947).�- libldb version mismatch in Samba dsdb component; (bsc#1118508);�- Update to 4.15.5
* CVE-2021-44141: UNIX extensions in SMB1 disclose whether the
outside target of a symlink exists; (bso#14911);
(bsc#1193690).
* CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit
module; (bso#14914); (bsc#1194859).
* CVE-2022-0336: Re-adding an SPN skips subsequent SPN
conflict checks; bso#14950); (bsc#1195048).�- CVE-2021-44141: Information leak via symlinks of existance of
files or directories outside of the exported share; (bso#14911);
(bsc#1193690);
- CVE-2021-44142: Out-of-bounds heap read/write vulnerability
in VFS module vfs_fruit allows code execution; (bso#14914);
(bsc#1194859);
- CVE-2022-0336: Samba AD users with permission to write to an
account can impersonate arbitrary services; (bso#14950);
(bsc#1195048);�- Update to 4.15.4
* Duplicate SMB file_ids leading to Windows client cache
poisoning; (bso#14928);
* Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error -
NT_STATUS_BUFFER_TOO_SMALL; (bso#14932);
* kill_tcp_connections does not work; (bso#14934);
* Can't connect to Windows shares not requiring authentication
using KDE/Gnome; (bso#14935);
* smbclient -L doesn't set "client max protocol" to NT1 before
calling the "Reconnecting with SMB1 for workgroup listing"
path; (bso#14939);
* Cross device copy of the crossrename module always fails;
(bso#14940);
* symlinkat function from VFS cap module always fails with an
error; (bso#14941);
* Fix possible fsp pointer deference; (bso#14942);
* Missing pop_sec_ctx() in error path inside close_directory();
(bso#14944);
* "smbd --build-options" no longer works without an smb.conf file;
(bso#14945);�- Use pkgconfig(krb5) as dependency for the -devel package: allow
OBS to pick the right flavor of krb5-devel (full vs mini).
- Do not require the 'krb5' symbol by samba-client-libs: this
package has an automatic dependency due to linkage on
libgssapi_krb5.so.2. Automatic deps are always better.
- Do not require the 'krb5' symbol from samba-libs: samba-libs
requires samba-client-libs, which in turn requires krb5
libraries. Samba-libs itself has no need for krb5 (but get it
indirectly anyway).�- Reorganize libs packages. Split samba-libs into samba-client-libs,
samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba
public libraries depending on internal samba libraries into these
packages as there were dependency problems everytime one of these
public libraries changed its version (bsc#1192684). The devel
packages are merged into samba-devel.
- Rename package samba-core-devel to samba-devel
- Add python-rpm-macros to build requirements
- Update the symlink create by samba-dsdb-modules to private samba
ldb modules following libldb2 changes from /usr/lib64/ldb/samba to
/usr/lib64/ldb2/modules/ldb/samba�- Update to 4.15.3
* Recursive directory delete with veto files is broken in 4.15.0;
(bso#14878);
* A directory containing dangling symlinks cannot be deleted by
SMB2 alone when they are the only entry in the directory;
(bso#14879);
* SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used
uninitialized in rmdir_internals(); (bso#14892);
* MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694);
* The CVE-2020-25717 username map [script] advice has undesired
side effects for the local nt token; (bso#14901); (bsc#1192849);
* User with multiple spaces (eg FredNurk) become
un-deletable; (bso#14902);
* Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127);
* smbXsrv_client_global record validation leads to crash if existing
record points at non-existing process; (bso#14882);
* Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call;
(bso#14890);
* Samba process doesn't log to logfile; (bso#14897);
* set_ea_dos_attribute() fallback calling get_file_handle_for_metadata()
triggers locking.tdb assert; (bso#14907);
* Kerberos authentication on standalone server in MIT realm broken;
(bso#14922);
* Segmentation fault when joining the domain; (bso#14923);
* Support for ROLE_IPA_DC is incomplete; (bso#14903);
* rpcclient cannot connect to ncacn_ip_tcp services anymore;
(bso#14767);
* winexe crashes since 4.15.0 after popt parsing; (bso#14893);
* net ads status -P broken in a clustered environment; (bso#14908);
* Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before
smbd_smb2_ioctl_send; (bso#14788);
* winbindd doesn't start when "allow trusted domains" is off;
(bso#14899);
* smbclient login without password using '-N' fails with
NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883);
* A schannel client incorrectly detects a downgrade connecting to
an AES only server; (bso#14912);
* Possible null pointer dereference in winbind; (bso#14921);
* Fix -k legacy option for client tools like smbclient, rpcclient,
net, etc.; (bso#14846);
* Add Debian 11 CI bootstrap support; (bso#14872);
* Crash in recycle_unlink_internal(); (bso#14888);�- Fix dependency problem upgrading from libndr0 to libndr2 and
from libsamba-credentials0 to libsamba-credentials1;
(bsc#1192684);�- Fix regression introduced by CVE-2020-25717 patches, winbindd
does not start when 'allow trusted domains' is off; (bso#14899);
- Update to 4.15.2
* CVE-2016-2124: SMB1 client connections can be downgraded to
plaintext authentication; (bso#12444); (bsc#1014440);
* CVE-2020-25717: A user on the domain can become root on domain
members; (bso#14556); (bsc#1192284);
* CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos
tickets issued by an RODC; (bso#14558); (bsc#1192246);
* CVE-2020-25719: Samba AD DC did not always rely on the SID and
PAC in Kerberos tickets; (bso#14561); (bsc#1192247);
* CVE-2020-25721: Kerberos acceptors need easy access to stable
AD identifiers (eg objectSid); (bso#14557); (bsc#1192505);
* CVE-2020-25722: Samba AD DC did not do suffienct access and
conformance checking of data stored; (bso#14564);
(bsc#1192283);
* CVE-2021-3738: Use after free in Samba AD DC RPC server;
(bso#14468); (bsc#1192215);
* CVE-2021-23192: Subsequent DCE/RPC fragment injection
vulnerability; (bso#14875); (bsc#1192214);
- Update to 4.15.1
* vfs_shadow_copy2: core dump in make_relative_path; (bso#14682);
* Log clutter from filename_convert_internal; (bso#14685);
* MacOSX compilation fixes; (bso#14862);
* rodc_rwdc test flaps; (bso#14868);
* Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze
bit' S4U2Proxy Constrained Delegation bypass in Samba with
embedded Heimdal; (bso#14642);
* Python ldb.msg_diff() memory handling failure; (bso#14836);
* "in" operator on ldb.Message is case sensitive; (bso#14845);
* Release LDB 2.4.1 for Samba 4.15.1; (bso#14848);
* samldb_krbtgtnumber_available() looks for incorrect string;
(bso#14854);
* Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871);
* Allow special chars like "@" in samAccountName when generating
the salt; (bso#14874);
* Correctly ignore comments in CTDB public addresses file;
(bso#14826);
* Fix transit path validation; (bso#12998);
* Fix that child winbindd logs to log.winbindd instead of
log.wb-; (bso#14852);
* SMB3 cancel requests should only include the MID together with
AsyncID when AES-128-GMAC is used; (bso#14855);
* Prepare to operate with MIT krb5 >= 1.20; (bso#14870);
* Heimdal prefers RC4 over AES for machine accounts; (bso#14864);�- Enable samba-tool without ad dc.�- Adjust spec to use pam macros; (bsc#1191046).�- Adjust spec for size
* allow some Recommends instead Requires to be configured
for cifs-utils, samba-libs-python3 & samba-gpupdate;
(bsc#1182847).
* remove fam, undocumented and unneeded.�- Add missing build dependency on bison when building with the
embedded Heimdal Kerberos�- Update to 4.15.0
* Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10
* VFS layer modernized.
* Add the ability to set allow/deny lists for zone transfer clients
in Bind DLZ plugin
* Server multi-channel support no longer experimental
* Improved command line user experience, unifying the options in
different commands
* Winbindd no longer scans trusted domains on startup and will use
enterprise principals by default.
* The net utility is now able to support the offline domain join feature
* New options for 'samba-tool dns zoneoptions' for aging control
and to mark old records as static or dynamic
* DNS tombstones are now deleted as appropriate and use a consistent
timestamp format
* The 'samba-tool dns update' command validates and rejects now malformed
IPv4 and IPv6 addresses
* The 'samba-tool domain backup' command correctly takes out locks
against concurrent modification during backup when using the LMDB
backend
* TruACL support has been removed
* NIS support has been removed�- Fix 'net rpc' authentication when using the machine account;
(bsc#1189017); (bso#14796);�- Fix dependency problem upgrading from libndr0 to libndr1;
(bsc#1189875);
- Fix dependency problem upgrading from libsmbldap0 to libsmbldap2;
(bsc#1189875);
- Fix wrong kvno exported to keytab after net ads changetrustpw due
to replication delay; (bsc#1188727);
- Add Certificate Auto Enrollment Policy; (jsc#SLE-18456).
- Update to 4.13.10
* s3: smbd: Ensure POSIX default ACL is mapped into returned
Windows ACL for directory handles; (bso#14708);
* Take a copy to make sure we don't reference free'd memory; (bso#14721);
* s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722);
* s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in
change_file_owner_to_parent() error path; (bso#14736);
* samba-tool: Give better error information when the
'domain backup restore' fails with a duplicate SID; (bso#14575);
* smbd: Correctly initialize close timestamp fields; (bso#14714);
* Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740);
* ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475);
* gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750);
* smbXsrv_{open,session,tcon}: Protect
smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752);
* samba-tool domain backup offline doesn't work against bind DLZ
backend; (bso#14027);
* netcmd: Use next_free_rid() function to calculate a SID for
restoring a backup; (bso#14669);
- Update to 4.13.9
* s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696);
* Add documentation for dsdb_group_audit and dsdb_group_json_audit
to "log level", synchronise "log level" in smb.conf with the code; (bso#14689);
* Fix smbd panic when two clients open same file; (bso#14672);
* Fix memory leak in the RPC server; (bso#14675);
* s3: smbd: Fix deferred renames; (bso#14679);
* s3-iremotewinspool: Set the per-request memory context; (bso#14675);
* rpc_server3: Fix a memleak for internal pipes; (bso#14675);
* third_party: Update socket_wrapper to version 1.3.2; (bso#11899);
* third_party: Update socket_wrapper to version 1.3.3; (bso#14639);
* idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid
conflict; (bso#14663);
* Fix the build on OmniOS; (bso#14288);
- Update to 4.13.8
* CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571
- Update to 4.13.7
* Release with dependency on ldb version 2.2.1.�- CVE-2021-20254 Buffer overrun in sids_to_unixids();
(bnc#14571); (bsc#1184677).�- Fix offline domain backup not possible using lmdb version >= 0.9.26;
(bso#14676);
- Require libldb >= 2.2.1; (bsc#1183572); (bsc#1183574);
- Update to 4.13.6
* CVE-2020-27840: samba: Unauthenticated remote heap corruption
via bad DNs; (bso#14595); (bsc#1183572).
* CVE-2021-20277: samba: out of bounds read in ldb_handler_fold;
(bso#14655); (bsc#1183574).
- Update to 4.13.5
* s3:modules:vfs_virusfilter: Recent talloc changes cause infinite
start-up failure; (bso#14634);
* s3: libsmb: Add missing cli_tdis() in error path if encryption setup
failed on temp proxy connection; (bso#13992);
* smbd: In conn_force_tdis_done() when forcing a connection closed force
a full reload of services; (bso#14604);
* dbcheck: Check Deleted Objects and reduce noise in reports about
expired tombstones (bso#14593);
* s3: Fix fcntl waf configure check; (bso#14503);
* s3/auth: Implement "winbind:ignore domains"; (bso#14602);
* smbd: Use fsp->conn->session_info for the initial delete-on-close
token; (bso#14617);
* s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path;
(bso#14648);
* classicupgrade: Treat old never expires value right; (bso#14624);
* g_lock: Fix uninitalized variable reads; (bso#14636);
* s3:pysmbd: Fix fd leak in py_smbd_create_file(); (bso#13898);
* lib:util: Avoid free'ing our own pointer; (bso#14625);
* HEIMDAL: krb5_storage_free(NULL) should work; (bso#12505);�- Spec file fixes around systemd and requires; (bsc#1182830);
- Align systemd service unit files with upstream provided ones.�- Update to 4.13.4
* Work around special SMB2 IOCTL response behavior of NetApp Ontap
7.3.7; (bso#14607);
* Temporary DFS share setup doesn't set case parameters in the same
way as a regular share definition does; (bso#14612);
* lib: Avoid declaring zero-length VLAs in various messaging functions;
(bso#14605);
* Do not create an empty DB when accessing a sam.ldb; (bso#14579);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Temporary DFS share setup doesn't set case parameters in the same way
as a regular share definition does; (bso#14612);
* vfs_virusfilter: Allocate separate memory for config char*; (bso#14606);
* vfs_fruit may close wrong backend fd; (bso#14596);
* Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7;
(bso#14607);
* The cache directory for the user gencache should be created recursively;
(bso#14601);
* Be more flexible with repository names in CentOS 8 test environments;
(bso#14594);�- Uninstalling samba-client: Failed to disable unit, cifs.service
does not exists; (bsc#1180388);�- Update to 4.13.3
+ libcli: smb2: Never print length if smb2_signing_key_valid() fails for
crypto blob; (bso#14210);
+ s3: modules: gluster. Fix the error I made in preventing talloc leaks
from a function; (bso#14486);
+ s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL
via TALLOC_FREE(); (bso#14515);
+ s3: spoolss: Make parameters in call to user_ok_token() match all other
uses; (bso#14568);
+ s3: smbd: Quiet log messages from usershares for an unknown share;
(bso#14590);
+ samba process does not honor max log size; (bso#14248);
+ vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE;
(bso#14587);
+ s3-libads: Pass timeout to open_socket_out in ms; (bso#13124);
+ s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486);
+ smbclient: Fix recursive mget; (bso#14517);
+ clitar: Use do_list()'s recursion in clitar.c; (bso#14581);
+ manpages/vfs_glusterfs: Mention silent skipping of write-behind
translator; (bso#14486);
+ vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573);
+ interface: Fix if_index is not parsed correctly; (bso#14514);�- Update to 4.13.2
+ s3: modules: vfs_glusterfs: Fix leak of char **lines onto
mem_ctx on return; (bso#14486);
+ RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
(bso#14471);
+ smb.conf.5: Add clarification how configuration changes reflected
by Samba; (bso#14538);
+ daemons: Report status to systemd even when running in foreground;
(bso#14552);
+ DNS Resolver: Support both dnspython before and after 2.0.0;
(bso#14553);
+ s3-vfs_glusterfs: Refuse connection when write-behind xlator is
present; (bso#14486);
+ provision: Add support for BIND 9.16.x; (bso#14487);
+ ctdb-common: Avoid aliasing errors during code optimization;
(bso#14537);
+ libndr: Avoid assigning duplicate versions to symbols; (bso#14541);
+ docs: Fix default value of spoolss:architecture; (bso#14522);
+ winbind: Fix a memleak; (bso#14388);
+ s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531);
+ docs-xml/manpages: Add warning about write-behind translator for
vfs_glusterfs; (bso#14486);
+ nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h.
+ vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530);
+ third_party: Update resolv_wrapper to version 1.1.7; (bso#14547);
+ examples:auth: Do not install example plugin; (bso#14550);
+ ctdb-recoverd: Drop unnecessary and broken code; (bso#14513);
+ RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special;
(bso#14471);�- Adjust smbcacls '--propagate-inheritance' feature to align with
upstream; (bsc#1178469).�- Update to samba 4.13.1
+ CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with
easily crafted records; (bsc#1177613); (bso#14472);
+ CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994);
(bso#14436);
+ CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify;
(bsc#1173902); (bso#14434);
- Adjust systemd tmpfiles.d configuration, use /run/samba instead of
/var/run/samba; (bsc#1177355);�- Fix vfs_ceph query_directory regression; (bso#14519)
- Drop liburing-devel for SLE15-SP2; (bsc#1177245)�- Register CTDB recovery lock holder with ceph-mgr
- Add liburing-devel dependency�- Update to samba 4.13.0
+ Require Python 3.6
+ Move wide links functionality into VFS module
+ Deprecate NT4-like 'classic' Samba domain controllers
+ Deprecate SMBv1 only protocol options
+ Remove deprecated "ldap ssl ads" option
+ Unify asynchronous DCE-RPC server; (jsc#SES-645)
+ Replay multichannel lease break requests; (bso#11897); (jsc#SES-655)
+ Drop internal byteorder.h header from util-devel package
+ Remove final code for the AD DC LDAP backend
+ Add AD DC Group Policy Scripts
+ Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399)
+ Fix %U substitutions if it contains a domain name; (bso#14467)
+ Fix krb5.conf creation for 'net ads join'; (bso#14479)
+ Fix build problem if libbsd-dev is not installed; (bso#14482)
+ Toggle vfs_snapper using "--with-shared-modules"; (bso#14437)
+ Fix idmap_ad RFC4511 response handling; (bso#14465)
+ Fix panic in get_lease_type(); (bso#14428)�- Update to samba 4.11.13
+ CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect
netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579);
(bso#14497);
+ CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support
"server require schannel:WORKSTATION$ = no" about unsecure configurations;
(bsc#1176579); (bso#14497);
+ CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client
challenge; (bsc#1176579); (bso#14497);
+ CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in
netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no";
(bsc#1176579); (bso#14497);
- Update to samba 4.11.12
+ s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403);
+ dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work
on RHEL7; (bso#14424);
+ dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450);
+ lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL;
(bso#14426);
+ s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
+ lib/util: do not install "test_util_paths"; (bso#14370);
+ lib:util: Fix smbclient -l basename dir; (bso#14345);
+ s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428);
+ util: Allow symlinks in directory_create_or_exist; (bso#14166);
+ docs: Fix documentation for require_membership_of of pam_winbind;
(bso#14358);
+ s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal;
(bso#14425);�- Add obsoletes to libsmbldap2 package to fix upgrades from previous
versions; (bsc#1172810);�- Fix net command unable to negotiate SMB2; (bsc#1174120);�- Update to samba 4.11.11
+ CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ
and VLV combined; (bso#14364); (bsc#1173159]
+ CVE-2020-10745: invalid DNS or NBT queries containing dots use
several seconds of CPU each; (bso#14378); (bsc#1173160).
+ CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP
server with paged_result or VLV; (bso#14402); (bsc#1173161)
+ CVE-2020-14303: Endless loop from empty UDP packet sent to
AD DC nbt_server; (bso#14417); (bsc#1173359).
- Update to samba 4.11.10
+ Fix segfault when using SMBC_opendir_ctx() routine for share
folder that contains incorrect symbols in any file name;
(bso#14374).
+ vfs_shadow_copy2 doesn't fail case looking in
snapdirseverywhere mode; (bso#14350)
+ ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr;
(bso#14413).
+ Malicous SMB1 server can crash libsmbclient; (bso#14366)
+ winbindd: Fix a use-after-free when winbind clients exit;
(bso#14382)
+ ldb: Bump version to 2.0.11, LMDB databases can grow without
bounds. (bso#14330)
- Update to samba 4.11.9
+ nmblib: Avoid undefined behaviour in handle_name_ptrs();
(bso#14242).
+ 'samba-tool group' commands do not handle group names with
special chars correctly; (bso#14296).
+ smbd: avoid calling vfs_file_id_from_sbuf() if statinfo
is not valid; (bso#14237).
+ Missing check for DMAPI offline status in async DOS
attributes; (bso#14293).
+ smbd: Ignore set NTACL requests which contain
S-1-5-88 NFS ACEs; (bso#14307).
+ vfs_recycle: Prevent flooding the log if we're called on
non-existant paths; (bso#14316)
+ smbd mistakenly updates a file's write-time on close;
(bso#14320).
+ RPC handles cannot be differentiated in source3 RPC server;
(bso#14359).
+ librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313).
+ nsswitch: Fix use-after-free causing segfault in
_pam_delete_cred; (bso#14327).
+ Fix fruit:time machine max size on arm; (bso#13622)
+ CTDB recovery corner cases can cause record resurrection
and node banning; (bso#14294).
+ ctdb: Fix a memleak; (bso#14348).
+ libsmb: Don't try to find posix stat info in SMBC_getatr().
+ ctdb-tcp: Move free of inbound queue to TCP restart;
(bso#14295); (bsc#1162680).
+ s3/librpc/crypto: Fix double free with unresolved
credential cache; (bso#14344); (bsc#1169095)
+ s3:libads: Fix ads_get_upn(); (bso#14336).
+ CTDB recovery corner cases can cause record resurrection
and node banning; (bso#14294)
+ Starting ctdb node that was powered off hard before
results in recovery loop; (bso#14295); (bsc#1162680).
+ ctdb-recoverd: Avoid dereferencing NULL rec->nodemap;
(bso#14324)
- Update to samba 4.11.8
+ CVE-2020-10700: Use-after-free in Samba AD DC LDAP
Server with ASQ; (bso#14331); (bsc#1169850);
+ CVE-2020-10704: LDAP Denial of Service (stack overflow)
in Samba AD DC; (bso#14334); (bsc#1169851);
- Update to samba 4.11.7
+ s3: lib: nmblib. Clean up and harden nmb packet
processing; (bso#14239).
+ s3: VFS: full_audit. Use system session_info if called
from a temporary share definition; (bso#14283)
+ dsdb: Correctly handle memory in objectclass_attrs;
(bso#14258).
+ ldb: version 2.0.9, Samba 4.11 and later give incorrect
results for SCOPE_ONE searches; (bso#14270)
+ auth: Fix CIDs 1458418 and 1458420 Null pointer
dereferences; (bso#14247).
+ smbd: Handle EINTR from open(2) properly; (bso#14285)
+ winbind member (source3) fails local SAM auth with empty
domain name; (bso#14247)
+ winbindd: Handling missing idmap in getgrgid(); (bso#14265).
+ lib:util: Log mkdir error on correct debug levels;
(bso#14253).
+ wafsamba: Do not use 'rU' as the 'U' is deprecated in
Python 3.9; (bso#14266).
+ ctdb-tcp: Make error handling for outbound connection
consistent; (bso#14274).
- Update to samba 4.11.6
+ pygpo: Use correct method flags; (bso#14209).
+ vfs_ceph_snapshots: Fix root relative path handling;
(bso#14216); (bsc#1141320).
+ Avoiding bad call flags with python 3.8, using METH_NOARGS
instead of zero; (bso#14209).
+ source4/utils/oLschema2ldif: Include stdint.h before
cmocka.h; (bso#14218).
+ docs-xml/winbindnssinfo: Clarify interaction with
idmap_ad etc; (bso#14122).
+ smbd: Fix the build with clang; (bso#14251).
+ upgradedns: Ensure lmdb lock files linked; (bso#14199).
+ s3: VFS: glusterfs: Reset nlinks for symlink entries during
readdir; (bso#14182).
+ smbc_stat() doesn't return the correct st_mode and also
the uid/gid is not filled (SMBv1) file; (bso#14101).
+ librpc: Fix string length checking in
ndr_pull_charset_to_null(); (bso#14219).
+ ctdb-scripts: Strip square brackets when gathering
connection info; (bso#14227).�- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);�- Installing: samba - samba-ad-dc.service does not exist and unit
not found; (bsc#1171437);�- Fix samba_winbind package is installing python3-base without
python3 package; (bsc#1169521);�- Require libldb2 >= 2.0.10 after security release.�- CVE-2020-10704: LDAP Denial of Service (stack overflow) in
Samba AD DC; (bso#14334); (bsc#1169851);
- CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with
ASQ; (bso#14331); (bsc#1169850);�- Fix smbclient crash with double free (with unresolved krb5
credential cache); (bso#14344); (bsc#1169095).�- Starting ctdb node that was powered off hard before results
in recovery loop; (bso#14295); (bsc#1162680).�- CTDB doesn't retry outgoing connections on bind (and some other)
failures; (bso#14274); (bsc#1162680).�- Revert: Allow idmap_rid to have primary group other than
"Domain Users"; (bsc#1087931).�- Fix nmbstatus not reporting detailed information about workgroups;
(bsc#1159464);
- Fix querying all names registered within broadcast area; (bso#8927);�- Update to samab 4.11.5
+ CVE-2019-14902: Replication of ACLs down subtree on
AD Directory is not automatic; (bso#12497); (bsc#1160850).
+ CVE-2019-19344: Fix server crash with
dns zone scavenging = yes; (bso#14050); (bsc#1160852).
+ CVE-2019-14907: server-side crash after charset conversion
failure (eg during NTLMSSP processing); (bso#14208);
(bsc#1160888).
- Update to samba 4.11.4
+ Ensure SMB1 cli_qpathinfo2() doesn't return an inode number;
(bso#14161).
+ Ensure we don't call cli_RNetShareEnum() on an SMB1
connection; (bso#14174).
+ NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in
SMBC_opendir_ctx; (bso#14176).
+ SMB2 - Ensure we use the correct session_id if encrypting
an interim response; (bso#14189).
+ Prevent smbd crash after invalid SMB1 negprot; (bso#14205).
+ printing: Fix %J substition; (bso#13745).
+ Remove now unneeded call to cmdline_messaging_context();
(bso#13925).
+ Fix incomplete conversion of former parametric options;
(bso#14069).
+ Fix sync dosmode fallback in async dosmode codepath;
(bso#14070).
+ vfs_fruit returns capped resource fork length; (bso#14171).
+ libnet_join: Add SPNs for additional-dns-hostnames entries;
(bso#14116).
+ smbd: Increase a debug level; (bso#14211).
+ Prevent azure ad connect from reporting discovery errors
reference-value-not-ldap-conformant; (bso#14153).
+ krb5_plugin: Fix developer build with newer heimdal system
library; (bso#14179).
+ replace: Only link libnsl and libsocket if required;
(bso#14168);
+ ctdb: Incoming queue can be orphaned causing communication;
breakdown; (bso#14175).
+ ldb: Release ldb 2.0.8. Cross-compile will not take
cross-answers or cross-execute; (bso#13846).
+ heimdal-build: Avoid hard-coded /usr/include/heimdal in
asn1_compile-generated code; (bso#13856).�- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).�- Update to samba 4.11.3
+ CVE-2019-14861: DNSServer RPC server crash, an authenticated user
can crash the DCE/RPC DNS management server by creating records
with matching the zone name; (bso#14138); (bsc#1158108).
+ CVE-2019-14870: DelegationNotAllowed not being enforced, the
DelegationNotAllowed Kerberos feature restriction was not being
applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC; (bso#14187); (bsc#1158109).�- CVE-2019-14861: DNSServer RPC server crash, an authenticated user
can crash the DCE/RPC DNS management server by creating records
with matching the zone name; (bso#14138); (bsc#1158108).
- CVE-2019-14870: DelegationNotAllowed not being enforced, the
DelegationNotAllowed Kerberos feature restriction was not being
applied when processing protocol transition requests (S4U2Self),
in the AD DC KDC; (bso#14187); (bsc#1158109).�- Update to samba 4.11.2
+ CVE-2019-10218: Client code can return filenames containing
path separators; (bsc#1144902); (bso#14071).
+ CVE-2019-14833: Samba AD DC check password script does not
receive the full password; (bso#12438).
+ CVE-2019-14847: User with "get changes" permission can crash
AD DC LDAP server via dirsync; (bso#14040).
- Fixes from 4.11.1
+ Overlinking libreplace against librt and pthread against every
binary or library causes issues; (bso#14140);
+ kpasswd fails when built with MIT Kerberos; (bso#14155);
+ Fix spnego fallback from kerberos to ntlmssp in smbd server;
(bso#14106);
+ Stale file handle error when using mkstemp on a share; (bso#14137);
+ non-AES schannel broken; (bso#14134);
+ Joining Active Directory should not use SAMR to set the password;
(bso#13884);
+ smbclient can blunder into the SMB1 specific cli_RNetShareEnum()
call on an SMB2 connection; (bso#14152);
+ Deleted records can be resurrected during recovery; (bso#14147);
+ getpwnam and getpwuid need to return data for ID_TYPE_BOTH group;
(bso#14141);
+ winbind does not list forest trusts with additional trust
attributes; (bso#14130);
+ fault report points to outdated documentation; (bso#14139);
+ pam_winbind with krb5_auth or wbinfo -K doesn't work for users of
trusted domains/forests; (bso#14124);
+ classicupgrade results in uncaught exception - a bytes-like object
is required, not 'str'; (bso#14136);
+ pod2man is not longer required, stop checking at build time;
(bso#14131);
+ Exit code of ctdb nodestatus should not be influenced by deleted
nodes; (bso#14129);
+ username/password authentication doesn't work with CUPS and
smbspool; (bso#14128);
+ smbc_readdirplus() is incompatible with smbc_telldir() and
smbc_lseekdir(); (bso#14094);�- CVE-2019-14847: User with "get changes" permission can
crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598);
- CVE-2019-10218: Client code can return filenames containing path
separators; (bso#14071); (bsc#1144902);�- CVE-2019-14833: samba: Accent with "check script password"
Samba AD DC check password script does not receive the full
password; (bso#12438); (bsc#1154289).�- Update to samba 4.11.0
+ For details on all items see WHATSNEW.txt in samba-doc
package
+ Python2 runtime support removed; python 3.4 or later required
+ Security improvements:
- SMB1 disabled by default
- lanman and plaintext authentication deprecated
- winbind: PAM_AUTH and NTLM_AUTH events logged
- GnuTLS 3.2 required; system FIPS mode setting honored
+ CephFS Snapshot integration, exposed as previous file
versions
+ ctdb changes:
- onnode -o option removed
- ctdbd logs when using more than 90% of a CPU thread
- CTDB_MONITOR_SWAP_USAGE variable removed
+ AD Domain controller improvements:
- Upgrade AD databse format
- BIND9_FLATFILE deprecated
- default process model chagned to prefork
- bind9 dns operation duration logging
- Default schema updated to 2012_R2; function level is
unchanged
- many performance improvements
+ Configuration webserver support removed�- Fix broken username/password authentication with CUPS and
smbspool; (bsc#1152143); (bso#14128).�- Fix auth problems when printing via smbspool backend with kerberos;
(bnc#1148539); (bso#13832).�- Update to samba 4.10.8
+ CVE-2019-10197: user escape from share path definition;
(bso#14035); (bsc#1141267);�- Fix build on newer systems by modifying samba.spec to use
consistent non-relative paths for pammodules in configure line
and specification of pam_winbind.so library to package.�- Update to samba 4.10.7
+ Unable to create or rename file/directory inside shares
configured with vfs_glusterfs_fuse module; (bso#14010).
+ build: Allow build when '--disable-gnutls' is set; (bso#13844)
+ samba-tool: Add 'import samba.drs_utils' to fsmo.py;
(bso#13973).
+ Fix 'Error 32 determining PSOs in system' message on old DB
with FL upgrade; (bso#14008).
+ s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021)
+ join: Use a specific attribute order for the DsAddEntry
nTDSDSA object; (bso#14046).
+ vfs_catia: Pass stat info to synthetic_smb_fname();
(bso#14015).
+ lookup_name: Allow own domain lookup when flags == 0;
(bso#14091).
+ s4 librpc rpc pyrpc: Ensure tevent_context deleted last;
(bso#13932).
+ DEBUGC and DEBUGADDC doesn't print into a class specific log
file; (bso#13915).
+ Request to keep deprecated option "server schannel",
VMWare Quickprep requires "auto"; (bso#13949).
+ dbcheck: Fallback to the default tombstoneLifetime of 180 days;
(bso#13967).
+ dnsProperty fails to decode values from older Windows versions;
(bso#13969).
+ samba-tool: Use only one LDAP modify for dns partition fsmo
role transfer; (bso#13973).
+ third_party: Update waf to version 2.0.17; (bso#13960).
+ netcmd: Allow 'drs replicate --local' to create partitions;
(bso#14051).
+ ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).�- CVE-2019-10197: user escape from share path definition;
(bso#14035); (bsc#1141267).�- Prepare for use future use of kernel keyrings, modify
/etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).�- Update samba-winbind script to work with systemd; (bsc#1132739);
- Drop samba dhcpcd hook scripts
- Update to samba 4.10.6
+ s3: winbind: Fix crash when invoking winbind idmap scripts;
(bso#13956).
+ smbd does not correctly parse arguments passed to dfree and quota
scripts; (bso#13964).
+ samba-tool dns: use bytes for inet_ntop; (bso#13965).
+ samba-tool domain provision: Fix --interactive module in python3;
(bso#13828).
+ ldb_kv: Skip @ records early in a search full scan; (bso#13893).
+ docs: Improve documentation of "lanman auth" and "ntlm auth"
connection; (bso#13981).
+ python/ntacls: Use correct "state directory" smb.conf option instead
of "state dir"; (bso#14002).
+ registry: Add a missing include; (bso#13840).
+ Fix SMB guest authentication; (bso#13944).
+ AppleDouble conversion breaks Resourceforks; (bso#13958).
+ vfs_fruit makes direct use of syscalls like mmap() and pread();
(bso#13968).
+ s3:mdssvc: Fix flex compilation error; (bso#13987).
+ s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872).
+ dsdb:samdb: schemainfo update with relax control; (bso#13799).
+ s3:util: Move static file_pload() function to lib/util; (bso#13964).
+ smbd: Fix a panic; (bso#13957).
+ ldap server: Generate correct referral schemes; (bso#12478).
+ s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value;
(bso#13941).
+ s4 dsdb: Fix use after free in samldb_rename_search_base_callback;
(bso#13942).
+ dsdb/repl: we need to replicate the whole schema before we can apply it;
(bso#12204).
+ ldb: Release ldb 1.5.5; (bso#12478).
+ Schema replication fails if link crosses chunk boundary backwards;
(bso#13713).
+ 'samba-tool domain schemaupgrade' uses relax control and skips the
schemaInfo update provision; (bso#13799).
+ dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)]
..."; (bso#13916).
+ python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to
get the ACL; (bso#13917).
+ s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary;
(bso#13947).
+ Using Kerberos credentials to print using spoolss doesn't work;
(bso#13939).
+ wafsamba: Use native waf timer; (bso#13998).
+ ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).�- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3)
+ CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found
in DnssrvOperation2; (bso#13922); (bsc#1137815).
+ CVE-2019-12436 dsdb/paged_results: Ignore successful results
without messages; (bso#13951); (bsc#1137816).
- Update to samba-4.10.4
+ s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938).
+ py/provision: Fix for Python 2.6; (bso#13882).
+ netcmd: Fix 'passwordsettings --max-pwd-age' command;
(bso#13873).
+ s3-libnet_join: 'net ads join' to child domain fails when
using "-U admin@forestroot"; (bso#13861).
+ vfs_ceph: Explicitly enable libcephfs POSIX ACL support;
(bso#13896); (bsc#1130245).
+ vfs_ceph: Fix cephwrap_flistxattr() debug message;
(bso#13940); (bsc#1134697).
+ ctdb-common: Avoid race between fd and signal events;
(bso#13895).
+ ctdb-common: Fix memory leak in run_proc; (bso#13943).
+ lib: Initialize getline() arguments; (bso#13892).
+ winbind: Fix overlapping id ranges; (bco#13903).
+ lib util debug: Increase format buffer to 4KiB; (bso#13902).
+ nsswitch pam_winbind: Fix Asan use after free; (bso#13927).
+ s4 lib socket: Ensure address string owned by parent struct;
(bso#13929).
+ s3 rpc_client: Fix Asan stack use after scope; (bso#13936).
+ s3:smbd: Handle IO_REPARSE_TAG_DFS in
SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097).
+ smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344).
+ smb2_sesssetup: avoid STATUS_PENDING responses for session setup;
(bso#12845).
+ smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698).
+ smb2_sesssetup: avoid STATUS_PENDING responses for session
setup; (bso#13796).
+ dbcheck: Fix the err_empty_attribute() check; (bso#13843).
+ vfs_snapper: Drop unneeded fstat handler; (bso#13858).
+ vfs_default: Fix vfswrap_offload_write_send()
NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862).
+ smb2_server: Grant all 8192 credits to clients; (bso#13863).
+ smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling;
(bso#13919).
+ s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872).
+ s3: modules: ceph: Use current working directory instead of
share path; (bso#13918); (bsc#1134452).
+ winbind: Use domain name from lsa query for sid_to_name cache
entry; (bso#13831).
+ memcache: Increase size of default memcache to 512k;
(bso#13865).
+ docs: Update smbclient manpage for "--max-protocol";
(bso#13857).
+ s3:utils: If share is NULL in smbcacls, don't print it;
(bso#13937).
+ s3:smbspool: Fix regression printing with Kerberos credentials;
(bso#13939).
+ ctdb-scripts: CTDB restarts failed NFS RPC services by hand,
which is incompatible with systemd; (bso#13860).
+ ctdb-daemon: Revert "We can not assume that just because we
could complete a TCP handshake"; (bso#13888).
+ ctdb-daemon: Never use 0 as a client ID; (bso#13930).
+ ctdb-common: Fix memory leak; (bso#13943).
+ s3:debug: Enable logging for early startup failures;
(bso#13904)
- Update to samba-4.10.3
+ CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed
checksum; (bso#13685); (bsc#1134024).�- CVE-2019-12435: zone operations can crash rpc server;
(bso#13922); (bsc#1137815).�- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697).
- Add ceph_snapshots VFS module; (jsc#SES-183).�- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).�- Update to samba-4.10.2:
+ CVE-2019-3870 (World writable files in
Samba AD DC private/ dir); (bso#13834).
+ CVE-2019-3880 (Save registry file outside share as
unprivileged user); (bso#13851).
+ py/kcc_utils: py2.6 compatibility; (bso#13837).
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response;
(bso#13869).
+ regfio: Improve handling of malformed registry hive files;
(bso#13840).
+ ctdb-version: Simplify version string usage; (bso#13789).
+ lib: Make fd_load work for non-regular files; (bso#13859).
+ dbcheck: in the middle of the tombstone garbage collection
causes replication failures,
dbcheck: add --selftest-check-expired-tombstones cmdline
option; (bso#13816).
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818).
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854).
+ acl_read: Fix regression for empty lists; (bso#13836).
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841).
+ s3:client: Fix printing via smbspool backend with kerberos
auth; (bso#13832).
+ s4:librpc: Fix installation of Samba; (bso#13847).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username;
(bso#13793).
+ s3:lib: Fix the debug message for adding cache entries;
(bso#13848).
+ s3:waf: Fix the detection of makdev() macro on Linux;
(bso#13853).
* ctdb-build: Drop creation of .distversion in tarball;
(bso#13789).
* ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838).
- Update to samba-4.10.1:
+ py/kcc_utils: py2.6 compatibility; (bso#13837);
+ libcli: permit larger values of DataLength in
SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869);
+ regfio: Improve handling of malformed registry hive files; (bso#13840);
+ ctdb-version: Simplify version string usage; (bso#13789);
+ lib: Make fd_load work for non-regular files; (bso#13859);
+ dbcheck in the middle of the tombstone garbage collection causes
replication failures, dbcheck: add --selftest-check-expired-tombstones
cmdline option; (bso#13816);
+ ndr_spoolss_buf: Fix out of scope use of stack variable in
NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818);
+ s4/messaging: Fix undefined reference in linking
libMESSAGING-samba4.so; (bso#13854);
+ acl_read: Fix regression for empty lists; (bso#13836);
+ s4:dlz make b9_has_soa check dc=@ node; (bso#13841);
+ s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832);
+ s4:librpc: Fix installation of Samba; (bso#13847);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793);
+ s3:lib: Fix the debug message for adding cache entries; (bso#13848);
+ s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853);
+ ctdb-build: Drop creation of .distversion in tarball; (bso#13789);
+ ctdb-packaging: Test package requires tcpdump, ctdb package
should not own system library directory; (bso#13838);
- Update to samba-4.10.0:
+ s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s4/scripting/bin: Open unicode files with utf8 encoding and write
+ unicode string.
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813);
+ passdb: Update ABI to 0.27.2.
+ lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813);
+ lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);�- MacOS credit accounting breaks with async SESSION SETUP;
(bsc#1125601); (bso#13796).
- Mac OS X SMB2 implmenetation sees Input/output error or Resource
temporarily unavailable and drops connection; (bso#13698)�- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).�- CVE-2019-3880: Save registry file outside share as unprivileged
user; (bso#13851); (bsc#1131060 ).�- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0);
(bso#13834); (bsc#1130703);�- Update to samba-4.9.5
+ audit_logging: Remove debug log header and JSON Authentication:
prefix; (bso#13714);
+ Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760);
+ s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso#
CID: 1433607; (bso#11495);
+ smbd: uid: Don't crash if 'force group' is added to an existing
share connection; (bso#13690);
+ s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility
code; (bso#13770);
+ s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803);
+ s3:utils/smbget fix recursive download with empty source
directories; (bso#13199);
+ samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716);
+ s3:libsmb: cli_smb2_list() can sometimes fail initially on a
connection; (bso#13736);
+ join: Throw CommandError instead of Exception for simple errors; (bso#13747);
+ ldb: Avoid inefficient one-level searches; (bso#13762);
+ s3: libsmb: use smb2cli_conn_max_trans_size() in
cli_smb2_list(); (bso#13736);
+ tldap: Avoid use after free errors; (bso#13776);
+ Fix idmap xid2sid cache churn; (bso#13802);
+ access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812);
+ s3-smbd: Avoid assuming fsp is always intact after close_file
call; (bso#13720);
+ s3-vfs-fruit: Add close call; (bso#13725);
+ s3-smbd: Use fruit:model string for mDNS registration; (bso#13746);
+ s3-vfs: add glusterfs_fuse vfs module; (bso#13774);
+ printing: Check lp_load_printers() prior to pcap cache update; (bso#13766);
+ vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS)
ftruncate and fallocate; (bso#13807);
+ lib/audit_logging: Actually create talloc; (bso#13737);
+ netcmd/user: python[3]-gpgme unsupported and replaced by
python[3]-gpg; (bso#13728);
+ dns: Changing onelevel search for wildcard to subtree; (bso#13738);
+ samba-tool: Don't print backtrace on simple DNS errors; (bso#13721);
+ sambaundoguididx: Use the right escaped oder unescaped sam ldb
files; (bso#13759);
+ ctdb: Print locks latency in machinereadable stats; (bso#13742);
+ messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786);
+ audit_logging: auth_json_audit required auth_json; (bso#13715);
+ man pages: Document prefork process model; (bso#13765);
+ CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773);
+ s3:auth: ignore create_builtin_guests() failing without a valid
idmap configuration; (bso#13697);
+ s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC
without trusts; (bso#13722);
+ s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd
is not available; (bso#13723);
+ s4:server: Add support for 'smbcontrol samba shutdown' and
'smbcontrol debug/debuglevel'; (bso#13752);
+ Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616);
+ vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330);
+ s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774);
+ notifyd: Fix SIGBUS on sparc; (bso#13704);
+ waf: Check for libnscd; (bso#13787);
+ s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770);
+ lib/util: Count a trailing line that doesn't end in a newline; (bso#13717);
+ Recovery lock bug fixes; (bso#13800);
+ s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726);
+ s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727);
+ vfs_fileid: Fix get_connectpath_ino; (bso#13741);
+ vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);�- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).�- Fix update-apparmor-samba-profile script after apparmor switched
to using named profiles. The change is backwards compatible;
(bsc#1126377);�- LoadParm().load_default() fails with "Unable to load default file";
(bsc#1089758);�- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);�- Update to samba-4.9.4
+ libcli/smb: Don't overwrite status code; (bso#9175).
+ wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164).
+ Session setup reauth fails to sign response; (bso#13661).
+ vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677).
+ vfs_shadow_copy2: Nicely deal with attempts to open previous
version for writing; (bso#13688).
+ Restoring previous version of stream with vfs_shadow_copy2 fails
with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455).
+ CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571).
+ s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708)
+ PEP8: fix E231: missing whitespace after ','.
+ winbindd: Fix crash when taking profiles;(bso#13629)
+ CVE-2018-14629 dns: Fix CNAME loop prevention using counter
regression; (bso#13600)
+ 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686).
+ CVE-2018-16853: Do not segfault if client is not set; (bso#13571).
+ lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679)
+ ctdb-daemon: Exit with error if a database directory does not
exist; (bso#13696).
+ s3:libads: Add net ads leave keep-account option; (bso#13498).�- Drop more %if..%endif guards which are idempotent.
- Drop requires on ldconfig which are already auto-discovered.
- Do not ignore errors from useradd/groupadd.�- Remove python2 build dependency from samba-libs; (bsc#1116900);�- Update update-apparmor-samba-profile script to ignore the shares's
paths containing substitution variables in any place, not only at the
beginning of the path.�- Update to samba-4.9.3
+ CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD
Internal DNS server; (bso#13600); (bsc#1116319);
+ CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628);
(bsc#1116320);
+ CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server;
(bso#13674); (bsc#1116322);
+ CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers;
(bso#13669); (bsc#1116321);
+ CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos
configuration (unsupported); (bso#13678); (bsc#1116324);
+ CVE-2018-16857: Bad password count in AD DC not always effective;
window; (bso#13683); (bsc#1116323);�- Update to samba-4.9.2
+ dsdb: Add comments explaining the limitations of our current backlink
behaviour; (bso#13418);
+ Fix problems running domain backups (handling SMBv2, sites); (bso#13621);
+ testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3;
(bso#13465);
+ Make vfs_fruit able to cleanup AppleDouble files; (bso#13642);
+ File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646);
+ Enabling vfs_fruit looses FinderInfo; (bso#13649);
+ Cancelling of SMB2 aio reads and writes returns wrong error
NT_STATUS_INTERNAL_ERROR; (bso#13667);
+ Fix CTDB recovery record resurrection from inactive nodes and simplify
vacuuming; (bso#13641);
+ examples: Fix the smb2mount build; (bso#13465);
+ libtevent: Fix build due to missing open_memstream on Illiumos;
(bso#13629);
+ winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662);
+ dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path;
(bso#13653);
+ Extended DN SID component missing for member after switching group
membership; (bso#13418);
+ Return STATUS_SESSION_EXPIRED error encrypted, if the request was
encrypted; (bso#13624);
+ python: Allow forced signing via smb.SMB(); (bso#13621);
+ lib:socket: If returning early, set ifaces; (bso#13665);
+ ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8
encoded unicode; (bso#13616);
+ smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute;
(bso#13673);
+ waf: Add -fstack-clash-protection; (bso#13601);
+ winbind: Fix segfault if an invalid passdb backend is configured;
(bso#13668);
+ Fix bugs in CTDB event handling; (bso#13659);
+ Misbehaving nodes are sometimes not banned; (bso#13670);�- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);�- winbind requires latest version of libtevent-util0 to start�- Backport latest gpo code from master
+ Read policy from local gpt cache
+ Offline policy application
+ Make group policy extensible via register/unregister gpext
+ gpext's run via a process_group_policy method�- Enable profiling data collection�- Change samba-kdc package name to samba-ad-dc
- Move samba-ad-dc.service to the samba-ad-dc package�- Update to samba-4.9.1
+ s3: nmbd: Stop nmbd network announce storm; (bso#13620);
+ s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds;
(bso#13597);
+ CTDB recovery lock has some race conditions; (bso#13617);
+ s3-rpc_client: Advertise Windows 7 client info; (bso#13597);
+ ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);�- Tumbleweed doesn't define the sle_version macro, so we must
include a check for suse_version also. Otherwise python3 is
disabled on Tumbleweed.�- Update to samba-4.9.0
+ samba_dnsupdate: Honor 'dns zone scavenging' option, only update if
needed; (bso#13605);
+ wafsamba: Fix 'make -j'; (bso#13606);�- Update to samba-4.9.0rc5
+ s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only
returns absolute pathnames; (bso#13565);
+ s3: util: Do not take over stderr when there is no log file; (bso#13578);
+ Durable Reconnect fails because cookie.allow_reconnect is not
set; (bso#13549);
+ krb5-samba: Interdomain trust uses different salt principal; (bso#13539);
+ vfs_fruit: Don't unlink the main file; (bso#13441);
+ smbd: Fix a memleak in async search ask sharemode; (bso#13602);
+ Fix Samba GPO issue when Trust is enabled; (bso#11517);
+ samba-tool: Add "virtualKerberosSalt" attribute to
'user getpassword/syncpasswords'; (bso#13539);
+ Fix CTDB configuration issues; (bso#13589);
+ ctdbd logs an error until it can successfully connect to
eventd; (bso#13592);�- Update to samba-4.9.0rc4
+ s3: smbd: Ensure get_real_filename() copes with empty
pathnames; (bso#13585);
+ samba domain backup online/rename commands force user to specify
password on CLI; (bso#13566);
+ wafsamba/samba_abi: Always hide ABI symbols which must be
local; (bso#13579);
+ Fix a panic if fruit_access_check detects a locking conflict; (bso#13584);
+ Fix memory and resource leaks; (bso#13567);
+ python: Fix print in dns_invalid.py; (bso#13580);
+ Aliasing issue causes incorrect IPv6 checksum; (bso#13588);
+ Fix CTDB configuration issues; (bso#13589);
+ s3: vfs: time_audit: fix handling of token_blob in
smb_time_audit_offload_read_recv(); (bso#13568);�- Add missing zlib-devel dependency which was previously pulled in
by libopenssl-devel�- Update to samba-4.9.0rc3+git.22.3fff23ae36e
+ CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against
returns from malicious servers; (bso#13453);
+ CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query
with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374);
+ CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when
not servicePrincipalName is set on a user; (bso#13552);
+ CVE-2018-10919: acl_read: Fix unauthorized attribute access via
searches; (bso#13434);
+ ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540);
+ CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it
is disabled via "ntlm auth"; (bso#13360);
+ s3-tldap: do not install test_tldap; (bso#13529);
+ ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540);
+ CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in
ltdb_index_dn_attr(); (bso#13374);
+ ctdb-eventd: Fix CID 1438155; (bso#13554);
+ Fix CIDs 1438243, (Unchecked return value) 1438244
(Unsigned compared against 0), 1438245 (Dereference before null check) and
1438246 (Unchecked return value); (bso#13553);
+ ctdb: Fix a cut&paste error; (bso#13554);
+ systemd: Only start smb when network interfaces are up; (bso#13559);
+ Fix quotas don't work with SMB2; (bso#13553);
+ s3/smbd: Ensure quota code is only called when quota support
detected; (bso#13563);
+ s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204);
+ s3:waf: Install eventlogadm to /usr/sbin; (bso#13561);
+ Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);�- Update to samba-4.9.0rc2+git.21.a1069afb007
+ s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537);
+ s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check();
(bso#13535);
+ samba-tool trust: Support discovery via netr_GetDcName; (bso#13538);
+ s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542);
+ Fix portability issues on freebsd; (bso#13520);
+ DNS wildcard search does not handle multiple labels correctly; (bso#13536);
+ samba-tool domain trust: Fix trust compatibility to Windows
Server 1709 and FreeIPA; (bso#13308);
+ Fix portability issues on freebsd; (bso#13520);
+ ctdb-protocol: Fix CTDB compilation issues; (bso#13545);
+ ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT
option; (bso#13546);
+ ctdb-doc: Provide an example script for migrating old
configuration; (bso#13550);
+ ctdb-event: Implement event tool "script list" command; (bso#13551);�- Update to samba-4.8.4+git.37.a7a861d7982;
+ CVE-2018-1139: Weak authentication protocol allowed;
(bsc#1095048); (bsc#13360);
+ CVE-2018-1140: Denial of Service Attack on DNS and LDAP server;
(bsc#1095056); (bso#13466); (bso#13374);
+ CVE-2018-10858: Insufficient input validation on client directory
listing in libsmbclient; (bsc#1103411); (bso#13453);
+ CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server;
(bsc#1103414); (bso#13552);
+ CVE-2018-10919: Confidential attribute disclosure from the AD
LDAP server; (bsc#1095057); (bso#13434);
+ s3:winbind: winbind normalize names' doesn't work for users;
(bso#12851);
+ winbind: Fix UPN handling in canonicalize_username(); (bso#13369);
+ s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428);
+ samdb: Fix building Samba with gcc 8.1; (bso#13437);
+ s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440);
+ smbd: Flush dfree memcache on service reload; (bso#13446);
+ ldb: Save a copy of the index result before calling the
+ lib/util: No Backtrace given by Samba's AD DC by default;
(bso#13454).
+ s3: smbd: printing: Re-implement delete-on-close semantics for
print files missing since 3.5.x; (bso#13457).
+ python: Fix talloc frame use in make_simple_acl(); (bso#13474).
+ krb5_wrap: Fix keep_old_entries logic for older Kerberos
libraries;(bso#13478).
+ krb5_plugin: Add winbind localauth plugin for MIT Kerberos;
(bso#13480).�- Add missing package descriptions; (bsc#1093864);
- Fix dependency issue between samba-python and samba-kdc; (bsc#1062876);
- Call update-apparmor-samba-profile when running samba-ad-dc;
(bsc#1092099);�- Update to 4.8.2
+ After update to 4.8.0 DC failed with "Failed to find our own
NTDS Settings objectGUID" (bso#13335).
+ fix incorrect reporting of stream dos attributes on a
directory (bso#13380).
+ vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412).
+ vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425)
+ vfs_ceph: Fix memory leak; (bso#13424).
+ libsmbclient: Fix hard-coded connection error return of
ETIMEDOUT; (bso#13419).
+ s4-lsa: Fix use-after-free in LSA server; (bso#13420).
+ winbindd: Do re-connect if the RPC call fails in the passdb
case; (bso#13430).
+ cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416).
+ cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd
unclean process shutdown; (bso#13414).
+ ctdb-client: Remove ununsed functions from old client code;
(bso#13411).
+ printing: Return the same error code as windows does on upload
failures; (bso#13395).
+ nsswitch: Fix memory leak in winbind_open_pipe_sock() when the
privileged pipe is not accessable; (bso#13400).
+ s4:lsa_lookup: remove TALLOC_FREE(state) after all
dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420).
+ rpc_server: Fix NetSessEnum with stale sessions; (bso#13407).
+ s3:smbspool: Fix cmdline argument handling; (bso#13417).�- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is
required by some client libs; (bsc#1074135);
- Update to 4.8.1; (bsc#1091179);
+ s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error,
we don't own it here; (bso#13244);
+ s3: smbd: Fix possible directory fd leak if the underlying OS doesn't
support fdopendir(); (bso#13270);
+ Round-tripping ACL get/set through vfs_fruit will increase the number of
ACE entries without limit; (bso#13319);
+ s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit
issues; (bso#13347);
+ s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without
delete access; (bso#13358);
+ s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372);
+ s3: smbd: Unix extensions attempts to change wrong field in fchown call;
(bso#13375);
+ ms_schema/samba-tool visualize: Fix python2.6 incompatibility;
(bso#13337);
+ Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ winbindd: Recover loss of netlogon secure channel in case the peer DC is
rebooted; (bso#13332);
+ s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363);
+ ctdb-client: Fix bugs in client code; (bso#13356);
+ ctdb-scripts: Drop "net serverid wipe" from 50.samba event script;
(bso#13359);
+ s3: lib: messages: Don't use the result of sec_init() before calling
sec_init(); (bso#13368);
+ libads: Fix the build '--without-ads'; (bso#13273);
+ winbind: Keep "force_reauth" in invalidate_cm_connection, add
'smbcontrol disconnect-dc'; (bso#13332);
+ vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343);
+ dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367);
+ rpc_server: Fix core dump in dfsgetinfo; (bso#13370);
+ smbclient: Fix notify; (bso#13382);
+ Fix smbd panic if the client-supplied channel sequence number wraps;
(bso#13215);
+ Windows 10 cannot logon on Samba NT4 domain; (bso#13328);
+ lib/util: Remove unused '#include ' from tests/tfork.c;
(bso#13342);
+ Fix build errors with cc from developerstudio 12.5 on Solaris;
(bso#13343);
+ Fix the picky-developer build on FreeBSD 11; (bso#13344);
+ s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345);
+ s3:smbd: map nterror on smb2_flush errorpath; (bso#13338);
+ lib:replace: Fix linking when libtirpc-devel overwrites system headers;
(bso#13341);
+ winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid
query; (bso#13312);
+ s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376);
+ Allow AESNI to be used on all processor supporting AESNI; (bso#13302);�- Use new foreground execution flags for systemd samba daemons;
(bsc#1088574); (bsc#1071090); (bsc#1065551);
+ Add %post scriptlet to clear old sysconfig flags
- Update vendor-files to commit 880b3e7.
+ Set samba sysconfig template variables to ""
+ Add required daemon flags directly to systemd unit�- Specfile cleanup
+ Remove %if..%endif guards which don't affect the build
+ Remove redundant %clean section
+ Replace old $RPM_* shell vars with macros�- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in
place of systemd and systemd-devel: Allow OBS to optimize the
workload by allowing the usage of the 'build-optimized' systemd
packages.�- Enable building samba with python3, and create a samba-python3 package.�- Update to 4.8
+ New GUID Index mode in sam.ldb for the AD DC
+ GPO support for samba KDC
+ Time machine support with vfs_fruit
+ Encrypted secrets
+ AD Replication visualization
+ Improved trust support
- ability to not scan global trust list
- AD external trusts have limited support
- verbose trusted domain listing
+ VirusFilter VFS module
+ NT4-style replication removed
+ vfs_aio_linux removed�- Disable samba-pidl package, due to the removal of dependency
perl-Parse-Yapp; (bsc#1085150);�- Update to 4.7.6;
+ CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally;
(bso#11343); (bsc#1081741);
+ CVE-2018-1057: Authenticated users can change other users' password;
(bso#13272); (bsc#1081024).�- Disable python until full python3 port is done; (bsc#1082139);
+ Remove contents of package samba-python
+ Remove contents of package libsamba-policy0
+ Remove contents of package libsamba-policy-devel
+ Remove library libsamba-python-samba4.so from samba-libs package
+ Remove library libsamba-net-samba4.so from samba-libs package
+ Remove smbtorture binary and manpage from samba-test�- samba fails to build with glibc2.27; (bsc#1081042);�- Update to 4.7.5; (bsc#1080545);
+ smbd tries to release not leased oplock during oplock II downgrade;
(bso#13193);
+ Fix copying file with empty FinderInfo from Windows client to Samba share
with fruit; (bso#13181);
+ build: Deal with recent glibc sunrpc header removal; (bso#10976);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208);
(bsc#1075206);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ ctdb-recovery-helper: Deregister message handler in error paths;
(bso#13188);
+ samba: Only use async signal-safe functions in signal handler; (bso#13240);
+ Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue;
(bso#12986);
+ repl_meta_data: Fix linked attribute corruption on databases
with unsorted links on expunge. dbcheck: Add functionality to fix the
corrupt database; (bso#13228);
+ Fix smbd panic when chdir returns error during exit; (bso#13189);
+ Make Samba work with tirpc and libnsl2; (bso#13238);
+ Fix POSIX ACL support on HPUX and possibly other big-endian OSs;
(bso#13176);�- Update to 4.7.4; (bsc#1080545);
+ s3: smbclient: Implement 'volume' command over SMB2; (bso#13140);
+ s3: libsmb: Fix valgrind read-after-free error in
cli_smb2_close_fnum_recv(); (bso#13171);
+ s3: libsmb: Fix reversing of oldname/newname paths when creating a
reparse point symlink on Windows from smbclient; (bso#13172);
+ Build man page for vfs_zfsacl.8 with Samba; (bso#12934);
+ repl_meta_data: Allow delete of an object with dangling backlinks;
(bso#13095);
+ s4:samba: Fix default to be running samba as a deamon; (bso#13129);
+ Performance regression in DNS server with introduction of DNS wildcard,
ldb: Release 1.2.3; (bso#13191);
+ vfs_zfsacl: Fix compilation error; (bso#6133);
+ "smb encrypt" setting changes are not fully applied until full smbd
restart; (bso#13051);
+ winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052);
+ vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155);
+ winbindd: Dependency on trusted-domain list in winbindd in critical auth
codepath; (bso#13173);
+ repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120);
+ ctdb: sock_daemon leaks memory; (bso#13153);
+ TCP tickles not getting synchronised on CTDB restart; (bso#13154);
+ winbindd: winbind parent and child share a ctdb connection; (bso#13150);
+ pthreadpool: Fix deadlock; (bso#13170);
+ pthreadpool: Fix starvation after fork; (bso#13179);
+ messaging: Always register the unique id; (bso#13180);
+ s4/smbd: set the process group; (bso#13129);
+ Fix broken linked attribute handling; (bso#13095);
+ The KDC on an RWDC doesn't send error replies in some situations;
(bso#13132);
+ libnet_join: Fix 'net rpc oldjoin'; (bso#13149);
+ g_lock conflict detection broken when processing stale entries;
(bso#13195);
+ s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired
sessions; (bso#13197);
+ s3:libads: net ads keytab list fails with "Key table name malformed";
(bso#13166); (bsc#1067700);
+ Fix crash in pthreadpool thread after failure from pthread_create;
(bso#13170);
+ s4:samba: Allow samba daemon to run in foreground; (bso#13129);
(bsc#1065551);
+ third_party: Link the aesni-intel library with "-z noexecstack";
(bso#13174);
+ vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I"
options; (bso#13125);�- Re-enable usage of libnsl (did got lost with glibc change)
- Use TI-RPC (sunrpc is deprecated and will be removed soon from
glibc)�- smbc_opendir should not return EEXIST with invalid login credentials;
(bnc#1065868).�- Update to 4.7.3; (bsc#1069666);
+ Non-smbd processes using kernel oplocks can hang smbd;
(bso#13121);
+ python: use communicate to fix Popen deadlock; (bso#13127);
+ smbd on disk file corruption bug under heavy threaded load;
(bso#13130);
+ tevent: version 0.9.34; (bso#13130);
+ s3: smbd: Fix delete-on-close after smb2_find; (bso#13118);
+ CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug;
(bsc#1060427);(bso#13041);
+ CVE-2017-15275: s3: smbd: Chain code can return uninitialized
memory when talloc buffer is grown; (bsc#1063008); (bso#13077);
- Build with AD DC support only in openSUSE.�- Replace references to /var/adm/fillup-templates with new
%_fillupdir macro (boo#1069468)�- samba-tool requires samba-python; (bnc#1067771).�- Run all daemons in the foreground and let systemd handle it; (bsc#1065551).
- Update to 4.7.1;
+ Fix exporting subdirs with shadow_copy2; (bso#13091);
+ Currently if getwd() fails after a chdir(), we panic; (bso#13027);
+ Ensure default SMB_VFS_GETWD() call can't return a partially completed
struct smb_filename; (bso#13068);
+ sys_getwd() can leak memory or possibly return the wrong errno on older
systems; (bso#13069);
+ smbclient doesn't correctly canonicalize all local names before use;
(bso#13093);
+ Fix broken linked attribute handling; (bso#13095);
+ Missing LDAP query escapes in DNS rpc server; (bso#12994);
+ Link to -lbsd when building replace.c by hand; (bso#13087);
+ Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem;
(bso#6133);
+ Map SYNCHRONIZE acl permission statically in zfs_acl vfs module;
(bso#7909);
+ Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module;
(bso#7933);
+ Missing assignment in sl_pack_float; (bso#12991);
+ Wrong Samba access checks when changing DOS attributes; (bso#12995);
+ samba_runcmd_send() leaves zombie processes on timeout; (bso#13062);
+ groupmap cleanup should not delete BUILTIN mappings; (bso#13065);
+ Enabling vfs_fruit results in loss of Finder tags and other xattrs;
(bso#13076);
+ man pages: Properly ident lists; (bso#9613);
+ smb.conf.5: Sort parameters alphabetically; (bso#13081);
+ Fix GUID string format on GetPrinter info; (bso#12993);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ CTDB starts consuming memory if there are dead nodes in the cluster;
(bso#13056);
+ ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070);
+ libgpo doesn't sort the GPOs in the correct order; (bso#13046);
+ Remote serverid check doesn't check for the unique id; (bso#13042);
+ vfs_catia: Fix a potential memleak; (bso#13090);
+ Fix file change notification for renames; (bso#12903);
+ Samba DNS server does not honour wildcards; (bso#12952);
+ Can't change password in samba from a Windows client if Samba runs on
IPv6 only interface; (bso#13079);
+ vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086);
+ Apple client can't cope with SMB2 async replies when creating symlinks;
(bso#13047);
+ s4:rpc_server:backupkey: Move variable into scope; (bso#12959);
+ Fix ntstatus_gen.h generation on 32bit; (bso#13099);
+ Fix a double free in vfs_gluster_getwd(); (bso#13100);
+ Fix resouce leaks and pointer issues; (bso#13101);
+ vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);�- Add samba-kdc to baselibs.conf.
- Do not wrap samba-kdc's package definition into if/endif: the
package won't be generated simply based on the fact that there is
no files section for the package. Allows the source validator to
ensure samba-kdc is a built package.�- Update to 4.7.0;
+ Whole DB read locks: Improved LDAP and replication consistency;
(bso#12858).
+ Samba AD with MIT Kerberos
+ Dynamic RPC port range: Default range changed from "1024-1300" to
"49152-65535".
+ Authentication and Authorization audit support: New auth_audit debug
class.
+ Multi-process LDAP Server: The LDAP server in the AD DC now honours
the process model used for the rest of the 'samba' process.
+ Improved Read-Only Domain Controller (RODC) Support; (bso#12977).
+ Additional password hashes stored in supplementalCredentials.
+ Improvements to DNS during Active Directory domain join.
+ Significant AD performance and replication improvements.
+ Query record for open file or directory.
+ Removal of lpcfg_register_defaults_hook().
+ Change of loadable module interface.
+ SHA256 LDAPS Certificates: The self-signed certificate generated for use
on LDAPS will now be generated with a SHA256 self-signature, not a SHA1
self-signature.
+ CTDB no longer allows mixed minor versions in a cluster.
+ CTDB now ignores hints from Samba about TDB flags when attaching to
databases.
+ New configuration variable CTDB_NFS_CHECKS_DIR.
+ The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed.
+ The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed.
+ The example NFS Ganesha call-out has been improved.
+ A new "replicated" database type is available.�- CVE-2017-12163: Prevent client short SMB1 write from
writing server memory to file; (bso#13020); (bsc#1058624).�- CVE-2017-12150: Some code path don't enforce smb signing,
when they should; (bso#12997); (bsc#1058622).�- CVE-2017-12151: Keep required encryption across SMB3 dfs
redirects; (bso#12996); (bsc#1058565).�- Clean specfile assuming SUSE-only system and product >=SLE11
+ %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version}
are always undefined
+ %{_vendor} is "suse" and %{suse_version} is at least 1100�- Update to 4.6.7; (bsc#1054017)
+ Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392).
+ smbcacls can fail against a directory on Windows using SMB2.; (bso#12937).
+ vfs_ceph provides inconsistent directory listings; (bso#12911).
+ Misused talloc context can cause a user to crash their smbd by chaining
SMB1 commands.; (bso#12836).
+ Use-after free can crash libsmbclient code.; (bso#12927).
+ Server exit with active AIO can crash.; (bso#12925).
+ Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910).
+ fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs;
(bso#12898).
+ vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897).
+ smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for
authentication; (bso#12886).
+ finder sidebar showing question mark instead of icon when using ip to
connect with vfs_fruit; (bso#12840).
+ Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes
from AD.; (bso#12720).
+ KCC run at selftest startup can fail spuriously due to a race;
(bso#12869).
+ winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for
the remote change; (bso#12782).
+ rpc_pipe_client memory leaks due to long term memory context passed to
rpc_pipe_open_interface(); (bso#12890).
+ CVE-2017-2619 breaks accessing previous versions of directories with
snapshots in subdirectories of the share; (bso#12885).
+ dns_name_equal doing OOB read; (bso#12813).
+ replica_sync tests flap; (bso#12753).
+ Selftest should not call 'net cache flush' and wipe important winbind
entries; (bso#12868).
+ Old Samba versions don't support using recent ldb versions (>=1.1.30);
(bso#12859).
+ pam_winbind fails with kerberos method = secrets and keytab; (bso#10490).
+ race starting winbindd against posixacl test; (bso#12843).
+ Crash in the reentrant smbd_smb2_create_send() if the something fails in
the subsequent try; (bso#12832).
+ spnego.c passes the wrong argument order to gensec_update_ev() for the
FALLBACK case; (bso#12788).
+ Clients with SMB3 support can't connect with
"server max protocol = SMB2_02"; (bso#12772).
+ A log message of samb-tool user syncpasswords reverses string arguments in
a debug message "Call Popen[...".; (bso#12768).
+ The smb tarmode tests kills the share dir contents; (bso#12867).
+ Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862).
+ CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860).
+ manpage/index.html lists links not in alphabetical order; (bso#12854).
+ smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831).
+ If a record is locked in a database, then recovery does not complete;
(bso#12857).
+ debug_locks.sh script does not log any information; (bso#12856).
+ SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport
after error; (bso#12852).
+ smbclient can't parse DOMAIN+username if a different winbind separator is
used; (bso#12849).
+ Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845).
+ Related requests with TreeConnect fail with NETWORK_NAME_DELETED;
(bso#12844).
+ cli->server_os not filled correctly; (bso#12779).
+ REGRESSION: smbclient doesn't print the session setup anymore;
(bso#12824).
+ smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for
FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808).
+ CTDB NFS call-out failures do not cause event failures; (bso#12837).
+ net command fails due to incorrectly return code; (bso#12828).
+ Fix building Samba with GCC 7.1; (bso#12827).�- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again;
(bsc#1048339).�- fix cephwrap_chdir(); (bsc#1048790).
- Update to 4.6.6
+ CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation;
(bsc#1048278).�- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).�- Fix inconsistent ctdb socket path; (bsc#1048352).
- Fix non-admin cephx authentication; (bsc#1048387).�- Update to 4.6.5; (bsc#1040157)
+ Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at
startup; (bso#12814).
+ vfs_expand_msdfs tries to open the remote address as a file path;
(bso#12687).
+ PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type);
(bso#12798).
+ With clustering get update_num_read_oplocks failed and PANIC:
num_share_modes == 1 assertion failure; (bso#11844).
+ contend_level2_oplocks_begin_default oplock optimisation doesn't carry
over to leases; (bso#12766).
+ `ctdb nodestatus` incorrectly displays status for all nodes with wrong
exit code; (bso#12802).
+ CTDB can spin hard on revoking readonly delegations if a node becomes
disconnected; (bso#12697).
+ Printing a share mode entry with leases can crash in the ndr code;
(bso#12793).
+ Fix flakey unit tests for eventd; (bso#12792).
+ CTDB daemon crashes if built with clang; (bso#12770).
+ smbcacls fails if no password is specified; (bso#12765).
+ idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757).
+ samba-tool user syncpasswords doesn't trigger the script when a user gets
removed; (bso#12767).
+ systemd: fix detection of libsystemd; (bso#12764).
+ Notify subsystem only maps first inotify mask to Windows notify filter;
(bso#12760).
+ Allow passing trusted domain password as plain-text to PASSDB layer;
(bso#12751).
+ Can't case-rename files with vfs_fruit; (bso#12749).
+ wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702).
+ vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562).
+ Ordering of notify responses broken; (bso#12756).�- s3: libsmb: Fix error where short name length was read as 2
bytes, should be 1; (bso#11822); (bsc#1042419).�- Revert explicit winbind %{version}-%{release} dependency.
+ The ABI has stabilized since (bsc#936909), so remove to fix cross-media
dependencies; (bsc#1037899).�- Fix CVE-2017-7494 remote code execution from a writable share;
(bso#12780); (bsc#1038231).�- Update to 4.6.3; (bsc#1036011)
+ s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots
from shares with GlusterFS backend; (bso#12743).
+ Fix for Solaris C compiler; (bso#12559).
+ s3: locking: Update oplock optimization for the leases era; (bso#12628).
+ Make the Solaris C compiler happy; (bso#12693).
+ s3: libgpo: Allow skipping GPO objects that don't have the
expected LDAP attributes; (bso#12695).
+ Fix buffer overflow caused by wrong use of getgroups; (bso#12747).
+ lib: debug: Avoid negative array access; (bso#12746).
+ cleanupdb: Fix a memory read error; (bso#12748).
+ streams_xattr and kernel oplocks results in
NT_STATUS_NETWORK_BUSY; (bso#7537).
+ winbindd: idmap_autorid allocates ids for unknown SIDs from other
backends; (bso#11961).
+ vfs_fruit: Resource fork open request with
flags=O_CREAT|O_RDONLY; (bso#12565).
+ manpages/vfs_fruit: Document global options; (bso#12615).
+ lib/pthreadpool: Fix a memory leak; (bso#12624).
+ Lookup-domain for well-known SIDs on a DC; (bso#12727).
+ winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728).
+ winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729).
+ credentials_krb5: use gss_acquire_cred for client-side GSSAPI
use case; (bso#12611).
+ lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690).
+ ctdb-readonly: Avoid a tight loop waiting for revoke to
complete; (bso#12697).
+ ctdb_event monitor command crashes if event is not specified;
(bso#12723).
+ ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733).
+ smbd: Fix smb1 findfirst with DFS; (bso#12558).
+ smbd: Do an early exit on negprot failure; (bso#12610).
+ winbindd: Fix substitution for 'template homedir'; (bso#12699).
+ s4:kdc: Disable principal based autodetected referral detection;
(bso#12554).
+ idmap_autorid: Allocate new domain range if the callers knows
the sid is valid; (bso#12613).
+ LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724).
+ PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for
trusted domain; (bso#12725).
+ rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731).
+ winbindd: Fix password policy for pam authentication; (bso#12725).
+ s3:gse: Correctly handle external trusts with MIT; (bso#12554).
+ auth/credentials: Always set the realm if we set the principal
from the ccache; (bso#12611).
+ replace: Include sysmacros.h; (bso#12686).
+ s3:vfs_expand_msdfs: Do not open the remote address as a file;
(bso#12687).
+ s3:libsmb: Only print error message if kerberos use is forced;
(bso#12704).
+ winbindd: Child process crashes when kerberos-authenticating
a user with wrong password; (bso#12708).
+ vfs_fruit: Office document opens as read-only on macOS due to
CNID semantics; (bso#12715).
+ vfs_acl_xattr: Fix failure to get ACL on Linux if memory is
fragmented; (bso#12737).�- Generate and update vendor-files tarball from Git
+ SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).�- Generate source tarball directly from Git using OBS tar_scm
+ use version string derived from parent Git tag and commit hash
- remove obsolete vendor-files/tools/package-data version ID
+ explicitly generate ctdb manpages, needed without "make dist"�- Update to 4.6.2
+ remove bso#12721 patches now upstream�- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622).
+ x86-64 and aarch64�- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).�- Build and install the html man pages (bsc#1021907).�- Fix CVE-2017-2619 regression with "follow symlinks = no";
(bso#12721).�- Update to 4.6.1
+ symlink race permits opening files outside share directory;
CVE-2017-2619; (bso#12496); (bsc#1027147)
+ testparm checks for valid idmap parameters
+ add new krb client encryption types
+ support for printer driver upload from windows 10
+ inherit owner = 'unix only' for improved quota support
+ improved CTDB event support
+ new primary group support for idmap_ad
+ idmap_hash deprecated
+ mvxattr added to recursively rename extended attributes�- Remove chkconfig requirements for systemd systems�- Don't call insserv if systemd is used�- Fix check if we need to require insserv�- async_req: make async_connect_send() "reentrant";
(bso#12105); (bsc#1024416).�- Force usage of ncurses6-config thru NCURSES_CONFIG env var;
(bsc#1023847).�- add missing patch for libnss_wins segfault; (bsc#995730).�- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).�- Document "winbind: ignore domains" parameter; (bsc#1019416).�- Add base Samba dependency to samba-ceph package.�- Update to 4.5.3
+ Heap-based Buffer Overflow Remote Code Execution Vulnerability;
CVE-2016-2123; (bso#12409); (bsc#1014437).
+ Don't send delegated credentials to all servers; CVE-2016-2125;
(bso#12445); (bsc#1014441).
+ denial of service due to a client triggered crash in the winbindd
parent process; CVE-2016-2126; (bso#12446); (bsc#1014442).
- 4.5.1 and 4.5.2 updates
+ various streams vfs fixes
+ various printing fixes
+ ntlm_auth: do not map explicitly empty domain
+ various stability fixes in smbd
+ match file compression ReFS behavior�- Add missing ldb module directory; (bnc#1012092).�- s3/client: obey 'disable netbios' smb.conf param, don't
connect via NBT port; (bsc#1009085); (bso#12418).�- Include vfstest in samba-test; (bsc#1001203).�- s3/winbindd: using default domain with user@domain.com format
fails; (bsc#997833).�- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).�- Update to 4.5.0
+ NTLM1 Authentication disabled by default
+ SMB2.1 leases enabled by default
+ Support for OFD locks
+ ctdb tool rewritten
+ Added shadow copy snapshot prefix parameter�- Fix illegal memory access after memory has been deleted;
(bso#11836); (bsc#975299).�- Prevent core, make sure response->extra_data.data is always
cleared out; (bsc#993692).�- Don't package man pages for VFS modules that aren't built;
(boo#993707).�- Fix population of ctdb sysconfig after source merge; (bsc#981566).�- Enable vfs_ceph builds for Factory (x86-64)
+ Package as samba-ceph to avoid Ceph dependency in base package.�- Update to 4.4.5
+ Prevent client-side SMB2 signing downgrade; CVE-2016-2119;
(bso#11860); (bsc#986869).�- Remove obsolete syslog.target; (bsc#983938).�- Honor smb.conf socket options in winbind; (bsc#975131).�- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).�- Update to 4.4.4
+ SMB3 multichannel: Add implementation of missing channel sequence
number verification; (bso#11809).
+ smbd:close: Only remove kernel share modes if they had been
taken at open; (bso#11919).
+ notifyd: Prevent NULL deref segfault in notifyd_peer_destructor;
(bso#11930).
+ s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796).
+ Fix case sensitivity issues over SMB2 or above; (bso#11438).
+ s3:smbd: Fix anonymous authentication if signing is mandatory.
(bso#11910)
+ Fix NTLM Authentication issue with squid; (bso#11914).
+ pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530).
+ Fix memory leak in share mode locking; (bso#11934).�- Update to 4.4.3
+ Various post-badlock regressions; (bso#11841); (bso#11850);
(bso#11858); (bso#11870); (bso#11872).
+ Only allow idmap_hash for default idmap config (bso#11786).
+ smbd: Avoid large reads beyond EOF; (bso#11878).
+ vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls"
is set; (bso#11806).
+ libads: Record session expiry for spnego sasl binds; (bso#11852).�- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849);
(bsc#975962); (bsc#979268), (bsc#977669).�- Revert shared library packaging to comply with SLPP�- Update to 4.4.2
+ A man-in-the-middle can downgrade NTLMSSP authentication;
CVE-2016-2110; (bso#11688); (bsc#973031).
+ Domain controller netlogon member computer can be spoofed;
CVE-2016-2111; (bso#11749); (bsc#973032).
+ LDAP conenctions vulnerable to downgrade and MITM attack;
CVE-2016-2112; (bso#11644); (bsc#973033).
+ TLS certificate validation missing; CVE-2016-2113; (bso#11752);
(bsc#973034).
+ Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115;
(bso#11756); (bsc#973036).
+ "Badlock" DCERPC impersonation of authenticated account possible;
CVE-2016-2118; (bso#11804); (bsc#971965).
+ DCERPC server and client vulnerable to DOS and MITM attacks;
CVE-2015-5370; (bso#11344); (bsc#936862).�- Fix samba.tests.messaging test and prevent potential tdb corruption
by removing obsolete now invalid tdb_close call; (bsc#974629).�- Obsolete libsmbclient from libsmbclient0 while not providing it;
(bsc#972197).�- Update to 4.4.0.
+ Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686);
CVE-2016-0771.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; (bso#11648); CVE-2015-7560.
+ Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543.
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem
with no ACL support; (bso#10489).
+ docs: Add example for domain logins to smbspool man page; (bso#11643).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ docs: Add smbspool_krb5_wrapper manpage; (bso#11690).
+ winbindd: Return trust parameters when listing trusts; (bso#11691).
+ ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696).
+ Crypto.Cipher.ARC4 is not available on some platforms, fallback to
M2Crypto.RC4.RC4 then; (bso#11699).
+ s3:utils/smbget: Set default blocksize; (bso#11700).
+ Streamline 'smbget' options with the rest of the Samba utils; (bso#11700).
+ s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ s3:vfs:glusterfs: Fix build after quota changes; (bso#11715).
+ ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719).
+ lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723).
+ smbd: Fix CID 1351215 Improper use of negative value; (bso#11724).
+ smbd: Fix CID 1351216 Dereference null return value; (bso#11725).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ docs: Add manpage for cifsdd; (bso#11730).
+ param: Fix str_list_v3 to accept ; again; (bso#11732).
+ lib/socket: Fix improper use of default interface speed; (bso#11734).
+ lib:socket: Fix CID 1350009: Fix illegal memory accesses
(BUFFER_SIZE_WARNING); (bso#11735).
+ libcli: Fix debug message, print sid string for new_ace trustee;
(bso#11738).
+ Fix installation path of Samba helper binaries; (bso#11739).
+ Fix memory leak in loadparm; (bso#11740).
+ tevent: version 0.9.28: Fix memory leak when old signal action restored;
(bso#11742).
+ smbd: Ignore SVHDX create context; (bso#11753).
+ Fix net join; (bso#11755).
+ s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add;
(bso#11755).
+ passdb: Add linefeed to debug message; (bso#11763).
+ s3:utils/smbget: Fix option parsing; (bso#11767).
+ libnet: Make Kerberos domain join site-aware; (bso#11769).
+ Reset TCP Connections during IP failover; (bso#11770).
+ ldb: Version 1.1.26; (bso#11772).
+ s3:smbd: Add negprot remote arch detection for OSX; (bso#11773).
+ vfs_glusterfs: Fix use after free in AIO callback; (bso#11774).
+ mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780).
+ "trustdom_list_done: Got invalid trustdom response" message should be
avoided; (bso#11782).
+ Mismatch between local and remote attribute ids lets replication fail with
custom schema; (bso#11783).
+ Quota is not supported on Solaris 10; (bso#11788).
+ Talloc: Version 2.1.6; (bso#11789).
+ smbd: Enable multi-channel if 'server multi channel support = yes' in the
config; (bso#11796).
+ build: Fix build when '--without-quota' specified; (bso#11798).
+ lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802).
+ Access based share enum: handle permission set in configuration files;
(bso#8093).
+ See also WHATSNEW.txt from the samba-doc package.�- Update to 4.3.6.
+ Getting and setting Windows ACLs on symlinks can change permissions on link
target; CVE-2015-7560; (bso#11648); (bsc#968222).
+ Fix Out-of-bounds read in internal DNS server; CVE-2016-0771;
(bso#11128); (bso#11686); (bsc#968223).�- Upgrade on-disk FSRVP server state to new version; (bsc#924519).�- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).�- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).�- Obsolete no longer existing samba-32bit package; (bsc#967625).�- Update to 4.3.5.
+ s3:utils/smbget: Fix recursive download; (bso#6482).
+ s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi
with no ACL support; (bso#10489).
+ s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks;
(bso#11400).
+ vfs_shadow_copy2: Fix case where snapshots are outside the share;
(bso#11580).
+ smbclient: Query disk usage relative to current directory; (bso#11662).
+ winbindd: Handle expired sessions correctly; (bso#11670).
+ smbd: Show correct disk size for different quota and dfree block sizes;
(bso#11681).
+ smbcacls: Fix uninitialized variable; (bso#11682).
+ s3:smbd: Ignore initial allocation size for directory creation;
(bso#11684).
+ s3-client: Add a KRB5 wrapper for smbspool; (bso#11690).
+ s3-parm: Clean up defaults when removing global parameters; (bso#11693).
+ Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699).
+ s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703).
+ ctdb: Remove error messages after kernel security update; CVE-2015-8543;
(bso#11705).
+ loadparm: Fix memory leak issue; (bso#11708).
+ lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714).
+ ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ...";
(bso#11719).
+ s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new
file; (bso#11727).
+ param: Fix str_list_v3 to accept ";" again; (bso#11732).�- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).�- Simplify shared library packaging; (bsc#966956).�- Enable clustering (CTDB) support; (bsc#966271).�- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703);
(bsc#964023).�- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).�- Remove autoconf build-time requirement.�- Update to 4.3.4.
+ vfs_fruit: Enable POSIX directory rename semantics; (bso#11065).
+ Crash: Bad talloc magic value - access after free; (bso#11394).
+ Copying files with vfs_fruit fails when using vfs_streams_xattr without
stream prefix and type suffix; (bso#11466).
+ samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given;
(bso#11613).
+ Fix a typo in the smb.conf manpage, explanation of idmap config;
(bso#11619).
+ Correctly initialize the list head when keeping a list of primary followed
by DFS connections; (bso#11624).
+ Reduce the memory footprint of empty string options; (bso#11625).
+ lib/async_req: Do not install async_connect_send_test; (bso#11639).
+ Fix typos in man vfs_gpfs; (bso#11641).
+ Make "hide dot files" option work with "store dos attributes = yes";
(bso#11645).
+ Fix a corner case of the symlink verification; (bso#11647); (bnc#960249).
+ Do not disable "store dos attributes" on-the-fly; (bso#11649).
+ Update lastLogon and lastLogonTimestamp; (bso#11659).�- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).�- Update to 4.3.3.
+ Malicious request can cause Samba LDAP server to hang, spinning using CPU;
CVE-2015-3223; (bso#11325); (bnc#958581).
+ Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599);
(bnc#958586).
+ Insufficient symlink verification (file access outside the share);
CVE-2015-5252; (bso#11395); (bnc#958582).
+ No man in the middle protection when forcing smb encryption on the client
side; CVE-2015-5296; (bso#11536); (bnc#958584).
+ Currently the snapshot browsing is not secure thru windows previous version
(shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583).
+ Fix Microsoft MS15-096 to prevent machine accounts from being changed into
user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).�- Update to 4.3.2.
+ vfs_gpfs: Re-enable share modes; (bso#11243).
+ dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327).
+ s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute
type of zero; (bso#11452).
+ Add libreplace dependency to texpect, fixes a linking error on Solaris;
(bso#11511).
+ s4: Fix linking of 'smbtorture' on Solaris; (bso#11512).
+ s4:lib/messaging: Use correct path for names.tdb; (bso#11562).
+ Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins;
(bso#11563).
+ async_req: Fix non-blocking connect(); (bso#11564).
+ auth: gensec: Fix a memory leak; (bso#11565).
+ lib: util: Make non-critical message a warning; (bso#11566).
+ Fix winbindd crashes with samlogon for trusted domain user; (bso#11569);
(bnc#949022).
+ smbd: Send SMB2 oplock breaks unencrypted; (bso#11570).
+ ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577).
+ s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer;
(bso#11581).
+ s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581).
+ manpage: Correct small typo error; (bso#11584).
+ s3: smbd: If EAs are turned off on a share don't allow an SMB2 create
containing them; (bso#11589).
+ Backport some valgrind fixes from upstream master; (bso#11597).
+ auth: Consistent handling of well-known alias as primary gid; (bso#11608).
+ winbind: Fix crash on invalid idmap configs; (bso#11612).
+ s3: smbd: have_file_open_below() fails to enumerate open files below an
open directory handle; (bso#11615).
+ Changing log level of two entries to DBG_NOTICE; (bso#9912).�- Ensure samlogon fallback requests are rerouted after kerberos failure;
(bnc#953382); (bnc#953972).�- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0.
- Always use the default optimization even on pre-9.2 systems.�- Remove redundant configure options while adding with-relro.�- Relocate the lockdir to the /var/lib/samba/lock directory.�- Cleanup and enhance the pidl sub package.�- Require renamed python-ldb-devel and python-talloc-devel at build-time.
- Requires python-ldb and python-talloc from the python subpackage.�- Update to 4.3.1.
+ s3: smbd: Fix our access-based enumeration on "hide unreadable" to match
Windows; (bso#10252).
+ nss_winbind: Fix hang on Solaris on big groups; (bso#10365).
+ smbd: Fix file name buflen and padding in notify repsonse; (bso#10634).
+ kerberos: Make sure we only use prompter type when available;
winbind: Fix 100% loop; (bso#11038).
+ source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053).
+ s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket;
(bso#11316).
+ s3: smbd: Fix mkdir race condition; (bso#11486).
+ pam_winbind: Fix a segfault if initialization fails; (bso#11502).
+ s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509).
+ s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related
subdirs; (bso#11515).
+ s3: smbd: Fix opening/creating :stream files on the root share directory;
(bso#11522).
+ lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526).
+ net: Fix a crash with 'net ads keytab create'; (bso#11528).
+ s3: smbd: Fix a crash in unix_convert(); (bso#11535).
+ s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix
(bso#11522); (bso#11535).
+ vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543).
+ vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547).
+ s3:locking: Initialize lease pointer in share_mode_traverse_fn();
(bso#11549).
+ s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550).
+ s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555).
+ s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names
is incorrect; (bso#11555).�- Fix 100% CPU in winbindd when logging in with "user must change password on
next logon"; (bso#11038).�- Relocate the tmpfiles.d directory to the client package; (bnc#947552).�- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf
instead; (bnc#942716).�- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).�- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).�- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15
systems; (bnc#945013).�- Update to 4.3.0.
+ Samba "map to guest = Bad uid" doesn't work; (bso#9862).
+ revert LDAP extended rule 1.2.840.113556.1.4.1941
LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493).
+ No objectClass found in replPropertyMetaData on ordinary objects
(non-deleted); (bso#10973).
+ Stream names with colon don't work with fruit:encoding = native;
(bso#11278).
+ NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291).
+ tevent_fd needs to be destroyed before closing the fd; (bso#11316).
+ "force group" with local group not working; (bso#11320).
+ strsep is not available on Solaris; (bso#11359).
+ smbtorture does not build when configured --with-system-mitkrb5;
(bso#11411).
+ Build with GPFS support is broken; (bso#11421).
+ Build broken with --disable-python; (bso#11424).
+ net share allowedusers crashes; (bso#11426).
+ nmbd incorrectly matches netbios names as own name; (bso#11427).
+ Python bindings don't check integer types; (bso#11429).
+ Python bindings don't check array sizes; (bso#11430).
+ CTDB's eventscript error handling is broken; (bso#11431).
+ Fix crash in nested ctdb banning; (bso#11432).
+ Cannot build ctdbpmda; (bso#11434).
+ samba-tool uncaught exception error; (bso#11436).
+ Crash in notify_remove caused by change notify = no; (bso#11444).
+ Poor SMB3 encryption performance with AES-GCM; (bso#11451).
+ Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451).
+ fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455).
+ --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and
install; (bso#11458).
+ xid2sid gives inconsistent results; (bso#11464).
+ ctdb: Fix the build on FreeBSD 10.1; (bso#11465).
+ Handling of 0 byte resource fork stream; (bso#11467).
+ AD samr GetGroupsForUser fails for users with "()" in their name;
(bso#11488).�- Configure with --bundled-libraries=NONE; (bso#11458).�- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).�- Remove libiniparser-devel build-time requirement.�- Update to 4.2.3.
+ s4:lib/tls: Fix build with gnutls 3.4; (bso#8780).
+ s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924).
+ winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991).
+ Logon via MS Remote Desktop hangs; (bso#11061).
+ s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068).
+ tevent: Add a note to tevent_add_fd(); (bso#11141).
+ s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170).
+ s3-unix_msg: Remove socket file after closing socket fd; (bso#11217).
+ smbd: Fix a use-after-free; (bso#11218); (bnc#919309).
+ s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces;
(bso#11245).
+ s3:smb2: Add padding to last command in compound requests; (bso#11277).
+ Add IPv6 support to ADS client side LDAP connects; (bso#11281).
+ Add IPv6 support for determining FQDN during ADS join; (bso#11282).
+ s3: IPv6 enabled DNS connections for ADS client; (bso#11283).
+ Fix invalid write in ctdb_lock_context_destructor; (bso#11293).
+ Excessive cli_resolve_path() usage can slow down transmission; (bso#11295).
+ vfs_fruit: Add option "veto_appledouble"; (bso#11305).
+ tstream: Make socketpair nonblocking; (bso#11312).
+ idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313).
+ Group creation: Add msSFU30Name only when --nis-domain was given;
(bso#11315).
+ tevent_fd needs to be destroyed before closing the fd; (bso#11316).
+ Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared";
(bso#11319).
+ smbd/trans2: Add a useful diagnostic for files with bad encoding;
(bso#11323).
+ Change sharesec output back to previous format; (bso#11324).
+ Robust mutex support broken in 1.3.5; (bso#11326).
+ Kerberos auth info3 should contain resource group ids available from
pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info
exists in PAC; (bso#11328); (bnc#912457).
+ s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329).
+ tevent: Fix CID 1035381 Unchecked return value; (bso#11330).
+ tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331).
+ s3: smbd: Use separate flag to track become_root()/unbecome_root() state;
(bso#11339).
+ s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342).
+ pidl: Make the compilation of PIDL producing the same results if the
content hasn't change; (bso#11356).
+ winbindd: Disconnect child process if request is cancelled at main
process; (bso#11358).
+ vfs_fruit: Check offset and length for AFP_AfpInfo read requests;
(bso#11363).
+ docs: Overhaul the description of "smb encrypt" to include SMB3
encryption; (bso#11366).
+ s3:auth_domain: Fix talloc problem in connect_to_domain_password_server();
(bso#11367).
+ ncacn_http: Fix GNUism; (bso#11371).�- Disable rpath usage; (bnc#902421).�- Make the winbind package depend on the matching libwbclient version and
vice versa; (bnc#936909).�- Backport changes to use resource group sids obtained from pac logon_info;
(bso#11328); (bnc#912457).�- Order winbind.service Before and Want nss-user-lookup target.�- Remove fam-devel build-time dependency for post-6 RHEL systems.�- Update to 4.2.2.
+ s3:smbXsrv: refactor duplicate code into
smbXsrv_session_clear_and_logoff(); (bso#11182).
+ gencache: don't fail gencache_stabilize if there were records to delete;
(bso#11260).
+ s3: libsmbclient: After getting attribute server, ensure main srv pointer
is still valid; (bso#11186).
+ s4: rpc: Refactor dcesrv_alter() function into setup and send steps;
(bso#11236).
+ s3: smbd: Incorrect file size returned in the response of
"FILE_SUPERSEDE Create"; (bso#11240).
+ Mangled names do not work with acl_xattr; (bso#11249).
+ nmbd rewrites browse.dat when not required; (bso#11254).
+ vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff;
(bso#11213).
+ s3:smbd: Add missing tevent_req_nterror; (bso#11224).
+ vfs: kernel_flock and named streams; (bso#11243).
+ vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244).
+ s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses
are used; (bso#11284).
+ ctdb: check for talloc_asprintf() failure; (bso#11201).
+ spoolss: purge the printer name cache on name change; (bso#11210);
(bnc#901813).
+ CTDB statd-callout does not scale; (bso#11204).
+ vfs_fruit: also map characters below 0x20; (bso#11221).
+ ctdb: Coverity fix for CID 1291643; (bso#11201).
+ Multiplexed RPC connections are not handled by DCERPC server; (bso#11225).
+ Fix terminate connection behavior for asynchronous endpoint with PUSH
notification flavors; (bso#11226).
+ ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007).
+ ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201).
+ SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the
directory is deleted; (bso#11257).
+ s3:winbindd: make sure we remove pending io requests before closing client
sockets; (bso#11141); (bnc#931854).
+ Fix panic triggered by smbd_smb2_request_notify_done() ->
smbXsrv_session_find_channel() in smbd; (bso#11182).
+ 'sharesec' output no longer matches input format; (bso#11237).
+ waf: Fix systemd detection; (bso#11200).
+ CTDB: Fix portability issues; (bso#11202).
+ CTDB: Fix some IPv6-related issues; (bso#11203).
+ CTDB statd-callout does not scale; (bso#11204).
+ 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you
enter invalid values; (bso#11234).
+ libads: record service ticket endtime for sealed ldap connections;
(bso#11267).
+ lib/util: Include DEBUG macro in internal header files before samba_util.h;
(bso#11033).�- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).�- Remove the independently built libraries ldb, talloc, tdn, and tevent and
the post-10.3 renamed libsmbclient from baselibs.conf.�- Drop redundant doc attribute from man pages.�- Update to 4.2.1.
+ s3:winbind:grent: Don't stop group enumeration when a group has no gid;
(bso#8905).
+ Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791).
+ s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with
servers that don't send the 2 unused fields; (bso#10016).
+ build:wafadmin: Fix use of spaces instead of tabs; (bso#10476).
+ waf: Fix the build on openbsd; (bso#10476).
+ s3: client: "client use spnego principal = yes" code checks wrong name;
(bso#10888).
+ spoolss: Retrieve published printer GUID if not in registry; (bso#11018).
+ s3: lib: libsmbclient: If reusing a server struct, check every cli->timout
miliseconds if it's still valid before use; (bso#11079).
+ vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125).
+ backupkey: Explicitly link to gnutls and gcrypt; (bso#11135).
+ replace: Remove superfluous check for gcrypt header; (bso#11135).
+ Backport subunit changes; (bso#11137).
+ libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with
implementation; (bso#11140).
+ s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143).
+ talloc: Version 2.1.2; (bso#11144).
+ Update libwbclient version to 0.12; (bso#11149).
+ brlock: Use 0 instead of empty initializer list; (bso#11153).
+ s4:auth/gensec_gssapi: Let gensec_gssapi_update() return
NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164).
+ docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169);
(bnc#913304).
+ s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev
fails in the SMB1 case; (bso#11173).
+ backupkey: Use ndr_pull_struct_blob_all(); (bso#11174).
+ Fix lots of winbindd zombie processes on Solaris platform; (bso#11175).
+ s3: libsmbclient: Add missing talloc stackframe; (bso#11177).
+ s4-process_model: Do not close random fds while forking; (bso#11180).
+ s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).�- Prevent samba package updates from disabling samba kerberos printing.�- Add sparse file support for samba; (fate#318424).�- Purge printer name cache on spoolss SetPrinter change; (bso#11210);
(bnc#901813).�- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).�- Simplify libxslt build requirement and README.SUSE install.
- Remove no longer required cleanup steps while populating the build root.�- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169);
(bnc#913304).�- Update to 4.2.0.
+ smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115).
+ pam_winbind: fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Make 'profiles' work again; (bso#9629).
+ s3:smb2_server: protect against integer wrap with
"smb2 max credits = 65535"; (bso#9702).
+ Make validate_ldb of String(Generalized-Time) accept millisecond format
".000Z"; (bso#9810).
+ Use -R linker flag on Solaris, not -rpath; (bso#10112).
+ vfs: Add glusterfs manpage; (bso#10240).
+ Make 'smbclient' use cached creds; (bso#10279).
+ pdb: Fix build issues with shared modules; (bso#10355).
+ s4-dns: Add support for BIND 9.10; (bso#10620).
+ idmap: Return the correct id type to *id_to_sid methods; (bso#10720).
+ printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808).
+ Don't build vfs_snapper on FreeBSD; (bso#10834).
+ nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
+ idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
+ s3: smb2cli: query info return length check was reversed; (bso#10848).
+ s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849).
+ lib: uid_wrapper: Fix setgroups and syscall detection on a system without
native uid_wrapper library; (bso#10851).
+ winbind3: Fix pwent variable substitution; (bso#10852).
+ Improve samba-regedit; (bso#10859).
+ registry: Don't leave dangling transactions; (bso#10860).
+ Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861).
+ build: Do not install 'texpect' binary anymore; (bso#10862).
+ Fix testparm to show hidden share defaults; (bso#10864).
+ libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1
max=PROTOCOL_SMB2_02; (bso#10866).
+ Integrate CTDB into top-level Samba build; (bso#10892).
+ samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895).
+ s3-nmbd: Fix netbios name truncation; (bso#10896).
+ spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
+ Fix smbclient loops doing a directory listing against Mac OS X 10 server
with a non-wildcard path; (bso#10904).
+ Fix print job enumeration; (bso#10905); (bnc#898031).
+ samba-tool: Create NIS enabled users and unixHomeDirectory attribute;
(bso#10909).
+ Add support for SMB2 leases; (bso#10911).
+ btrfs: Don't leak opened directory handle; (bso#10918).
+ s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
+ s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
+ pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
+ s3-keytab: fix keytab array NULL termination; (bso#10933).
+ s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940).
+ Cleanup add_string_to_array and usage; (bso#10942).
+ dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942).
+ Fix RootDSE search with extended dn control; (bso#10949).
+ Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952).
+ libcli/smb: only force signing of smb2 session setups when binding a new
session; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ socket_wrapper: Add missing prototype check for eventfd; (bso#10965).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ vfs_streams_xattr: Check stream type; (bso#10971).
+ s3: smbd: Fix *allocate* calls to follow POSIX error return convention;
(bso#10982).
+ vfs_fruit: Add support for AAPL; (bso#10983).
+ Fix spoolss IDL response marshalling when returning error without clearing
info; (bso#10984).
+ dsdb-samldb: Check for extended access rights before we allow changes to
userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).
+ Fix IPv6 support in CTDB; (bso#10996).
+ ctdb-daemon: Use correct tdb flags when enabling robust mutex support;
(bso#11000).
+ vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005).
+ s3-util: Fix authentication with long hostnames; (bso#11008).
+ ctdb-build: Fix build without xsltproc; (bso#11014).
+ packaging: Include CTDB man pages in the tarball; (bso#11014).
+ pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords;
(bso#11016).
+ Make Sharepoint search show user documents; (bso#11022).
+ nss_wrapper: check for nss.h; (bso#11026).
+ Enable mutexes in gencache_notrans.tdb; (bso#11032).
+ tdb_wrap: Make mutexes easier to use; (bso#11032).
+ lib/util: Avoid collision which alread defined consumer DEBUG macro;
(bso#11033).
+ winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034).
+ s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037).
+ vfs_fruit: Fix base_fsp name conversion; (bso#11039).
+ vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040).
+ Fix authentication using Kerberos (not AD); (bso#11044).
+ net: Fix sam addgroupmem; (bso#11051).
+ vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055);
(bnc#913238).
+ cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058).
+ utils: Fix 'net time' segfault; (bso#11058).
+ libsmb: Provide authinfo domain for encrypted session referrals;
(bso#11059).
+ s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066).
+ vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069).
+ vfs/glusterfs: Change xattr key to match gluster key; (bso#11069).
+ vfs_glusterfs: Implement AIO support; (bso#11069).
+ s3-vfs: Fix developer build of vfs_ceph module; (bso#11070).
+ s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer;
(bso#11077); CVE-2015-0240; (bnc#917376).
+ vfs: Add a brief vfs_ceph manpage; (bso#11088).
+ s3: smbclient: Allinfo leaves the file handle open; (bso#11094).
+ Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain;
(bso#11097).
+ debug: Set close-on-exec for the main log file FD; (bso#11100).
+ s3: smbd: leases - losen paranoia check. Stat opens can grant leases;
(bso#11102).
+ s3: smbd: SMB2 close. If a file has delete on close, store the return info
before deleting; (bso#11104).
+ doc:man:vfs_glusterfs: improve the configuration section; (bso#11117).
+ snprintf: Try to support %j; (bso#11119).
+ ctdb-io: Do not use sys_write to write to client sockets; (bso#11124).
+ doc-xml: Add 'sharesec' reference to 'access based share enum';
(bso#11127).�- Update to 4.2.0rc5.
+ Ensure we don't call talloc_free on an uninitialized pointer;
CVE-2015-0240; (bso#11077); (bnc#917376).�- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).�- Fix tdb_store_flag_to_ntdb() gcc5 build failure.�- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).�- Update to 4.1.16.
+ dsdb-samldb: Check for extended access rights before we allow changes to
userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).�- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.�- Fix libsmbclient DFS referral handling.
+ Reuse connections derived from DFS referrals; (bso#10123); (fate#316512).
+ Set domain/workgroup based on authentication callback value; (bso#11059).�- Update to 4.2.0rc4.
- Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and
libhttp to the libs package; (boo#913547).
- Rename libpdb packages to libsamba-passdb.
- Drop libsmbsharemodes packages.�- Enable avahi support on post-12.2 systems.�- Update to 4.1.15.
+ pam_winbind: Fix warn_pwd_expire implementation; (bso#9056).
+ nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299).
+ Fix profiles tool; (bso#9629).
+ s3-lib: Do not require a password with --use-ccache; (bso#10279).
+ s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control;
(bso#10949).
+ s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952).
+ s3:smb2_server: Allow reauthentication without signing; (bso#10958).
+ s3-smbclient: Return success if we listed the shares; (bso#10960).
+ s3-smbstatus: Fix exit code of profile output; (bso#10961).
+ libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows
client does; (bso#10966).
+ s3: smbd/modules: Fix *allocate* calls to follow POSIX error return
convention; (bso#10982).
+ Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute
'supported_extensions'; (bso#11006).
+ idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo;
(bso#11006).
+ winbind: Retry LogonControl RPC in ping-dc after session expiration;
(bso#11034).�- yast2-samba-client should be able to specify osName and osVer on
AD domain join; (bnc#873922).�- Lookup FSRVP share snums at runtime rather than storing them persistently;
(bnc#908627).�- Specify soft dependency for network-online.target in Winbind systemd service
file; (bnc#889175).�- Fix spoolss error response marshalling; (bso#10984).�- Update to 4.1.14.
+ pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/
Tools/perl.py back to upstream state; (bso#10472).
+ s4-dns: Add support for BIND 9.10; (bso#10620).
+ nmbd fails to accept "--piddir" option; (bso#10711).
+ nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835).
+ S3: source3/smbd/process.c::srv_send_smb() returns true on the error path;
(bso#10880).
+ vfs_glusterfs: Remove "integer fd" code and store the glfs pointers;
(bso#10889).
+ s3-nmbd: Fix netbios name truncation; (bso#10896).
+ spoolss: Fix handling of bad EnumJobs levels; (bso#10898).
+ s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set
STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904).
+ spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905).
+ s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920).
+ s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921).
+ pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932).
+ s3-keytab: Fix keytab array NULL termination; (bso#10933).
+ Cleanup add_string_to_array and usage; (bso#10942).�- Remove and cleanup shares and registry state associated with
externally deleted snaphots exposed as shadow copies; (bnc#876312).�- Use the upstream tar ball, as signature verification is now able to handle
compressed archives.�- Fix leak when closing file descriptor returned from dirfd; (bso#10918).�- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031).
+ Fix handling of bad EnumJobs levels; (bso#10898).�- Remove dependency on gpg-offline as signature checking is implemented in the
source validator.�- Update to 4.1.13.
+ s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984).
+ s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984).
+ s3-libads: Add all machine account principals to the keytab; (bso#9985).
+ s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to
be NULL. Ensure this is safe with modern AD-DCs; (bso#10717).
+ Fix unstrcpy; (bso#10735).
+ pthreadpool: Slightly serialize jobs; (bso#10779).
+ s3: smbd: streams - Ensure share mode validation ignores internal opens
(op_mid == 0); (bso#10797).
+ s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809).
+ vfs_media_harmony: Fix a crash bug; (bso#10813).
+ docs: Mention incompatibility between kernel oplocks and streams_xattr;
(bso#10814).
+ nmbd: Send waiting status to systemd; (bso#10816).
+ libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL;
(bso#10817).
+ nsswitch: Skip groups we were not able to map; (bso#10824).
+ s3-winbindd: Use correct realm for trusted domains in idmap child;
(bso#10826).
+ s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830).
+ s3: lib: Signal handling - ensure smbrun and change password code save and
restore existing SIGCHLD handlers; (bso#10831).
+ idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837).
+ s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call;
(bso#10838).
+ s3: smb2cli: Query info return length check was reversed; (bso#10848).
+ registry: Don't leave dangling transactions; (bso#10860).�- Update to 4.2.0rc2.�h04-armsrv1 1703082665������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ���
�����������
��������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0���1���2���3���4���5���6���7���8���9���:���;���<���=���>���?���@���A���B���C���D���E���F���G���H���I���J���K���L���M���N���O���P���Q���R���S���T���U���V���W���X���Y���Z���[���\���]���^���_���`���a���b���c���d���e���f���g���h���i���j���k���l���m���n���o���p���q���r���s���t���u���v���w���x���y���z���{���|���}���~������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������ ���
�����������
��������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0���1���2���3���4���5���6���7���8���9���:���;���<���=���>���?���@���A���B���C���D���E���F���G���H���I���J���K���L���M���N���O���P���Q���R���S���T���U���V���W���X���Y���Z���[���\���]���^���_���`���a���b���c���d���e���f���g���h���i���j���k���l���m���n���o���p���q���r���s���t���u���v���w���x���y���z���{���|���}���~��������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������4.15.13+git.710.7032820fcd-150400.3.34.2�4.15.13+git.710.7032820fcd-150400.3.34.2�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ��� �����������
���
���
���
���
���
���
���
���
���
���
���
���
���
�����������������������������������������������������������������������
���
���
���
���
���
���������������������������������������������������������������������������������������
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���������������
���
���
���
���
���
���
���
���
���
���
���
���
�����������������������
�������������������������������������������������������������������������������������������������������������������
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
�������������������������������������������������������������������������������������������������������������������������������������������������������
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
���
����������������������������������������������������������������samba�__init__.py�_glue.cpython-36m-aarch64-linux-gnu.so�_ldb.cpython-36m-aarch64-linux-gnu.so�auth.cpython-36m-aarch64-linux-gnu.so�auth_util.py�colour.py�common.py�credentials.cpython-36m-aarch64-linux-gnu.so�crypto.cpython-36m-aarch64-linux-gnu.so�dbchecker.py�dcerpc�__init__.py�atsvc.cpython-36m-aarch64-linux-gnu.so�auth.cpython-36m-aarch64-linux-gnu.so�base.cpython-36m-aarch64-linux-gnu.so�dcerpc.cpython-36m-aarch64-linux-gnu.so�dfs.cpython-36m-aarch64-linux-gnu.so�dns.cpython-36m-aarch64-linux-gnu.so�dnsp.cpython-36m-aarch64-linux-gnu.so�dnsserver.cpython-36m-aarch64-linux-gnu.so�drsblobs.cpython-36m-aarch64-linux-gnu.so�drsuapi.cpython-36m-aarch64-linux-gnu.so�echo.cpython-36m-aarch64-linux-gnu.so�epmapper.cpython-36m-aarch64-linux-gnu.so�idmap.cpython-36m-aarch64-linux-gnu.so�initshutdown.cpython-36m-aarch64-linux-gnu.so�irpc.cpython-36m-aarch64-linux-gnu.so�krb5ccache.cpython-36m-aarch64-linux-gnu.so�krb5pac.cpython-36m-aarch64-linux-gnu.so�lsa.cpython-36m-aarch64-linux-gnu.so�mdssvc.cpython-36m-aarch64-linux-gnu.so�messaging.cpython-36m-aarch64-linux-gnu.so�mgmt.cpython-36m-aarch64-linux-gnu.so�misc.cpython-36m-aarch64-linux-gnu.so�nbt.cpython-36m-aarch64-linux-gnu.so�netlogon.cpython-36m-aarch64-linux-gnu.so�ntlmssp.cpython-36m-aarch64-linux-gnu.so�preg.cpython-36m-aarch64-linux-gnu.so�samr.cpython-36m-aarch64-linux-gnu.so�security.cpython-36m-aarch64-linux-gnu.so�server_id.cpython-36m-aarch64-linux-gnu.so�smb_acl.cpython-36m-aarch64-linux-gnu.so�spoolss.cpython-36m-aarch64-linux-gnu.so�srvsvc.cpython-36m-aarch64-linux-gnu.so�svcctl.cpython-36m-aarch64-linux-gnu.so�unixinfo.cpython-36m-aarch64-linux-gnu.so�winbind.cpython-36m-aarch64-linux-gnu.so�windows_event_ids.cpython-36m-aarch64-linux-gnu.so�winreg.cpython-36m-aarch64-linux-gnu.so�winspool.cpython-36m-aarch64-linux-gnu.so�witness.cpython-36m-aarch64-linux-gnu.so�wkssvc.cpython-36m-aarch64-linux-gnu.so�xattr.cpython-36m-aarch64-linux-gnu.so�dckeytab.cpython-36m-aarch64-linux-gnu.so�descriptor.py�dnsresolver.py�dnsserver.py�domain_update.py�drs_utils.py�dsdb.cpython-36m-aarch64-linux-gnu.so�dsdb_dns.cpython-36m-aarch64-linux-gnu.so�emulate�__init__.py�traffic.py�traffic_packets.py�forest_update.py�gensec.cpython-36m-aarch64-linux-gnu.so�getopt.py�gp_cert_auto_enroll_ext.py�gp_ext_loader.py�gp_gnome_settings_ext.py�gp_msgs_ext.py�gp_parse�__init__.py�gp_aas.py�gp_csv.py�gp_inf.py�gp_ini.py�gp_pol.py�gp_scripts_ext.py�gp_sec_ext.py�gp_smb_conf_ext.py�gp_sudoers_ext.py�gpclass.py�gpo.cpython-36m-aarch64-linux-gnu.so�graph.py�hostconfig.py�idmap.py�join.py�kcc�__init__.py�debug.py�graph.py�graph_utils.py�kcc_utils.py�ldif_import_export.py�logger.py�mdb_util.py�messaging.cpython-36m-aarch64-linux-gnu.so�ms_display_specifiers.py�ms_forest_updates_markdown.py�ms_schema.py�ms_schema_markdown.py�ndr.py�net.cpython-36m-aarch64-linux-gnu.so�net_s3.cpython-36m-aarch64-linux-gnu.so�netbios.cpython-36m-aarch64-linux-gnu.so�netcmd�__init__.py�common.py�computer.py�contact.py�dbcheck.py�delegation.py�dns.py�domain.py�domain_backup.py�drs.py�dsacl.py�forest.py�fsmo.py�gpo.py�group.py�ldapcmp.py�main.py�nettime.py�ntacl.py�ou.py�processes.py�pso.py�rodc.py�schema.py�sites.py�spn.py�testparm.py�user.py�visualize.py�ntacls.py�ntstatus.cpython-36m-aarch64-linux-gnu.so�param.cpython-36m-aarch64-linux-gnu.so�policy.cpython-36m-aarch64-linux-gnu.so�posix_eadb.cpython-36m-aarch64-linux-gnu.so�provision�__init__.py�backend.py�common.py�kerberos.py�kerberos_implementation.py�sambadns.py�registry.cpython-36m-aarch64-linux-gnu.so�remove_dc.py�samba3�__init__.py�libsmb_samba_cwrapper.cpython-36m-aarch64-linux-gnu.so�libsmb_samba_internal.py�mdscli.cpython-36m-aarch64-linux-gnu.so�param.cpython-36m-aarch64-linux-gnu.so�passdb.cpython-36m-aarch64-linux-gnu.so�smbd.cpython-36m-aarch64-linux-gnu.so�samdb.py�schema.py�sd_utils.py�security.cpython-36m-aarch64-linux-gnu.so�sites.py�subnets.py�subunit�__init__.py�run.py�tdb_util.py�tests�__init__.py�audit_log_base.py�audit_log_dsdb.py�audit_log_pass_change.py�auth.py�auth_log.py�auth_log_base.py�auth_log_ncalrpc.py�auth_log_netlogon.py�auth_log_netlogon_bad_creds.py�auth_log_pass_change.py�auth_log_samlogon.py�auth_log_winbind.py�blackbox�__init__.py�bug13653.py�check_output.py�downgradedatabase.py�mdsearch.py�ndrdump.py�netads_json.py�samba_dnsupdate.py�smbcacls.py�smbcacls_basic.py�smbcacls_dfs_propagate_inherit.py�smbcacls_propagate_inhertance.py�smbcontrol.py�smbcontrol_process.py�traffic_learner.py�traffic_replay.py�traffic_summary.py�common.py�complex_expressions.py�core.py�cred_opt.py�credentials.py�dcerpc�__init__.py�array.py�bare.py�binding.py�createtrustrelax.py�dnsserver.py�integer.py�lsa.py�mdssvc.py�misc.py�raw_protocol.py�raw_testcase.py�registry.py�rpc_talloc.py�rpcecho.py�sam.py�samr_change_password.py�srvsvc.py�string_tests.py�testrpc.py�unix.py�dckeytab.py�dns.py�dns_aging.py�dns_base.py�dns_forwarder.py�dns_forwarder_helpers�server.py�dns_invalid.py�dns_packet.py�dns_tkey.py�dns_wildcard.py�docs.py�domain_backup.py�domain_backup_offline.py�dsdb.py�dsdb_api.py�dsdb_dns.py�dsdb_lock.py�dsdb_schema_attributes.py�emulate�__init__.py�traffic.py�traffic_packet.py�encrypted_secrets.py�gensec.py�get_opt.py�getdcname.py�glue.py�gpo.py�gpo_member.py�graph.py�group_audit.py�hostconfig.py�imports.py�join.py�kcc�__init__.py�graph.py�graph_utils.py�kcc_utils.py�ldif_import_export.py�krb5�alias_tests.py�as_canonicalization_tests.py�as_req_tests.py�compatability_tests.py�etype_tests.py�fast_tests.py�kcrypto.py�kdc_base_test.py�kdc_tests.py�kdc_tgs_tests.py�kpasswd_tests.py�lockout_tests.py�ms_kile_client_principal_lookup_tests.py�raw_testcase.py�rfc4120_constants.py�rfc4120_pyasn1.py�rodc_tests.py�s4u_tests.py�salt_tests.py�simple_tests.py�spn_tests.py�test_ccache.py�test_idmap_nss.py�test_ldap.py�test_min_domain_uid.py�test_rpc.py�test_smb.py�xrealm_tests.py�krb5_credentials.py�ldap_raw.py�ldap_referrals.py�ldap_spn.py�ldap_upn_sam_account.py�libsmb.py�loadparm.py�lsa_string.py�messaging.py�ndr.py�net_join.py�net_join_no_spnego.py�netbios.py�netcmd.py�netlogonsvc.py�ntacls.py�ntacls_backup.py�ntlm_auth.py�ntlm_auth_base.py�ntlm_auth_default_domain.py�ntlm_auth_krb5.py�ntlmdisabled.py�pam_winbind.py�pam_winbind_chauthtok.py�pam_winbind_warn_pwd_expire.py�param.py�password_hash.py�password_hash_fl2003.py�password_hash_fl2008.py�password_hash_gpgme.py�password_hash_ldap.py�password_quality.py�password_test.py�policy.py�posixacl.py�prefork_restart.py�process_limits.py�provision.py�pso.py�py_credentials.py�registry.py�s3_net_join.py�s3idmapdb.py�s3param.py�s3passdb.py�s3registry.py�s3windb.py�samba3sam.py�samba_tool�__init__.py�base.py�computer.py�contact.py�demote.py�dnscmd.py�drs_clone_dc_data_lmdb_size.py�dsacl.py�forest.py�fsmo.py�gpo.py�gpo_exts.py�group.py�help.py�join.py�join_lmdb_size.py�ntacl.py�ou.py�passwordsettings.py�processes.py�promote_dc_lmdb_size.py�provision_lmdb_size.py�provision_password_check.py�provision_userPassword_crypt.py�rodc.py�schema.py�sites.py�timecmd.py�user.py�user_check_password_script.py�user_virtualCryptSHA.py�user_virtualCryptSHA_base.py�user_virtualCryptSHA_gpg.py�user_virtualCryptSHA_userPassword.py�user_wdigest.py�visualize.py�visualize_drs.py�samba_upgradedns_lmdb.py�samdb.py�samdb_api.py�sddl.py�security.py�segfault.py�smb-notify.py�smb.py�smbd_base.py�smbd_fuzztest.py�source.py�strings.py�subunitrun.py�tdb_util.py�upgrade.py�upgradeprovision.py�upgradeprovisionneeddc.py�usage.py�xattr.py�trust_utils.py�upgrade.py�upgradehelpers.py�uptodateness.py�vgp_access_ext.py�vgp_files_ext.py�vgp_issue_ext.py�vgp_motd_ext.py�vgp_openssh_ext.py�vgp_startup_scripts_ext.py�vgp_sudoers_ext.py�vgp_symlink_ext.py�werror.cpython-36m-aarch64-linux-gnu.so�xattr.py�xattr_native.cpython-36m-aarch64-linux-gnu.so�xattr_tdb.cpython-36m-aarch64-linux-gnu.so�/usr/lib64/python3.6/site-packages/�/usr/lib64/python3.6/site-packages/samba/�/usr/lib64/python3.6/site-packages/samba/dcerpc/�/usr/lib64/python3.6/site-packages/samba/emulate/�/usr/lib64/python3.6/site-packages/samba/gp_parse/�/usr/lib64/python3.6/site-packages/samba/kcc/�/usr/lib64/python3.6/site-packages/samba/netcmd/�/usr/lib64/python3.6/site-packages/samba/provision/�/usr/lib64/python3.6/site-packages/samba/samba3/�/usr/lib64/python3.6/site-packages/samba/subunit/�/usr/lib64/python3.6/site-packages/samba/tests/�/usr/lib64/python3.6/site-packages/samba/tests/blackbox/�/usr/lib64/python3.6/site-packages/samba/tests/dcerpc/�/usr/lib64/python3.6/site-packages/samba/tests/dns_forwarder_helpers/�/usr/lib64/python3.6/site-packages/samba/tests/emulate/�/usr/lib64/python3.6/site-packages/samba/tests/kcc/�/usr/lib64/python3.6/site-packages/samba/tests/krb5/�/usr/lib64/python3.6/site-packages/samba/tests/samba_tool/�-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -g�obs://build.suse.de/SUSE:Maintenance:31907/SUSE_SLE-15-SP4_Update/625f171e9af34d04e78337ab8ddad37d-samba.SUSE_SLE-15-SP4_Update�drpm�xz�5�aarch64-suse-linux����������������������������������������������������������������� ���
�����������
��������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0�����������������������1���2�������3���4�����������5�����������������������������������������������������������������������6���4���������������������������������������������������7�������������������4���8���9���:���������������������������������������������������������������;���������������������������������������������������;�����������<���=���>���?�����������������������3�������@���������������A�������B���C���D���E���������������F���������������������������������������������������������������������������������������3�������������������;���������������������������������������������������4�������������������G�������4�������������������4�������������������������������4���4���4�������������������������������������������������������������������������������4���������������3���������������������������������������H�������������������������������������������������������������������������������������������������������3�������������������������������������������������������������������4���4���������������4���4���������������������������������������������������������������������������������������4�����������;�����������������������������������������������������������3���������������������������������������������������������������;���������������������������������������������������������������������������4���4���������������������������4���4���������������������������������������4�������������������������������������������������������I�������J���Kdirectory�Python script, ASCII text executable�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9107432b97f349778c654f0932a370716024a4f1, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6229af559c4433a1e0f21b8e7f364a6e0b7a8c51, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=6b94a6eebc3ed86d6c8759b227e963dcd0bf8569, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=df604fd383b0faf3d7c610d80a8f641b40c297de, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=dd42a355aef1a6c19739a835cf90b09c47c5cc28, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=310995d5a3850295b5f5bb8803bf48c94e8b0aa0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ff394530954548d52ef96897aa166bdcb349a0f9, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=35ed0e265a685ce881390c33677ee02a6791e0b0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c838a0ea63c26a51082ea369756b37bcdd4eb5c1, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2668e764c4d71bb165e6b1f15355f6ae57d6b1cc, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b3c7f2f6e27f512ddd26ed0f7409d3bf09b902da, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=99b58bbb2f6d118e222c9db128c965af2b88b4eb, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2046c5fd9153a572d4273035487fd3cec357407f, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=641bef0789895ca562875c004f31957484fdfbc8, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=54334e6ae607d8228944c348d41a5faf914434e4, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=9104002d1688a7aaba1683d8cf6bcd1fd0d1c50a, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f3b266dca5a43f10f6d825a93ee0f06b562adf74, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5d207e064344d3301204f15a39a55d862eb2d92e, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=70b853154b627de328ac60f80b39d03886a8a081, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ef01d247b9dcb32308c85cbb783d9bae9bdc5c0e, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7347f0d8e809f4741a28fdc42a3216a1fd03f75b, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=bbe4ec170f375b0535eb24e7dd1749cb17a302f5, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=720ceca91524f97d027273c05333a812323c4a29, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=942a09d7e0d8c959f67ff0d99087ab4412c6db31, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=aa50dc059d827822b2e5a0ea0fde0ac5d5f43cc3, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=406a31e3fe74f7dec9cf67a8cc22a527061793cc, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e483d743c47d6b73c6fffeef4c4b11e0dc9aa02d, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ed252d8410cc8eacf2e49bb4ec681f4d7d448b60, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a41e01fd4e307a5555cbc1bf84f0d96842dcbfad, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=65b227a3a8a18955dd62772a335a599f2f9f6c87, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=47224324b05ac742e207ebb62abf9893edde2276, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=a34b0c5ffe805ccec2a4fc926ec1f98cac321cac, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=108d738495489c7dde276d5d25ea37197639245b, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3f317c668f7f3735817c25a6266095f4f259b37a, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=0a18695ee32574bcbcf7da445e67c792f665ceb5, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=ff49c4b1ae29b1c9e41f52d80256ac8b32dd4f81, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=432f884c77bbe13ddf8db936fd5fe54194a36f1b, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=3749ded90c7285dbdbb24a1c87f4a9203d555259, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=7e07dee5d1aa53ac4846b948824cae733bfbb2b0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=29384133fdea9d08b61dda6b5f2b20ea2e632e85, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=2cb9b4f60b2f000c0b137525c26d3c897183fbd0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5e138202b71acc93e4d431b897042f9c960d44ae, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b41f0a08b3e30c551161ea85a85cbfa7e40cb12d, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=e714cd8c2a50840ad996489729702a819a74766c, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8305a52e892dcdee40e99704c83d75a5765ea555, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=d9ee13d2afc931beec267228db472bbcd697aaaf, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=f4e25af1b1827a6733f667d0f82bf869c524a2bf, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=015cbb4436c4e561321c92e83619c81515282e79, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=8a983e67f5e25b4eaf28d6c563fc5f017d531ba6, stripped�ASCII text�Python script, UTF-8 Unicode text executable�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=564195a34fbf1e8bc75661da94bf611e4fd7f73d, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=74bb6772cc35fe9e12d1fb41fcaa0cf23198859a, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=04e952024f7effbb8a725c91ca4f5bf177b38c66, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=4341913e2bb9967ae7c30034a9165304592a898e, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=110386468e46a4403f79bc7cc50510f3f18fda8e, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=b324b9fd1e4db49da2fdc288bc8290d833677db3, stripped�Python script, ASCII text executable, with very long lines�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=c3e2e13292272d5d0f26f4c14bf418e88e35f48a, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=afbeef854dfad6111450e443b82c560f6f30078c, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=740381ed08e894945a2969a2ad8122f05759fc47, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=598918e99b0ee161b8d6d34c622817cc21fda10b, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=025f28facf9376881f2c3d7f3b8286e535e1c31c, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=15fd18abb62b93b81f90703013c61c3dffb1624f, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=85b7ac2feea57fa2dd6c17c940004691fbfa85b0, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=74dc31874b9e01124a2d046cfacc2fcce6c49e32, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=620530185c73e758ca779384db43fdacd51f3d85, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=fe62cbf147d1b9494e0d8950c6fff338613cf78f, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=5fc7e1480ef8eac902cce525c3dcbc560225ef25, stripped�UTF-8 Unicode text�Python script, UTF-8 Unicode text executable, with escape sequences�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=26c912a11131c9a263107b8bacb7120a2e95d3f5, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=211759af406dc21147f044f7890b691b024d6cb4, stripped�ELF 64-bit LSB shared object, ARM aarch64, version 1 (SYSV), dynamically linked, BuildID[sha1]=47fc5fd9692e1b07c5db708e0e9cfeacfcb5af3c, stripped���������������������B���k���l���m���n���������������������������������������3���J���`���~��������������������������.���G���X���n���������������������������������8���O���e�����������������������������0���1���2���3���4���5���S�������h���i���j���k���l����������������������������������������������������������������������������������������������������������������������� ���L�������Z���[���\���]���^���_���`���a���b���c���d���e���f���g���h���i���j���k���l���m���n���o���p���q���r���s���t���u���v���w���x���|���������������������������������������������������������$���=���V���W���X���Y���f���g�������h���i���j�������k���l���m���n���o���p���q���r���s���t���u���v���w�������x���y���z���{���|���}���~�������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������� ���
�����������
������������������������������������������������������������������������������� ���!���"���#���$���%���&���'���(���)���*���+���,���-���.���/���0���1���2���3���4���5���6���7���8���9���:���;���<���=���>���?���@���A���B���C���D���E���F���G���H���I���J���K���L���M���N���O���P���Q���R���S���T���U���V���W���X���Y���]���^���h���������������-���)�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������!�������������������������������������������������������������������������������)���C�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������&�����������
�����������������������
�����������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������������
����R��R��R��R���R��sR��3R��\R��^R���R��R��R��WR��R��R��]R��2R��rR��kR��R���R���R��R��>R���R���R��oR�� R��uR���R��eR��dR���R��R��DR���R��R��R��jR��hR��gR��R��R��/R��BR��qR��CR��pR��R��tR��
R��R��R��R��nR���R��.R���R���R��kR��=R��R��cR��AR��fR���R���R��R��>R���R���R��oR�� R��uR���R��eR��dR���R��R���R��R��R��jR��hR��gR��R��R��/R��qR��pR��R��tR��
R��R��R��R��nR���R��.R���R���R��kR��=R��R��cR��fR���R���R��R��R��R��R��>R���R��oR��uR���R���R��R��hR��gR��R��R��qR��pR��tR��R��R��nR���R��kR��=R��R��fR���R���R��R���R��R���R���R��R��8R��7R���R��R��R��6R��kR���R���R��R��R��R��uR���R���R��R��hR��gR��VR��[R��XR��%R��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R��R���R���R��XR��R��hR��gR��RR��WR��R��R��QR��kR��R��fR���R���R��R��R��5R��hR��gR��oR��3R��uR��)R���R���R��sR��#R��R��XR��R��WR��nR��tR��R��4R��R��(R��rR��"R��2R��kR��R��fR���R���R��R��R���R���R��XR��R��hR��iR��gR��R��TR��WR��R��R��SR��kR��R��fR���R���R��R��VR���R���R��uR��R��hR��iR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R���R��hR��iR��gR��R���R��R��XR��PR��R��WR��R��R��OR��kR��R��fR���R���R��R���R��hR��iR��gR��R���R��R��XR��PR��R��WR��R��R��OR��kR��R��fR���R���R��R���R���R��uR��R��hR��iR��gR��RR��%R��[R��XR��R��$R��R��WR��QR��tR��kR��R��fR���R���R��R��R���R���R��uR��XR��R��hR��iR��gR��RR��R��WR��R��QR��tR��R��kR��R��fR���R���R��R��R��R��R���R���R��uR��R��hR��iR��gR��#R��ZR��[R��XR��RR��R��"R��QR��R��WR��R��tR��R��kR��R��R��fR���R���R��R��VR��uR���R���R��R��hR��iR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R���R���R��R��hR��iR��gR��%R��RR��[R��XR��R��R��WR��QR��R��$R��kR��R��fR���R���R��R���R��RR���R��XR��R��hR��gR��QR��WR��kR��R��fR���R���R��R��VR���R��%R���R��uR��R��hR��gR��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R��R���R��R���R��uR��R��hR��iR��gR��TR��#R��ZR��[R��XR��R��SR��R��WR��tR��"R��R��R��kR��R��R��fR���R���R��R��R���R���R��XR��R��hR��iR��gR��R��RR��QR��R��WR��R��kR��R��fR���R���R��R���R��hR��iR��gR��R��R��XR��NR���R��R��MR��R��WR��R��kR��R��fR���R���R��R��uR���R���R��R��hR��iR��gR��%R��[R��XR��R��VR��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R��R���R���R��R��hR��gR��#R��RR��ZR��[R��XR��R��"R��QR��R��WR��R��kR��R��R��fR���R���R��R��R���R���R��XR��R��hR��gR��TR��WR��SR��R��kR��R��fR���R���R��R���R���R��uR��R��hR��gR��)R��RR��[R��XR��R��R��(R��WR��QR��tR��kR��R��fR���R���R��R��R���R��uR��hR��iR��gR��R���R��R��YR��XR��R��WR��tR��R��kR��R��fR���R���R��R���R��hR��iR��gR��R��R��XR��PR���R��R��OR��R��WR��R��kR��R��fR���R���R��R��R��uR��R���R��iR��gR��hR��[R��XR��%R���R��R��VR��$R��R��WR��UR��tR��R��kR��R��fR���R���R��R��R���R���R��XR��R��hR��iR��gR��RR��R��QR��R��WR��R��kR��R��fR���R���R��R���R���R��XR��R��TR��hR��gR��R��WR��R��SR��kR��R��fR���R���R��R��uR���R���R��R��hR��iR��gR��%R��[R��XR��R��VR��R��$R��UR��WR��tR��kR��R��fR���R���R��R���R��uR��R��hR��iR��gR��R��XR��R���R��R��WR��R��R��tR��R��kR��R��fR���R���R��R���R��gR��hR���R��XR��VR��R��WR��UR��kR��R��fR���R���R��R���R��R��hR��iR��gR��R���R��R��kR��R��fR���R���R��R��R��uR��R���R��iR��gR��hR��[R��XR��%R���R��R��VR��$R��R��WR��UR��tR��R��kR��R��fR���R���R��R���R���R��VR��uR��R��hR��iR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R���R���R��uR��R��hR��gR��VR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��uR��R��RR��R���R���R��R��hR��gR��#R��ZR��[R��XR��R��"R��QR��R��WR��R��tR��kR��R��R��fR���R���R��R��R��uR��R���R��iR��gR��hR��[R��XR��TR��%R��'R���R��R��VR��$R��&R��R��WR��UR��SR��tR��R��kR��R��fR���R���R��R���R��kR���R��R���R���R��VR��uR��R��hR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��TR��R��R���R���R��R��uR��hR��iR��gR��#R��ZR��[R��XR��R��WR��"R��R��tR��R��SR��kR��R��R��fR���R���R��R��R��R���R��R���R��uR��RR��R��hR��iR��gR��#R��ZR��[R��XR��R��"R��QR��R��WR��R��tR��R��kR��R��R��fR���R���R��R���R���R��uR��VR��R��hR��iR��gR��%R��[R��XR��R��$R��R��WR��UR��tR��kR��R��fR���R���R��R��R���R���R��XR��R��hR��iR��gR��R��RR��QR��R��WR��R��kR��R��fR���R���R��R��>R��R���R��
R���R��sR���R��uR��@R���R��rR��tR���R��?R��kR��=R��R���R���R��R��R��R��R��R��R��R��dR��R��1R���R��-R��DR���R��R��uR��R��BR��XR��R��R��R��,R��WR��R��tR��CR��R��0R��kR��R��cR��AR���R���R��R��R��R���R��hR��uR��R���R��+R��dR��eR��R��*R��tR��R��kR��R��cR��fR���R���R��R��R��R��R��R��uR��jR��gR��hR��R��wR��R���R���R��R��5R��4R��vR��R��tR��R��kR��R��fR���R���R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��uR��R��R��sR��R���R��qR���R��:R��R��hR��gR��R���R��oR��uR���R��R��R��R���R��jR��hR��gR��bR��R���R��R��R��qR��JR��pR��R��tR��R��R��nR���R��IR���R��kR��aR��=R��R��R��fR���R���R��R��R��uR��gR��hR��R��R���R��sR��R���R��R��R��#R��RR��ZR��XR��"R��QR��R��WR��R��tR��R��rR��kR��R��R��fR���R���R��R��hR��gR���R��R��R��wR��R��vR��kR��R��fR���R��R��R��uR��R��gR��hR���R���R��sR��R��R��R��{R��zR��R��R��rR��tR��R��R��kR��R��fR���R���R��R��hR��jR��bR��R��R��uR���R��sR���R��R��R��R��R��R��rR��R��R��tR��kR��aR��R��fR���R���R��R��R��R��R��R���R��uR��hR��jR���R��R��tR��fR��kR���R���R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R��R���R��kR���R��R��R��bR���R��R���R��kR��aR��R���R���R��R��wR��R��R��R��!R���R��oR���R��nR��R��R��vR�� R��kR��R���R���G:XPɮk�08����utf-8�afa03a16b25847bf82ef365761bb84489cc2634d0d373c83b19d5c7639f96d89���������?���� ����7zXZ��
���!�����t/��]�"��k%m2_�f4p��DJ�4j.�z&�ޢy�f�NKk�۪��{奌n),`Y]#P<��eKH�Y,E#r9�` b�8$AZ^7BFN� �Det|G|OX$ԅ1m�hw�^c�f4p�j3>�W?.&��m)3?UPu�R�a^M�Ip?��Tq<ن\?\Z7�?L�v���x5[]�&�|�2"ѯ��;tdU@e�6"q�#%)Np �#��¢ÀT1BZs6[���c��G2�M܇zBm�0w|h*@q)
4Q?P~���]�Rh�;9`EbQmϾ2^s~Y|�YȝeU]GLsw�n(Z�u#_]�3��?ٿ4\&9.,}vI땼+!z�)C5N`�S�Me1v5 !
g�ee�y>1��HV:fE�Q/>RtguG<&�KH7hY{VEs;3��"P
|YΊj�Rlқ
Q!!'�uڏk��c^M }Jek"T�mIR\p�wS}j}q"ӨG%ʌ1x��XN@�b4�IZy~SEop.EݖY&��
9��W�}�i:�DWT�p����shIɋ�O�J�X2�^LE{
,d�7ݞsMk[aNrgu. �m�ZY*5l
DRA ff;��ݕ;큑0�q��l�=SY3Ѐ)-!�
�txQ�-%uV�%QLf^�z=ށ�$a�p
on�n1q%�\0OKں`l7+�UnyB�w�%�ښlİnOGA*�3D�[τMRM0e?8<�1۲'�o5աN�&�0�湘5Q���ׇ $�}Q˜8BC_V87==�$�Ҽ�*�%V.2�&5/JuG6~�P(AVD`srB@~Y�_VN|�|+rtO�%
�u���`2\ţ[�KF^NwMqj`�f�PYvv2M֗Z;ix
zv!=5�,���RcaۦɁїz�iO%�~��Lze?QbE�y�I|⏟8��RX%
*Vi#'VkAe�.~Q�}2�O_雥ŃЏc`�N�bu5j�Z�/\HPC0.2b��H>�k=
t'W�KBD�C=ۤ�ޜ~�s��:Xξ�"�(N"�qqI|uh
pM�.>}�ٻ>T��E�g��h|�Bd?WW��&JR�0V2{BspNޣh�K'(�!,�
:�",c�u�~�7
}<>$I�(u�)s$q�D$e�B:/.٩Az+�C�)�
�~ؽf�
R
M�p�ɐ�R�U/!��Q�*(5WT`n~P#-v�+��p$�p��+!\t!]Aa�;(�ɌE*2XU/[�i4�(n}SnӮv>ZY�Sm1{4$�SSQbKf)cNA�7�"*'_�"
';>q}kR�?,A�f-Ï[_F��^Vj
�`�vl0�)�c�;�BjL��`�&�ȒH_�V�}�*Y܃Q�TMͱsqW/*b@[.�i ?}|�9�dB'Z��G�q&_S-�l%8��ZK�UE7"#tm�@�)�Z$uqzwUW>iТ`d:= #H�?�#k�P�YCyEش̳VtҸ���dL.8~
g5n3Uaί���cN0�i�9#�VM,MM��]�\s��bI:/�:GdbJ(!h=�xD0Z!YW�WUNvj�l�ZK;t7�%��u%p n]�R5�H5_/�r��qKw0V^��v7�|S/õ%A�oD�W_+ڑ%X1v)hr:Z\4yuvR�bfLlQGu\�inçK�O,sCyHL%�E`Ju4�ga40kp3㖈/��#Y~U&( B[w'�=;P|�ʬ/
�[-Ǘ�X�sc�
�S]�,]k4ˎSAz@L�,Bm~9u�{�8�w
�Soޮ�[ɸƦѠG?��/&MTDg75}>;w��fo-*Vk'I�Ǔ2��c�[&�N:�δ5]?
d�XHGj#=��;Xץ;Nڛ3ChHuHd}O'O�ؙhGX�MjYJt*_q¥I|U3��^`'y�XV�x~sBͨ�qeR ;̚|md[Ui�lh�D1og�V�D{$
"=�g]-ۂEs�_�ٖlכm`u: H32 ĺ'�-i(dT�k�-�^H�|�CxT֍64d�TϼQ�:L�M�I��~x; �S'w*.Jb����Ww}#tT&�ҾpS�87hoӁ�_DY�ǽD(�M�8/7{~ǖ9�|,�b?�.�aS�l{�!(y:�A�I���h��f�PIU��dD34��!*g�Ur�;T�愭ڄ�zW)�+6#XJ�h̼W@'���Nk0��*%;۞=/3XotDEA;&LF��zɮAkghnf�:N骨zlJǥ�N\�<ȑ�qL^F�6OF4_P;��w�8
�EK7dV\d\kd~^�ڋk ]Nk^Z%=x=/(&?^E7L6 k᫇nK`rM$ImHvDЉ03#I9�Budy?�d�8Vc3�&@`�?[m;5&A`k'`2(�z`_
4R�E�Ti�\��KN��9ޙ7ׄ/%RՊIJ',\�p)_�H�(ʆuyH?+3
HH8�ԃ� amFז#SV#驐c�� f_�#�I�LM{W�B�
{%�4J2"3ypOؗo��o�A E߶b�^dn%Xײǟ��yS;h�f
AчX7$,Q.%F8 c �0XqP]n���ԭ-
*MN7%�7qظ�+'xe77a6�T|�×i]o�@ޓ��'1U����e00J['�tNT�ycȣJ���
(ijy_�UW�9�Q�hʺ/c!2��\�H%(��5�#SH!5WR�%Fg�V�_M)Fq݇&T$�G~�|R�;5U*ݗK�+F^G0u%CAOߔAE>TZ�<[�vzwD1Uc̚Ϳ�Hl<υt��f+{##Αf%y�+M^;� ՓzWvr~GQ�UG6X3E�m)
N1�b+{A�+ʩ3V�n8�N�q3nѣv�a6�zrV�s�ǧ[!컶b\pVb1�*��hp�hq�!M�y=0@�BDXm2�ؽYk1C3�7[�lq&!wP_h#Pقŕ8)ޭ�Н�x�s"I
HqHYH��I8;deʉ� xUk`M�
Gl80D?Vdyx8Te||:lZ.�hc�wJU??b2�|_L12�0�>Fō7jJOԵ�[@
%o�ha!!\0w�E��vG*�ڛ,SoQ�AAyBz+.E$LRq8`�~�iU`��
�3 $�m" 2�q6Q8S�TBͽ�"WO��' 2iԵGKb�O{GNh$5K2Uτ,d�G���"-P۬C/X�Ů*�
l#�C+A.c\ȭ-G*]]pd�D��[d5&/U�"�PŊ6o:K�x/s�"N.�].RJYgWg��+]am�xTKf5<ͼN[`ކd�/�# �>�u�k6�zfN?�v����d�t�=1�D[�y(v�L9.@tg➱5��zPv��.}@*i6�d#REvO1~lj0-U^X�:�?��Ms& "h�d#�)Apv7N�F��R�.on�t�Ya*y��Rݐ����k�rєMPU05^�u@;�`!4:�2EwB,Z5�EWhJhj*�+v�q'f+H9EzG���[kѩ�텎��V��ͱ�_?#}-|q�7ژ"k@B`#h�#0?p"?`�A�K*G{z�=0wH�/�1`a}�!DO1'Ң�Rd��nDDUQ=JKN(ʆFUiTԠ���dfq�0�:!�l|�mLE}B70�Q^o:^Xs��IL]d}B3;�p }7��F�U�pO8Q�'ٗ$쪁\4bEK �{�%�A&t�zH}�gl�r�2+b[xE�� �j�oq8"88Sb�Y8? '�J@cIrJ�ɋN�O�qƘۂ<6}%w;Z�� ԉd,�)�~�hW܍XnՉ˓״�⡨jЦ�f~˵{�Ŕ�*d�vB|
u`t-VnJ4k|d�<ل/bHATxa�rS˲p,;JXLH3�ѪI,c�FF|v�W.�XU©��`D��~�1Ͽޯ�b=SNpq�:1ʣtleC��ܫԁ?9tAė�"_[�i�6�75t�gMU.;g%4'RyeJD#- j�fuxbҶya�W�Q-K�j�,�d~ܹ.|)
P55�l#%ȴL\Q_6Wh-<�(=�9p;v>_?xd��#U��b$7'd6O\KkƤK<]�YCi-Պ,�
:�87=hq��έ=q~9?o�1gL
Q�/[HW� ��j&,rM5*GWhʳz�9��cx/�m\McLp
Gs#P~~W�Xz1
��FU:�dL%q�w�"" PbԄ|��4C9�Թ
0P0SyrנUE6l;TWD|}rz���w�y˛g%*�L�)>�:<#*�1soښGoJs:eMN�\tjc(ӝ�\�ϻ[}~kW#0�]H09Z6:�
�ౝo;a�Y�N��P$A/1�EFru~Pv@2gN��Y8O0V�A�'g $@�AG>JD�=2'��ፂ
= �`B�!)LP㹄#gF&��4t+j:UMK_4Z,
�v o@6Zt<7zw�҇qI�c$�FW+b}{ քݲQ ,A��:T|c)
E?}1�mftS~Y'��V a5*!A/9Ԕ �?wUa[)z<�}!ona� �Bԛ>�d�U1h�i�Q�F0hӿ�$�էQ0�H+L=Tfֽ�"Zi�Ϸ�yQv$^k*&X�n
E���$&.;:2,٭Qf?ڒ��"05~�
r�Yo6�}�Q͈���Ǭ Y
&
dWv(14V�� ި�K|>`+t�vd&n�A2�"S!zuLQ`��74&�c�w<��WֺP1�wea9?-�T�xz+O�"\}&M_d�?n�@*ګp���߫j�i:>�?*�{J
\\V#;|J�˞Tr.aF�G'7[�ޢ�Ƒa/�vf҈�Jp"��%�|Skp5Bi\{�~e7��%�3hߛw�{{vWqhg<9u�֥!
�Hi$ve�{D�:�F�GSktTݮ5;L#.P-ͅR��L5GPM\f(s0%�"VƝ�X['$&(�W\I�_e�O6�B?9p&w� 6xhaqCP�ƌO���p)QM�$zJvJ�N'¿Oqh%g���QV*]7'֙
UF\!%�B�%ٿ'�B<``ʫ�ǍӺ;W=p&�KIt�I�t3hQ�i9����qL@y@Ht1B�gVaL��Ō#9�z�6S��η�1v9_5>H^� e�%>QY8G`ʠ�'�B4�Ydo
�ҫ[n�J�E6/Jدi�^0GNS�UYj�z2X�ib$t@mJ }ӍY��+S@��ףx�~ސ`k�VNwu]lhs1�V9T9Yڰbe7-&�#�
ACW$��@@BFja�C{)f2XyLؿ.me5�5e1�m\�K�kᑪ⯝X�Tl7s�z � �lZ�,>Ȃ$+{lWN(PdM_g5�0��)gՐ�'M_?jx%}d8yE�#�
iIH7�,z�pmv̪ͭ:ࠊ˟4Ӯwq !�o"S'^N}WuSa�xRM�D��?��-|ԕ0�UMesl�~#eb�iHIQ��ɔ,4�z#�ƴΪz C��n/�O�Σd�A>EQ~LT�tM�/u@B5nW]:dk>[q<��3;N\�^��/$uq�H�.l�/*#ش/ɡ��gs�mtj#ES\]�^�3W>vɲzlٹ5JԢ-L��fX#��
-�ѳl ��2«g($)I?�j1�F)&S'G�[m��7a�fiŹ'?"ɽԤ3d�g1�vțڙmhՇ� :2BPؓy$R2o,*:3�\ $�T6s>w23d���7>�fxù%�,f1F�-F.Jҏ[fا9�<5Ǹ
MjhG.Awg6k�㷭��n�+Ojc�{; n.[�π�d�]n�,/1�lle�Gɱ1u/3xS�"J�K�H��25~+N~+K0&,UK8�N#8~��q2�νJvt(W9�=�WT� �R4�看בv�b}{"ğyr9,�Qէ@as�2��/$v]"�pPͣ~H<�HޝU�9(v|^5Iۛ�!�,}[e
n
DXf�!Vx+pR_$Is+TDݥe}�J,�b0�Lc��*vﳿR��z;RfOͰ3[ZƤ
�۰ˆ�':{�H=�_S�¦��_W'3Q`^O�_g�^`v7Q:�ҤaY5�HKVp�W����M?ǧTÍ8g�!�hMv;"�K�⛷2+=aGj!Qζ���1f�`_{a�mxFǣ*�dI|�,�rmB�4P; U`xG]V��ER% 3JA�)+\�� k��_f�]�HBTWc.EЭ8m�w_ͶZBr
6(�:`٣R�+QI8O(�mC�,(5�oJ�,+69�K�r`_,3J,kfhmQZ�BX7?d��{I,�!9$ʻF�Cl�ǜ�٧SDp�XH�͒
Z?�*�zn~2k�V~ȬƢ׳ܻ}dcf8�u*ٝ��5t+5�<&.6ׅt'�ƙj�D��dǵ�m֩niSu3'zk�;0/_t�g/(�p+߮vv I2g��q-�B;�؍/A()I/�&E�yBbWS�:ObCk$��|1c� F'���J5�[Ѷi���x�dN.x��=KۧM�V{7q2hr0é�1۽f9\]0K�9&}�zi< >IHo�m�EB-�vy�>�1K(TBc$�֒SS'6�aPLz��O���%G*Do�#z
,L5j~PPmE�1םGr�E_D*R0
�&7:"�)p۱�s
G+qϤ
n�Dr˙]>pC'W�W�nyX#�7z.Oi�_nofj�ghJf��2(=3r@;G/sb'�G7i�Ճ�Nո^P)֟%pVI��깢zZTHs"yml�VN�$X��e^�)��KTQo~��gĨ-L� 95ãPΌB�=ޑumYz8._�ְt
&D5?+q@fPkַ/18�`c��K�
eezMiw
#JUd�ʧs��0�ςU��Y۩O
%E0%b��}8+mo`7��YS�l&~;�F߉�>�YVb�[HyS1�B\W֘S@
F�dp�ki�H���*>'Y1ۧ�r
}H<��'-,vԤc�
d
f1,ޞזY:�I�K(TӪ1 a���ajL>=yѱy��+h+�Cn<ٝ̿`G���Ob�Xc9 8z@4$|D|T�,��12pGC�϶�jS[H l:UC�bŵ7- 72y��@�wN�4��C"�Nr{|S;n߷.VY�4k��y�=Iʨo59[2jC�W�x-�[Y��(%ڃ1:eM#jHRQ�DJčb��t!@�N"~��\7?ZXg7�e2�_țP}(&h��% VӔ�g湖#2qK0!�yc��_0Z
аgM�q�-��i�;]f�_�ۖ�u Jw�魈b]|���גF[����v+a�P�RJF{ܣ�eۓ�V�݆,1l�R���M&?Xs!3�ztн[;+TQ
K��H���_[cK
p��^8z%&?~AKx+un(?�JN}l<&cm��*�aጔe00;b\Â2Q����m۲u�2&-��|Y`�ډKk2A�$Ж+"|�"�-�QDn^�S~!œ$|�g3M�N���O%:HGY:g�cṪI�M'�06� aNru$f=LbcԳV�3E��DB�8 n���!�̉�Anut1/�lU*Hô�� �9Fr��>�-=�TƂ�x �����T;F
t1vSh͏!Q^�xb�
�sW'{r@ֻB'�bE�p`-Y4mS�ɽX2!ȡ�Hyq X6VD@!<ΖیZ�pLȐˆ+��*b6%J' !Q��o�=uAxQ�F#�V�tRd5:m� ^ԍp�Y;�7
?(.rɇgb�>X\l=A�]M3jx3vc{J5 &6-G�Hkf��*EֆY?�o��H {v_+�Y[m1�y�"�d jh��r�Ѷ-A��Pj
a.+4zK�u
ꐉ' Ao5<�b�L,{yALQ�.�E�XrAB4Yq��^Tݓ�BHzڗ vE䦘X� �`f;Ѥq"F �%l�DĪ)q<~&瞰�;{p
,_=�TkT=��{NBiwE?+�9zKz)d-I>�TGh�J]�%���??F�;�rIXg��VmM~~7n9N4ȜLcKɂ�N`(^D+K�cܓqX�f�,{)p;"ipo�5yvk=\>�:ԽA Q۶�ȿu�̋'1,}-.L
mҮa
��n[S��ѭ9�|:�M$Ò�Oºe`SxTңhx'N1�"`.!s<;*�IU2�K\.�. ���JX{.ePo, q>\B5eѝt�R���3�\r7&f��gE"WrD#O��5%T!YpX*]9Rb�@�x�W_\8⸇�D2XgLDmPmye�Fe1S�u�5cQm�u�b'z#A�E$l]}\��!v"(�+.�EZi��MЬ
�7�|v"8�ܙ8??an��>3ys�ZUaO~m�gB��|k]g�'`47[�h(Ob&�ә=PYEABE��FRbiaa\b#-̝��,�n�09"|p]Q�s
Sc%B�33r�߃v�% }��-_c! �Dب)bU/�j2�eT1#.�?TE>.,/Fx��-]�=ɦ7���B:w@�S!rҸC!�s�s۶}gU $S��YY2oؓms L�$Vl�{XӬ lӪ�~Ъi_zdif>kDŗ�T/(2�oZGc�U�4i)h
9ፙ�u�,�y;G3V ߘ[9S�:HKt�/�WLo��%UIZ�ϑ2nQ!t;*S|g�HLZkM�]RF
gSK<(�'IqA���7/ikn��dhEH{=@[Ŭz;� Sq��huIsyu~
`\n^��>I~Ms�'%gr]\�j"#,{k%ϩ@O$(�Y3)���VG�UPO=;<�K6j$ш41 J->2Iz:nm5�kY3>�xQ�Ɨ8��n[rOXA�;aT�=�`5f��� ²ɝ��qY*˹$*[/F
�HO�8}b9V �Y@Ɛ�_v���Kd�lÖ[ųN?�&�ō7\�~�?.D�=I.vD^Zu7g�4<�`d�T5W2�Ay�m�S�uE���
zK���@)��ͿQv`t-I5&j7=���a! �rʈt&d��!#(p!{�XXm9cP�ZhGuZvhI;DxWa��I�|H�
h�z�Q�}D1]��I5 �LMeji|'�\p+T6˽/03ѽrۤh1=ϺO'�ѦN\n�H�&�s%?4|�z}T=��6K��ސZe4N���W����Ҙⅱe{�V-
_�pY�`�:�RG}ݒ/q6~VNpRć/�_§yOzO
Z��bc͙4E�
�p#u�`,0C��}_Xp�
�Xʽ-�*jl�;H#wϙѬkd]{[�'0�ـ]J,ccA_x)�24U��:qDeֆ~l=Hn}7Pt[(yq9�'#v?p>ZW#J-۸Hu/��pE�cg-BF܌)|+�{��GL�o=|��?RQm�Э>0�w䚽Vy"Zj#%aA�B^�
|c6"����kO7pK)
UNq&w!Ս���C)�F��/ZՃ�e�q�EjĻ�GM.{�A� J#SF
�-�g�RƮrE5@K3i~�sEQO�S �B{'ؑ�M��\eA6�rtFy��nH�����-ckS<ыI"b�l\%�
LZ�QX`ߒ`ntT$]e:Ũ�A}zO���$^F��]j)HB ҳ@6R�HR|I ﵏i*��!i#�hiDF�`Bx5�mRжƈn�9;O�ὐl�&CB1ji�()4iy_1bgJ�S�hּ�X˽-h��tm1DҦq=�_=Cl�a/�Ke��mߺE�lBr�h(�$�Pv�?*f"mq"`�!��K/Cԇ Iɦ*`h!w~z�AwҙQ9Pݩ�*qmW]~l ��1Jà=�ug��p:?aMI�f``F$xqj��[XQ�Bzk�C.��cW�+aܬMI;iSmןR����|ld'Ư}N��'7|0)�>4qi�
$�B-?_9לKuYթC2uy7-(j}t7!je�#���}V���ko'4Z�r;{2�%$()k6v5gJ%3#��:9]YrJ=�F!�YPob�3M)�>@M�e}I�PX\ܴS*g_:\@s[K@i�1"9Qk6.UEn
be9U72�eR-VB'F7%P�0>Q�ƴ�sb�I�u(dծJp6�ף�nի��d4-�%y�>Lc�&w�bIE�H�[]M�E>Sr*�i
ԮY+�t,\adn�l�`!�`5��iv�ޫMbB\$JS�**�
0-Ud v�&`�RV]-j�(ב
zW-l�P!dg~s@
�oy^p٥`�bKNq]N+�pf4(���VP�qtsl��H�d4qsU. p:/gc�L+�G~�l*Z�|Ve(և@\�}�s{-+p�Sg"��'^�~5GA=4Q ݶt;P���'��Eq��×WXN��E(t3fh栊HtNDgL�
�5�v,ial��-m�T&J7,jS���еU!(ᔒqKyb~q�-Կc��gٻ*mOBvYi�
�
b)UMPQ֛қ���_� h��d'-LV2i/
Y<�1AT���Y�zYQeri|�wrZ�ͽ�P;&�=�ի�F$$�S�q��eyG5�P�hDiKIQ�N2
�(s��-`�^pA�U�W?0B�3B9` �5̢a&D^w UkC�ݎ�R6��f�+�[8bp���vfM%ML?IV�+c(�g~@J�\Xv�EF�x�iE2@�N �1�/g8@�Y�@��X(�x#�8/?�PU3J:v2Mp�Uj�*DF�A䷿BpDpb�@L��"�/9sJ�q[@��Ӓ �>h zČ
n6F.�ra1s�Det�&į��7W�ih�R:MSf%Tb~\��#3-�L\l� xt+ӛ]'sHA~.�-rՀl2
�;� ?ޠY<Č)i=@�%n�:daW,«*v?�e0:A�ZG2X�k55+��密3y8Q] IPR)�]b&�_:Wyw�0詎Tr��)/2;@���wʈ�2]Y�z潣IeI��3VB�ٞJ�Q'ؑ~�l2�]
:�;34� �5qŜ`(tA)`nJ� 8EI>ІL<�4�cK�'/MTF
'2Rcm73�rp3ZŚܻgu�k|V[&/�g�߲SK��pg
��^╏[]^kym!x\魗�&��dNJt@�l�/`q,H�
�NsBa�Lѷ52Tb3r|�jlvg0\>k��9�X��{-Qel.Q�Eٸ}<���}�q`9�9ݮ dx^q?=Mh�K3FP�*ģ7m >(m(`phl<ٔn��4u{�Q$|?@�w/U)خ(P1(&@�,e,x?��RфA�LѼ]�2Es�cULvrj)��ea_��T1N'�梳|4=wa�f��d��Z�y��"�z$Ѧr5+^t@{Td8fCIG�n})Q�Ӌ`�~kDgMf�b�-U�Q��lQ?!�;y!M(y*%I%I>a*�{�ȴ;o��|%L]�2d�)u)62wE>.:��/7/Kw!4����ïx1�4J�{�z]m^xk�9�rm۶"El+x`�dj�3k��'aU4ϮC�n�0kpcٍEhZi4x����Ц�i>tt�_x\)
w&f����It/DF����)j!|�lkyA�ܔ]^�r
[`�0זyd(!�l\;g�d,@�V}�*%_e4$۞Hs'ty7S�p
�mKMhԌ9pyG'{g�}��c$b%41JkP�
�Zp�mS�a�+@�ҒBVԦٺ��FTNTeÅSfI\@G{�b6k6}n�4w,Y�K9^��<*ղ20V��T��)RB*))�,tt4;y{l]m �O�ж�c�߯�M��6X3�XߗY��1"��
��ޝ_�}끌j6h}O�h }
ߛ�4wIn}�4uP�X�}��kNY2|װvC3ܩ��O10�TL�q:'@?vX|E72c}2&B*Ms�-�v�6�[�
��n!�ol`]ggq)NN~.RS�0q��9#Ǣd��FC!ťo���^e!y�a\(�b�;E�2I)J�x(4$i��z�fo5n~kG*8�\[de*�P_J\�5M�zy^:l�ś�ƪc~Vc7tn�l&=V߃K=}�[M=�;d� @ V�Ah/�b\��7�ɮ*k�rD!l�5��!EGoIa'8w(58=�P�Q ��}}}ǸMl~vѿXͯгanI�oO�`�,ɋj�;WJJ_Q峍^bH)MK)��`�Wl42��eQ%�2ϵ
M�i]B� K|N!b�_*os�\Մ[2>+�W4�b��>z�L�>OP^�;O'Es�7cb�T0x7HòfӚT�
(Ǐ"b*(dr@@w�lW7z7�C̲T�/s4�5)8=�4½~/{XOX�A&O ��^++ B9$�!ڷ,-iW�8Diin^�?M)�Z'{|�aƦN}�ۓ�cڐ�m! )696(p;iYy|�t]wxu'gb.{wܨ�Ĉ?d�P�h��!���LLheZ�gKn�*D�ZNAEN!x0mwӮH|'Fr �&��[: {��c��F3-.7W�ፁ�ÉI!l�X܋jɶ-5)w�m�iI2~d�g1:�f%=SI%�*BI�m�MN�>Qb�%hy��'֔}�w�[ �;h1;>3@�;]�&U a��;
-7�"�"�!�*4�b,�s;#EC��.��Ve[X;Ӏcf yEd5Sp"�;n�w+p3W��k//5�QO��(yW`=`�@ҵ�f#� �%}��Ǹ.�c A�;p|�jix؆ezkR
#sj�;y�zrTn�OA4=.
3�Bp%Q3thc �ۺ+ڎ�䏨�U@�ԌuÏZ��&QZ7� "JeToYD(0�u�ۋCQVO,�^�X=w�6\�~j�rf�|]s&�h܀�2Өe\gĥ&
�r!yd&,N;txBӴR�h46Ok"m�U�L}O͑|�ò["M�Up�w�Qq<>e�
��sz~'�l(d{^A^3+`)d�kj^ϓ@n�cR#�IL�#_� @�{%3�mV,_��uQ$7굠lvu�U�&z9XJ5âc9N
|&⟇�=�Eg�#9mVbX+
�
c�@�rxbT=70RQ~��Tb
BX��s?nskV4�E�Fã1Tz=/ڃ�D�%jY�;�qƖ�lDh�L̑\QBk��?;�
z6Vꅟ�m�Pe`t$�J��]A0��L"���i�{��Gc#�8v
2ICO��C:'���H_:�(iu�A4�VwhqG�?Mn;zRbx�ߵzN~%�3b��3Of�8�Dc2C�l"y !Y�{�^f`/)YK�̧e39� Hk��/*�he}կjk�(�_c'W-����(@EE
�P7MnR�?ɊeS'2���#}�^!߽�<�h��
�)j��˺IkJݯ(�L ��a�;md#q9n\�rq!)0 iAGh!u��Ea5X1_R: �N�1�;�,p>�dk�%F�kk�pl}�xW$}mQ`c3ޤ�ԅ{E#'6^�+APB�r��m)�
KrQ0q
�tꛜ�DHX!�^"_�gL'd`�A\]xV��>}uHo1sV�y�d=8�Jm*o@|`�g�A7-$�X(h�\7�v�cԩL|Gܾ
)[ѳ�vbh3
v�e!'qa2BC#wfjhjHWe�&Y4Kdt�~E�gɈ2�i�bYNZBCW�YP ��
Z'�b�%ۼ��N2���VE̐@�H '0�[InHIh�-U
xc[ 0~xs�&.�3Ýo8{!����iE�"�ߖrb$Ywh�H
�@4<6�et/"D!^X]ZM�C9/Z*cN
�^��F&$--J?\Aص��=,-3lbB~2/<�vv �T{r�AdH3DNa�cA@r�E9gk-2hM0"ѭޖF̝�@
.2F�cdΧ�^7pߎ�ȯZ S(By�BmH,Lr�CUt�8O��=pHph�!oDjc
\XobJpY��\4fF�%�'r5\�g�^?�0Ci5ZsʥL]83=|+@�!̏x�uF.wΞ�v)8lsZ14�8�|(lr��>�,x2b�_�p
LHDpl��xӋvo{�Q��*kae:M7eWG=GkN|�Y�͚�L�Z�dɬLs�qG���E\�d$}*�`P1!kq4Ob>�O2żN�`i�s025@VEhx�\Q{o&ؼ��8'�jJ�L�Rkp4դO�n:'A.�" ў�L%�X :Y�cQ��ol�T�'S�Zh^#R��ˁmd3�n5_:SA^۾r~�FJxDP��)e�P}OϖE>�z�_��\�*�hj�
ѩL�[bcL��߮Iufvsm]`zGg\�ʎC==+2+ܺ�zج[tD8*)��<��C�l��qw-`Z�9K��dOwd^I!�q�v&?dZ@��FK�xWv�ͽZ# �0(sU!Zk~߅Cl}�S\+y8SLZq`�/
��w��2KP�sbuA>B܂��aYD&]08M�ȔCxĸ�+�~^S�Y̓�7"��[/�hX!e[pEnntm��l�e0V
�"�
*�ȏP= �Cr~x-vW:/�/�y�jbg�"�,ewX:T$!kL3�\�uh�:���p5^�rj`n[9Ks�f䘖�m8�f]RA}Hfd[}�No� vixq!B({#hH�'�n+���G�a
����P� t>�br;�3e$�ҦܚF=h+b++fuC56&�~�id]Jm�rp=g&"rK�45ό�|
�@4��+gȓhK;O�F2`�I�C�[
ߔK;�^"w]d>c�E{18oJU!,��g5�
UL�-XYfb��Jl{?�3�ذ:u�.�B�9��s/�aС�rT:�dt&}�Os")C���sg0}r;Okr�}|rG9zmm$�zqp+RR,B#��$W�E~�2��Y�ZM�1K1erb�hI�/�Li��HGd;64�qiTӂ�+$�'�5h�-�cJ,w>l͉GZN~D^v�!aϞ4w*FcYp/�3�Rǂ�AɌA\ܪ�x$"@9_!�*^Wu�#Tߺ巆>#?�ԦB9/;Ug�,U%!�!�ȅ�d|KM|0!Jߜu_G+eիk�3"]�OĔט[V��A�I�'����,jte�(U6ďv�ws|
VV#2'[{Ҷ@@.c�R|>Q1@*LY�[F)il%[zMK1ڔq7�Z%ξ�&*R�.��m1�LdH}R(l"0f�ѭ�Ɣª�o=?Fkn喙"�.��_G$J[^�o=LǤ>6c�dsK, l�0Q� X[F}W-�NP�?{N*PT�>#Tkg^Ѹ`�/U1==\�
l eٶ]m�g;)(Cb�8|ķc^;d
!Mb9v�ATZ�0z�Z(524Yhg>XlKW ?R�W8�TD`�˓�C8#TmZ*��-Lb]0/BF�%,s�Z
�wͻ]܍�k}W��2�R�&^Ki~hm8�3O�B�ʚQYnK^1Z2
I�;y+�b�wN�E��yh7ǡN��!�e�jT�x`�N/0�oi��N?�H]'5�Q�(FQƫjR!�Ǭ\!My ҃
�
��}gMQm6�'�8~�vEl$�"7ڛ ?,�51PSU>W&)�PEPCH6`k:�Ϩ`!�zV\Q&p��gx
TP{tAtp1��#P.F�)/v�΅ͽFqTI�U$hi16&#(=�߽4v�_B4Rٍ88hm!�CTڻC]g(yY0`�b;�xɅC8"�;se�*sko�tvc4㋲;�$�bn-mL$B&"�F�}Q�Z2�}�GA}V(fcZ�,
8J�wZ?�P{U'6}��J�KȊ�wLˣmѮ"Nȟ�8Y�S`VDN�8�G{�NG<ˆ,�hr&GnIdnk'<ʵJ+l2�%zz&pr-6�$H�ܓ(2'�zˣM�uãVrDxuvx
CK'3Dys<�SPiP`'5f��,z�n۷~��X���
�QQ:x\5-pB^
7�Fzk$wPzLl43u#)lJQ4�G>ʒ�YXϔ:]Ǒ �(�UHaNqR�J.Qnv��!b.=�[%+jʺ#$��m�{V�hܥn�X�*}e-o��]IK�Bl}~*�&*pv�Q~%x".&e�T�cvje쀼^ţ�MC��<.eUP%ja}�$��zc9Mx�Btf!k
'Ìt
�ü$�ք�<%1��ZD-08ݨu}X�@8A&Kw�ŅW>ֳǕ雸i¸Ͳu,T>�#c}{ި���&)Y I4�2[s$V_'v
���P8dMG<".�Y`uge�'<0iΣOQx\g�d(Rex�aiP['kT\*ŀ1r�d79�/j{ ^,�T_b,S���}HdI`j�$
��8�#2c)3y[x(!�;�~^3G;:T8.��]�kz+ն<��Bل=+ѺmQ�:ќH.��K0�+�J�*Ơ�g(Bg,;ldh�\g$~oZ���2}�~TcØ\�v�,�}e�(?�YF5!��͍��vbn||#'�R�B�w
rF%��
gE�#)ig�vt�C%��>�Z9
1A %:J�%Yܫh��{�1pɬnZO�%Ƽ=jo:Q1dl�0>d{*I+߉y�u~k�l[���08IY6S�bA$DS4K�;f~
�L36xK'��3d%SS��Q[0CT�
g2Z�o�*كH-��SȪ�FMh33�3WmhX?)~lޝH@�9��G[e��MGY�שeY}hA�5�.
Sm,C�XJ/(�ssK�%�&'RGx{&ӅIZ��XD��7W;l(�@e�;�|v��H�:w. L#m(~a�s_¤dVߔCj4
e�BF�I-nՒ3��ԪÝ~9
�Jk
m4��>Y.sl/�^0S]8�!�х�^9M6�[ٴ*;xQ Z\gV갛!�6"%Zh-t3uވ5�'�lgGiHhՍM4�F%V2ߖhȨ�7d�%y�W~~| �BWcR�a��ڂuƆC,6�Q✟ϔ��f�yS��R<�H�uDM{m[~�M�ۮ�otȢUآ/��Ǐ��]�R�
t^!��E�*�[�?
xIz�:T6Ԓ6s`;D'x�#qҔJ[�*]�&�a�����c4ȧ!Bd��.L�-�'�NASCt�X� eK5g\�"�6�iBp��a泎%SF|o�]x7 ?ui_�L4)��\V$&�)R�SG�S2O5zBk}<�5FOLeڰ
W7u[SgE]�E?zߦfCMٲN4E($w59z)�FU<^�'-\�[$Z�S-��e]OPK+aȟ�G_`N8�IoILefN�?1MV57T�9#"^u�Kd:n@S>�a���ԓ�
xۡm?a�KlE,lu30.^Z^
l��{�e�Ѡ:!믇�,�š8M�7
5�+@_(*�ww5`�[?1SBFUm}a[I�9k3�
ᴦ1ACsaP�l-fY�"�qed�
2#OxWFX6cI>ؐ@p!
�tpoБV,鶡5Du|�
9ے�غ$�'��@'���!͍� N=y6ER3wC#$��b�xۘsFlLha"�fܠ���ϔu
bjSr}�z2V{%RL4P��
z٨/+M8�&���^Ϗ?8�f�153H�}8Rvp��Lg`ś��˒9j?Bw&(S̆�9�/=`z� 1ii�u>`[n=C^j�F�Sn)LA�Mm��'lo?[)�fe)ԾdP
/�?h�O^EE#z�}3�Q[Ui[D`�%@�t�
�4ᄯ@eZc�8�Bd��,/����>hv1T>m��,hN�S�7<*&@#�M�HEn�'�-uo��eaZL�}4y
Ze^ܭdQV�XY<|HD-e:AĘA7���vq!p�lKWfEFj2B/9^S+v�kU"Z?@U��7�/{gB>�����6X(.7ϩ�dJ*�Hm��6_4Hٜ`4F0nx+p ]�O(|�@/=6H3笣
��,`CL�aC!U�DKw 甆܆&��ׅ�"es�y\뀞PS.�]�DؕxW+(�|fds�}0}_w�����`ȕDv/|O�d�QN.�tutjr�+4iSnq{�
X�����FKihkT_6�`t��mM\CsGM~gZQJG-ճ7qxyuWs0
It�Eq�0(ʑ݃=Gl�5U8KwFa%q$.�m^�v�K4[P{b=�:lx&J8gow|R��HϑWJ�08a%Â;Uٺ�լ_>מ)-š�,8U�e*KK?@e��q0ڼi_� -ɩ>P҅Qvú\
&
$i�( �Ԏd;olLVώDs�`0�_f�k-�җ쁗g`y@�K< �w�u #9}?!D%UdO+&5LD9U*���v^VUMz�ˢ/ﴜ-�߬�T Uʋ���b�i ��5f�^k�Oѳ:�|M�
9`�rT:�C��RsW'
�B5rnr�5�Ba]S䊻m}o�0��a�U�)")*w?Kh N%�z}o�
�&;CX$UME9zEo�jw4OAm��P(jKfe[��1�^`s�'*;(R��Qߡ�v|qV��ƀ,�tz@Az9z~g$/�2vS�cg�AnӅaob
vzexqfp
qX5�F���h�x��Y%̴�Lyk�k(�oA3mI%3yEy>�3�i_҃bDtnHAۅzQ1m&0W��\bDQۣ?3E4Qoj���x>
3|A�m�x�o-#��R%qh���"}�p*5!J[��G�=Qܶ==�?zn!'Zx�lt�+JcuquVWhU�#��91dag!`�h?T| ε
*ʤ�w~�4W7w2ݣ6@>?C�Y2kl���ο�q�P)�y4L7�2�F2_,>Ja�d�]_pS:=w &'� f�}F#4�1&��=�w�My2�;\:ʸw��Ҏ.U��5 �69x�CNضnX_ٳ�$hMhHz#KFͨ�ǫ��ÝD����VO���GLÝƾ��Ԗ;�w��җLY+ꍢt
lH ��ht(�6Dg ܘ�s8�^'@=#/@XZ�z !o+�ܑ����
�ʹ2[Yc�OP^/M~�KS\1+�圢W%^L»�ދ�o3}}�bIbUi�P4i�SH���BS��y_PhE'�'$6xx�/dqX pg�=8QX;ʹ�ӦpQ;�UuBiBF0e�XIC�v�О"ЊP܃̲ c9�w$y&c �WRJ�AVo�hd�/2�2�Ѽ-��EK�0�[��/ː}�j`:8(�Lg Wd<>�~`m)��_� olr�DGCB�ioꨥX��9
�,�!79F�hٰ[�>7g�BRDZF�UŖ9�ڈM@q�K,��ݟ},⍼1Gom>��Mj8(xs�v�H*)rP L8�I(`�s[ϛ;S�Z(^��>�yNgTͻ:Bs�X+�=2U��y?x�A)!Pe�T1r/\9K�Q�(~O)T@Q�GܛUS�܍�`,��zgoih�`Ƴ=@]_T£��~35=�~8-�}^ю;�2(soꮉ:D�'mPW�J�^��D+�;Yԛ�1гo�I.
29�L,l&:Ř�3e83s�g�[��IYO��ݲWCf�`\��FQFY9<3hm�ғme2[�dg^��ueBD<>�6m�|64-���@j
Ľ"�Iʯt��Q�Q4EcCʵ�
$>b?l<߯"]'�T/�Η�{;j#l
�}D�_;ew6��zv%g(ya%X�H+pEݣmĒ}W�7�I\Q�F9�r�T��Egs��>�T&er��7
#<=n h%���e%�g,X�(SU/�(c�_>P�ES]ߖfC_8})fdy}>.v/7#�.c,�iRȋi H!
�y:%oSJK����R�s|o>0`7nL^aqnQ���)E[D0k9ZՅ&g[u�HϿl�r=?BW<�V[ۧIQZ&^`I-Eo�ڈuxOꆎl�E�JT~Crwqɥr)VұK\7uTvN�z7EYK \~z��c*���
��7#�ܸa02
$����1L8=obݸ�}BѨ�VC�B�}�ʥt+�[�
;Z~q2C[�]��cV�zRxvZ��NT$V_7e{s��~�/4"z6�pW;"Ln+�V8�(o<=&�?k�%<ګ$�)f�л):"wY<�%֮*-�5c�wg�]#/˔n
�'㱌T&&�h�Ho4W�ΫN 0>iOvC:hDV>V��1#��{�ū��T�
c�C(j��y&Ϧap�XpkiU�JQ�7�bI܊�ÃT�̑Lf!y�Ƽv/�NjqM]n\E!L�R�U*Oe��" �zyao3:+�^:"uJ�P6mU%^�k:�\�N�h�{!�3OڤhcBB2�{�}E^e�O=�5*,��F[Ru}@�ɣ Qii, Oi12�i;G�4aΥ+q
>sG�v�0QM z3�|��)J��2{��
�k7cG̗֨ީ� � fQa`lVtP>U"Q4\PGTdta2d�?�n�m<{$\_".=�]zcq)(}d�oD4dr]��^ٛ2}W?�`R;a�oH έ)uWY�Qj%ͱs!#�7Pѱ��7�_pXc{ܼ'9ޙAϡ���nU*%?�=�tG:ܢҧ@�F疭�E1:엳�m�x̴NcИ/l
/s2Cܽ1fxavΉ}D+���Dt-?9eM�cJ( ڕk�a�PqZݮ3���?�h�i9��NI}���UUH($�H!?~@55aC����IQ0t0>p@�E<�^C�S� fB}Jpld��O�flGD+k��y:ص8�SaY?s)%I�l�
Z'"@YCC{߲�W�{B7Zlä[���`=6'�d�p8�~2~MiLWPԷ~d
�,D_Iee/I�ruȻ��5J�,PkѦsfT{bӫ&Fৼe�Pe-sh\sIüA�c_No,�e:�mFjd×�\�8a�f[w-;QZh~<.�'>][C[�'H~Q@8:ޡvHFbLfn21�f�<1DdѕG�͓33Ξ|�aO`c ʠ�znC�u#h�8s�]̦DBS�uh�8�¹ۗbΉ�clIg�Z���9�<@8`2�syW�
L�r< ��w�1o2p
S9!�hSKo(5�fg\N4)+�~�|�Do g�}�1 lu!̢oyП1MJ~wƚ�\���הL=�-[�dhV]+qX)Mr0A\pID�(DPI�E�ȹ#J}Qܒi�*^�?�LT4�\���5�0fi?v�ґdF�?R0I珫3)�:_�D9�g~p�4Ҝrጡ|S3$�ujn�P�z�T#xH�W�o�J!ypr|@̸եV RTF,j4:��39ݖ�38eE�Ya�%F''��;:�|P^fDrh&�R}u8�QAw�͌�Ĵr�6|#��rH�dQލbggXMaBU<&�ϪD6_: E*=��Fׇ*�/VS_j/�G�Z+�N].x��^��{�8pakM2hU{�lg훪�Gė%@R|6ѷ�-)N:�)�_9=X2Їjkz<�Ld$re�@t��g`iD�Na|%%߯��
5uP7$�M՜1b�OKׂ1�ZI|ԾAw�2U���2�Q�.is1Ę CLpͥ�*&V�a9oKo*;.߾7ۀ(�4L)�ۥ`ǑU)LQP!�P)r��raM}x$}ʨ�u,r=BN���J5�)��8#uɾ.&;&sY�[Zhhi!P/@XSKa�Moҙ07h �3%n[&aûgQs,>P.bSl�=_OyE;G1V�8Ԝ��-/$&dȲ|�@yÍbZ{�Wd�vmu=QM1P�%�S�pʅ]�cĹh{ЗQ�vxq�V��8zj9,�ڌ��Ne
w;�*̟8 1���B1~�ZDHwVIwk+%V0sև�G?t_P-1];/e4Y,0+x[Y)fw.u/i/x$�$#L"��A1l>flT�KPJyFĄ��.
�cP.Da>0#=�BD�ި<
o A=8 b3>�5���}�2AYq͈�W
]�'p+&A]*b�OPEL%mzCapߙ!lT(�/[�0��y0D��I:�GH�Ux9l:E-}R!3�en9�c!pSPDǴ6=�^>&f� L�|�M#4_#3� sCTTF�J�,NQ9O�MYc_ut�8R:Rhbw�h=ƃ@VܐI:���R71�ݘ?
A,Nq�oJo1�F3�Pu8tq��7,)�9aao0�itU/ObX�HAAx6L&z,7v�A0^]D�ȣ�`�#b�vس3�++J~�^#ͦ�Ph.?ȥ��mN)�C} ѱ�l��0RIc1U���?�b�p�t+I��UD,רAQ1Hp}�y�D\�8Z~}w�g[d6"mdʒM&\��dl6dӯ'E$�O��nf�Z$NzKJ)n�Bn-҅_ONqpz_�%!ʪU&�9xn!I\Rw:�2v?[�Rグ�(/\/e�z��Mz^�=�<��Ea#l4s�
@8BDfu9'#-b
Kʧ'�
-L&�vՇ
C�ƙT�:,J+On'D�$I\��V _X@�faYj���ټ[譙dS�<+e:I~�;U
+�FzD�{Cс2)AU�T \��GY12M*|ү�qR%X�ԳVN��Dx͎��!O;לh�H�CȘh �b[x4݈�GJϘ�D@�NN�a�s�mzݷd#!�k�oCX1ނ.�Ó�m)0|�c�m�de`XIr˸YrJ?tw�W|Yd&I��7vfWe%U.;U��bǨI�`L��03d7�\AǥcZLy?~)?l15e^�y��%N:5q7.�Cpz+_�bn(b�24c}U�o'�,ߍ:tVǍs�7��V@�"�]e}<_xb�4�U�C}#")��� �[9O{�9{c��J�h61��zYP�AYBV�0��|Y]D.6F�jҒ-Jb��'S&V�Iq=�S`��AyXZ�͵4䜈9*&UU}"*�H;qO٠.�z>ULd+2P}gW�m.#�U$weB�p��/�%
�H0�0$Se�Q?QO�H� �Km۴pL:'R�-n!
pN�RR:_�5MT2�))��&J%o*hE>~Nez-�fcU0|D�AFfC�c]4s���NB%x4,2
cQ�N{j�1�� @,gO7zGRJ[��EU�I3M��
�cZͫ.cW�R[T��te5�3�U="YyPz��3Dbo�m�F8K.���.(Q?VrQnaDݼzچs0o%�l�wUU'T2\r�HOIZ#˦Tm�?GEbFYT
K9l{m�D^l�=
s
���a��#�:�kS@1�J%v`�q07eON��[ܾ I*@�ݑ_Dqg8*͆u9((!4�=��x4jͩm@E|c�-@^옟#ͦ%Sr4�rhVNJ��02��ƲGIVQ!iZ~р����*A
ci~;(ޚ�օ�͊ dĹEpZRy5}x~Nw;��%pl:.$9��JSC�՚A?0䡟&B�=�G{��k*c�&^f9t �mkA?nr�ڽ6r>9[d��n7iѴGyQ8yėUV[楟RYʩu�D+2?>*\4�G3+1ѸZ[Ouɀ�ұ^�XQ1Ӗ~X3h@VE`���u�*L���?m
f3�\4Sb,�}˱ދN�HZ̍��ۗm+ΪX�b
B,<�Y�q:QD+ϩ;\ڏ,XhV{h
i�AU}:Aﱇy�fW8�s�NnLUbs0�nq
qg>F.C�CK�XZ̙XC�^hvH#%Oiqx\[<`��g�_gx96ɒNM9Ug'mM
��[jFɚHnb϶QxWG5v�ݫ["%0|IDc�+
�
��3 F4Ȟ�oA�W� ��Mk�|*W=P�#ftwLQ
�GR
E&aLy
�4�M�E[%�0}aXc�V~uۛ�P'ϐ��5ط{G;H�NX iFM0Zu3=
,�'Jp�#OA=<$�[;N)V��QI/a6h.�
n��R4�K�8#ٟ̎f^Ӌ1?�-%p=��gnCz6�V!_WuK%�
��|4J Yi�/oΑ:v:6AE�5HgF��O(%�^~
x^2/d'u.J9q)ۓ7J\({jRdur~�2C��L�t�|k�PqnAP\@$˴^IΡ�ZGC'�JWOd1_L
Ob�+a7F`Y\ۈL}@O6><'�dc�63Ts�@
%rE녃Dy�p��IQ3ȿ�x2l,<=�,~���Ჩ xB%/y݆��h0�hY6z�Ue_4|r�Jw��ۄH�5(OOe$�v#=2�쵧R֪
k<�DU�8N �Vpz�QϷvʰEo5#�6�uVȠ+6DO'u�V�f!q\#Ia7���m;TϽTAIˠ<"^�^%�^e.Y挫zX��S�o4��aV@� z�eu/A%�q�nf%ѝ_+�?�5c �Oj"ix4�fwwG+B��@�t��c\ZaQF� ݹa�/[�
>D�t3�`�X0427,�[}u��x5J!i6�#Pa�9G��?E�%rgN:hT2�\1k;n/�R+�:I��ͳW�IJ�6�*1?
-%K�.�E 6y���X?��%O~ t֖�w�G V>T�a8�p"]G`ˇ2
t�3h#9ƖP�Dɣߞ�ʒ.
��HrO7}�đsX!?P>e?l\b2�.�~|�ڿB1�qy"#4!x_Ia�濈rƪQ0^3\tH!Uee ��P@��2>��\U�=Dw26-=N�EI8R�v}qS0Re_-u��7C9h�,F8[{~gBKlzX>�Jb�8HlC�M8]soGE�6�qmK:l`صvBq&
\Q'x.Jx��B^-gܽ�,ed�`-�Ը#�&��H�a_р�&'3wY��rg�P^^m�X�zDvA�QOR�GKm:.9�*�6@ϰ���Ŕ+D�I�Y=�^'��SE@�gc̚oy�NJ�Zva.��mzܶC�w�(L_ʛ3<;RL�@y�EHo^NwK8 ჩ2*kSm�s|kV��R7OT@
�@cE¬)i��-N5Mν(_h�t
��Him�27S)*$=뗭�C4`nL�%��a>/h�� �M�
�G\2�r�E8(DG#��O�,X䮜̧�&�6H܉:@GK�4aVvʗ[�Z"�{EX�R�wuIj9[�~�Q7Ds��'LDz�t
�m�n
�c.q"t]��%猶�8k
CY)"ni@H)QTsu�Knϋ
�Lx~�@S���CZN'6�wF(-
5c�K��~r"�_Ts{�!ݱ
E?�-F�#j6�K~5u�M� � Yc~2p=;LG2Ԗ%/B�V��W{,@iuRtAJs��Q��,�@�BoOO) $|f� :�$%)~�rD�F�u$cc@Rl6�Π��A�h�P"E�3`��O_0(���[AtOd#6ї��5skI-#5Hʃ7�U"�Q=p�z��Zw3qLbbE>�yu�L�
;IO �X&�+X-El)#U/�$ߋ�3c{x.- TV����K)@7(L�_-}Ev[LJ�rŧ n~��B9�Nf�|YW͔�E�o^b3l�̪�>gg�3
(-Ԫq1ug-R�tr!\C Zil�8"q��6��,�yIbW>(Xai;HB7=�+BUP@��ph
��ncGQ1%ݍ@i3J3E(9�)fJP�K��eI>~Qfף:fj�uE7�=38�1El8/d�[�Be� b]٥j}NOyp�fh+�Bqj'~-Q o�Y~1h7Q�M�^kӇo�2aȘ4+'l]GHJO�؟ya$f�$dusl�U��$C@"-�1C�(՝:HN�#ejig̲t��j*fE�}S�,�OA<ے(�y�@�Ss�) 'o�8m]'k;(\zO�mDニpcQ)ˊ�c"d)IvJ�D�o��H6�t|��a� 7�t<+}pT2qb>%�K(�!ɇ�IL:��:�UIah2hDWěi:m(3A�Z82C�U;�>֢3bSZ]Jj3p L8\�2���o�^�sB�ϔ��{2D�jHqXOq�+,?oP�cLOCIRR߿R�-�FÜv]@&?z�5.k��ʊavc�n'�U��Gn�85֚�c~H&F#S�6�ߌ
�i.$A�"Mɟ��♃zcx ;1˲!Xo!��p;`{yTf9X-�%gM~_euHs<;w3�hM�s ��qO�nU_o7*y9.suu?|t�kER]��ޝ )��aPu�x:%j�}=pm���4J)mXNdoD���9���1s?/QQB)i<ՓDaU$V+kx�\fu0)���;W^ $ ;�7+�ؙ� ��ky}3Fb�G�
@T�k�X�tV}�X1½jn�'�lb�Q���M
'/(@#?F#^$&Z%wJWȧ�ҝbZ
i-�cI�Qج
Z0%0O�S_*XS"S�t0�!�_/SsOd%�L7ɦƅ2�6F.JC|�uߕ�f!�J'�=h>鹜{-��ݾL#�VsW�:Ssl��^PW@Bʙ
�Y,^G�B�C=�tl�rj5Ն^�S
��p=� KQ-�mf�Ȫ�O�O�YroG�or4�้˔i439�����3' Z#qՊ%{�X AHYl;vү��Q҄
]�|_I$�ִWg���
Eɪ-&
}ɑ5>Cq�'�^=AB<�viJzrtB�:j*HTMyQ3`r�R̼Xzh$_M���,Fu
Ԋ�iHUn#F��JvnBV`�ھ�M��oY�@[frY9 F:X%r/om��/�^��:.?NPsɣ7O~ʦ�Ò�2$�sb��%(1`�&16/ځR{2U
Yo\snDᅩCw:J|[x[yl�[�A(�?�;DkJX=fe9.[CbiN�U!��.�;puҗG[lf"-kl]~�jo���+���r �3j:䅓v,uȪ
'��k�z�cH�P�,7̱�>%�`H�0?�?pc]3 ZM�T7Q")�Os6ЍGuRS��$sw6&E;b
;�z�îP+[߸V[?eM(�}'T"9Лj'_tgX$+k!"ж?1Ы-�q�O<^7Cy
͢?Ar\JOL//�yXw�ś�D+Wex�]҆+:7���rĐr78QwIz;8gV.M)B��
[RC#y<,�pYČ
m�&zs!�#YX`ǥv�5M[WLG=&�T�olR�5�HK}&ٶEkL�mu<�Im$72�H"��^�D8T�X�wD^�!@eP4~�4ʅ-�6y�GesHbQGIq�L,
:wM{^AyUq���C�\?�RВ*�S�n)o
S6Rўt6U]e6�7
3z�5B_䨧�u�XSx3)P�,�*ZϗQ �'�u�;4p�V*m�F�_қ2T~O}I�l&$
k�23ƣcFXY�x�`�^��'0k�={z�!�5@
)>�>ΓqB�:y{�nl=v�rFM4RڻYsM��!�PsџUyIm�N$W\}�@薺O�Bl�H^QOytTJ�H{wŌ�97M0!�'Gp�OxCO�"'ǒ�!כ9GY�{
1Ңp~ Qq˨K8�ՄHj�����,I µ�P���M,l;*+�mv� /6KoU�YH{��g�M!8"ש?}љeo]WW�1`~zo��&!f��J�ac�[�tq 呁�1]�e�)E)!]�I@^�L80rwbR愣�¯Fe�IBk=?:
�6r�fݐT,)�b�-o�!Pw3�w0@�$�-'7xev7�QaB�6AÇ]�;"O�eSms&��k�>@ ǚc顴��e�{+EFz[]Y{,9''i!f
Ssq֣w�ѐ��i?-n/�P��t
B$3tDM�R��MzJ4},x9>�|B�"3���3�iTr��Ua
VG,xF�'�0C�*/^sʊ!�3@�(�Ay82To��qjClZt�3[+¹ @�%&�_v��sm9g�/fTF[ːVp"��bZDs�[L�_u�a�Z!�vZJ}al'2kP]�ay{X+l,�˷Ƈn@�V/7�zqAN
j;}(B�|e���K�*�
e[�5G�GK3A2�+�7V� �8.O[5�p?ʍxܣ"z<;D*9oèAC�mA�}8aߧR'���E`�ϷO�q��5/�g<刦
w&Mr@v���7�sq]�n2r�v�L5�66�;Cu�40AjC&xi+lh;(u�sYiH[7;]�sd��>,30྄pm)v4j?h�?�ܚHk�p+3\,{t�<'aSD6*d�(�cZb|p�m�bDP0�iot)p��&/#�G=oՓ�9mwAӝJ�g*/I��#�D).GS�;Bgt�y+ɃWhvc2�k-��&]̅;uD
wSfl@��B�XE�-S Zƫp��m�||H $n&��D (�a!.���N�X���0K�7fvZ�Ĺp=tCMKns_�D��ނb\ߒQP�bT�}pz,��}��5(ek{zMp�˛�)�B���&W�REU5
8҆yK(P^
��<^��&<�gP�Iy3ѦדD$X�"+: jI"H+@�G�]�~lB<@I��c ,��1
[澲#8ڭaETQdE�A7�84�7pA|�`@FA!�W@CsM^KcwJ(l^1gj�%X�ԦB# ?c{�cg8cx3x�5[m�Ecy���^8t�Ё# n[�ᤤY�CgAx$ǡME I1̊`qДc`FF6Dȭ!l
łd[aS��S�R�U"ȱFViPPa
ᰊ��U�U�uTXAV��Y#���DG[UHQ�c$��Y$A)�wsSp
h,(㞏=v�I�*���!A^E"�ڙ�±@�[Gp{Cfv^zɑn1�WJ!N8,`ݕlL8GF`r3�8'�Ё!�s1'��^B��m���f!�vņ1�M,7w�=��)-1ƈ#8\maF$T+Za&��C�7&I83
<��
7�ɦ!v8op
zk�;1fh.�>o*��f|R@�Ed�3{9��[}3��T#�B@@[�gr].xٱgƫѰ&$F�Lލ�X)P�LB�[26ňdiz&�6Vl��E;�b�
@ G#���Ev�$��@9�#@l��`X5�bC+>����c8��.lhPA00(�d*4"[
퇮
I>,AÚv
t�䃩;"@Ʊ{_Hel�qN/� P
䀂Ho821�4�h8/\�'nN����t��vM�.&VE�hNL+ZERԥ[�ѴJFQkDT*[k@YVڀe�~B@6l"�)ѻ`,�T_s5!ŷ�44]o�#�]
N�V��=\��ZP!䇟}}Z><0&L�����Nf3⚻#ֽ\8@�D
�Kd;�+ۣG�d{D/dB�55ex(�jW���Yk�
o6��:��=
��^�am@��9Q�:[6HmJӋz|�=f͔T�N<^,wm^>' ����W*uHy%jO3��a^^:_�>Gw*"yH!�:�D��Tj0�E��j�V*�@�F�� ҁء^'à�d0HH�~~y|�r Ӈ{�Ƶ{#>w>G��yM�Xˍ$Ps$]̌���D!n~.su@�V|{�5il��7��xh𫪂 sY+c���*?k/LF=FdbAU!�O =Z{�Ǹw���{آ(hq6_e"pj3_ڝ+Q\H��6]GtNV �5G9c�JqH���@&tBjU�H�=@U''!6c3 &F|�W(@@TR;Br߬چ$B@Fkd_}YM�V�e1��< B�}�Θ�{C�*�1�ao�A�CܰPu\�6J5l��V�����ٱ'0u?Y Y6�vu-�)Qj[DK���_*ho<:i<^:Ϭt6=_��e(Dg�"/�Pk�}mx!m!�DT#�"�;B)i�Hp!LA�5C0a6:3��]dY_wD�Dw�TQ(bo"*0˃7W�A��lf��Ҹ�?yB"�[��P)TJĬ�'3@�U ;R(5ȒH }}�p(Ԉ��"dE�]�]H�y}.����A�&QBs=�־;F.*bErE荊��e�Ē~��j]�`���x[ښAѶp�N��(
1�P�SgݕB ��PPX/%d��{;ز)"H� \E?'Oa�`�J|�7�&P�>%@�PK�CP�W�q+lPdUѪ4��`Y��1McEf=Uk{�0ttcn^�i��Mo�U66I"��iZ Ǡ-~Σ{Ԡ:hdjؒ̅magT*fl+�1r%3Jt���ӭl�\�6.Uɲ^��z)�t�mNZWw&PMq��$BӔd�$ϫuN�P��1tܐ �Dh{���w2�<��]'Ok��,
غkja�{p�f+�-
tpFyP
�]�9l���Q`X�V�"QQ �A�� U�TAEI"$R/?�uD�ACi�4ɼ�Ǵi�t-�I�f�z7#�zw
Il����I�W:~VC��7�UDR��9N�3uŊ�Eau�Z̄,5ղs
Cb0$0�w]3�_�@!��,��VgR�П/�4�":(
'D6�dX
c�0�{J[[�c�4n2�s<1lNp�yUY�Zg{%JVdIq��ˋbCH/bcP0��@h6aA�a��Q7bsպcEm7zxJm�G$4ZRȈ�]NPV�_8 Va�=էubbC�
'p�� #��A_m>đx�~�.�?$1 P��t��H��qǩ��|�}wM�+��XzcZii�`0σU?C3:L;xdXܽk8=TH@�p�_Nx~t�'a����vJߡpf�QX*�$%B
P�]uZvoTJbP RW��-8\����(�)02ڠ�vkqЪVK^y�;'\V={MSL�ouav:eȍya^4v�ԇ1)�J|0�m�7"HHZٳ�m$P�t �^g��<��|۰8e-
�n�H#DB�bEG�làq*)i�Y+�2�W���$P$�s�rH�10@
dr��(t�*lLHVX0=s1Ȧm���$ �a$@0��@�*��8"�!8y17�.6��bX<";Z;O+�mtݞ|�q�CF�"<^?kޱ9a�dM�0D���:�z8`2P+F+����T߁@�0�~&P� O]805onç�XH�dQH���X�˽��#sHqW! �i]Jol�
AV,z�8�~�;F]ɯئ�[��� 4L'�.�Ml����}^��Լ�N��$�h.D`x�9"EMm$qMLiwI����AV1t����͝y�HqKw;�ui�8ҦuPX�L%d��ܛ,ۈ�C��ݤ2�v~ �&`5l.)
_
]�N��J뫱�^l���$A$v=5k5ZIrѩ1%SޘX���"�I`x,�G]<螼:MtZyqu��(�h�h��v!Ƶ%�ypݠ+��b&|�5ᱺO�Fsl4C)cc:'N۟P;֜ND��Z�3�t
Ԫ/oB6|�^w�7h@1'�S6Ժ� �
,�é�<%�3n(t3�WFi2���-�c|7F�'{�ܩi!P`0�rDz���"�%"�or{u:�
h^$c,XVݘ9"$"vO,vS%{�~^~/SsX�d�*u��ܾ, ]�$k��@6W;qڇE�+[�fR3P8����6Z"b2|�DGؖЮu�wۨٷKNW?E\-y?&�Tsj�]��,dc7i�AFEc@
RD*Ƥ}mĶʵ�k��
JWA`!��!�9hFQT�"ςՂC�ǃd?ⴴB�UJ|o!
%�9~�Ѳ�{��\8QNyWӓV4�?2�y!g8�ā ��oa+XH)a+��w7{��d7Ά�7|;d'N@�[Y
�
�T@a:K��L!u^�,�� P(�{;7ul���{n�ǡ;/�w�I E4@*��m�lQGsOMq�?n^ݴE��{��%.�CJ���7��>�+�A�*>\ H1X96|9h�3v%!wY�$Y��5� D�4㳷㘭㺁% e}N��s Խy�"�@V'�@u^+#,'�=�Bۥijӿov˽+�+-
C[g4��$�$(�P}>; �"`rHb&K�ȨCG0*a�Ca�"E6ko���h>��Ƴ/6A8M�mߙ�eI%K>'>~b�x)�
��N^T*pڎ�YsHY=Ve�˴5��H'bRAa�'Y!�
�P�� eWh^Ox$QFEB@�SڍoCٱo��
B�&�"<�?H ��Ⱥ`S(�����2L���1ATX=\HΊ�
+Y1Î5m-+mo.�xƃ��
-Rh
�1�0$�)�
Jn1-�TQ��@N8yy0SF���"B'Q8�[f!�A1NR(#��A��wl8#;� wtwY4?$>W�U='<7v �|kdhd4�A�`XDd�DHhif`7�(�TM�
1lcU'm_ÁF}�<۩+�zA�嬎$@b�(_P:,G�(�7|Gp�� �H@�`2#&3뀌�HCqL�M� ����)/h�� @�9�@.Dj6�| #)jr=/�7��75Q�r E#��Czp�(r�<~a+1�74dA�K;!gomWPI�UGC{xw�#DxmІ%2�]GT�
�E^�-@�YQ0ɫm�xqf��n��q"l6�ǣW�
Atj+&ˣ�
yȒO��(VP@ޅ�U�' �a�h�E�
��~[�]0)d�)�@D#���Ÿ�xB"_��<䆿_4��5u^5ya%9)̃rGV�kHD$�4dzz/\|�'BP�[�z[??n
o�YQgE__$=hzⳞ|O|�d�BF&.)!:|����Kd+D���5E��KN
.��Jܰ={@yZ}q�G�~�`��͘( XLr�j�|gy=B�ٟ�_D㼨\R֊{
'鱋f+g|�&c~Yq+/{]KE��j�� `
@ԣo@i���V�"B E"!RY�Bb2xNS\�_H?�
��=�����7{BX�&UW�}�綂p��<}T@$/\#hI5aP_�M)Y�)gu}%-7�涞?c5Ѕݜx'75o?��x{l|~S�Xߩ�=O�'Y8$�H����F,SJ!
@��H�BJon I6wܾ[�lyߪƄ�Y�$��-{v~F��eXxs*P.:x?;Ɍ�~h/pwb��! �QC�E$dU}cGmf�[!E !(�_��>��m%.É/s(@
��7??|qT�
5p~T"�7xnt&'+b��n2@��qEu'w2ڻąr6tDIݟ�O�?é �)(棱nxv�`"s]1�ٷo-ɌD5�̶醉�y(Qj��hJ+.���ݙ~�� h;fݾ~�шB
Q��K.ƭ/lpyaʙ_nA9":|"AH,PX�0I�Ғvbt9,�}qh`pr�1�#�S��£m�a!yT99]P;ZB�0�k0E9Ep���P,"�`-E�{nwTUQU"$¡�^�ws[)_1_kغ/?7rݷm:GVp}
�OԿYj8=<��l/�Gr:W[9S�U
AM
���D�"�Q �
{ID:+�HdcP4P"iOI� ���rd�o_>�ELz8c,$ (
� H}��7,zjA`=k/�0ˆ��2иlB��!̓kp3~nsu�rP�yvO!�ؠT�a�";�3�*?+�Y>�jDeG�!$+.��!+�Z=DԻ�|q�G��E_gܩ��<~7�y�l+m�`!�K�Y�!�Y�K?�7jjywZ�:�BAY�tB$�,�S�a˝nh�}m6!}U?��l"@x;�
�Y�+$!�"��"M>{�aװҞ}7˗: x6_+ʦ`wАj�㴶z'[I�APRC2B�!X1��^goF|/�ĮT�;H�'���
B�HB)���@���1јf?�~?ۆdCqHZ�e7M�>d펜tW
p�N�H+�*��� ���� :=#;�$"��[�ٮ#TA`���"�s 6J�!`�ᘿ>=|/?@�3��H/�GNlpX'��"��;^O>�m@��t ��a�Qv9GP��YT� �-�^,��r�=�iHf�H�k,CLh���ւ��B㘞�MlW(<+F-I=G8K' ��ȼ�4+J$F1r['ee�Vؼ9S7(�w-8�Sh_<>R$م'7v1�]�
0�0��!�j�iZ�p�\�#
8!0x�!��n��j�b�!ja�j�.PM
Nڳ*�A[�?⁜M_̈qwZ�xp4?ja>/c^}w\6_3#-#oN=i;vV�{{=
OI-x,F��ns!gcgàh�[iOJ痷.;u�uUj֘}C�,/Z}eP�Kz˒�6�_:�.+O�ZZ�
�8Y
�.H�?#< 0H�*%�m�N1A��"V`{�ntz,$Tk�#�9R�b�� 0
_6O$ԘT�CW
\:�J��ג)5�'ݲ�!>+!F,X(�WؙC?�
M�P^
1vjFp/���_*z�=��ՁhR[�3I R��*bU)dɄ}^g�n5!{���@ĚEUp�XҘt�&�x�0�ݑ��Ġֹ���c"_�q7�'KSH?�88(��1PhKA^m5xVP*F��0i���XSc�T3c�_nM�ZP`{�d]ADHcB�3�l���b`�o't�0�E���b�P
|�.gz��A�"�c�~fA~�|;rv+�q!/��vh�e�6>S��Tz&!\oG?`1(Q8����Ծ(qh\:Ġ$�혥�˘٤D0`�n7_�RX�Ϸ]v#2tk��B% ^ly0;m=lj*\ �óD�u�G5x��)��_Lph�e��ǐ)�e��/c0;�S�j��9�W"@`�Zcg�M�c
ak�xD�,�.ոyd����VD4~�d$6cO6T;X�ơ'H:켐�hG$@��<ӄ>�?_�\R�ȁ�a�1��`i�@N�ZlC)@z>by�8wEX� ae�8�*_�U.?
*]tB��$m.i5'+
JT���ATY51dr��Ck5Jj(l8~_om�?OޖV7;l3��JJg:ӧ5]ۼ8^j"yɇ��(6=>,g�;Z'!ې~K;gD�J��-f?tA
� �'�}�'F���P���#�[^+�1W/z��|>9eYu2>p|��{>C/lZeFG~ʹ /]��0�
O_a�!N`f��T�W1AY&SY5���26}|zx:��>9ov{mǶje�4wo6��N��]z��]�t�!�oPlҚ�)]P�\/GVDWvP�Auf��θtY{6cRfᐪ��Ͼְ�U@�T��ُ{�;ݝKmͪ�'8=t�z=�t4��^MgQ[yv=>moUAV$�f|f}ٝsvwضKپة=Ƿ47ݵ^^>p;ם�{qgyJYbۺbw[A0}Mݷon^o{njwAv]=9�]ݖ7`}�Lu/{ٽ/�b�@�
�J��:T�p6vX�đ#$�3Dc�� �L[{�xe�`C��)� D� $����F(Y� Ŋ41FƠBA� �*$RH)�
�$�B��=-�Uf��gg/u<�gsX:Uï82�y/�Q[}bL*� �
]�sUyI�nD@R�c1ajw_C+ccr�ˋ�{7�A d��(K�C2MDG�r+[D[
�A�u�@����)#Y�@��OqBnr^.�XGWEoL�&Mw|bP�@ )B<5n;9/gk\3v�#k��粁VQRADD<@�&~-�7'ULŷezf�kIqB$+e�v� ;? �QWï|�@>7ܧ
��c})N�l5}u�8�>ewhwE̤k-4Wm%v�PŊ2�X
%I$
y_[2�?94O)7�~�8?]�;Θ<�}2`2xY� T22�BU4�$\H�1b����X"S;auTbZ%��w�$2 $#$ eEV0$\'iS8)��肀T ġTAkT'<��mwϲh/}Z��\d<�'�¦�A"iw�B>eRp�M�FHRu4NX[
7��XYZzc(:,���H�k1͚KO[@�m����Y�pg6`D,d
TJ8R
� T�BQrCF8:'qr8�ƅ1"#$eRRd-bF"!��� D)-��W:��m�d��XA$��gvkuDB���R��#mE�@�bvq��-������Y9$h�h�Z�.?s
�����h)�_ڼ)\zΟ?gx% U ���($+/7s?�\"Wl���?;�SF`��F%hN];p;$w`$g#)�;�^!2}㇣o�>^�2t]OK�#(`�P�
�?�]sw3��M��R��EdJ��D�X@REI�$@FD�DےE�F�(�uݻ:/}
^�:(HiB-:H{._�4w�!!;?G)8^BBX�\ �ffu�ϗ!0�髀�!�ya�$`r0XLY
e��h
(Z SjR� Ym?r/��3^@3O]/7���N���,�bRll��CP�KP�̽0S>7�ZMYC"g+eu?�qn{`��HcA��J�!�1�
%H���U��"D�S�qdmb(8@(%
��IF,Rd0 _�(�m
�~�Ob5_ x>kmN�rAHmQfe ��P�=ix�=!I^OlMSi_�d_7
CId>99ò3v�j777@�:�
xbYa�>x1�8�AFu�
uS(xvr1�@T��:@dՔ* �!�q@Y�5HU �*|Ufx^�mw:\�ܗ뀵�'y�2B\QmD0]�JXm!�Y%]j�Ms�ŌL��X�
$��LȢ=O[)>nYg�6X\H
e��l/lEc`c9�YfK�UO�fPz"Q��(a�%4S3�86\mňD.�m͞n�|
�")SX�om�_=6�yKڽ I�2� �iCqk4f~fE\@[-";*� ޭjL|5o��d{h� ̓xg]>|:7��8��C�i>BEQqL}oP�Pv\RwAѠ�
�,m�C%o��Ư8ى���FbA�!GwJ� QQ�;� R�Tx�MLpHW>�9փ�!\GS��9eLKE�D�^`ABA�EaH�q]�A��u7xz5U�z3a8�=^H�c�u8�xx�!\ۓ�i�" ~�Q
)��ILPS:�tޯi}e'
���nP��Ҥu*�b6%#VJ�pT!.�Vra#h -�$�"��� ���wwd�/��+M�i �Xlx�@�/J}˸w?mua�^R�#I�3�3f2��?N�)R�Ĺ�pT$?ݕ`�[֛C^
_5(HZyEAV_q L��na�$KNAr>lLR����J`*F�JP�I��RB �YJT8*� J
!��@]Pz�+�>>]_:?/5{om�7�V_�)�T?=.z����_Sv]CY&0;AC/N2o!R8Fe%e;ͧ��&J�
�SaBp�C�*1J9cYWn lwș�d!�8��C\i,?�-�KL B"r�����a�$ H�*�
ebIDQ*PwH��HB�An�TJ��)JX'��3L*�"j��J#|bG�6�$�~%P �DI)!VD�km�@+iJ�˔����3�Z转 38�@"`��I&m5 JzT=%�7d,7��*��M:�
�viْ�Z%����qez6m*ۊ`5�(F^$%��*kTsƈ���MaAAm'ŤvTty¨��#od�F=8ѧ�vʃ}8�N$Rl$pO61�(%!SE8p�bI�$ "Q�^P�o��Pj<Ԁ~fWb%�r-i�{F떚��*Q����F�5vڗ.hv�$5S76Qv��c�f�.%�Aփ3[�-7V"C(oip̏" fK����DR�P�^%y��l�~�Å�Gli6.~X�@[v�x��@-&d��X;uf5�-�})�:I$�A ؖ93ۇsLꪨAwa�55i{�-DjUT�/u�KG9ݙ,mus�v
yDW+XZئ/hW�],ꉝ,8S[٬
J�H5gdCnQU2.خŚ{ |#�A+8]4;&C�;8_-�)L)z+-/a@�`�sk�d�:٬O67F[8juX=,�c)CCݙGeCNOxA��|,pIx{�ߚk;6`%[t6FkeGl-Q+Oh,�!lM\|RՍ�fI!K$ћ*;TU�-pgwQ)&Q%%�ݙ00eW�z)VOEA_�fxmͬ�tLֿN[�aI]CLwES��u-'^/SqnF�nUHٮ�]LZ0TU+t)OE[i�Ʈ��͚͖{fh]AH5AK�ujxh߃S:�#F�C5A1NV{ܯ_hlsizc�6h�at_߅6_悍ON���54j�Nʪfv)�_6gJ3}0(7xE�Mf|gN��a� �`�3��"\([c5��nt0f*.P�P-�Ź!W'NrO@N&{L3K}1fQ�:ߒ邺n�h*��I.|VItc[TĂ) *AwN>IaHePhr]3E�fTXQ ��Le�WBz/N ���4z��"��b^ET&{v̩wUM,wfBѭ��E'ek<64s7�p0�4H$qFg㊨g`�ڗw7q�Wc(._VK!C
+�U�7k�ZT~O g33&/{ܘ�lWƋ/Aߡ�f� ݝ�KPUQ,^i�x;f:!l�T�OP}GF3qFσp��3=!Dz6�b ݕjx2(RD�%,m6¸g.c�2i�9��}=:m~~:~�+!��fA0dUT*W~�] HZ &"rqQ�{�ZI.D�/gA
bF?W<>�@��d.@�$mIA!|6^JoD� �Xں�u�W�@m��A�=7�a�� `)���+��`�My�=�h1M��cb_=�N�A�
i`@SzM4Qr۾}pp6�5�}@=5��K~_j>�MWɱ1Kgy�N��[E:�'!,�e�gwzѷ\�3~ʱ]Q
CEm^b{>kl}L-5fmzj;?3x^��b�YGﭜrp�GsU&V�Smn9uO٤533[ۮ�MM\Cad]>\d.Gf��]g%A:i; ?w=PSޘ~ϛ!m8eZ~_O#hutN-��\|�?�)P'A#m=��j���x=^'^#@yl�=�$ ^n�˽Wx<)|���O'-S4W]h EM{ݔIxE/Iɐ�8>Ǔ?�(�+�I� ;^B����-Dͺ$+*@-M�ݢy_\@�~C@|<�y8l�9;�E| b.�*PÔnY_�ߛemuJV�.�oKuz�+}.v&<}jH"]J�"� *��)K��Z珴m�;vdޮ셤OfGoG�d��&�gAWu�KAcN0۪WkDv}%,x���U+=� �R%+O"}\S#�E4�--Wet�<>͋�o�筡1÷���/zа4�D1t��淅vAY�R0a���hCCvnxmA-(�?aB�K�)]AoERS�Tʨ7d_ts�W�b~
Ē>RS��gC��4ږu2� 1�$=�#�+" �U2�~m>0=i�c�i�ۼ푟ʿgvZ"����BC�E�+*d�}$-*K�S�l�^�i.!a@ Z�S(D �:abDH@��[
QKn�2��Z�1,Z6O�Pn\x���Ԣ% �H�5S<%M��ffVbhJrEpPS#{51�
V�Q@(Z-~30BEB@K�Vr'�7V�O|L�h�:!0(}����)0b�x.y�[lxx|,R����"N|Yɪ"��Fp�>?v=w'|~St��wt�k�Ԥ�,�m�
B��XF���#V
��JݞXU�xI���� y��!PMBVŞ�Ӏ�tH�h�s�
{�D5_A�rce!g-?V��
a1m#�Pa$Rw��~{L��R
�Bґ�7WP�4�OX�[
�;�}ra -ă(����A"�O"�Aq%�VH�
>�v?[&TʮMB�{�B��XD�10��
�V@���"��$�n�K
Va���`�`.�YD��BŠYq\^ʡ4�*`7!``2�v9Z=z,bZ�M"V0ŀV#$��`kD.�3Z�@5U��͂E��($B��\8 YP��.�1%+H(Uv1U� D ���MvSpp&5v�w�r>N&v[FLR&f�,[PT0(�zKm�J%ݘ���j�l\vv� D��Ą 6mݞIbK��"*>r�Q�!/"%X6BY�TaV�a%�4L<`P;H().nˡr" A^4P̰��
Ǔ[O�>|�J
7CqUe;p#`��A�BC X�CS)݃����6
I��wni^wݷ{d?�ֿzjr=�U�j啂�AF'MDTS&U:iT=��IRr2ql'�g�ޱK̈́�>2U2ũG
_�U&͔ XK;[f;_xUepA_�+
ҬL�5Ծzb�W�\)hY�2Y�9k/�+W=F�+e~W_r]U>6�eQ���dH�9�y ;�ZAAb�"��
���Kd7�3(�Cշtt?N5jvMhwvs�,(�Ȏ �0H�@C`�ÐLG4bl��p ȣA�-b)--J3[f�A�lAbil�fVT@\ 9�:��Zhy��US6t�ZŪ-!%EF�Qvf^�&@C���2�D�@P��F��#�8� %3�[=w,�>�2ow�
Ud�Z
u�d�j Nв;%T$J{��D|I�/�E$D$�f����Zp�H�HRAJ\�C2Or^.[|��[`n���G�U��[�0ʀ+B�(�
1!y9zm䎾��YofK�$
,-XL@<�cż�^
8%]6Z�*>eVWg� �$�נ��bD�h
Pbdt��|�Rw;q�4:0�!�J6a1Z&mB�E( jY-6\��5�r6��,�*Y)"i@y40*$4E4Y�kE-d v�N�;kOg��엏\/()irҞ�o-\�5�}Y@
.�FHB!O(
��-^XA����3FɱE�UAAr"Ro)sSv[
̃zlaB7ӑ�L{t�!�q��hmtܪ�:4�9=4.}�-OGڐ&�Nǿdm4ޯ�63�VPB�)����4L�HΒ?!J�xd�W$rZ
8mu\P|GnϚT�Z-� i\*Y0;wE����zj�
oDD( uB#��{�pH.*(�QU�V"�ХEDY-kˋh{.��1a,Z'*�=aJ��Q-@U*Z$"7C��"l6z79{_˰_}|��4?YOcO}�
�!�uv�R�LiE�|O hYG\7-��h_DA�2��ƺ{og3{;�kN_WG͓�4GGޡ
eyK@Sja
�+70( C����T)��La�-
a#e3�HZx�2yCg�
ک�f��J�L(�H{BI�0�O�*��H$' RPi#Ž�b$Tؕ"Q�$����EJD* vp X�ODع� H=*ۏCb"��w�*%MxV9ϋu^WC@�ej �&1��s};T�wL䝆Bk�+W��oyQPoNJXK
�H�RǨC0*�AE Q!=�;0s�8�1@iA� q�͋oep29[JSyKj�H�j�F2:T `(h�ހ�iS>%U#`D)�ŏ�[l�TJewh �$(�& ��"1QSx�BBY֨�h
��d�.<
GUM�t �'J,7Ffęy@33$vb
�q۳�}NSRr�>� �}{Y`�AћN揳,@=Mo͝�JOs0zޅm�b6��|�o(��yz$�6m6hJv&D3�>̥����@h.UT�vkiMh�ehA � �E�1r��(KM)��DZn5e*A�Ø
; G* =�N)�@�+(Cp}
��o{ށ��lU;3a�w:��;qX�j*����BX�mNE$#JڀZ1%��,b�z
m֦!�Nat5HT�߃6kE:}լIH5(n(Z, �B ҄@�*X!k�#e�"j�H��'V��ؐ �$lpk#q�5X-.Qz��!�
'&J�e�>K�E�LVd�
�HZ�]��H>�30
775CÂ* $q�6�/*C6ޤ�e�?YQ(k�X
B0AN�SNxm�%�R"ŪƎ�
�.r^nحa�3ك4 �Y@��4� 36TxDR�3ͪt{vK�� d����P�.A~���T��ֵQxm�D�b0)1��<��OZSǮ`�Nֲ��7�r�@K!t,Z(�+�KIx!���ZXK�64B�ܱr{ZY+@��Qe�e�|
8W:�Vo6��1�^1gέ82|àl"q5`=yD6n��6p�%j�'!y\8u�u`�� +0"%7i0�*,#Iumל�bm
�2�FT�A"A�p�!�NSvr@
|{^
Cڀ�;�e=N^sG.VP�?Sf5j���$3oF*4{_x@39dv&N"t*V2Q9/r`4^nhg�Ms[�,'|duOa�6d�we?+p�M�qa�,ؙ.����q6�]$y
!k�rnƛPJn\i
jM�H�K^֙X�9�=Z@Hg�1x��b5V�_3VN,$/D��.@CV{BlA?O�ڊK�24:b!PD˒C�A?w58�(+r{�Riv�3M�:f<�:wIڒ.�/̶24w/G|71
IoY*�kk�J�$ܨ�@Qd
X=�uM��`�R��)c*
xzwFm��u�,ēsg*nY�Rt��$�Fԃs�]{)�@6RMB�:̐q!=S�gVLAv��U=0v5��6-j��A�[j_6��,؆�Çќ]I��(Z0` �@,l1�V TW�r�D M�{_hjM�@�D,�ar��c�VcD�q\TXB(|0) qqjBb+f.\s"ɛv�Lm&(ŗAjj/�c
Br�\�P�Yʃ)6Ait���luei6e*dK��U!P�ũ,�' pmdl@�bI�TI=,�@vLq�qS����Qi�h�6$ ����D6p
�A?[6A[* Z���/�j��bD A&HpJ �^U~
Z�HH)m��ȡ 2-"f젿A/�q���]��xT�D([ךv�R%#;#>g ��H�,+68y|S[l2�~nNV~8<$�@�RZ5�+`�2@�O^�m��uh~6Ro��>l2�$7nz}n�Ηf~:ϗ��|(/Q�2Q$@'GGaz[�2"��P ��e״;SԷ�9kq%@$(q���H�^ۤ�k;>#�-UK�@�Q{Mfr���P�
1C�Rr̳jy7U)ח9�R�?$IVdnKL@���{]a]�56n �iH��v(=hzH�'MR;d&B�/ȓÎ�P$�H��ivI I S}<�coפ�HA�{�2M1�,U�H DS���;�x{7n
�A &VW߹�� +TKmIGԼ��IQƈ��ơ��~)<=�m|?ʪ(_-l�`ENcu~���P��aܦ%B�cKs_3^@Qocpޭ^T�euْJm6A a9R.�+� �s"�y�y>}��">`E�� e��6E�*K$*;Y�Sm~>(hC|^�Q�n1@��'$�_,�&9@ ei0
�}�3/h{]!^DCo}Ί��`^%��ay[�'|(�;,��>���"�Qy�d�z/a�:o�=UNSnV�zUP:(�Q�'~�>**O(Dw@��.;���>�+[n^KP�^K}��?�*zKԈ_�$D^��qz�~�Sz-=)^ӼW*�t~�̀|/үc�D�?nxWP
�Dz�۶zzOW��"<�)G5L�;��A
k�7B�O[�o3}Ϥ4!�z�O-{_>m.t�z߱O�AArk{˓�n9gnj0h���]T�9�BƳ#HpwNrUU�Ӫ11 �P�fs�`UiB<��ߠʸ2m�_"ˍ
x=_s0 �1tk`
ܼ���6J��W~}.j�d��۲���0I$Wĉ B�bp&�a|h=<�s"B|7�uc}Tݻ�q��tF�A`��WwK0o:|�.�W9d
�a�%b6�8b���ɪ`w7Cw,t� �F�k�Ji6+v7�˔ ̅�` �]ux�OUQ�]1�`&}\
ca,bmN��3O&0�FI�/c7œM���y⨝8�O8u_bJdӕ~Դv[lѯv띥KO�۪Ӯ�|~w{
#��l#�s�$eR� �� �,Ңj�}o)kxD9�@iR6�$
y6Mj�תE(�
(�DHoI�,o-�FP-̭L&$l7-8G.N>SϬf�GY9Ux*vj97'AT�_�;s~[~|7%y"M�t%g|
>chTE4`@�g�WM��OGȎ�O��R.Z3�lk7Ҧz]ؑTT�K�UU1G cZ��4/l0Mgmlp*�&"(` �18E��P2͒l&Qsq˟��e���\�4$�ey1D
0Xf`/,p=�7
/legx�VU
_��lϕt �JP�PFƣC9EUcUB���҄�-�����P�����PuUM�Fk8�L�iCD�ƛ~�(Bӛ��2$=�HJ(kDL'Nud�kf;!2x�A]nZC{a+ף�{$'q8n=vqb�f/g]�'
��8ad3k|& 5�@0�/ wEIxn6@�,Dv߁�~5u|ݦ44Oߴ`U0 j�'?P
��B���r+�{�?CsNB[Z퓞~W�%Vv}QUw;M~��:�GBn)_]yrdW0E3�!kh\SXS�JE�Ox��#e[kAEKn[|}�4@o"'aBf&_�z1����Rk**;q
(��Ț.�U�,�y�(H( �tq�!U��,;<Q7�_i\b�d[��)q�'_6&ь(67VlN��Oܿ|}��wY{uT]��yV���9^N7_NH^ƳWzz}}�WאqW�/'}kww3-
�#,[7߽}�s_vnswZIÍ`�曞�ﯲ�jsc<}aS
wEzNݤ�Ȝ9P�`^!X��ߎ6U�d�.ZglsudF֧"=��l�!t�;aYG�Pq-VF�q\E}wu@�:O
W~�^
(�j�Y-!}^' do0#9^7|�^^ãR=�z4F~,��v��b� b>2'ƎQ}V�Q#4&%J�f!�*7p5���~�2wp@8}ǫՌ�JSmkU�X|Kd`5(`7B>9o���j
���^��ף|�_�On|�b�P5-
g80�33!��/~bT.8NT�xZ�k:Ty�5+[\yz�P�p�dvP!ޭk�혎v]Q9�8j�u#T�
q"UҜWר4�^�mo�5ZEB`Q��1ªrE�P
�ܶ��?a`xazB<�e_��a8|?46��JH ϲNױl��?aUџ\/uOsWw� (�bYL*�0�y�YI;gOuU�+q%(r@b#.=D�esSA��V ޮ�'lƵY�q[}߱4f/=vc��RN~1ǫєwڸXy8c�w8nu__�hw4jRޟϙ~С+e~?{Smy��;c�S�wsh��>�}C`~ed�jQ'GO_e�]�`Ϡfm@qp(kmcRew^uM~9[6nwQލGnv^;oA�#8o�iU
�#�w9ZO@ezQ?"�jՆ(Wh8G(#=?P(�X4?Ozk�'?�2e'z:
,F<g}nJ~fI!/_Ԟ/]o#gvVyt>)__説�� �Ȁ�"|��*@n��R�;�$$>_�*\>oc49[vsUZ~�uSt^�-x�+Moqt�d
$r�V5ݢ_tQ֙,vGGzoj�i�_�o�$����D!�"�AB�V9ehG��w��7)WF8_yc�R�
ho+"F
�z6|Ő��{�j LkR׆*�D�"�R;�
�$��.ӫs�zɖȦ� �nU;*x�T:J�+RR+@IB�4}uE%Xȹ &,3IF�.v\]2Һc�?"���� ϷHVfזV>��7CJ,0K�7/�$�P�Y�E
=
]Pic"� H�na�k'T)\彤lhDEfiվ".F$�@�`R��x�s[t҈REʉ�Eio(:�Ag�D��ܐ,i7�ď�/Ff�7/(�}NP,`FױgBA�F4�U
dZ$��B���D���QAM=x?\6/ukSt�0�fE-��Sջ
(�رg�j����0k89sz]ñH�
]}�v<��'o�nnmw_ۍm:�{OL4z�e�,nBP��il"-,$�(J#�a�ћ`E?Y�2~" �h]�
B
`짒ɕ<>�O`g,o��d3yQ��o��1i��HBy�z�B�Ѱ4q�p.i:H�ga�D@��,(�铝�!|,|?{qv�FoIQ�Ea�OY���B��XAY��w,�v&G&�Mt��HՈV�HOx���N� w
n4GHNkA�vmL)'*ܟ�?Aj�/u"{Ooػ#4.�.P�JNT! �_�ofQ�k_�uvJ;tR+=o(6+aNC��F˷@9
H�+m&J�%G=X,ʔ�J*$�4jsXޱ�[@���Hb�*�:�-Su L �Xt[�0ty1M��� P�!:u@](���)j`?Q5�0�Oa:��dhHid�5hk>��Q��HP͙�rK�PsU}u9�a&<�8{wxSl:)n��8i\?>~uI:4{`<�ut(P=6V�(U`>W�\yr��49dv?�j?
��7�f~Fw]`hܭp?_mӇQCcPc_YO�� ZX՚L��>b7!'��O��|;O�O=8�=Վ)S�jAFLݷ⫓ٗզ��-44R�v�/k_g 9�@oxm�Y ���c{@�ԡ%�� ��WucUWs4CqxnٳlSr�i̤~^F�O\գ�d��h�t$���
q.y�HPZ�1A`Y.0�1 ԡ�9���@~ I74��@��Q~dD諭,5AGߪQ?���fA
O,
btq.'iNy?�@t��vX䅀DU|$y#t�u+���|h���9W�ubRŊHfL��W>�^lJbA"kdAC#q�"�b ңvsCs)�^6,<&fQ@�u!v|S�M71CS:�}}.':�>2+Gɺב4�vhjWY�݁xN-=��rNÄ,,xxO�:fC�#%:y�y<�g�KӃycM�U8 �Z�!�,���n̺v7�Ӣ*
3C �Ɲ�٫�_`�<8"
F���ֆv�h`tr<�jM� ����)|z+\Ʉ�u"�s�dµ���" (��}L�.РO�/?\S+35�/NN˥Uġ@&
�([Xmd@��V��މ$�"4���SY��@RAW�M4cۈA¶
lnN]�3
H�EdUB�[��v;�GNݾ�WG\uoP&��0�@,UH�/O:Y�OepBd�_#d��'�pP۬�ՔMKڂfI)z�,%E��6e�H�DCU�=qY!ؽ7z�:;9 �t}1w>�O͝|�j��nϥ��C،8rn�FR{�RX�TI��������Qr ����[8�k7-z=$Ca&N2lnىS/�~]/9w����[��V%#�>5o�M/��9��P�WBʋ!L(ԖH� 1'C�Mr�T4�-�AFmo6Cb\&�@I�$Af��v�G�%2$=8Vs}8aQu+{j���D�H1Y/�`�0�v$R@� �i�{1`��H�<��@;Bn}��j`��9S-�%�Qs�<-sUg�6�K�,Fר \nrdX�a=tَ;M\*'œ<�PF� fd
i���L��ۋቃatV�9^�~:H y/�!V;;X\W?;$Z\4.0�G�wu��$vc�=:笶���, <^%mSE�t'q�K9 ��O�*�;h�E\ݑ�a֝eQ%R�@32xGj�a�RA�$Sߪ^TkTiDjY� ��{>뫋w�]wU^kS��(C\�qtv�7mh?b�T�ך/ë;�Ί�R�מ� ߏQ�< Z _3u$�L7,@vypYykX���6�A�WI�LS٥!� �U͑vD� '��
WfՋQwOK��[ޱuw�)Њ'ht�"eJ� 88?��
6hN9�A���0q��#�'"fmj��Z7@쇅v���9�1Ħ2[>dz},X-Z'r?ա�=�݉�ȫD}êxa00Iz~`xYd:\=4d1dCe�Wp@�z��bJSmbJ%�@+pdāU[_k�Uk��Z{TQ���E�vgm CoEqpue�حZ�@dg�M�N5D��-T]P0H;VJ&*T-�dmĔX�-�2d|
I]Ozo_]Q;!�C p 2-D��@[]E���߰hh?ٯ98h�h,�)��z�$y(@�?r�� (2��;�����
"Њ���~(sC=2�"+^{Kq_'u¼�x���$jjR"1QA}ؘKLaBY\�c2r RQ*}���-!&Ƀ5Ґ�K'QԔ�ȞC��p�qE=ݐ!5^R@� l���>�{��Ux/טּ2�Hj[5G��7Q6�cDbFYB;}�N4K�_@)�>Ƶٳ٪�?u]~*��X=Bv"G�X\$���L҃�
ŵ46=%�WM�ARM���_~Z,�} ,��"^w\� ��ŻE��R�S"!P(@}M
}@W :�gѬL*>3}*L
�H"�
HLT�Bf�CJXrحDD{\݀ƽ0�"t�t�.z�5�jE-4eTWbb���WnfyO0;52d.:9 g$�u~� !TsޏmId$ٳDDX.}��i#�XZ\,_px�����9��'�fjAn�w2v~ג
�)�OnY GT"(#�b��Mʌ��i�l(3�;k(U�i����^3�TΧ?6(�.�/8WwY:�$k@�Ro/[0Syo�7s,vM_�:�s$�,X"EbSP��RGy�MYi�*9�/Bp�Xu�RNqpĴ�X-M@#0������x*@�nn;M�Hu��c�oQ`lR&GogdFH`�A˟6[ySt!b;2S�g٨!c09�C�8w>D\>r2*r^G���Q�2��&-pe�崈oG�Tw "nՐ! W;0�1N����2�N;<~]�g3�|�{3�v߁�ˉZ^��2c�=ܶ�4e�_(fgC A_'GS��!^�R�B23R;Y�iys2�mJHw9sd Dd(<89/�P�2nN�ۣ��"%|wm#G
[ J�RmH�$p��"
r��AB1
Ýe'ߪY)
�>!�6OyVԽ�ÝV��Ag?��Ʉ1�>opނjS�g�PO���@}8Cy㖁�vg�=?QùEY��?(�'�=Ո�AN� �:'kx�M ?^T7ﻸ@�z�v�=�uV��W�í"C泤2G�w}2�/,v+;%#A
�pZ㲭�Xzm���6\���s˅n��{�{*~ם:٪zeV�
eq,'8�^ Š+y�/+@q�g���w�\�Sޟ5K��[رD�в6,�2ps5V�~=E�L"ND�u��7fGu�2Ys�$��b��3�Y|=�K8GTq,j�;\�!�R�!e��&X8!�}dWaǞZ9A�kJb�wz~,wܺeW%�7N<�[3)Wь=�vKzB ����;LDmCp,K/6)��n����@#O]l�cDz,)�b>Q\'MQ�fvA$�!�2�"��"^:{fʰ~ol;bؾ+2ұt1�!��"HOtz;ݟ�~aYyh�(Iְ�Ph&^�A&�ܨ�y�
ԫ(AK&`�\7mqg6m� L,/53!2nθ�X҃fy$"=g%['�pu.jƙ�s�Ad�s=uMH��f:zȂ�ٴ`��!lψs�"��D�1+Q�Z,�G\;GCn2N�`He8>�O;d;6L)�5O'`P�
иd@ !HpU�5B�#^���ɘ$�u}H^ij.*ߏ07M2��A`
��d8�j�r���~߸�H!ŀ�< R9[~_j3c�7!MUS�8$A
%�%"F2}ݵn��<:��(���TeW4)�鼁o�S?=<ψu!!)9L!�>]��BgʪO$h���L6t͙ꚲw�7r
8g+ah�nㆀkf5OA|��Mv"ԑx{+�IwR�05m�t^6'|��+�/sR!3<\qZPS(��K( A7Kеe:tj1n �,vAAlQ��C(Oh��]Xl
#
��PE
�2%�P�T���B�;Ƞs1PW$���O"Њ ����h�&�$l�p�r{ѣ;esy,�6EBu�x^ T\cjp#a�G
w㡧7$2�Q .��k`�I���`�Zwe�4-�m)%-q��"rd�j!���[/���ڮٰUDA�!��='�@�b��T{ )�:�6����=P�Ϸ1�B&C.GGi�3�rѬSW�_U�H/0��{DqfL4R�(y�oG*D�I��*+�Q�d9�(�y~�u6jPXв^Q�(U^Z�"�� |M2eЪ䖪A%�B<���3TE��`�#r3e�����;7jX/�٫�;a"aGVd�l&[U��?��PSR�$]&!.��2,62IeBRY�R��C$8'2Ao,�A�@UP8��}>>(�d9�\�<$F0n�M����e�V/A0�5�욶�KBz@D@5"s�5.ܿAay"ky�tzgڋcWrnV7�+-"
_ˀ$�"h�*>n�R�)k�9|Hb�2A@6���D%hXEa�|-MtHH8@-[���DQ4�`Y���Y�.gxYlg�5�PA��6X2>W�U�:Ȣ"c�1Px|3�i����l4o��yt8$L�xw�AwWT:� ��ƫW>�l�t8H�W�0M.�G�eB|jBZZ�wV-E9"Ke͗>�əa
k4
4�3I{�4_T��?�H�k���J�����PtjD:��b?N>3q�C@�<��}/E�>5(
v��e%o]P(�*q��u�[@]("v�(/숂*S{{Hsy}B!`=k�=�T��{ v8S$3{A^=N�W&s}I=�r�j E/p"d��=ˌ.�%�/�2G8wP�+�.�oI�k[VAk�k`r*0=9ˈKU��}I�tn�@;P�=AgKͨ�f8U�� Z=Do#gOX|?g1UNj)^9V˼o�5Ϙ�ك~m,C.�b�w?ÄWg@`=y�k{���;J]89�i#@:c��O,�b�5KD�!Vh �=�<40�[!��ۃI�Q�;Gҹ!;��b�Q6zVtD�
q1#r_�")Ĕ�8@
ÿ�3�eQ镞ppw�=h��"�(,y`E U9�~�@�U=mER����p<Ʌ�Bti�s>0pT6�uC^Cf?�m0ҏ(47>o�^KnIdH�6t/pI"� ��d�2k��e��ݣ[
0٘]xy�vq��
_�BQ\�4V6ӫm lp<̠�%J3[^�+0�SK�:~VJQb14X2a�,4T6�|^���6H���7B/N�}Y_4�p٣_)Ԥ
xyޒ>=�O���B3:�MTG�_H�3?4�k�]@ ��3OJ�O\�{E¼߃x�~ڱ�^/Y|�W��UP@ _!
�BŽ:ۥXUL��A?FvP҈Mw_լ̲hxHqzLje/�tW2(��zw{|�ՀHj�E?.5ڡ�$EDH {���P�SAP$���J,�eV -]y2�o<���K�9�SDUrZ�noHҖOU;Kx7oV1�j@�C�GrKz�C^-L}ϺKBTBPE~@��Ij�Ûu�<ٙced5�8roP�y;p��?;y�Kq�'_iy5D�; 恛B�<�O'��DAޚ�m�E( v�@⯋��*#9|���r;� *�Ѐ좈:T4�顫'=k�/olv^#O(ȁt�y>3Ru�#$BH:hXWq��1�/dB�kQM6Ž�W��ȴ@��Trq�U#Y-lh�mv?|�9f�m���Hf}Q6orr/cU4fҮ�V'�8zZ���3en�PA
h%��iFM-��.*8�A&�>ѱѩh*�XW�7?T�ub"�7�E@NvW�jA�D�RK2�r3"*L�(3*fjFz$)QO2˗69�b
nE�Cx��ۍT5�s>C Wlcsy�>8*�
j�e9::�^��>m�$xPtwߓVbAa3F2+7'&RVY52bfi� ga؝uY�:{ezl�9�Rʧ�x��>DP!d|�UR���{�<>D����YrgL�*W�BD4����ȭ�{N2eUQ&i�x�PPaY��CQ�,h�G��1��c�zgb)"�qm�_kmww�U_�c8Њ�Y�Q�[�18G4#h��T�H+�
��(�OGU?�Ʀp��FToG/|>��@tA�(�w,�i^|xk;77KMr�熶��e�tЃaO6��mʆ-o�h+mU�}w\"#Aﺴ���}Xpp�-)gx9dZB�Q!}^f�"8>է:Rܝa9b,?&Std~W�U�EZ�e::�oPg�s狤iU%3j��J�?j�1h&FX=xY�%ʟj00鰻R";&�@ؾ�;d�D�/DU����塳D9hP�Y�Hf[{x^u罶}�X%)�QDu�KjL}5QgN[�d�I�.! 0�A���&YtP���@�9fJ�T9?pMʊ}��
�NU� ��R�´�k�_G��J;�WC7tv��j eH${(J�|�KhC(q�xNCPš%>6� K]
ȗť8}KTO*Y�0@�7��@�@-[o�xv:8(N32jNG72lp{£!wC�0hL�7M~�kW�I,H�O[pOibQdտS��خ�-qTnm���"Q,xX^|7ĴׯdxhvڪK�VM�|�?mܘ�B��qЌVU*<|=Eu�}~7� ��wc9��g�Õqҋ$꿓��.?+6 f@�m��t�A�z_k82ouj�d9:*�rl_W�y�2JT6��I��'/|\n�f��?�6/v��hd@X'
xm$W_�W��"B�o�.�d59y �H�;fd]ߟp+Y�H�~ua<6Gfڹ
yx�5D��h�㼖8+d�B�H�v��Kg4?Wq�*30e�8�6C6E5ڵ,
��Ĵ%.~�g�
uoG����Ps)/���/d;~/��ߝ�K@LW.U
#kk^V�Ѐy0A|A��R/QO|ռOsawr,h�o+rP��ԛgNz;\~W}5Wb�k��5��yL1P��r$sPOR]j�E^OohzMZ"ִ+Oٵ)VEDnO�2g91I;�!Ȁ
(b�w�z�[r+�fXǿE}ʇlV*-;0eRQ˗i���)U� �!}P8�
cT�O>32/v�m��fX/S48/ ?�բv7'�>�Ң4�Y�H�.�]c`Gۤv7H(x�{²]~mm>�(x:yk9L
jg[m�B2��^UAHRj�1_d9Z$@�\l26A$@m@�Fa'qn eZ~41$�s7ImMV/֠fkg^0�z?{CGү�?:`7$�1߶ۡ!9#� D4�%KM9Ȭ3LWW=[TqV�-��EP~'v�xsʥYQ-�m�@o2��BC � 5��2DqDo��!݊N��D�VaC�w-ɻuF�ҿd&m� mn�:�٬M-�JLC�Y\$!�w'
_Vm_O�{d�&TAkNA�=S�_[��(IKpПԝ-ˀ˥w�;ei�
`Y�\%?uH����Ƹ/��/ɼ[ J#�LZ�io]%wu4::*n,j�l!P�C��Z�)$<䧸0��3vݎPo�^%�9��[ь}=-�H�S3�Y?2VhC��J֔̇ʸp��$rdVb�*d#=a6�lߣl?ջ_jʷ/,n*�ۚxT=�j&��ؿ{z�=6��{~�v!�A�"�WOe@n B��(A"�y
c.%�_r�wK��&5iV7�
x$Wꘖ�'Č$�d��n\6j�'aѴ}BDח�Σa��(�?H??H.j}H2`5.nǑb;odU()EW{�kcԳ*,h�Y"$�8�I0A�̒X��}Cc�d!G3�G*�#yB)81̤�+ϩZ�ɚa�h|*�4>5LRE�F1�kW2I�Nt/A4c�B��A��`�*�K)"4��RBRD�!J
Hd,�H xz�dCbم.�y�Ql��bZ"Q5V�H��F6CK{~D� |t0T%D5��diۊ�A!1s�a�CZ�\eS<8BHHȄrP[QB!BYFX()$TEk�j*-j� _%�
kȻ0"�3�TuFP� "�*j&�jB"`4(d �4`$!�ՠ�g���H@S�L�@l��gˇ! ["�ʄ��L0/QT��&0[
/�T����*,dږ\ɡ2
�H !V���Al@J�/�kU�0$��iR*#RfigLT;�"� F49�n�n}q�١w~�o C`-
����hR>έ&;�T(,N�mc���h`ҭK[C�Ez�B&tdgx0UT$+ [���vn
hdl �Ɩ%%Sӕ�LA��E
c]-i#fQTPk�@Bve@�ʬLU9Y���T� ���~nܫ
��aP| �[�RJҟ'�8[a�aOˊ���o_�(;0F�AӊH$B(H�"(;
dMȯ��C�#t�"ĮE<�� �$Dt I��P�""� !`@Y*4A#"�7yP2�T�(EQ~߽Dbͧᶴ#@�nW@�?|?~� fCi͉!�ưX!A$A��1H,X ă�P?r@%`u=&_�x�y�v|'R�g�t�{ϱ��kT_C��~��//E$1b3LwV9WB�>BwJb1aZ��7D<|h
HA�=\l#o~`y�}Ӂց� %p��Ms�҃D�~ǾփY87];V�UŢS�U�n+2�a���(U'H[~fsu�{͛>ח�D�ALy!PaǴ{Q(5ǽGgJ=%�1E�2�ң�=�ȩCKJE^>�=q^śV�@oG(�袋�DU�T$Pb������Ȉ@AVA`0BAY�b �QK�$J�|yAK�P�TȉMsx:ћ�m�g0C+Qb�UrJӟpu s�>ie�o|d �F@O_ë
�Qf'RXM��z-Oԧ9d�jH�)��� A�L�+&[@�4]Wx& 0I�֎f�-=^.<~N"dfY揬z�+dô]F,$/`�@@9Trr8pŰ|Aimzg4B~/_#?7wҲ1 p`ԽoȨ7�3 V��
J\?böE;x}�w���)�3��Sit*�t�C�b
�fo-}/?Y,Cjv)�i@zQCahCKš�KG+wqrm!H1�-����{�+�5 v%0�ѵ^�
���
�?3Fzy]�
a�@4�ۚ3Vطv�o�oCFH�@U3wMpVpBs��F�< �
�"!���D�s(Jª"[
�o|z1c,d)0B8�e.%J
54$R,$嚆E$
E-Glhk�/t|/ ��lv� �g"\tX:ë0eB:$��d˟O{*S% ǻ`L=⫥�Ft(>Zñ�{ !{S%�}Y9�`baڙh�dĐj�\�@z$|SN2�mgDl'%չ'hf�;S�f�4cwcz!H5Pu�I;:]Z6��^fX*}�|㵐,VN+6�Hwmeņ܁�� ��Ad����,R]�3ɤf.�Y�cgO��칯*ŋ�FR�YK'q)\x�+5TJEXYi<�/@^hgnۆK؍1�!b�|hs9̞ �0V�u#8R]Fid%V���^mx3]7�n�����jzg]Nq{f�ND~b$_3�B:m�H�NY�7l$.
t
oC:^W11Ci,aA���oxsrUS`�̲)l�_�:�. ~Rg��
�H%F9G�:u��Ww��N5W͐~c(L�F:kdY0'@�v9w�OfH��OTP�H�](�g�^�02ZQ���b�T��(@b # ܀q墵�9�w�C�bY�
�C]r0MbQ�KD1�m���D��KGE[#9T��j eD�ak�Zb5XKӓ�PDe`ܫ3&K*2*kBq�*,)K e��N]u�QNnQ�pV\)54�Qcr4Ϭ: �+JR�,^�bAUba2/g6\63a: ʸU!z4�-��EJ�u�k};�uLW�3r$blyR� q���8I)`Y%1`PF��*L*4"Ȣ3OI-fb�a*Pu*5�N%W E3��D��69A�«fO�8lڭS78+ � �$�]Ͳð�Pf o1��[�K$�$p!l`.,nB2xg�T6w@9w,���?f^�kЀ�UQy�F�1�oA&I$K�Mie�h
.�b�VP7!
$AA IǮE'�hn�>��؉�O�v��Nj>�'1-dQQI0q�K�@i[CE
�
ٔR{wtz@LnA
Vͯ"U]�tS �{bK�p!bf�)L0Eɱ{V1H*YW�Z٦fb QˀɁLXLbŕE1.U1іFTf-B�Al&ƍ�b�\VhX$4��0��sB�[-ם#�I̻`gbg,5�t.��3�ilw8]yYQŲG>�zDIl:yL
&��ҶmXt2T��l9b�I�� �"Sck�Ljd���eit�@E��X�g˻tq1�brPX�V�Xn (GԵ- R*Kh��Q�yB#jWj]XX=d;sknV�:serb�O=5$���n��w�`s*ܜ=;J}:Fq7#.g�c.EH;�����SFuC@�uB�]�Zk���>kJDY@g�kd��O�A�r�z�RC/gdk�Z9iٝ��_ k g�7 �r�a�1�`i
����BWY̊�gxDU���G{T��W F!"HH"�9V�[����56R^j\�K!`@!g�'T6,t �
;�+�pK4ޏ5:��8�PY3tt|vn �#$Z]�U!�d�(#�c���.,0�rC�@7-kHqkU$2N$nĢ\�!�@�(Asp{VNn3V~t!��I \=7N�#9@5x?���Tʀ�DqAb$Ij5U4$���0VD����(9P���>U_i�5
$Л4R|xla�XqFuZtE�ͣk�5}9ΆBݮ �k9} L�DÔ�g֦q~ś-iqM�xE�]gAqS�( �aPצ��b^,1�צGfĕ"�
YLf]RG<�Ꞷ\��(|d"Ēl"ڃ|YŶL$�#��{�6RE
��Q�{�6@�B�CZw�,<@ ɜ�ua@us2mU/^G?غP�W}W:tW�:B{�|1K3V`c�qY!�Hȁ@A�6
8X�*��B�6/�Ak}k�H�Y� ��� D qYm~K^P$�K�d[0�,܍[�։]5?kGգ���&܊08��]�?��*N)��-��I#fT��dP�i.�홠&Jٱ-IYTK��UP=�2B P:heo˟,TfͿyl\ìt2��Pe�=F2^�<�'_�@�[
�r�Z��d?�/^��!�8F�%%Jd�{ޭ?�'P_�n)���oɠ};8}}n�Ō͛>ěYO���ԾV;^r�H�G_�BH��z $�CI�Z3�
�{F Ҕ6�C*�xvd/�:'A9z%��$�T[N�D��#�pa8/�:=nLMuC#`f�@c.�XR,dDd7 duk2:}@o�53r<'G@�Ҷ�5V%�R܍<�]K,c4��:F�Df=ܭ]O~G9Ά�РzNK��R7/ƾΧ�o�Go-osct7_9&n���:!!/9=R6�e�;t"7*�s�ؾc00��p��]U��p�jI�_o�E1�;`s0@��IÁD��dO�k{�YNJ�ǍPH�f+~^Yܰnewhq4�$\,
�scY?Offb��� (PP3 ^'��~~��KH�a��7 ��<}&"NJMH�E�P�&xpw�4w-ϓ(Mɘ98!�h0E�!��D_`z�K%�f2�YȫΩxȶ' ���:? P5!ȃJHH`<�8ï\=ؑeǣbuāv䤲&K[�ԳKTg*t{=�?K~7�Vs5o9�3<�n�rբί7
�47�/%Lśȱ*R"1*ע�!'a� :I�}
S�O.|� yA�~LъN�>U}#چ�x=M0H��#fl�gKvm݄dA����Q07`>�a3��wu�B@�@z8t:ά-g(�,`&i9HN)P 7e(}y���@��C�
1\'fհo94X#
a6UZ@M?~e�1Ҽa�tN�rv���D�sP7Z]XjD$v+�MA�tc��xR3#H�gyj f |Vc#(�,d�$�I(UH��JdZif�B�*�V$�A�EL*����H�2�BaE�'iRZ�� 2!<��4R:b5CCoB���]s�REܘ�Cnʆv���$�T;"�Xhp:jƥ=%li[[��=ŷ`�'')ync7=EQMwzxo'�Ƿ�bT
?B�#C*����-ͷSH-�q� *F�s)r*�Ԏ��TMg�i��XP��_sxoc�j]�k#�爬�>XD (����UT,ؙ�"HuS�I#�7p�\�rCk{��>6rP�{PGP�to;�8Wgz{4E�(��)$,�^-��e&�s՚kN~8oDsj�s�ӂ��ig>k����;g?�(�N�#X���t �vCӛީOq7�d<�gw� f`{)߿u]dxu=��Wms�\zNj@L1B�/`�&�qԅ��pʁλ�ཀྵ��$�Dg���"?O�,gG4�w|f:B@#>RSZ�㫁.(
o�t:��hI��+Ȏͽ9
ގ{�y��i�]�a �kQy`B
թOdrZ�7=yxW._}S}�4< f���
BF "|*��ߨo/x�0���O�}U#�M
Z[j+5~~+]='%`F��Y����@�2=H3j�+1C�~���2{`A<$O>�=BaJ�H*��(ZZ,4�Z-oը���{>5\�]tpdf2&oF+V�a�eŧ<ưu(Q3g�_��i.**��[5�Z$/xLu�EPZ�Z��5J=jBO�Bic$D`wF^bV�:u*7[J0OZ�|n?=>�k�v.�<^�9 -,R$�-4"uc
TMO�-�( ���-��dgJzVG|Z1'[Ԕ!c�=O��MB0�M5{]P]upR�ղ�f�!<�w�Ö��V5�u}%rWv�nH�$l�o�?DH-$�x�p]�:J�-��1�jO�M�]1+Fq>�$6;fΎn�EI1B*j�;GFVLNα,z�YΚĨ�.�^ӛ;i)�}o0{B�EylNG-�٫�yĥ��|p���)DdD 6/M�*diddD��S֡@!e.S�~Mpm/�CI�F�᱗+z�+=
\#�ġ
/�Z%]a�anʙEwy6%�Ns�Œhh6ӷR:.�U�-h2<�4I >�X�3븥�oLKQ;;T�;y�2`LBa!S�\*yi/LL���H�!/ܓEgT�fZuGň3�Iʏ47�)?�`BcPG�,8/얦]k(�
G ]��pEot) ez}����
Ɋ&�>;e�3�N�_��į��Tg�(;ޔt�U~8b~f�k�K"K�=KI�jat�U]��c7oc?}T��� |1�EgI|Т��n i5�- B~�8.w{>-CI3�
{r^X6!Z�:b�y'KuPOZ9 ڟ܆6�CNTs'
��#RIg>ޚ�jYP?Z]��ۼ �&;�(7�OzQj q[+p:�GC�$q;$C�
8@xuIw4z�:iJ
q!:Z��=� �^#�.�FL�[dLVK��8"�GqW6`o>Bsz9�&
`FsuY;d�2(ʠn¶�v>��wC㻑#M6<7)]�C4ヒ}R����M=�p8ig�t
]�)[l}]KeiZ-od�u�-=14cw�3T�A�#X|EUa/�e:��n:V�V-F,TwUSz��yү�"���z\T(lw5˴!�^%�lf[}cJVtxRuFV:yC8��"�;S�q^Am�c'f-vA^>0�吞<Ľ~Lu�A(ل�#ϑsԞ}�FiiJ]=�3�_/,O6gY�|���`YS�"m�N:@Du)=ߙxe$}ADD'e:H|�I]Xf��\�6H6r�[ɑ�5 *�JI3Iv7ںO)6}�E�*~#n�j,zW7D���u8A`�Jwm8�Ab�:7hc:%J!�rR
m��9��>:º"=2Hu2z>=$FdLY/k�8��E=�g-:L%�;\6�t4 �o9�Me�[�#�o�Ȫ��8Ga"a?OX[R@Iyx2z�C2�2j�1W
x�y3��U�Tn ߪ.x�k�@^'Ž4uƜ�Z�[RBQj��.k�{P ̛X��fJJ!��j8E�T<�buW��]�u�|�`,@IBw,a�3f�nDTn�W7='|TVQiɂqa܄8t�6��Jg�PQH
YzEб�}��
gFh�~7:�h �6�%"I&Y8x�7w"D�
J��%4=q̴��DzBr`AȟOi^C�mI#a�pXܨ#a&fK%�cOW`D�ޣL@[`/I�!{!D6
VX`/6'G{W�qx3I0泫��x&{�-5�:�Գ |�2Ңk[� W�;G�fw1%Ծl�(z�먗>ރ�? Oڲ͗xVZ(ɦ�����aN��ɋxz0X^��:w�+dMo]mD>p}�� xǵ�������LxES9-fgwBDw�L7����!$g߶������
YZ