í«îÛsamba-dcerpc-4.19.8+git.404.38b26805d4-150600.3.12.2
Ž­è

<�>
,è
ê
ì
7(‰
g¦/lp¯ž9Û|‚
ŒNÿh­R„Ç&Yôhêlj¢V[žôÑ¿äTµ™/T–ÎJ$â`š¯€@±C8„¢*ÏQ¼®sKö¡lµxäà«Ìp ÒÏlà™„bL3Å험Ȏ¢c®ßß“©0ž7ÖÈA¿&°mâddê‚×ÎüY”;Peat~6î¹M¦ª3VŠ wéo¥€–Ϙ0-ÊbaK·,Ê1`0ø*ƒ³°Íþ–l'b§‡·,ã­žoË Øû–á–t˜ÑÀîõsN5&~ü¼Ûc¨Cs¹. Ìy_ç7´HOQ A­¬»TÚ+ÛШ“ÎÑ@àäÝÝÐT{€ö*ŸƒFæl,Ye)¤\ÇþHÑW$’åÜ›OQßæÔjüºþ>ÿÿÿÀŽ­è
>é@?é0d
è
é
ê)
ì 7
í U
îœ
ï 
ñ°
ò´
óÍ
öî
÷ÿ
ø

ü
$
ý
;
þ
A

L 
p  
‚  
” 
¸ 
  0 ] Š
À äŠ0Š"äŠ(#†
8#
%9($
%:;£
%FÖY
GÖt HÖ˜ IÖ¼ XÖÈYÖÐ\× ]×D ^׺b×á
cØŠ
dÙ
eÙ
fÙ
lÙ
uÙ( vÙL wàx xàœ yàÀzèГèà
Æèä
äèê
åé,
Csamba-dcerpc4.19.8+git.404.38b26805d4150600.3.12.2Samba dcerpc service binariesThis packages contains the binaries for the DCE/RPC endpoint servers.g¦/libs-power9-207Y:SUSE Linux Enterprise 15SUSE LLC GPL-3.0-or-laterhttps://www.suse.com/System/Daemonshttps://www.samba.org/linuxppc64le°
``x è`X "íííííííí¤g¦/:g¦/9g¦/9g¦/:g¦/:g¦/:g¦/:g¦/:g¦.Á8c0199772d241d98e0f896ce0c6725203a262e4ce03ac5721ae84ecb66582960476ddcb3a5370a3235fe4d7afb293c3e71d73b2e54c54ccd84fddf5eafb34c75fbc3d6d79402edb656ba9314070e2074cfde46451e7dd3e6b00d5c96992b57ab0b3fe6eed16f8a82181dd41261bd8afb1bdf72ef86ef83776c9aa40276547fbb7f16a62e9a48a95e29a66515a7918a89cac0105823a03495a724082ea7e0bd46cb98ec7b4e304a6dc73d1466f41e2ff4846c803d46c295fde8fd50520b492e70198cc8a2efd036ae6ae6dca828a8589751352d5f69a304aa407ab214c124d3913022d795241ff19b1dab6a32d375f55562c0debb5e54ebeeb11f034ff942b37fda62b194ec43395ab71b57f8c184ed0a0630ba5a9ccaeb6a0dca083a5ad32c65rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsamba-4.19.8+git.404.38b26805d4-150600.3.12.2.src.rpmÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿÿsamba-dcerpcsamba-dcerpc(ppc-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@



libCHARSET3-samba4.so()(64bit)libCHARSET3-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libREG-FULL-samba4.so()(64bit)libREG-FULL-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libRPC-SERVER-LOOP-samba4.so()(64bit)libRPC-SERVER-LOOP-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libRPC-WORKER-samba4.so()(64bit)libRPC-WORKER-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libads-samba4.so()(64bit)libads-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libauth-samba4.so()(64bit)libauth-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.33)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.38)(64bit)libcli-smb-common-samba4.so()(64bit)libcli-smb-common-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libcli-spoolss-samba4.so()(64bit)libcli-spoolss-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libcliauth-samba4.so()(64bit)libcliauth-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libcmdline-samba4.so()(64bit)libcmdline-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libcommon-auth-samba4.so()(64bit)libcommon-auth-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libcups.so.2()(64bit)libdbwrap-samba4.so()(64bit)libdbwrap-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libdcerpc-binding.so.0()(64bit)libdcerpc-binding.so.0(DCERPC_BINDING_0.0.1)(64bit)libdcerpc-samba-samba4.so()(64bit)libdcerpc-samba-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libdcerpc-server-core.so.0()(64bit)libdcerpc-server-core.so.0(DCERPC_SERVER_CORE_0.0.1)(64bit)libgenrand-samba4.so()(64bit)libgenrand-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libgnutls.so.30()(64bit)libgnutls.so.30(GNUTLS_3_4)(64bit)libgnutls.so.30(GNUTLS_3_6_13)(64bit)libgnutls.so.30(GNUTLS_3_6_3)(64bit)libgse-samba4.so()(64bit)libgse-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libldap_r-2.4.so.2()(64bit)liblibcli-lsa3-samba4.so()(64bit)liblibcli-lsa3-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)liblibcli-netlogon3-samba4.so()(64bit)liblibcli-netlogon3-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)liblibsmb-samba4.so()(64bit)liblibsmb-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libmsrpc3-samba4.so()(64bit)libmsrpc3-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libndr-samba-samba4.so()(64bit)libndr-samba-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libndr-samba4.so()(64bit)libndr-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libndr-standard.so.0()(64bit)libndr-standard.so.0(NDR_STANDARD_0.0.1)(64bit)libndr.so.3()(64bit)libndr.so.3(NDR_0.0.1)(64bit)libndr.so.3(NDR_0.0.3)(64bit)libndr.so.3(NDR_0.0.7)(64bit)libndr.so.3(NDR_0.2.0)(64bit)libndr.so.3(NDR_1.0.0)(64bit)libndr.so.3(NDR_1.0.2)(64bit)libndr.so.3(NDR_2.0.0)(64bit)libnetapi.so.1()(64bit)libnetapi.so.1(NETAPI_1.0.0)(64bit)libnpa-tstream-samba4.so()(64bit)libnpa-tstream-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libprinting-migrate-samba4.so()(64bit)libprinting-migrate-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libreplace-samba4.so()(64bit)libreplace-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsamba-credentials.so.1()(64bit)libsamba-credentials.so.1(SAMBA_CREDENTIALS_1.0.0)(64bit)libsamba-debug-samba4.so()(64bit)libsamba-debug-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsamba-errors.so.1()(64bit)libsamba-errors.so.1(SAMBA_ERRORS_1.0.0)(64bit)libsamba-hostconfig.so.0()(64bit)libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)(64bit)libsamba-passdb.so.0()(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.1)(64bit)libsamba-security-samba4.so()(64bit)libsamba-security-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsamba-sockets-samba4.so()(64bit)libsamba-sockets-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsamba-util.so.0()(64bit)libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit)libsamba3-util-samba4.so()(64bit)libsamba3-util-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsamdb.so.0()(64bit)libsamdb.so.0(SAMDB_0.0.1)(64bit)libsecrets3-samba4.so()(64bit)libsecrets3-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsmbconf.so.0()(64bit)libsmbconf.so.0(SMBCONF_0.0.1)(64bit)libsmbd-base-samba4.so()(64bit)libsmbd-base-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsmbd-shim-samba4.so()(64bit)libsmbd-shim-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsocket-blocking-samba4.so()(64bit)libsocket-blocking-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsys-rw-samba4.so()(64bit)libsys-rw-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libsystemd.so.0(LIBSYSTEMD_254)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtdb-wrap-samba4.so()(64bit)libtdb-wrap-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtdb.so.1(TDB_1.2.2)(64bit)libtevent-util.so.0()(64bit)libtevent-util.so.0(TEVENT_UTIL_0.0.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.15.0)(64bit)libtevent.so.0(TEVENT_0.9.12)(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libtime-basic-samba4.so()(64bit)libtime-basic-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libutil-reg-samba4.so()(64bit)libutil-reg-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libutil-tdb-samba4.so()(64bit)libutil-tdb-samba4.so(SAMBA_4.19.9_GIT.404.38B26805D4150600.3.12.2SUSE_OS15.0_PPC64LE_SAMBA4)(64bit)libwbclient.so.0()(64bit)libwbclient.so.0(WBCLIENT_0.9)(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3g£RÀgRç@gMÀgp@fٝ@f«xÀftÀeÔ”@ež†Àe5@ed„Àe6`@e-%Àe'ßÀe%<ÀeÇÀdÚ@dÒ.@dÈóÀdµ-@d¯ç@d¦¬ÀdŠý@d6@dâ@d Ê@cÎvÀcÎvÀc¿ö@c¢õ@c›@cˆ—@c„¢ÀctÐÀc5ˆÀcM@büØ@bÐ@bÈ@b°a@b‚<Àb{¥@bkÓ@bi0@bi0@bT@b0Àb%óÀb!ÿ@b!Àb D@b
Àa÷Ï@añ7Àaê @aæ«Àaà@a³A@a–@@a‹´@afÊ@aU¦ÀaTU@aLl@aHwÀa9÷@a¤À`vÙ@`aÁ@`<×@`@_éÈÀ_ÙöÀ_²iÀ_£é@_|\@_{ À_lŠ@_iç@_d¡@_ÁÀ_ ž@^ýÌ@^ÔíÀ^½2À^½2À^°À^ 1À^ŽÀ^YÀ^J€@^2Å@^&çÀ^&çÀ]ü·À]ïˆÀ]äüÀ]¸)À]®ï@]©©@]˜…À]Œ¨@]nUÀ]nUÀ]iÀ]e@]_Õ@]J½@]BÔ@] #À]:À\Ú­À\ÒÄÀ\·@\·@\³ À\£NÀ\›eÀ\›eÀ\}@\oä@\\À\\À\4À\ @[ÿÔÀ[þƒ@[ò¥À[ä%@[Öö@[Ï @[ÀŒÀ[«tÀ[ª#@[¨ÑÀ[šQ@[šQ@[–\À[†ŠÀ[ƒçÀ[{þÀ[z­@[rÄ@[ @À[WÀZãÀZÍøÀZ¸àÀZ³šÀZ³šÀZª`@Z§½@Z§½@Z“öÀZ@ZÀZ}@Z'ÛÀZ¡@ZOÀZþ@Z,@Z
 @YíÙÀYÌä@Yºo@Yºo@Yºo@Y§ú@Y”3ÀY‰§ÀYuá@Yg`ÀYf@Y7êÀY7êÀY, @Y"ÒÀXÿ:@Xÿ:@XõÿÀXësÀXç@Xâ9@XÜó@XÜó@XÒg@XÉ,ÀXƉÀX«@XœYÀX˜e@X‰äÀXˆ“@X…ð@X€ª@XWËÀXAb@X-›ÀWé ÀWâv@Wá$ÀWÙ;ÀWÅu@WÄ#ÀW±®ÀW¯ÀW­º@W~D@Wj}ÀW_ñÀWYZ@WYZ@W=ªÀW(’ÀW!û@WîÀW@Vñ3ÀVñ3ÀVÜÀVØ'@VÕ„@VÕ„@VÎìÀVÌIÀVÊø@VÄ`ÀVÀl@V½É@V˜ß@V–<@V–<@V“™@VjºÀV]‹ÀVIÅ@VG"@VG"@VG"@VG"@V(ÏÀV'~@V æÀV7@V
BÀUùYÀUòÂ@Uð@UîÍÀUäAÀUĝÀU¨î@U¤ùÀU™@U–y@U€ÀUràÀUq@UhTÀU_@US<ÀUJ@U/¤@U/¤@U&iÀUŒ@UÀU hÀU@TøE@Tòÿ@TìgÀTìgÀTÀæ@TÀæ@T¾C@T¼ñÀT¼ñÀTµÀTµÀT«Î@T…’ÀTž@T€LÀT}©ÀTxcÀT[bÀTZ@TR(@TO…@TKÀT>aÀscabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comddiss@suse.comscabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comdmulder@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comscabrero@suse.dedmulder@suse.comscabrero@suse.denopower@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comscabrero@suse.denopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comddiss@suse.comnopower@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.dedimstar@opensuse.orgscabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.denopower@suse.comscabrero@suse.deddiss@suse.comddiss@suse.comddiss@suse.comscabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.dedmulder@suse.comscabrero@suse.descabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comdmulder@suse.comscabrero@suse.denopower@suse.comddiss@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comddiss@suse.comddiss@suse.comnopower@suse.comnopower@suse.comddiss@suse.comnopower@suse.comdmulder@suse.comdmulder@suse.comddiss@suse.comscabrero@suse.dedmulder@suse.comddiss@suse.comnopower@suse.comjengelh@inai.dedmulder@suse.comscabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comscabrero@suse.dedmulder@suse.comscabrero@suse.dedmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- Fix crossing automounter mount points; (bsc#1215212); (bsc#1236803);- Update shipped /etc/samba/smb.conf to point to smb.conf man page;(bsc#1233880).- Update to 4.19.9 * libldb: performance issue with indexes (ldb 2.8.2 is already released); (bso#15590). * DH reconnect error handling can lead to stale sharemode entries; (bso#15624). * Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated; (bso#15699). * irpc_destructor may crash during shutdown; (bso#15280). * Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses MacOSX clients; (bso#15696). * Crash when readlinkat fails; (bso#15700).- Adjust spec to split out rpcd_* binaries into a separate sub package; (bsc#1231414).- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated; (bso#15699); (bsc#1229684). - Update to 4.19.8 * Invalid client warning about command line passwords; (bso#15671); * Version string is truncated in manpages; (bso#15672); * --version-* options are still not ergonomic, and they reject tilde characters; (bso#15673); * cmdline_burn does not always burn secrets; (bso#15674); * Samba doesn't parse SDDL found in defaultSecurityDescriptor in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685); * We have added new options --vendor-name and --vendor-patch- revision arguments to ./configure to allow distributions and packagers to put their name in the Samba version string so that when debugging Samba the source of the binary is obvious; (bso#15654); * When claims enabled with heimdal kerberos, unable to log on to a Windows computer when user account need to change their own password; (bso#15655); * Fix clock skew error message and memory cache clock skew recovery; (bso#15676); * CTDB RADOS mutex helper misses namespace support; (bso#15665); * The images don't build after the git security release and CentOS 8 Stream is EOL; (bso#15660); * Fix unnecessary delays in CTDB while processing requests under high load; (bso#15678); * Dynamic DNS updates with the internal DNS are not working; (bso#13019); * s4:nbt_server: does not provide unexpected handling, so winbindd can't use nmb requests instead cldap; (bso#15620); * Panic in vfs_offload_token_db_fetch_fsp(); (bso#15664); * "client use kerberos" and --use-kerberos is ignored for the machine account; (bso#15666); * Regression DFS not working with widelinks = true; (bso#15435); * ntlm_auth make logs more consistent with length check; (bso#15677);- Fix a crash when joining offline and 'kerberos method' includes keytab; (bsc#1228732); - Fix reading the password from STDIN or environment vars if it was already given in the command line; (bsc#1228732);- Update to 4.19.7 * ldb qsort might r/w out of bounds with an intransitive compare function (ldb 2.8.1 is already released); (bso#15569). * Many qsort() comparison functions are non-transitive, which can lead to out-of-bounds access in some circumstances (ldb 2.8.1 is already released); (bso#15625). * Need to change gitlab-ci.yml tags in all branches to avoid CI bill; (bso#15638). * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022); (bso#15412). * Panic in dreplsrv_op_pull_source_apply_changes_trigger; (bso#15573). * winbindd, net ads join and other things don't work on an ipv6 only host; (bso#15642). * Smbcacls incorrectly propagates inheritance with Inherit-Only flag; (bso#15636). * http library doesn't support 'chunked transfer encoding'; (bso#15611). - Update to 4.19.6 * fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close(); (bso#15527). * samba-gpupdate: Correctly implement site support; (bso#15588). * libgpo: Segfault in python bindings; (bso#15599). * Packet marshalling push support missing for CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED; (bso#15580).- Update to 4.19.5 * Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot; (bso#13688). * Symlinks on AIX are broken in 4.19 (and a few version before that); (bso#15549). * Fake directory create times has no effect; (bso#12421). * ctime mixed up with mtime by smbd; (bso#15550). * samba-gpupdate --rsop fails if machine is not in a site; (bso#15548). * gpupdate: The root cert import when NDES is not available is broken; (bso#15557). * samba-gpupdate should print a useful message if cepces-submit can't be found; (bso#15552). * samba-gpupdate logging doesn't work; (bso#15558). * smbpasswd reset permissions only if not 0600; (bso#15555).- Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431).- Update to 4.19.4 * net changesecretpw cannot set the machine account password if secrets.tdb is empty; (bso#13577). * For generating doc, take, if defined, env XML_CATALOG_FILES; (bso#15540). * Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541). * vfs_linux_xfs is incorrectly named; (bso#15542). * systemd stumbled over copyright-message at smbd startup; (bso#15377). * Following intermediate abolute share-local symlinks is broken; (bso#15505). * ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first; (bso#15523). * shadow_copy2 broken when current fileset's directories are removed; (bso#15544). * smbd does not detect ctdb public ipv6 addresses for multichannel exclusion; (bso#15534). * 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set; (bso#15469). * smbget debug logging doesn't work; (bso#15525). * smget: username in the smburl and interactive password entry doesn't work; (bso#15532). * smbget auth function doesn't set values for password prompt correctly; (bso#15538). * Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module; (bso#15440). * Multichannel refresh network information; (bso#15547).- Update to 4.19.3 * sid_strings test broken by unix epoch > 1700000000; (bso#15520). * smbd crashes if asked to return full information on close of a stream handle with delete on close disposition set; (bso#15487). * smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor(); (bso#15521). * Improve logging for failover scenarios; (bso#15499). * Files without "read attributes" NFS4 ACL permission are not listed in directories; (bso#15093). * CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users; (bso#13595). * Kerberos TGS-REQ with User2User does not work for normal accounts; (bso#15492). * vfs_gpfs stat calls fail due to file system permissions; (bso#15507). * Samba doesn't build with Python 3.12; (bso#15513).- packaging: samba-tool domain provision requires python3-Markdown; (bsc#1216519).- Update to 4.19.2 * Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423). * clidfs.c do_connect() missing a "return" after a cli_shutdown() call; (bso#15426). * macOS mdfind returns only 50 results; (bso#15463). * GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value; (bso#15481). * libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more; (bso#15464). * ctdbd: setproctitle not initialized messages flooding logs; (bso#15479). * CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19; (bso#15491). * The heimdal KDC doesn't detect s4u2self correctly when fast is in use; (bso#15477).- use systemd-logind rather than utmp for y2038 safety; (bsc#1216159).- CVE-2023-4091: samba: Client can truncate file with read-only permissions; (bsc#1215904); (bso#15439). - CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request; (bso#1215905); (bso#15474). - CVE-2023-42670: samba: The procedure number is out of range when starting Active Directory Users and Computers; (bsc#1215906); (bso#15473). - CVE-2023-3961: samba: Unsanitized client pipe name passed to local_np_connect(); (bsc#1215907); (bso#15422). - CVE-2023-4154: samba: dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES; (bsc#1215908); (bso#15424).- Update to 4.19.0 * File doesn't show when user doesn't have permission if aio_pthread is loaded; (bso#15453). * ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1; (bso#15451). * Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log to syslog; (bso#15460). * ‘samba-tool domain level raise’ fails unless given a URL; (bso#15458). * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420). * missing return in reply_exit_done(); (bso#15430). * TREE_CONNECT without SETUP causes smbd to use uninitialized pointer; (bso#15432). * Avoid infinite loop in initial user sync with Azure AD Connect when synchronising a large Samba AD domain; (bso#15401). * Samba replication logs show (null) DN; (bso#15407). * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346). * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446). * CID 1539212 causes real issue when output contains only newlines; (bso#15438). * KDC encodes INT64 claims incorrectly; (bso#15452). * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449). * Windows client join fails if a second container CN=System exists somewhere; (bso#9959). * regression DFS not working with widelinks = true; (bso#15435). * Heimdal fails to build on 32-bit FreeBSD; (bso#15443). * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441). - Update to 4.18.6 * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420); * Missing return in reply_exit_done(); (bso#15430); * post-exec password redaction for samba-tool is more reliable for fully random passwords as it no longer uses regular expressions containing the password value itself; (bso#15289); * Windows client join fails if a second container CN=System exists somewhere; (bso#9959); * Spotlight sometimes returns no results on latest macOS; (bso#15342); * Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination; (bso#15417); * Spotlight results return wrong date in result list; (bso#15427); * "net offlinejoin provision" does not work as non-root user; (bso#15414); * rpcserver no longer accepts double backslash in dfs pathname; (bso#15400); * cm_prepare_connection() calls close(fd) for the second time; (bso#15433); * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346); * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441); * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446); * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390); * Regression DFS not working with widelinks = true; (bso#15435); * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449); - Update to 4.18.5 * CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). * CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). * CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). * CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). * CVE-2023-3347: Samba doesn't require SMB2+ signing if `server signing = mandatory` is set; (bso#15397); (bsc#1213170). * secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384). - Update to 4.18.4 * Backport --pidl-developer fixes; (bso#15404). * Named crashes on DLZ zone update; (bso#14030). * smbcacls and smbcquotas do not check // before the server; (bso#2312). * cli_list loops 100% CPU against pre-lanman2 servers; (bso#15382). * smbclient leaks fds with showacls; (bso#15391). * smbd returns NOT_FOUND when creating files on a r/o filesystem; (bso#15402). * NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts; (bso#15355). * net ads lookup (with unspecified realm) fails; (bso#15384). * Register Samba processes with GPFS; (bso#15381). * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390). * The winbind child segfaults when listing users with `winbind scan trusted domains = yes`; (bso#15398). * Remove comments about deprecated 'write cache size'; (bso#15383). * smbget memory leak if failed to download files recursively; (bso#15403). - Update to 4.18.3 * Symlinks to files can have random DOS mode information in a directory listing; (bso#15375). * vfs_fruit might cause a failing open for delete; (bso#15378). * winbind recurses into itself via rpcd_lsad; (bso#15361). * wbinfo -u fails on ad dc with >1000 users; (bso#15366). * DS ACEs might be inherited to unrelated object classes; (bso#15338). * a lot of messages: get_static_share_mode_data: get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND; (bso#15362). * aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(); (bso#15374). * Setting veto files = /.*/ break listing directories; (bso#15360). * "samba-tool domain provision" does not run interactive mode if no arguments are given; (bso#15363). * dsgetdcname: assumes local system uses IPv4; (bso#15325). - Update to 4.18.2 * Log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower; (bso#15302). * Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c; (bso#15306). * test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners; (bso#15328). * Reduce flapping of ridalloc test; (bso#15329). * large_ldap test is unreliable; (bso#15351). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * mdssvc may crash when initializing; (bso#15354). * large directory optimization broken for non-lcomp path elements; (bso#15313). * streams_depot fails to create streams; (bso#15357). * shadow_copy2 and streams_depot don't play well together; (bso#15358). * Flapping tests in samba_tool_drs_show_repl.py; (bso#15316). * winbindd idmap child contacts the domain controller without a need; (bso#15317). * idmap_autorid may fail to map sids of trusted domains for the first time; (bso#15318). * idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings; (bso#15319). * net ads search -P doesn't work against servers in other domains; (bso#15323). * Temporary smbXsrv_tcon_global.tdb can't be parsed; (bso#15353). * Tests use depricated and removed methods like assertRegexpMatches; (bso#15343). - Update to 4.18.1 * CVE-2023-0225: AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users. (bso#15276);(bsc#1209483). * CVE-2023-0614: Access controlled AD LDAP attributes can be discovered (bso#15270); (bsc#1209485). * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext(bso#15315);(bsc#1209481). * ldb wildcard matching makes excessive allocations; (bso#15331). * large_ldap test is inefficient; (bso#15332). - Update to 4.18.0 * SMB server performance improvements * More succinct samba-tool error messages * Color output with samba-tool --color The NO_COLOR environment variable will disable colour output * New samba-tool dsacl subcommand for deleting ACEs * New wbinfo option --change-secret-at * Net option to change the NT ACL default location * Azure AD / Office365 synchronization improvements- Fix DFS not working with widelinks enabled; (bsc#1213607); (bso#15435);- Move libcluster-samba4.so from samba-libs to samba-client-libs; (bsc#1213940);- net ads lookup with unspecified realm fails; (bso#15384); (bsc#1213826);- secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384).- CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). - CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). - CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). - CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). - CVE-2023-3347: Samba doesn't require SMB2+ signing if `server signing = mandatory` is set; (bso#15397); (bsc#1213170).- Update to 4.17.9 * Backport --pidl-developer fixes; (bso#15404). * smbd_scavenger crashes when service smbd is stopped; (bso#15275). * vfs_fruit might cause a failing open for delete; (bso#15378). * named crashes on DLZ zone update; (bso#14030). * winbind recurses into itself via rpcd_lsad; (bso#15361). * cli_list loops 100% CPU against pre-lanman2 servers; (bso#15382). * smbclient leaks fds with showacls; (bso#15391). * aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(); (bso#15374). * winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR; (bso#15413). * smbget memory leak if failed to download files recursively; (bso#15403).- Update to 4.17.8 * log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower; (bso#15302). * Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c; (bso#15306). * test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners; (bso#15328). * Reduce flapping of ridalloc test; (bso#15329). * large_ldap test is unreliable; (bso#15351). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * mdssvc may crash when initializing; (bso#15354). * Large directory optimization broken for non-lcomp path elements; (bso#15313). * streams_depot fails to create streams; (bso#15357). * shadow_copy2 and streams_depot don't play well together; (bso#15358). * wbinfo -u fails on ad dc with >1000 users; (bso#15366). * winbindd idmap child contacts the domain controller without a need; (bso#15317). * idmap_autorid may fail to map sids of trusted domains for the first time; (bso#15318). * idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings; (bso#15319). * net ads search -P doesn't work against servers in other domains; (bso#15323). * DS ACEs might be inherited to unrelated object classes; (bso#15338). * Temporary smbXsrv_tcon_global.tdb can't be parsed; (bso#15353). * Setting veto files = /.*/ break listing directories; (bso#15360); (bsc#1212375). * CVE-2020-25720 [SECURITY] Create Child permission should not allow full write to all attributes (additional changes); (bso#14810). * dsgetdcname: assumes local system uses IPv4; (bso#15325).- Update to 4.17.7 * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext; (bso#15315); (bsc#1209481). * CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users; (bso#15276); (bsc#1209483). * CVE-2023-0614: samba: Access controlled AD LDAP attributes can be discovered; (bso#15270); (bsc#1209485). * large_ldap test is inefficient; (bso#15332). * CVE-2020-25720 [SECURITY] Create Child permission should not allow full write to all attributes (additional changes); (bso#14810). - Update to 4.17.6 * streams_xattr is creating unexpected locks on folders; (bso#15314). * Use of the Azure AD Connect cloud sync tool is now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment; (bso#10635). * Spotlight doesn't work with latest macOS Ventura; (bso#15299). * New samba-dcerpc architecture does not scale gracefully; (bso#15310). * vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd() in close and fstat; (bso#15307). * With clustering enabled samba-bgqd can core dump due to use after free; (bso#15293). * fd_load() function implicitly closes the fd where it should not; (bso#15311). - Update to 4.17.5 * smbc_getxattr() return value is incorrect; (bso#14808). * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly; (bso#15172). * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210). * samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS; (bso#15226). * smbd crashes if an FSCTL request is done on a stream handle; (bso#15236). * DFS links don't work anymore on Mac clients since 4.17; (bso#15277). * vfs_virusfilter segfault on access, directory edgecase (accessing NULL value); (bso#15283). * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes); (bso#15240). * %U for include directive doesn't work for share listing (netshareenum); (bso#15243). * Shares missing from netshareenum response in samba 4.17.4; (bso#15266). * ctdb: use-after-free in run_proc; (bso#15269). * irpc_destructor may crash during shutdown; (bso#15280). * auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286). * smbclient segfaults with use after free on an optimized build; (bso#15268). * smbstatus leaking files in msg.sock and msg.lock; (bso#15282). * Leak in wbcCtxPingDc2; (bso#15164). * Access based share enum does not work in Samba 4.16+; (bso#15265). * Crash during share enumeration; (bso#15267). * rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer; (bso#15271). * Avoid relying on C89 features in a few places; (bso#15281).- Make (32bit) samba-libs conflict with old samba-ad-dc-libs package to satisfy installcheck.- Make samba-libs conflict with old samba-ad-dc-libs package to satisfy installcheck.- Remove non functioning ifup/ifdown samba-winbindd scripts; (bsc#1207414).- libdsdb-module-samba4 should be packaged as part of samba-libs and not samba-ad-dc-libs. Additionally no need for it to be removed conditionally.- Clean up logic for PAM migration settings in spec file.- Change with_dc default to 0 (for non TW builds), ADDC feature is deprecated and will no longer be included in >= SLE15-SP5; (jsc#PED-1122).- Update to 4.17.4 * CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST; (bsc#14929); * CVE-2021-20251 Bad password count not incremented atomically; (bsc#14611); * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; (bsc#15203); * CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237); * CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231); * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240); * pam_winbind uses time_t and pointers assuming they are of the same size; (bso#15224); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * filter-subunit is inefficient with large numbers of knownfails; (bso#15258); * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; (bso#15252); * The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135); * libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(); (bso#15206); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * Memory leak in snprintf replacement functions; (bso#15230); * RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression); (bso#15253); * Prevent EBADF errors with vfs_glusterfs; (bso#15198); * %U for include directive doesn't work for share listing (netshareenum); (bso#15243); * Stack smashing in net offlinejoin requestodj; (bso#15257); * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue; (bso#15197); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); - Remove deprecated if-{down,up} scripts; (bsc#1206444); - Adjust the systemd drop-in file for named service; (bsc#1201689); * Paths are additive so do not repeat paths from named.service * Prefix the samba DLZ directory with "-" to ignore this path if it does not exists- Introduce without-smb1-server spec flag; (bsc#1205104); - Update to 4.17.3 * CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems; (bsc#1205126); (bso#15203); - Replace obsolete python-gpgme with python-gpg * Upstream replaced it in v4.9.5 -- bso#13728 - Update to 4.17.2 * CVE-2022-3592 [SECURITY] samba: Wide links protection broken; (bso#15207); (bsc#1204499). * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal unwrap_des3();(bso#15134); (bsc#1204254). - Update to 4.17.1 * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * smbXsrv_connection_shutdown_send result leaked; (bso#15174). * Flush on a named stream never completes; (bso#15182). * Permission denied calling SMBC_getatr when file not exists; (bso#15195). * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189). * pytest: add file removal helpers for TestCaseInTempDir; (bso#15191). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189). * Flush on a named stream never completes; (bso#15182). * vfs_gpfs silently garbles timestamps > year 2106; (bso#15151). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * multi-channel socket passing may hit a race if one of the involved processes already existed; (bso#15200). * memory leak on temporary of struct imessaging_post_state and struct tevent_immediate on struct imessaging_context (in rpcd_spoolss and maybe others); (bso#15201). * Since popt1.19 various use after free errors using result of poptGetArg are now exposed; (bso#15205); (boo#1204279). * Remove special case for O_CREAT in SMB_VFS_OPENAT from vfs_glusterfs; (bso#15192). * GETPWSID in memory cache grows indefinetly with each NTLM auth; (bso#15169). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory; (bsc#1201689); - Fix use after free errors resulting from using return of poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205). - s3: smbd: Fix memory leak in smbd_server_connection_terminate_done(); (bso#15174). - Disable SMB1 for tumbleweed builds. - Update to 4.17.0 * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1; (bso#15153). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * Cross-node multi-channel reconnects result in SMB2 Negotiate returning NT_STATUS_NOT_SUPPORTED; (bso#15159). * winbind at info level debug can coredump when processing wb_lookupusergroups; (bso#15160). * Make use of glfs_*at() API calls in vfs_glusterfs; (bso#15157). * Possible use after free of connection_struct when iterating smbd_server_connection->connections; (bso#15128). * `net usershare add` fails with flag works with --long but fails with -l; (bso#15145). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Performance regression on contended path based operations; (bso#15125). * Missing READ_LEASE break could cause data corruption; (bso#15148). * libsamba-errors uses a wrong version number; (bso#15141). * SMB1 negotiation can fail to handle connection errors; (bso#15152). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * 4.17.rc1 still uses symlink-race prone unix_convert(); (bso#15144). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Manpage for smbstatus json is missing; (bso#15147). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Performance regression on contended path based operations; (bso#15125). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Fix issues found by coverity in smbstatus json code; (bso#15140). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. - Update to 4.16.4 * CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords; (bsc#1201495); (bso#15047); * CVE-2022-32744: Samba AD users can forge password change requests for any user; (bsc#1201493); (bso#15074); * CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request; (bsc#1201492); (bso#15008); * CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request; (bsc#1201490); (bso#15009); * CVE-2022-32742: Server memory information leak via SMB1; (bsc#1201496); (bso#15085); - Update to 4.16.3 * Using vfs_streams_xattr and deleting a file causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * Samba with new lorikeet-heimdal fails to build on gcc 12.1 in developer mode; (bso#15095); * Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL; (bso#15105); * Crash in rpcd_classic - NULL pointer deference in mangle_is_mangled(); (bso#15118); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * Fix check for chown when processing NFSv4 ACL; (bso#15120); * The pcap background queue process should not be stopped; (bso#15082); * testparm: Fix typo in idmap rangesize check; (bso#15097); * net ads info returns LDAP server and LDAP server name as null; (bso#15106); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * CTDB child process logging does not work as expected; (bso#15090); - Update spec file to fix the optional Heimdal DC build - Fix external trusts with MIT Kerberos 1.20 - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Add sysuser-shadow requirement for packages using systemd-sysusers - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. - Update to 4.16.2 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * Reintroduce netgroups support; (bso#15087); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Update from 4.15 to 4.16 breaks discovery of [homes] on standalone server from Win and IOS; (bso#15062); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient -E doesn't work as advertised; (bso#15075); * The samba background daemon doesn't refresh the printcap cache on startup; (bso#15081); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7 - Support building with MIT Kerberos 1.20 - Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC; (CVE-2020-17049); - Resource Based Constrained Delegation (RBCD) for Samba AD DC - Support building with gcc 12.1 - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Update to 4.16.1 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * Need to describe --builtin-libraries= better (compare with - -bundled-libraries); (bso#8731); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * Username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * KVNO off by 100000; (bso#14951); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * smbd doesn't handle UPNs for looking up names; (bso#15054); - Update update-apparmor-samba-profile script, replace non-printable delimiter with more human readable separator as sed can accept separators that can appear in the input data. - Fix update-apparmor-samba-profile script, sed doesn't like multibyte separators; (bsc#1198309). - Update to 4.16.0 * New samba-dcerpcd binary to provide DCERPC in the member server setup * Certificate Auto Enrollment * Ability to add ports to dns forwarder addresses in internal DNS backend * No longer using Linux mandatory locks for sharemodes * SMB1 protocol has been deprecated, particularly older dialects * SMB1 protocol SMBCopy command removed * SMB1 server-side wildcard expansion removed - Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101); - Use systemd-sysusers to create system users; (bsc#1182847);- Install a systemd drop-in file for named service to allow read/write access to the DLZ directory; (bsc#1201689);- Update to 4.15.12 * CVE-2022-42898: samba: heimdal: Samba buffer overflow vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126). - Update to 4.15.11 * Allow rebuild of Centos 8 images after move to vault for Samba 4.15; (bso#15193). * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3(); (bso#15134); (bsc#1204254)- Update to 4.15.10 * Possible use after free of connection_struct when iterating smbd_server_connection->connections; (bso#15128); (bsc#1200102). * smbXsrv_connection_shutdown_send result leaked; (bso#15174). * Spotlight RPC service returns wrong response when Spotlight is disabled on a share; (bso#15086). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1; (bso#15153). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * Missing READ_LEASE break could cause data corruption; (bso#15148). * rpcclient can crash using setuserinfo(2); (bso#15124). * Samba fails to build with glibc 2.36 caused by including in libreplace; (bso#15132). * SMB1 negotiation can fail to handle connection errors; (bso#15152). * samba-tool domain join segfault when joining a samba ad domain; (bso#15078). - Update to 4.15.9 * CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). * CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). * CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); * CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). * CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); * CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493).- CVE-2022-1615: Do not ignore errors in random number generation; (bso#15103); (bsc#1202976); - CVE-2022-32743: Implement validated dnsHostName write rights; (bso#14833); (bsc#1202803);- Fix Use after free when iterating smbd_server_connection->connections after tree disconnect failure; (bso#15128); (bsc#1200102).- CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). - CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). - CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); - CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). - CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493).- Update to 4.15.8 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979);- Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).- Revert NIS support removal; (bsc#1199247);- Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362);- Add missing samba-client requirement to samba-winbind package; (bsc#1198255);- Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour "old password allowed period"; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016);- Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995);- Add missing samba-libs requirement to samba-winbind package; (bsc#1198255);- Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967);- Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files.- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338).- Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308).- Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947).- libldb version mismatch in Samba dsdb component; (bsc#1118508);- Update to 4.15.5 * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists; (bso#14911); (bsc#1193690). * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bso#14914); (bsc#1194859). * CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks; bso#14950); (bsc#1195048).- CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048);- Update to 4.15.4 * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945);- Use pkgconfig(krb5) as dependency for the -devel package: allow OBS to pick the right flavor of krb5-devel (full vs mini). - Do not require the 'krb5' symbol by samba-client-libs: this package has an automatic dependency due to linkage on libgssapi_krb5.so.2. Automatic deps are always better. - Do not require the 'krb5' symbol from samba-libs: samba-libs requires samba-client-libs, which in turn requires krb5 libraries. Samba-libs itself has no need for krb5 (but get it indirectly anyway).- Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Add python-rpm-macros to build requirements - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba- Update to 4.15.3 * Recursive directory delete with veto files is broken in 4.15.0; (bso#14878); * A directory containing dangling symlinks cannot be deleted by SMB2 alone when they are the only entry in the directory; (bso#14879); * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used uninitialized in rmdir_internals(); (bso#14892); * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694); * The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token; (bso#14901); (bsc#1192849); * User with multiple spaces (eg FredNurk) become un-deletable; (bso#14902); * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127); * smbXsrv_client_global record validation leads to crash if existing record points at non-existing process; (bso#14882); * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call; (bso#14890); * Samba process doesn't log to logfile; (bso#14897); * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata() triggers locking.tdb assert; (bso#14907); * Kerberos authentication on standalone server in MIT realm broken; (bso#14922); * Segmentation fault when joining the domain; (bso#14923); * Support for ROLE_IPA_DC is incomplete; (bso#14903); * rpcclient cannot connect to ncacn_ip_tcp services anymore; (bso#14767); * winexe crashes since 4.15.0 after popt parsing; (bso#14893); * net ads status -P broken in a clustered environment; (bso#14908); * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before smbd_smb2_ioctl_send; (bso#14788); * winbindd doesn't start when "allow trusted domains" is off; (bso#14899); * smbclient login without password using '-N' fails with NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883); * A schannel client incorrectly detects a downgrade connecting to an AES only server; (bso#14912); * Possible null pointer dereference in winbind; (bso#14921); * Fix -k legacy option for client tools like smbclient, rpcclient, net, etc.; (bso#14846); * Add Debian 11 CI bootstrap support; (bso#14872); * Crash in recycle_unlink_internal(); (bso#14888);- Fix dependency problem upgrading from libndr0 to libndr2 and from libsamba-credentials0 to libsamba-credentials1; (bsc#1192684);- Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); - Update to 4.15.2 * CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication; (bso#12444); (bsc#1014440); * CVE-2020-25717: A user on the domain can become root on domain members; (bso#14556); (bsc#1192284); * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC; (bso#14558); (bsc#1192246); * CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets; (bso#14561); (bsc#1192247); * CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid); (bso#14557); (bsc#1192505); * CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored; (bso#14564); (bsc#1192283); * CVE-2021-3738: Use after free in Samba AD DC RPC server; (bso#14468); (bsc#1192215); * CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability; (bso#14875); (bsc#1192214); - Update to 4.15.1 * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682); * Log clutter from filename_convert_internal; (bso#14685); * MacOSX compilation fixes; (bso#14862); * rodc_rwdc test flaps; (bso#14868); * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal; (bso#14642); * Python ldb.msg_diff() memory handling failure; (bso#14836); * "in" operator on ldb.Message is case sensitive; (bso#14845); * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848); * samldb_krbtgtnumber_available() looks for incorrect string; (bso#14854); * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871); * Allow special chars like "@" in samAccountName when generating the salt; (bso#14874); * Correctly ignore comments in CTDB public addresses file; (bso#14826); * Fix transit path validation; (bso#12998); * Fix that child winbindd logs to log.winbindd instead of log.wb-; (bso#14852); * SMB3 cancel requests should only include the MID together with AsyncID when AES-128-GMAC is used; (bso#14855); * Prepare to operate with MIT krb5 >= 1.20; (bso#14870); * Heimdal prefers RC4 over AES for machine accounts; (bso#14864);- Enable samba-tool without ad dc.- Adjust spec to use pam macros; (bsc#1191046).- Adjust spec for size * allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847). * remove fam, undocumented and unneeded.- Add missing build dependency on bison when building with the embedded Heimdal Kerberos- Update to 4.15.0 * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10 * VFS layer modernized. * Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin * Server multi-channel support no longer experimental * Improved command line user experience, unifying the options in different commands * Winbindd no longer scans trusted domains on startup and will use enterprise principals by default. * The net utility is now able to support the offline domain join feature * New options for 'samba-tool dns zoneoptions' for aging control and to mark old records as static or dynamic * DNS tombstones are now deleted as appropriate and use a consistent timestamp format * The 'samba-tool dns update' command validates and rejects now malformed IPv4 and IPv6 addresses * The 'samba-tool domain backup' command correctly takes out locks against concurrent modification during backup when using the LMDB backend * TruACL support has been removed * NIS support has been removed- Fix 'net rpc' authentication when using the machine account; (bsc#1189017); (bso#14796);- Fix dependency problem upgrading from libndr0 to libndr1; (bsc#1189875); - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2; (bsc#1189875); - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay; (bsc#1188727); - Add Certificate Auto Enrollment Policy; (jsc#SLE-18456). - Update to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); - Update to 4.13.9 * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log level", synchronise "log level" in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); - Update to 4.13.8 * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571 - Update to 4.13.7 * Release with dependency on ldb version 2.2.1.- CVE-2021-20254 Buffer overrun in sids_to_unixids(); (bnc#14571); (bsc#1184677).- Fix offline domain backup not possible using lmdb version >= 0.9.26; (bso#14676); - Require libldb >= 2.2.1; (bsc#1183572); (bsc#1183574); - Update to 4.13.6 * CVE-2020-27840: samba: Unauthenticated remote heap corruption via bad DNs; (bso#14595); (bsc#1183572). * CVE-2021-20277: samba: out of bounds read in ldb_handler_fold; (bso#14655); (bsc#1183574). - Update to 4.13.5 * s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure; (bso#14634); * s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection; (bso#13992); * smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services; (bso#14604); * dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones (bso#14593); * s3: Fix fcntl waf configure check; (bso#14503); * s3/auth: Implement "winbind:ignore domains"; (bso#14602); * smbd: Use fsp->conn->session_info for the initial delete-on-close token; (bso#14617); * s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path; (bso#14648); * classicupgrade: Treat old never expires value right; (bso#14624); * g_lock: Fix uninitalized variable reads; (bso#14636); * s3:pysmbd: Fix fd leak in py_smbd_create_file(); (bso#13898); * lib:util: Avoid free'ing our own pointer; (bso#14625); * HEIMDAL: krb5_storage_free(NULL) should work; (bso#12505);- Spec file fixes around systemd and requires; (bsc#1182830); - Align systemd service unit files with upstream provided ones.- Update to 4.13.4 * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * lib: Avoid declaring zero-length VLAs in various messaging functions; (bso#14605); * Do not create an empty DB when accessing a sam.ldb; (bso#14579); * vfs_fruit may close wrong backend fd; (bso#14596); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606); * vfs_fruit may close wrong backend fd; (bso#14596); * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * The cache directory for the user gencache should be created recursively; (bso#14601); * Be more flexible with repository names in CentOS 8 test environments; (bso#14594);- Uninstalling samba-client: Failed to disable unit, cifs.service does not exists; (bsc#1180388);- Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514);- Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471);- Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469).- Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355);- Fix vfs_ceph query_directory regression; (bso#14519) - Drop liburing-devel for SLE15-SP2; (bsc#1177245)- Register CTDB recovery lock holder with ceph-mgr - Add liburing-devel dependency- Update to samba 4.13.0 + Require Python 3.6 + Move wide links functionality into VFS module + Deprecate NT4-like 'classic' Samba domain controllers + Deprecate SMBv1 only protocol options + Remove deprecated "ldap ssl ads" option + Unify asynchronous DCE-RPC server; (jsc#SES-645) + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655) + Drop internal byteorder.h header from util-devel package + Remove final code for the AD DC LDAP backend + Add AD DC Group Policy Scripts + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399) + Fix %U substitutions if it contains a domain name; (bso#14467) + Fix krb5.conf creation for 'net ads join'; (bso#14479) + Fix build problem if libbsd-dev is not installed; (bso#14482) + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437) + Fix idmap_ad RFC4511 response handling; (bso#14465) + Fix panic in get_lease_type(); (bso#14428)- Update to samba 4.11.13 + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no"; (bsc#1176579); (bso#14497); - Update to samba 4.11.12 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install "test_util_paths"; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425);- Add obsoletes to libsmbldap2 package to fix upgrades from previous versions; (bsc#1172810);- Fix net command unable to negotiate SMB2; (bsc#1174120);- Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227).- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);- Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437);- Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521);- Require libldb2 >= 2.0.10 after security release.- CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850);- Fix smbclient crash with double free (with unresolved krb5 credential cache); (bso#14344); (bsc#1169095).- Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680).- CTDB doesn't retry outgoing connections on bind (and some other) failures; (bso#14274); (bsc#1162680).- Revert: Allow idmap_rid to have primary group other than "Domain Users"; (bsc#1087931).- Fix nmbstatus not reporting detailed information about workgroups; (bsc#1159464); - Fix querying all names registered within broadcast area; (bso#8927);- Update to samab 4.11.5 + CVE-2019-14902: Replication of ACLs down subtree on AD Directory is not automatic; (bso#12497); (bsc#1160850). + CVE-2019-19344: Fix server crash with dns zone scavenging = yes; (bso#14050); (bsc#1160852). + CVE-2019-14907: server-side crash after charset conversion failure (eg during NTLMSSP processing); (bso#14208); (bsc#1160888). - Update to samba 4.11.4 + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number; (bso#14161). + Ensure we don't call cli_RNetShareEnum() on an SMB1 connection; (bso#14174). + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx; (bso#14176). + SMB2 - Ensure we use the correct session_id if encrypting an interim response; (bso#14189). + Prevent smbd crash after invalid SMB1 negprot; (bso#14205). + printing: Fix %J substition; (bso#13745). + Remove now unneeded call to cmdline_messaging_context(); (bso#13925). + Fix incomplete conversion of former parametric options; (bso#14069). + Fix sync dosmode fallback in async dosmode codepath; (bso#14070). + vfs_fruit returns capped resource fork length; (bso#14171). + libnet_join: Add SPNs for additional-dns-hostnames entries; (bso#14116). + smbd: Increase a debug level; (bso#14211). + Prevent azure ad connect from reporting discovery errors reference-value-not-ldap-conformant; (bso#14153). + krb5_plugin: Fix developer build with newer heimdal system library; (bso#14179). + replace: Only link libnsl and libsocket if required; (bso#14168); + ctdb: Incoming queue can be orphaned causing communication; breakdown; (bso#14175). + ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute; (bso#13846). + heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code; (bso#13856).- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).- Update to samba 4.11.3 + CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). + CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). - CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- Update to samba 4.11.2 + CVE-2019-10218: Client code can return filenames containing path separators; (bsc#1144902); (bso#14071). + CVE-2019-14833: Samba AD DC check password script does not receive the full password; (bso#12438). + CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040). - Fixes from 4.11.1 + Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140); + kpasswd fails when built with MIT Kerberos; (bso#14155); + Fix spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106); + Stale file handle error when using mkstemp on a share; (bso#14137); + non-AES schannel broken; (bso#14134); + Joining Active Directory should not use SAMR to set the password; (bso#13884); + smbclient can blunder into the SMB1 specific cli_RNetShareEnum() call on an SMB2 connection; (bso#14152); + Deleted records can be resurrected during recovery; (bso#14147); + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group; (bso#14141); + winbind does not list forest trusts with additional trust attributes; (bso#14130); + fault report points to outdated documentation; (bso#14139); + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of trusted domains/forests; (bso#14124); + classicupgrade results in uncaught exception - a bytes-like object is required, not 'str'; (bso#14136); + pod2man is not longer required, stop checking at build time; (bso#14131); + Exit code of ctdb nodestatus should not be influenced by deleted nodes; (bso#14129); + username/password authentication doesn't work with CUPS and smbspool; (bso#14128); + smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(); (bso#14094);- CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598); - CVE-2019-10218: Client code can return filenames containing path separators; (bso#14071); (bsc#1144902);- CVE-2019-14833: samba: Accent with "check script password" Samba AD DC check password script does not receive the full password; (bso#12438); (bsc#1154289).- Update to samba 4.11.0 + For details on all items see WHATSNEW.txt in samba-doc package + Python2 runtime support removed; python 3.4 or later required + Security improvements: - SMB1 disabled by default - lanman and plaintext authentication deprecated - winbind: PAM_AUTH and NTLM_AUTH events logged - GnuTLS 3.2 required; system FIPS mode setting honored + CephFS Snapshot integration, exposed as previous file versions + ctdb changes: - onnode -o option removed - ctdbd logs when using more than 90% of a CPU thread - CTDB_MONITOR_SWAP_USAGE variable removed + AD Domain controller improvements: - Upgrade AD databse format - BIND9_FLATFILE deprecated - default process model chagned to prefork - bind9 dns operation duration logging - Default schema updated to 2012_R2; function level is unchanged - many performance improvements + Configuration webserver support removed- Fix broken username/password authentication with CUPS and smbspool; (bsc#1152143); (bso#14128).- Fix auth problems when printing via smbspool backend with kerberos; (bnc#1148539); (bso#13832).- Update to samba 4.10.8 + CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267);- Fix build on newer systems by modifying samba.spec to use consistent non-relative paths for pammodules in configure line and specification of pam_winbind.so library to package.- Update to samba 4.10.7 + Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module; (bso#14010). + build: Allow build when '--disable-gnutls' is set; (bso#13844) + samba-tool: Add 'import samba.drs_utils' to fsmo.py; (bso#13973). + Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade; (bso#14008). + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021) + join: Use a specific attribute order for the DsAddEntry nTDSDSA object; (bso#14046). + vfs_catia: Pass stat info to synthetic_smb_fname(); (bso#14015). + lookup_name: Allow own domain lookup when flags == 0; (bso#14091). + s4 librpc rpc pyrpc: Ensure tevent_context deleted last; (bso#13932). + DEBUGC and DEBUGADDC doesn't print into a class specific log file; (bso#13915). + Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto"; (bso#13949). + dbcheck: Fallback to the default tombstoneLifetime of 180 days; (bso#13967). + dnsProperty fails to decode values from older Windows versions; (bso#13969). + samba-tool: Use only one LDAP modify for dns partition fsmo role transfer; (bso#13973). + third_party: Update waf to version 2.0.17; (bso#13960). + netcmd: Allow 'drs replicate --local' to create partitions; (bso#14051). + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).- CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267).- Prepare for use future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).- Update samba-winbind script to work with systemd; (bsc#1132739); - Drop samba dhcpcd hook scripts - Update to samba 4.10.6 + s3: winbind: Fix crash when invoking winbind idmap scripts; (bso#13956). + smbd does not correctly parse arguments passed to dfree and quota scripts; (bso#13964). + samba-tool dns: use bytes for inet_ntop; (bso#13965). + samba-tool domain provision: Fix --interactive module in python3; (bso#13828). + ldb_kv: Skip @ records early in a search full scan; (bso#13893). + docs: Improve documentation of "lanman auth" and "ntlm auth" connection; (bso#13981). + python/ntacls: Use correct "state directory" smb.conf option instead of "state dir"; (bso#14002). + registry: Add a missing include; (bso#13840). + Fix SMB guest authentication; (bso#13944). + AppleDouble conversion breaks Resourceforks; (bso#13958). + vfs_fruit makes direct use of syscalls like mmap() and pread(); (bso#13968). + s3:mdssvc: Fix flex compilation error; (bso#13987). + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872). + dsdb:samdb: schemainfo update with relax control; (bso#13799). + s3:util: Move static file_pload() function to lib/util; (bso#13964). + smbd: Fix a panic; (bso#13957). + ldap server: Generate correct referral schemes; (bso#12478). + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value; (bso#13941). + s4 dsdb: Fix use after free in samldb_rename_search_base_callback; (bso#13942). + dsdb/repl: we need to replicate the whole schema before we can apply it; (bso#12204). + ldb: Release ldb 1.5.5; (bso#12478). + Schema replication fails if link crosses chunk boundary backwards; (bso#13713). + 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision; (bso#13799). + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."; (bso#13916). + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL; (bso#13917). + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary; (bso#13947). + Using Kerberos credentials to print using spoolss doesn't work; (bso#13939). + wafsamba: Use native waf timer; (bso#13998). + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3) + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found in DnssrvOperation2; (bso#13922); (bsc#1137815). + CVE-2019-12436 dsdb/paged_results: Ignore successful results without messages; (bso#13951); (bsc#1137816). - Update to samba-4.10.4 + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938). + py/provision: Fix for Python 2.6; (bso#13882). + netcmd: Fix 'passwordsettings --max-pwd-age' command; (bso#13873). + s3-libnet_join: 'net ads join' to child domain fails when using "-U admin@forestroot"; (bso#13861). + vfs_ceph: Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). + vfs_ceph: Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). + ctdb-common: Avoid race between fd and signal events; (bso#13895). + ctdb-common: Fix memory leak in run_proc; (bso#13943). + lib: Initialize getline() arguments; (bso#13892). + winbind: Fix overlapping id ranges; (bco#13903). + lib util debug: Increase format buffer to 4KiB; (bso#13902). + nsswitch pam_winbind: Fix Asan use after free; (bso#13927). + s4 lib socket: Ensure address string owned by parent struct; (bso#13929). + s3 rpc_client: Fix Asan stack use after scope; (bso#13936). + s3:smbd: Handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#12845). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#13796). + dbcheck: Fix the err_empty_attribute() check; (bso#13843). + vfs_snapper: Drop unneeded fstat handler; (bso#13858). + vfs_default: Fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862). + smb2_server: Grant all 8192 credits to clients; (bso#13863). + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling; (bso#13919). + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872). + s3: modules: ceph: Use current working directory instead of share path; (bso#13918); (bsc#1134452). + winbind: Use domain name from lsa query for sid_to_name cache entry; (bso#13831). + memcache: Increase size of default memcache to 512k; (bso#13865). + docs: Update smbclient manpage for "--max-protocol"; (bso#13857). + s3:utils: If share is NULL in smbcacls, don't print it; (bso#13937). + s3:smbspool: Fix regression printing with Kerberos credentials; (bso#13939). + ctdb-scripts: CTDB restarts failed NFS RPC services by hand, which is incompatible with systemd; (bso#13860). + ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"; (bso#13888). + ctdb-daemon: Never use 0 as a client ID; (bso#13930). + ctdb-common: Fix memory leak; (bso#13943). + s3:debug: Enable logging for early startup failures; (bso#13904) - Update to samba-4.10.3 + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum; (bso#13685); (bsc#1134024).- CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815).- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183).- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).- Update to samba-4.10.2: + CVE-2019-3870 (World writable files in Samba AD DC private/ dir); (bso#13834). + CVE-2019-3880 (Save registry file outside share as unprivileged user); (bso#13851). + py/kcc_utils: py2.6 compatibility; (bso#13837). + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869). + regfio: Improve handling of malformed registry hive files; (bso#13840). + ctdb-version: Simplify version string usage; (bso#13789). + lib: Make fd_load work for non-regular files; (bso#13859). + dbcheck: in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816). + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818). + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854). + acl_read: Fix regression for empty lists; (bso#13836). + s4:dlz make b9_has_soa check dc=@ node; (bso#13841). + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832). + s4:librpc: Fix installation of Samba; (bso#13847). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853). * ctdb-build: Drop creation of .distversion in tarball; (bso#13789). * ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838). - Update to samba-4.10.1: + py/kcc_utils: py2.6 compatibility; (bso#13837); + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869); + regfio: Improve handling of malformed registry hive files; (bso#13840); + ctdb-version: Simplify version string usage; (bso#13789); + lib: Make fd_load work for non-regular files; (bso#13859); + dbcheck in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816); + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818); + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854); + acl_read: Fix regression for empty lists; (bso#13836); + s4:dlz make b9_has_soa check dc=@ node; (bso#13841); + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832); + s4:librpc: Fix installation of Samba; (bso#13847); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853); + ctdb-build: Drop creation of .distversion in tarball; (bso#13789); + ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838); - Update to samba-4.10.0: + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s4/scripting/bin: Open unicode files with utf8 encoding and write + unicode string. + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813); + passdb: Update ABI to 0.27.2. + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813); + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);- MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698)- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2.ibs-power9-20 1738944364









 4.19.8+git.404.38b26805d4-150600.3.12.24.19.8+git.404.38b26805d4-150600.3.12.2
rpcd_classicrpcd_epmapperrpcd_fsrvprpcd_lsadrpcd_mdssvcrpcd_spoolssrpcd_winregsamba-dcerpcdsamba-dcerpcd.8.gz/usr/lib64/samba//usr/share/man/man8/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:37359/SUSE_SLE-15-SP6_Update/b6fb6fd06a0afae1f83ba160476a0246-samba.SUSE_SLE-15-SP6_Updatedrpmxz5ppc64le-suse-linux
ELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=529a72c725870bc9c5c9aae8e436a2e35f6192ab, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=c5e1517c05ab87a512ed56daf772aa5aa77e25f7, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=bba762c9af10ff731b3e99d5ff581eb46a84ade1, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=933a61f40c56489f7935be3033492b24c577d5a3, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=049e13541a44509caee61b0a7c7a221ca15bf565, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=6b44066c44498ce0912741bf617ebf327715d8e6, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=34775d5524f0bef9137a6c90d3856391f27c87a3, for GNU/Linux 3.10.0, strippedELF 64-bit LSB shared object, 64-bit PowerPC or cisco 7500, version 1 (SYSV), dynamically linked, interpreter /lib64/ld64.so.2, BuildID[sha1]=3208271d7b377a0b5a1c222d399a6ae1db9860cd, for GNU/Linux 3.10.0, strippedtroff or preprocessor input, ASCII text, with very long lines (gzip compressed data, max compression, from Unix)p˜È

B
“
·p(0K/Q$MRR%RNRtRR…RLRTRDRpRoRR.RRmRRR
RƒR2R}RRiR8R=RAR?RRAR=RBR@Rëg^ ÃOì¼fWj˜¼î¾xHYÑI"2ÿož>¹ðûÃÃ(gmÜ´‹w‚ˆpî¼.4áŽ>AKGÑ1)ÂX0ûz/;éwV-6kÚÔëúƒ+;¦ßîƒÛHëиœ!,œ‘ÍzåÞ–I9–µŒ•ÿÕîŒ#U-Ô¦>F×ßy‡3ÅHŠñð§óÒ8ª‡Kñƒ”ù‘‘&à^Ô7rÞµ€ï>nJ…8|k>*/pRø½pUÈk5êÖ]µa&ßàPÔÚï±Æ 0[÷—d4© Ñ´¿ýöïÍè㵃µcïßö4ø ±;ý:_Ú™¿ ~=äSù][ÞNžÉÈ/,FÓ÷öä%™ê=Wäumy2è|3³H’MŸŒùŽ+VèÉšÙ„=ª`{‰%«®Ç5ÿáP¨o7õu¢âoÐQYP:ÈG¸YšŸÅê«Z¾¡¥“©\Ž»îK°NÕ)¯@´ÿI4„ymïdLÄœ³÷YŠx ÊŠvZ%ªÈóƒÍ`ë >˜&_ð®}¹à•Na•÷äЀ‚M’Ô>Ä>²ÞéIxUæ°žPÝ DJÓP‹í+;ydk‚EQ…7én)ÏF©ú]%·Nå1OMÑëÒ
æ-}<^”&aùÿ¢“·b°PõYž§gJyÝàGÔ‡Óêˆv£Žû% Ñ»•ª¸àèp‘ÚHœÔzW¬ ´g§vƒ\¡Ey®âšÓбÍ*è°­ß4–Á ¾Ê(cš–C¤kӐ¡Ch”Öoà¢6l'ÚôÂWz­a‰ FJSf$¾]%ùÊ|‘—pu¼j  ÖωçPP•QÜ/Za“˜`N°AJôUw‡=ƒX1Ay ù‹Á¬©>^¶r:­¸Å9J žN™Ú–5nœýíiH§p7{/×Ë0ËP?3õÞ½¸…ý˜ã‘Ê€=¬ŸïªîP¶J2Ùœér†â)Ðâ=ceÚBxH¯unÔ%&Œÿ‰8aΘÿ²x„Îfr‡)µ>2À«’ƒNm :ÛNVÎâu§W
‡ß®áPʽ£uF|’Ø¿\ÈtF°XR/;㸠›ËHÊ/UŽI¥þØ3T–òj,Ì7è¿F¼µ†8—NT8]ÌiSTÜz:ËÚ;ê¾®WDÃkzØ$)œôÅòpáÁ o+oíXèAû¢Y[#)‹@@âιðõFEi
¯ äVžÀå­aØçÕP‘õECð"ê;*¨k*J—ýÅXÌ´ýkÉúŽk™“~á>–ÄD`᩶ï3œÎÑêPeGE¹k™³Ù7Ý©W˜f¯'6íÓa´ŒÞJÐê™;î­HÔPufFã1äÏìùå[ç…‹LOæÁ4,ma8)"äð¬Ìz¯61ÔuKNƒ€×…v̲z½îq‹y«ïr—±Íâ‘5(VgêQV<9+;[:³®B8EHÉ.Û·¨ÒÓ
"D9Óù´Ö–h'ÎÔø»èëi×õÙ(X¡‰'EÖg#D0LR§ÔŠlõ¨W˜/¡,94»@z…2|†Ó:¯Å¡êJÒûv·~.uÞröÿ|bõT
ÿ™¦·M\jH ý°”VèW0o‡ðUh<ßw×­ü gjUqeâGD{‰fÐšu™s·lyAáÚ$œ ÂW`ï¼ihbä@~0»ÚIØ mðÕC|Þ’ýD MùT15ªíW¼“¦‘ÅÎo¢>ÐÝÈéö&…h}­FéDý&*xü}õîݳϧK}$(Œ0Br;ΐ‹¨U®×ˆÀè*ÎÒÞ4Ö=N’ 1ï…¢Ë(ä­èúJ•AÍ}D9C£LáÚ·N@b$XvÊçvj¡ásÛÓößWã"¦¡XM^¨t¿ÖÉn»ì!µÐâ÷méˆ^£Ð¿Š‡‚/¹a2O}ýæ¤ÿd2ôE¥N8¿#eGö³‘e$kƒÌÖ±ë”Åe‰XŒrBÎâI“Ñu=®Ëû¯¾læ&{Ñ= qæxE(Œ/"wQTF¸«gåoÈ#{³ß2¦µ$”7æ[O_tŠ=e^p÷~`jCt+»§hyE'ÚÅÊ{êŽóaÃaul;¥#¹”O7ÏúqãŸ×)™™.RoUAa3åŒ[{ÝFQH yrŒ±»âIÿzm5i™ç¥êGTìð 3ºPOd~ý®«º…l‰ga;9v=ižfz*Í¥AùŠÔ*ƒt­è?mi¹.áÏ'‰p`07fKðÇÖ·3¡ÁˆòcPî-­7jÑ2’“•z‚’D·òOy¬šâ6ö²Á–+”pFl®P;Ññß‹Ôˆ§>½ÈeB©]éé¡åx(SåÁ¥P;¦ü˜ÙÁhfd»_*ÞO/Üæê®TލY~sœZ#ðßS²Œµ5m|Ӭ⠳ 8þòÞ7x>ÿJÞ?Ñ-8²Ï“ÀÜmýUë¼éé1…ºÎÄ‘ ¢á#Ì=Œ‡Šãk§p8 –½“q‰foFQ|ƒ BT4‘z —]ŽèÊEç õ(ªº ~Ûö«K ¼A~õ©ɹQ(…ê¼µIFàvœ™=̉0[
_Ëdn¯ ä]%Ü =´ÿ¦'4»ƒÞÎÜgA1®vÙªP{ã¬uè©¥£³±á'¸69.µúUhöÈÝÏàš[¶Ðˆ§©¿@ÂF#-ð!Þ1?¨]8'ŠböP5}Ú¡8OîͬÉW•.YÛ×ybãç«>”_Ÿ}•ÎIÜË5ºdé¯ÞÁߣ³…¿qø[#žæòç7®ìXú/KCü—„qg>üZô¬*€Ì†os§uJfÂð¨Œw¡ö_(p7ô¾"zÖž?ÑdS#¯MÕ Å¦Ž†-ð¢T EÃ¥Ld‰U¥Ç-?(É+å•„<8 Zåò=ÿp÷"œGuºÙÑ*™­+–ùFàˆKƘ´@Öt?+w9©ø ,§‹Y¯K~†ì #ìZƒœdêÝd&“¥âC¥ÇòŒÆšß–ûI×ìŰс•£:¿'@‰^`Cï`܈þúe?ÆFÿÒ‚DÈ0° WSâ͈f (­ÍE¾r f<É«ÐkùïÍï2–Ý};ü0:;-âDm¤ØäŒpû™H—
®
ü@P„)…K8±÷+SÑ=@1_h”*»©¡ÒÜ?xs-øj- F@
ù’{'4¦÷È)“Äص»/IÔ»RF.뤞תÜAÉÑ5õ!N¦ç,îa"A~œ‚HA¯¶Æá)¬JV‘ìßä¤iü þ‘§¸M˝°NÇøqÄB«\ r§‰ewøùÂô餷j¡F~øâ¤óª¥NÌíHšèª’СV3¾Š4B øu¨Q¶ºIÓr‹•‹¸öލڋ6Uæú2Û²P_& “ûzº=3ÄðÝ 6¬AEp]ÊËS-œrá1À±h&»¿_B BÔˆ4]zv­›³+~†ÿ³”Ìu R¢`ÞÞ®¼ír!Õ¾ð†Ï˜y‹Ñº”Þ6ßZŠmý̃ÓãG‡æ”ðO`Yž ñ¹†ö²
mìo¶ô&Ö:Õ¶;ç\zRä>ùü×­qg0§lo!ý[šhª$¦qÌ%oø:×3ӁݝšXK²Ji:?—ã+6ˁíèe"KîœY °Ά@ø/ù ðTt°«ðô{2)wZÿÊá@½¿ÁŸZe¾‚[ü!„HŸÄ¶¢Ù@Û–Ù o­Ü@\
h>ßÞ=âìc ºAóñeëïÓ G˜ÏwÝ5«|_ª?Ú%¬rï­×çYòß ëC“Þ•r Ùw$Ö|vØ 9xÈQE”’¥ ¾ð)é'úƒØé¹&Й[•çh'ØÚ[²wUá¤FçíÚC‚øÂè÷:ͦ²)qÿ:cfPù Ä`|ÈÆLñMýqº¨ýgz^-@©É£8€—ÉĨ”Ä]Ž~û–DÔ±`SFk@òÆÅmSà*ïóåËìK[‹I0nxù/#;«q& áØ î)û⏇~lê•n.öõãØT‰Çp1»è°Æ9 ³Kh\l
·â¤&- 4{á×ÚÝ4¤±ÌWàxèâÑïÙÅ@»Þ6vä@ îÔɵð9®M‰‰•^Ÿš¸LzÇu®Ö¯ }¨iF´°óçØt@•›‘[ÿ%Ç~íWw]aT©"áò ËŒªØ·úûcc®¾u« Ôu\ 1Ü2C·ÿåÃÝtÏûšØGÐ*-×ü¡ç¯X8·Ú_¨Ôù“¶ÃŸ¿ž²„'\4¯ŒV¹ëµ~l±æg}ô”Ònû”3&¤°,ùÝ c±´Uï;~×Ó½ãÊŸUÛ†îðFKòÌ¥o‡¦ñzHÁ“‰ýqû!†iTt%¹ÎvO(ºE”J ü`þõ›á¼N{ªx9x÷ä¡çK×­4¢’3: ÄÑvª»¸ZÊT»`ŽN®:jŒ"põ8Œ¬X m ZÆYÈHHyI(Ôuîû:´%¥Îm橝Ҙ(o,î[PšHv ådµcX~R—®>ŽAÚ¼Ù•’5aTK
šJ³I–Ùh¸8E9Ñ_cwt<ü·æn„¢÷û8?⪏”çû$ôa†v1-F¬3Þ}8&Ì4°ªóª4/bsSŸÆÔÞÎÛ»“ÆF0¨¿«•´p¡Ùm7Õ%ª |Š¯(zª¡úµ´¯ŠK·+³‡ýºó#ß £¬Öæ£M ÂÑ*ò*y3K¾¨$ÜÚ«Hýb€_TM!RÔ:V3D+.@E¦JÓ sŽèÛ#;ƒ½Ÿýá9¤Á×ÿy øæÍc-—(vøX,a&ƒéX/}‘Aúá!‹Ô²{[»~´7$¢V·~žêS`kžY茅ZHµCµD.âV7ô”¨×3‹˜Ãu¹iµš¸<÷V’æ¯çŽÄ%eëÍ Ú|VbÞÃʬôØW­1­¶q?ÕÐk•˜øïCÏu͇úš"Lµ0Ì/B bnE'1ù“§[ÖrDdâd#,ÂÆÆDÏÀóŸä-ôÒ«qðèìõ¶%ÊÛ“¿ˆkëĸb€#î"›2W!~èÿ4™7­d
¶«z¥V/.oöÈhžQ$5öº¥ñn¸Úı]`ßìÏô†œð¾µ=ã…蒏Š…ñú0®º½PÚQ¨ ‘/Ïzi«‰í}½p念=qwüIpβ`ûŸßpä6Z?´ (xÖd¥‡Tœá‡x–…Å¡î´9@äÉÖƒ«þtaWÿnϾø¬†Ý‰ö™fÓËäk~¾¤âǃêDr"p§Q½ûº‡ÓžE@•Œ¼§¯yêå”ÝGÍÄVj ù”×ìû¹»uµ‘’šì5/¿o­Æ?Q²`x¹ä}›[~kü=‹ð÷ ^ËRÅQ¥¢·W{K vÀžœX²öÂm¡ µûÛ¡Ó‹#ÒhÓDÿ5‡˜Fav(áV0=ìnŸ$mßÁ:úØvÁZñOÓè›´àZèUby±‘;ÏÑ+M&èÔàRžJP­OèÒ;xÎÊ(þ?‚’Á#MgÖÝËØþa¦¤FeÅÛÕ Ÿ¦ŠˆÍvŸ^ƒ
boåÙã]·ÌŸºTú*û"êš„œî]ÞO×v‰|s€Då"v-Èi# ö.
jûŸy¼j‰«ßa“ìOÔ™ Jfª~jÇžw~m^R§åv?8Æ7Ø›‰òpM>IudOiØcTÉå3lÐ,÷·ã%c² awr@”$¢ ¶‰`z:eÁã9Ó¯E %DoGõøÈ1¸ÿãÊnïJ•þ·èßÀɝE×¾‚ùŽ"±–ˆ¼ÃÄ’“ñâÿ,-ï 'ŠZ"DÌ0ûÁÙÖ‹Jr=KD1 "ôêqü¶ø3ƒA0ü¤ÒS3ÚdˆÂ¹÷êP´‘T0ÿcâµ Žó⚈#IUE“¥w„zè)±/¥›…¨ØgÄè ¡hÉdRn‡þ|Ôg8×´k[Ôª’©·ø¦HÂêQ”¾µ]82]‚áò—¤fhª×O¾ÇN0•Î•Mȱ´Ý&Hç¯4ÂÂV§ÂêµåC(É*UC€BJ6¿#‚4YͪΑH
‡„Û”ë8r‘h¿n¹3êY¼ÀÁË\þlÜY(L:s<×ÝUäø"–š}-—­ïe"Àx|}ZËÕ_æpÑžlIIÀ«XñÇ”Ë'MüFMÅÌðXSª£çï-5ç¦È…ÔK&§ìü¦;VvË8ÔYäÖ‘ÜZ´¾>p_¥ Ò®ì¹ˆÛ÷·Å¯A:q±€'¹üæ©7ôo¶ÄÁ?u”Á!‰`u©q›vúàò>»ì`ŒË˜ ‡˜•^QÒÖ}Èõ#‘îJ×Ô
U
æ-e(¬[f\Ø € <|É´y>„[’’ 6Þì³C(7%x\e¥x“ Š^‰6!_ìÁÉÕýEWsJ1½—úä¦,‚þ` ÁàìTŒE^Ž3( &ÄS‡'7
]âE`VíV,^³ó²àí1¢›ù¢½-›øi!kÂIŽÖUõ™àW¨zyüž…«3êH«mÌvùMÏR <9â€è»ôSCB^óäøè»bfí{P¬XŽ+W°˜t TŒfz}RSÓwo}ñFyólšHö”øOˆEI׋[Ÿ´d;œý)j£ÝQ¢Y·™%å1\|Ækú¸á4ï1hyb¥p—͇*&ƒô=¥aC_ÃÆϺw_œE¥•£]‹õ‡q¸XÕ$qŽ¿s*çÿßÃñ)ÕIuY¡‰Œ°o@}ã(×?BÏË'wÓn°Ò†4l53…3
›|øœ½wP]\ß¹W±,ç E&SìpÜvï]=ÿ™ù¸+ŸS…‘$ÍÅ¢±Á©ݖ;Úˆ½$¼$‡î;ÅU̼?¡™yc¨ÍêûyIÚ,¨¿T"šÄÚ`ˆ9™rt-v‡`Î+H{4½PT(9¦ï\ @naiÞmÈŸt‘Þ¶]wõmP>|¶äÝ:î‚1dõŸDTÉúúµyÌþêdcdú ”ô¡{…1Tך¯¾Y|˜°‰‹‡rvžõ/ŠH~bv¹Š*‡k NÄ™x³/¡ò1k°ÔWÎÑyS)…7´çÇÒõ(R»=ùÉ¿H¨ƒ¨ [Úá(ÄŠ8tUüýuº0“q¸8ï)l!¼r~šË”4ЪdœˆÀQ"Úg”Oš*òdÇÙaÇÖ6­Ú^ª‹¤1ß°øÿ©–ìä—B
£_–6îÈê—¸ƒ高}(º²¥¹ŒN¥:µ(Ü)û7!v±æç{oMd>‘Fä{Ã}#%ðô«›|óÙâ±~+ØØñ¸ÿ fvöÄyY'{¾|{zµ¤J œÍ°Cõ——œ4*iáûˆÛ=yÝ+g…7z»‡LЛ柇^£ :°N䂐FãfQúŸQ=}–ÕÆ™&’nhšH†°òF¨'}nˆj¹Æ{Jn[¤×åÆû/2¤s9‡Î"ÛÇ.²ôz>e½xß ŠÕ:ÅCnàŸV=t7ä.lE3-‹}lØÎlÞÆêÌ7Ý…q¼ñO-CáÒ$KŲžAÝލ¿Ìö©…Fg.=2ð¤íۍ+8À
¸°L¯¡ÌX$-ã„2Öò@½…ì$¡[î;B=ócïî{qCDõ½ƒÿ¹1[‘O(HazW흡|š.á¤ÿ"º»;0(ï¼>Ç‘NúQ"Uÿ€*8à·>n&Ë"GèG‘b(‹¼ÁMæùã¹Ú콯am9ƱfŽò’ÍJ/³ 1ÿH -žâñ5AØLìñ–Ïã·ÏžVKÿs)ÆæY`A/ãäÝÊàþ« Ÿ²¡T¥}È~¬eÓ!\•sÅÛ5ˆ<<Ÿžš†LàJÂð³&S0oy!(ÒÃH%ЈA
IIª®ˆÐ>v•¥qŒëçÍEóÍPm¤±bÌHÏ?]²§­ÁR¶=¼™j´rRBë­íå¦<롳°ó:¡ÖùÚ°ujÚïõí.Í1ß³ÈæS·ä!ò—àÚÓ­N4£AÌXy¼²<»58Áî}T‰nÌfÁ¸ ùŸXðâDÃêÁvŠ.špËD‡²"‚rm>ÃÿðoF¥>˜§Ïë}V®ÂV’­Xï,`(?Óµ?Ï GbÐÁboQp5QƒÂꖝ¼‡~0H†Ê§·ÿ¸¥÷›GKù‹^ô}¶­º)J}ÅY+ûûÎÑgö¤¼ãͳ±ú'-oN¥aÞºï·4;òJmjq"C0ßìšy8“åóÄ÷²ìGà×cZál=‹±}-Þ'ÂC\±‹ó4ÖrFÊ=A_nÎ3éÿ¸‰Ô‚¬ir™õ×½±š¤Ü”U’*mBd J[!EH™ÌqÞ5«NR¢éŠ‘<~ä$…³º°ÂR€Õheûp>Æ×=(òºZG·ß‰sª+]³kL¼ìÞÑ·,AM«ƒý ágúEÖ˜Öoäô® mÄ-¦¿ˆ²eO†‰3_°/l…Ä¢ç]Ý¡TšrŽYG6©‹µ½` Š—fàçLÊ«RÓ™#¿žœã5_ëÁóÚâ$BBøƒ¬ò”  á*Ñ@åA
i­0Kk·ÈOÀY5ï zþ‹®W)ø8K5±¡;»Šxç¢ÕH‹#Ǎ?¸ÝòÔ÷ೕÿÅIì ý'¬QÐfÊl2m† ›>IÎ0
äeó“Ð2ä…âÂõ¯hO”Æ1èe¸añ=ì§é¨åÓTÆNŒÞQ'ÜšÖl9’ÓÍi²¸šQêm©£Ô¥¬»Ú~å:œb@µKq6q`‡ž>± LGŸÊ‚ã~qù‰· D›°³*—G€Ð;ü¼•6Æ遇{!¾j¤þ9ŠÅ»îsQJKÍ’¢-¿†ˆãKšwœ&hö+ä•fM8«ó;îQ½Ú™LFz2AŒå\{œÜFƒ|¡>‡Fîfø2l2sYÛËBpJ-Œ Üt‘?ë×þÔÇß—}ÄHWåÖúŒ‘[`NïYc»¦C$) ¯ŒVaiêAþ虂–­¸µ9ÆŽuxÅÈoF§ß1¯kÔŠ>ïÌG¼T•é=¾ŠÖþáª"Ôv²êQ#Œ'aë¡hâåÆæ…˜d*Äù£Þô¯2ó[BrÞÞl©2ðO&ê“éX êÎ_·‚pYc"o]nøÿô%Âã™oz!°4¥Ší…õ¾ ¥kA+2ûtF ë­æ…Y\‡ŠÔ4ß²n^Ä^£©À'ís–m 6º(¸Y‹á¼_Œê¹;+µhÍCíGŒxÛÝsîu >¬ì‰H‘óVBoq¸¶8@Î;s H¯W‹Š‘Í;~€MuS•ò€ÆJþ„Tâq«4jÕ0;Ûíþžcì‹¢œð”¸âS´ŠÑ+-zpT¬¶‹L^o綑­®V.EË|N«ª`t¹bE««â87Í¥@jÖ¡g¥ÃX˜‡‡„<጗sE/œ 
9èIœ¼ø·÷Èж××#æh1͸wÍ1¶Ý¡öËû¬Wm\Ý3ÔDûì5K<(ÊÖ£Af:ŸSKù¾¶µVÀ}èž> Á¶o®¬‡D@gdëiWj¹Be2]
EZ«/¸>Ÿ¶g½SfÉ+/¥NŒ{…çŠ:Õ•±=EÅ"Ÿ+â‚ÿIÊ^GÖYM
W?QlwV¬çÈǁ¦0ÕNm5§Ð¼ÝuîÄ´Úr‡4øÝC|k
›bm]ÅPî,*v žÎT÷i@jC«mæúœxì¡"#hª9l˜Í+0ÛÁ„UAåòd^ lf'QAt*ÓêÔ` 5ìŸB™ æ^|xZÂU…‰¨cOå§åq* ’Ä0Roº©Q2Åé\]ÙÝò_ÊûŠ×lŠ;H ÇCÓ~©Ž¤¦}Z?Š;Òä”(fáÛUOͪñ<Ï NŸ”`:y8×ã<)§ÓÏczµ‡µJÝ•ÅAéÎ1¶¥uÏ0™+æèEQ•˜,·#óLƒîOº®c…‘7¥`À]¶ZyX×Å\I‹O$Øg¿Öw?•¦Õ.µfqžŒÅÊÚçxn¹M“«íλŸðÁ56J~›ÕÉiS¹!=¤gÀ‚.ilpK//w\Ñì}·L•ÝŽ*Ìï؇7C½S‹ùúCÃáEú·~]h¿Æ~&5¬g«œÈ
+9ì¨$Ž”Êç 1ÉæÑ;ó‡/ú+vnË9ŸO¶¾aDÖc€¡÷‹¿F»±ÿ»lçCµŒ— r_(œþ.ª¸†±øÈx8xš1­,{ƒýÙªTÊðô)Žë2¦R4.\@8Ž€xÎáÊR6eí:¡hÏ€é́šÉ¹ùþ¶¼‹Á1&!jë7¿¹1,ˆgåÈ…6žØ(¯é£0X@ïà‹q;q?_Ô1Ä«É?ÖÉŒýíÃ0ÀôOêòÇ÷o™ð±Gò7ÉX´U‚qœ•"N¨‰Ú&F¥-pnÂþ«^'kø&H!°]O4ÃlÍ»íæ‘ÕmL
ì mÒ½à* šþð÷ A¸Ë•KMgé!§ÑŸÜåyZ.â‚Dc×à¤^³õÈ:IÚ˜2Åzl› òÇ ¹°€<4kÑÈ2¶h¬ñRÓ2¬lœx!Þ\Ž„c|ˆóG>Ž^Dz§xø‹+ ÈŒ—‚Éeh]È×ɗʇEqß=2Ÿ\tIb˜XüÁx•i
0€u7¿Ò±y†j@I`Ë^3ÉÄì’ÞüªÃxÙ0Lip+AX@ƒúhÓ¸Ñïßœ±º‚~5Àdf™ZnËÄñ=ƒ³(—–M–Žb¡¬ÄM7î`Ú¥ I¤žnW¸<¦óf7MÖý…ífvo†)ònÒ¿ž¿”ãßß³oð%|øðU…èµy0r¶;%séØG[Ž©ÐEÖ*o=»tM%a¾wî̆yË4ut¨„UqùïìO§ú2f'uH4±ÄA¸Ãç®?µI~ùê
_Peϳ7{j—ûmé@‹¦ûæ¹°N“Ø ;êEÁ!mœ·-è7ÇÌÒÝóÔn·‘}é°°û`Án|á KÁRAzt‘}å¬I¡íº±r¨‘»IyàUñ%Í–(™ÒÄôN³AØC®Äp*·9KYw@rį{€ë,HZn´#Dôo`Žrü×Bƒ8' g`&u¯Èa_ÕGƒ"õÓŒ³Ù°Í.dóA´Gb|́yxò—ž&m9sú-L¯¸.ZêÙ`ÚØ“ÕÚ¶gмíEVq¼šrÞ@'`‚&FO”¦æ("dqª%|ÈeÆŸ=Â12rI쾫ú¯þoék<«Ná¬_öÓÆŸ€y e9êÇq·yb¦ÈK©jÒÕ<¦G2Zt&ZJ°&˜–!Ûö°Ûú÷ùÂàlqSufÉm³Õ ý÷—ÿ¤`×Å:ä²Z¾›ÜæÁ™óÔÝó»JÒ̤sq)mý³zû€éLnÌrÆF¤iÀEö^,R@à a¡ü¾:ÙÛÍ«jü2³ph#‰KEßü{ãþãbÉŒÃå 6*²FÈSO®MF1@ñ.O$“8’IärâŽV3´šÒÅ8‚ïë+"ˆK$six·µØûÔ¿óìLuãRÇZIgm:Z†#5† 1qÀ4HsXYËZ§çk8ûD$I9%ªjÔ Ñoè+l·~4›´üÂ|Eð7ÕÞŸš‘rùºÒôW sL6±\6JK¸ƒfaFôßÍ¿C»¤KÓn!¸<7CȦɱë™6JœÁˆù¥.œÙ¥»‘”Ƨ¹)ÓC½ÛÓj8«ÕÿvgÙy®˜ã ¡y¬Ï¢žŽ©E*±z"jÁ+Ûžÿ“œwôê0ÃhR¼Ÿ@)´ ¿’¨Ðž¯áXÕ ¸]î¼ñCö,Á÷÷xÖ­œ%k÷‘v‹¹§ÚçODvà€³Xá¬e Ë-Eô— {=,¡áýøÝMÂ9²•å©­ïX–ˆbïƒoQónÐþÆ'Há¹ÏÙ/œ1Cð!ÊÍÌ-´} ¡]BU¶sH×Y"9ì‚>Uúæî¬U9d!îä”a%ԊýŽTÔ
‹¡Ô€ ¡Èq ÖMM÷Ʋ•¡ÅéP«J‘š9> «ßv…Æè¬_w?*ÚxÁ`þMxž%`±+ÕXèã}&îÂz´ÊÂÒ¶ÆüKÖ;óÝ4é7^ÙEµï”ûs "I|ÒÊ{í¥É“3?½.Á ÕÓ^q¸Âµmr„³¸ŽŒHâ6µ8®…8±psºbâÝÙ6›öØJ:íÍD\9O{Š–2ðÔÜãêÛ·$ö£z¿gVלGfŒx‹¡¬ç àÓ+de„D±àu…,P>­ì¯ZM°Vži´þÇ¡[K}yŒ9¹Kø½5`k°ï1]Ø‚Ò9óæ¡#Onލ³³nHœ?a÷þ9upk²Š†—åÙ¹Õ¦ LMûc)$2g¬xîªâ“ƒaÀH^×>!¼7ÒZ·!új[˜“ÓÂÑb8º¬%ÿæ¿IM¶š¥ž·}Á'ë”p¼~ƒ…†À¨¿TGÒThœ±Ÿ= ìÁ‘Þx,·®ö-ÆUìéÓÌŒ™ñ
$\Ô5úo.gê«Îs:¡½Ç[9˾8†uůÏ*é4š>ƒ4ÃÕ¬ÃÀ sæž?[4©³•ÑâÂÎ_ŠYÚRÒ7Š$ót²z®ªžaù3CŽþOê܊ŧåh•ÀMÉþ£ò/òõýEÎÍ Yµrn;StŠØf·dÛˆ^@Š}~ÂÖá›BØåO9§¸BÅoMæSÓs wM…aÙ¼
楷åÏʱòùP@…m¤7ãGž)j¶\.Ã5ñÀÃ÷Í
ÉѶ¼}¶þ5É-_5f—Þ¼µ5g»a¶}dKÆÿ¬yПc)>èäÌØ ÏدJàóZ½¦ŽZȏgkìBo—‹ôÀÔS&©’"J´ÊxÛuⶀ´£†`Î|'|Ð(Ý[ƒjA]ÞZk˜Þ0W~OF¢ ÞojÛx[®7Hþ`¡¡tîôœ‰À0¸–KVÔ¼Pkˆ¿\Íl28x=qb£%;‹ß#ʬ0!’ê#P¬Ñ“(Ð:±â,â.¤s°bÐ(,åÐy#Â2Ål1Q8œ<˜Ú@þByßgÆvÞð_WOÞöËã
ÙñÏ£¼„cÞý—i0s dPìÛH¸yAajUáwk¡fLM)°I¶{T9³?ç~Þë]Ö?¹³¯z†n“«¼…&o'æ=fÙÚ«“PRY+-¹+ÜOÀþ‡©ý΄¾@LŽØˆÛm
dPÌ®:WQêÎ6Ÿ¤Sá¼/Ik?°@Ñ„´!yo»@ÛÚîù;²M!l0@dpJŒ¶W«;,`8Ód‹ÏM¥ŠcÝÿGx³îx4dq~fŽ»øïuï½C›u–¥˜©W̹³áÈ\µ²–Z(^š½½fE¢I]áCƒ¡T1åDáÓ²© ЙŸháaÑ¿ +1nèC5¾Õеã}î;Ñ)‰ï…üð€ÀÔþÇ*~­ýj:n_)ø€oõ=Ñ—t±6û‘u .zc×¼•Sу ~]ÊÐ-Gïçz˜V=³xü¶úl²κ}Ãf”k@|e=25™L9ˤ ´é‹b¨cKb¢„oËhþ
Ö(Â7‡´.>Z«6à¨øÜv6ñ䪲”†}úÎ&?Ëex‚ç¯#ºÏ­/$á†=ãQÀ+Ö'ˆ‘V#wmä³Ëlï&÷%}Šeÿ| 0ŸAh¿up‘çVgðÞô€±•J9G*ÿæÍjh¶G°µàÙ'›ï5|QKCèæ\Œ"³Eú¹r°Q·ä1+—¾Óàð-iÄ¢â5W•A}VgpUó*Û5Ö¨§Yì¼û„γ/ŒË_»kvá@ÌØ+Ôô\ý8IµÙ§
n»¾€ÞÑΰúnó[¹-~=Ó;$>…™=ÒÆ¢y´« ŠÎÒ§BÚ®EWNYˆ­’ð„‹ië³Rˆž<'°=e’.Åj»Üêá`®Dê#ÈØíélÕï…Å#0›d°rV+Õ&‘+3¨dS0…9=3æ{Öb)ü×þæ|T@; ¯lì•HÔG#Š‚úë,^ÉNò©Ø뉃ÍÖäU MŽ—CY5*Z]Âb´wšX²¤ä!¾‹"—ïŠì÷“ÓV2Gc/ Ó:—ß<ê”ð奛¡ü‰¡I~}.CÐÕèœ=mÀærZiš0cè`tw¸‡bŒ‹A6¾Á:í¤6 «‡P¡Œ1²<|BxÖj~;–]¸x‚Ñõ§Yœj&áÝD¤¬^ߺ½y^öE¾âÍb_Ã^“¨ç闐TÜfþŒ;ˆ©mÕ2í±ë×€ŸMmZ""³M§é^7YúØ«p9«ltÞÔnRäF5ŠfßïÙЛ—ƒd©Ç02.zçø»qo¿ ZSæ(ž6,ËÌ•þí‰çî½/K“èÔôl1Ja²èHmGj„¬›‰ŸoÎA¦â¯€ÉBø™I4^ AX³Ú6}…êÕž‡Ô쯐ŽÒ{ñEý«•Á7ݝùdÔµãø€Îæ$ú³Ô;÷äAz~œýF4ŠˆVÞodÂLِ nP‹&ßBHR©œÿÕZB…ž5: ö šr¿¶È"ðU}šÕºçéeµ‹z›Íñl×6¯ýjAÆ·n«Ž*­Ä-œ‹ßø»ïu~}üßð²R@ðÁéÓ# œ; ÊÇ;ŽákínÚ¥ˆµ1üxÁþåÞ¦3xÙ¶ˆTïþM³B=VäÞ61˜JF£»8dz˜ˆK93¾Ÿ3XRì{·u€‡ëCõ=n@ò·øäáâQPµœÝq\
:pÁ Ø,Ш~Ž§~wÙ…¶÷„+øÜ-£ªÙøüAAüóz“ÒÞ›E6Ø]39Žw|9³§u“ÜÌJف;#5\[Ž„ þL3Û¶¼¦9æì6猍®¶Ö»E\³tâ·ÀÚ«þž•`6³fÞȪ`Üb[±‚h%7.ž¨ øLE;[ºˆU‚… v’$lyŸðT³[„8v¯S^>]>2`œýg ­§Ã˜ì±ôTA‡ô‘$ÐWuåf°9Ò—…<"yB›6ââSG“ÉÖn«ÿë€4f„ÍïyŸ+þÂÙ´‚Ó¦Bdá¼MØs~äŒùƤѿ~ï狇'Û¥”òy7g:·J§û2(?F™¨aHvx<·€5PNÊp–ÑDÕ‚þ KÿúZx¯ÐDÞ˜šh¤réRó.ò3[x#yWæc‰Y'§Û° ŒL¢¹²Ì¨(ÒŸç®$–Ÿ{û? JÿUgEë&È€/\1(ÍÿÅøñ7õ­J'ê.YóÍ[µäfñÍ~ø‚ÒBŸ–âV.uÐ ^wk¤N]“{]jr)u\0L°iQ¥ø1M²'d
U#¾€­z ¿§q@"¥š€s,Ĺ1KjÂàÄ –eoiß'¨%ô°â úA~óÁ¼]Ú€LëÐŒÿƒ¼”ݤ
J‹ à +lQú×UÄ%9ÊÜÉzób‡Îöþ˜•$@p5)¿ÆÖü9†2¹:T²A”9N¨ "B¼ó4–lÁƒ0쥵|€cú¦— ÇãU¾þuT…ýý¡’Þÿ+'ç½.¢?@¾6FàFšc(–bÃítbí•Gyå+£BoUÃWÈ’âe
O!Q{Gò/Z é`–c¢ýº`ž¢òêOGv.¸ºÃX«EŒ
‚Çß›Ë 5"Óæ9½ÈF-­óOÔGÕ–1N»^Rûü+v’î5*—›dLâžq#9´Ú[Íb´ÏgŠH Ð}" Lí9•^JÁ­šx˜Ê¤†^Çœ˜‡a¿à¦pŽì“SC°…ƒÐ0–_1À"=¬ß9ÖµcÒ¥ˆY-Ãë$Ī¾övôm¾âò=¿†ÚkoJäÇWÿ¤eË5pxÚä Aãí=.Go=”dAÊX–ž†Ï%ƺà×€ŽñÖÓ@ »à`†X›ÍéeëÃ\Þ÷ÿÀ’! 3Ñ~‰ÑYGpŽg0ýсƞv]‹@®NfeÿˆŽw)Õ>ËÇi7¦tÕ3_1¼zsFÉÌtÇÓsÆ¢T¹â“}|#™Œu’Ü^E«N1?„Äû€böÒõا/øsU~ðûBNº•½`XïC³ q‘YIhxü‡î'_a#9‹¯¶F$W¯$zõ]§6xa§ôCý{>M›²:üxTOåå›Ý•îòBïc12ÍBŠÌR#w¸¨øæ]x•·ÏÆãÌ–YrIh‰ZÒ$o ó »·bœ“q[:ÂG:‡¨$¯f¡0òœiØU|I7y{»_bÙeÊ`Ãu««z#Žõ¿…Æ“®â2ös§ƒIÍ1)õc7α>§^ôË>n| yƒ±h2éPê}]{`H¤s×éÚûŠÝTž¾É#=fj@¾Ú`°ÙŠ/äÏoÕyÿÒ¼Nfm£s!s}<–ÿú˜Áí‘Ðe~;û‡cÈlÑHj_qÀÕ©Ž¸B¿¥o€åxçÌ1ËÞƒ„­‹‡®•×ÓrL¶ó^=hïèIrᆞÒK<¨9Ój.ä˜ôX±¯pºäˆ“&!¬VªòÉ|Úz/¨C7è^Ÿ/%Ð1ŒÝVäÞ l÷½ÜGáA¡óRJf€Àgø¦b¦fVQ½i¾qr6W‹$¿%õ`ë·oDd¦f–—ûñ$yÊ^ôç„$½EƒØµ°WŸ_Ù‘ymÏ°àÏ…ç³toÂñ«!É~jeeëêUˆYZÑ…P ·>Þg ü[­24?6Øw ˆƒÄ®®ª¶XÀúô·:ëyèv'ˆ"ÁÊCG ó¡IBÖÍñÀÌ‚ 8ºñ=P¹`µ».¿–k®™=¹V×Æžò2–-¶‰Õ5U¡.{fïNx#H†*¸áJ’"Hu]ô)øµ™P0÷Át“GfÈç ¹hŒŠà¡îoÿ>ItWÂ~é&h‡JóÐðómÌÀ"=;й¿5¾Âª ­;›A¨2õýuÀ¬„(Éá4ùG“ÆÛñJQ…ÜœÔåˆSjúÉuÕTÆÃÂÊ9¢%,õ‘j?ÞSÐSåžÂlÃ>í–yÄ“…k«¢A£é¶N¥w`™Ô£I6ÄgÝ­˜þHŽ·Z1I•Â±B,*`<“ˆÌ¶%âK€ éäqÒË}ÄE€è~õDl¯å@ôóÎîèOD—ÓQ

ñ®ô•®âÅe ¥­„õbÿH€™ze¤0o”É/LýÕSh(é¹ñÄ>wÆ8^AKÌ?f-òòåœqFúîÅæÃûÄ#nƒ«[§ÒŽË·4œâ FŒ¯énŽ=Qs¯e„wX“ž¤*²Ú°_ÕçeûpVv­lMby¨Ðw”¢Ü †Râ&té¯4K5Üè/›½V,¡ÖlëxœámÕ‡Ë,2ÚîØÖÒK¶‡­dbádé“‚“ãª(ævpOœ–©˜¦+6dEÚu“*7¬€g:Dïå—Áu!1Ýh¿c׈§X‰øûnÐèO‡Ë>;]TwJؐ7Me›™I&Iïg¦l ,ežR;rxÔH—yF—Ø¬…ÝänÉ\Ãý®éR÷®ˆí4¨MŒ”Õ1ô Z`°…úlkÓå€jp5jðkëv ÇZµ5…8µWŠH¸lÖ"΀ç!y”A©´Û[šä#™¤C÷…Þu>]ön¢üÅJós’ŒyègÂk±ûjÐøÄú3;åú´#ˆkÍ$yù‚ IŠ!‚³Žn—‘¦ +5ÜCB¾Á›GžËŒ`¼tÊto¼ˆQf“Ï×_¤^¿åÏã`*X´ ¯½xR ~ô$5Qx”··’ÛSãðQšüÅhY\ÊÉ…,Ú™8³Jbo…­,§úÒál/Dš6oÆ ‘½+¢;tzR$Ý&X8öw ¬óŸÃ“°#ªÉ+eåžÒ‡ã¯¨”:³IlÏÛCÃDy“á·l 7 b9¦UŸ (ÐÖ5É€=’Õ)ëݍ\öƒÓÃ-j¾_C†·M›Œ&z)$˜xÏÊúÒ±#uúùIô„=Rc±æ6ÒÁ|êmmOĘû´ëËOêÛ,VÂê‡{àIg5ߪ뎰ŸKÝL>®¿D2þ郬Bã&[hùÉæ|˜ãÃwO”.Z¡·BÝG}K4±
G¥1õG Fµ¦ö& ¯«bÃT|•~fIà1Ô4–1M,‘47Âä]Ñ<9tšÂ¯Fåª/ÞÿS×}hMi³«RDᡉqÑ,ÃÈÊb™¸4p1Ìœ“[çüŒ5ïºT|‡zã\qZ«²ÝWmŽF
]rZC² zÌm”>åÍ––™äJ„ÀàAP:µË‰.ziÖ–“ ŠæÈjÌ|öBh˙ߺùrÀe±k×5ÍÔ™Ôæ!Úï~´"ÔEÊ`îÿ9h9}þ,áúÓ†nµ½-ˆÜ âû*§â&YfO¬þ¯°£¹\ªöÑG°C+>g¼žs»ÄB+«Ê…ãIÈoDšÙÒ²ŸxÃå†Ìr.ÌÀYé ¬â§âî¬%j<…´É¡ ïgo)ÛRЮÚsÆ× WêRFµ«rU»¦g £¼”$+WæGËtANñÎtBEÆ)éþƒú<‚õàpó5†RÁ%ÞÕ-ñÇME8Gš®C$CÙD&Ÿç÷1¤æ‡ããf6‚S„yzCW{é±àÍsë6oB™Þó¥Â¨I€Üþ±d¢$6»’Î8^D{¦ í€9•Ýj£D÷f{EøË$‚Ù™¥=‹*+sž¨YµçL|OË1f" oþ¢8Ù²¾vM»ždŒ6¦¨=öDú®òÕ!Œ)‰#Cûv0²s²dC6ÃÏ•Æg½‹æN¦I°§CLðѝðˆõ³
¡íÈs?Ã=„Z€D%‚Dz¸²™aÐ!_V¶ÂU«».ëï¯Ýqz‹* žW.pfÐbÄ^䩼Ž¶úZú»®'¨OƒÏï‘Z2¼°‹ˆÙ;–p«MÕ|¯µÆfÜ^ΩXB«*bK×ü[Dx¦6Úó$6雩AÊ›=¬OÖÒn&{™j¾t7â£?<Ëed°pØJ ‘k‰Ÿ”­>z+ôŸ0šÒ`ïZÝôJ Hð+LçÌuƳo&ØX‰vƒÝŽÜï¡pm±ž(qî÷}jÅPî\G|cÅiÁ²Œ†Þ½KŠ…q*²N÷ä¯ÆÚŠÕ=QêŸhÐþ_G/Ôø7¸ÞÜËÔd¶ ð’`mõ7Œ3+±=§0Ç 3ŽšôaÝ[ã-••¿ËÜÈ
óeöC“˜ç“¾z×7&§áºÐÚñ<¯¡·äš’è9ǀ݆Wrc Î âÞ7R+)¥o”5Zp;‹¾:ˆ¨Ý˜):‰¨Õ/!DcB•^ý!à¿ò€cæ@x©94«ºˆŠù³|÷œ©G°¤!ÜXB JÜòª«Ñ¶/c÷Š×ÂqˆåºZ…9Ð"19ÜþwÃÙ²úÓ¤GO^"fTá]<=êF5R‚Ò-j…i«H©(" ô¹¯ÓäU.Žv\YGVˆgr\2ÿ¢wÍÐŒÏK˜–¿­„ÉA„¡r§qŒå¥¶™‡¶=HepÜô­‘[Þá)w̉ڑxÃ4Þ ŸÝµ”¤“}‰‹@E
NoYjB8SR6tŒ¸ æ<øy*GM‹]ºþº¥¦<,jک˃¯3™h”¥,ÀÇS`¶‚¶pôÒ´…f ›BkÑE„‘§„›^ë•ñq“¨|%žAÿf¸™6©öƒíƒ,?§¢)Ýt:Ä=êªÿmKüæ»1ò·Y+¤­«ò¬å²4ÎRú’`Õ_áA_—r:mF@›4[Å1%mŒ/*(C–¿‘»Cþ+~|M;'Ør÷r…¥
1 €µwà7†Ÿ¢G±“5846äCk0üixq1^QÐQjvŠ‹?ƒ×‘ vȤ~LbÚo
MëzpШުÖ;ÜéGŽê\ð^Ô…{_’y8úýØüÙtÉpùés—ƒjG¬Wƒ½$—Sµ%Ý °›ÁÌ+êùæoí÷ Á³pͶôÁË2•p€ïÓHâ„ÕA„ô9׬ó¸$Ç"Ù?Óö¢ŽÝW[owà¦DÏáÿˆ‘ð2ë‘W!ä4Ìü R9k…#·Ú|LRHœÈPšMx´*Üõ,—KïùiÅ­·þo;ìmÖa;‹›ˆ}Wä´gó˜\5ŽT]=US{­Xx]ÊZM¨r nîåÖœšo¦;øwµêîŸÑ_>šš(×a˜‘¶•;w¼aD8@4êrp³*·S —òqÿ¿OZ¾!¦<<Ù1Lø[ŽPE_j>²¸ÿ·]ÙÓm`,óÃ+%€êÉx>Äfpà G8a–÷<¦€E»+o«ª²“GwO$@†X=ÂŽ
$†š
§Þ×b´-ÍT„ø…«øé&1æ * ÓQjQ‹_ý ©¼7ˆz@w),)vrÿÏfù䁟ŸÜ¡`Ž\ª¾àHß¿¡¯}îßs›{IÕÕÜeã¼ IXÌr}ÌY´EÅŒCn={¶‡»ÈJ,‹‚nÖ¬¸^þïHIŸÍ©á˜ÝÞ¼fZ0æUǦDµcªÅãK÷`XAÚý[@/H¸ZóüECƒŽ¶„T¢í«ë~÷°
äuƒ¿!´Ïí%ȬŠ»Éö¼9 ¼–Ž }]kÍì27ÿœCo˜GO;Ã֝RÞE/š‹½,ð2³ÖNƒ¢Üö¾ò€eÂþ:¶]òypaköoâŒåq½cT:0Ñ@Œ¨ÿJq‹âЪ疶Æ_u(Ÿ15”ÓƒÞ$ƒÃØPþ*cQ”3ìóštÕðMD›Yӝ7%_’Jþç›™V†¿ífþ¤¨ÇÍÀ,Ë°K
"Ú®=ªÎØ®gÖþnRcv·¥5WÖE¼f:FÄÛÚ±­/¹]ÿjÎ2ƒh¹¼–Ï¿’/º=ájT·É˜—GJÉÝ·/ôwºE:½0lL¼Ç-‹+"6¯yåM:H—i3…ƒŒÑ‡PÞƒ…E†ù‡ÀŒ‚Ðätª[G$l¼ lÕ€©C؝’vÚo1'QŸCîD.TÚ&kTÂ9é ´ c+’` ‚2õQ,jñf#hîžÚ=ãCJùé…âVžb]ži:Kž±C9¾?·=è:‘ðý¤0ýmqŸcÑ]%„Y1%äS
D!cR¼•†½í’•¥Ж5õëÔmõaÙB›ÞrVŠUгºO7ÞE*BËrIVbIÐÝ«}ù^˜ˆ“žãU¥V”¥`¥ïì.j$‚Paæ€ÆÄM‚*ú—kEï±D¥ÈthÉéuŒ¾§çd™Éy·åí‚«‚,d|­¬Úiô7k¥ õRV4²±ã-áä˜xû¥d6ë¬SiöÂ´ ¤ï/—NšuºJ®œÖíÑ°JA•½üœþîÑ]ÊEQ³Ù­Y§w\[7´Ycmˆº.暀›æ–•…´•ÞT:žZµ˜w’Ðz WÙ}W¬4ì  †ÑüÇÎÜ_ëm
¦KŽÌl;ÔMzí ÀmÀý`¾OE ¬FÏEŒgÞ(Yõnž&•üVL\ýü‚U“]~U“ãk[²c ~£PߌÓ|z«eùU*ò1_ý•Ü±e…üà&ÂËB×zÓs:ÙK ˆºFŽÜf+”°yÄþÛÞQ1KÐ7¿o”HV ${|!LB¾64"_驤
´eÐŽ’»Ä³éž³$}ë*í* ÎÒ9,l:……0¶þPCʍPÀîíXur&é}?S^ë€ä’+be¬Çƒ7…ÒßA¶¢ÃOÀÿƒlMšS`Æzú¯ŽÛ9(L½‚²ª‰Ì?j——|Ø4¤}®(&áÈo¾‘ªÙ¤ïUtqC¬ñFí·×A±)Sfw¸Ž] Ø ¥kš’t«*¸É-{ âRáWxþ1íPÆ2㊁æ é5ε®·Ýî̸6QM$d ,Ñeñ;Ü"‚ójKx*y¾^0íïgdrSÝ÷1ÿÍ­«]÷àÇ–ÔáÏÄy‡—§ŽÎ¶KâèfiÇRŽ2á­8ΧV÷` ®hŽ×›oSeÂsüZîX&Ý„Zfи¼â™“é©žøù›TÄlA¸ª•ÀÛ¦Ð>äÄn§Ö‹" &ÐsЇák2œùŒ
ÇÅ¥àéFyžüÉ— t“Èp¾¸­Æz¾ºÜU¡x_Yñ MÞàÇžs’h)ä%ÌCsóShî÷ºgGd±Üýn*/è²`43ÓˆµîeÚŽQWÀYÉB´ò$à™ì@Ö¢àÔø-,¸WBIõb§g9ŠõôH®¹çU=òb¯V%=¤{á
ÑVh_xˆœfœfÁ÷{³Ð“ÃnÞ=ˆˆ‡ò²,¼ß¼ÞÊ@Ë+úV3ö¸S2F~¦¨àÿ+ Ô®IrV&¸üSo”=P€Ô+c%¼ ü³:ÔÇOdWKÌGV‡JŽ¥Â'Ò¿ÍÄþ€¬ ,
hÿ í>²¨-oê5‡X6O®4F3X†‚€w,ÄîG2€À+}"/ÑOþ[W x‹ÓÅø¬“#9Ö”XØ­aÞÔêÂ\!áÈŒ1–"JAH1:T
,X(àô.Ê©Å)7|…M28 æ Éq;îBG *7Î÷ªÍ™ÎKêô)íû¤qX([Ü/6an_»k‡{¸½õ%U[Òð:Q:7ØO=¾ãF°.TÜ™°eî8¨öÁg†kÿnW-ÏñÄ­ ôUlêïG®;Jàei¯~’æ¦ÕÀšÚP/_+îmF®üEc*íäúĸ4Eœü÷[•Éd»+¿â¼½¥àá;LZçN˾Տðܶ$}ÑÇK·6ÌÙJ2Òy2n_ç
L<²4Ú2ÿaªDÊhš¢:ÓàRڍۼ&YÑÉA§E£;¯ ’¼óÒhÑ́N¢ñ|R‘Â\ñÅ>˜Úú,N"ƒ·-tKnSÙÞh-V+Ñïu,Ä=>n
ç•LœÀ6ÍJB"9¶Ä¬ i£J&=S·…sú¶ ¥‹§Í¬ÿŒEHi]¨ö…2ê8تN_bÕ§‡ qÖ»µ¦¥œ91;”ê²9^$I†y§ä}ÌnÏ©ße-À;p‰É؉RØcè þ.6k'‚V«¢6Þv“t±¦+æ]W‚Ÿ¿Ìï¶ÆÀ-ä¼H' t…4Tà+³2ZÌ3OÊC¢wJTK|Zø—©h<÷\¤•ómBµõò­ü˜“†D~Ü ˜6–;LtZ,Ë2p½A1Z&×ÛŠÌAfùцãÙ)…mQÛ¼8ÕÿË%»žei I\-
¯ø2ÇÞzwV‘D >™0Â3ˆ?¹ä6½†r{¨ð,-™
Ž«¢âzd³5{¿$ÌCŠÅÿdW_p’6·_¢ú•ø0›¾^b^Û0âS嬿¿L;t…†­ï{1«¥ŸÝ¯-Î4/“âlÐØ!¸¤c›*à…aG²[Ú„4äKEŸ›cŽŠÏ&û—#•¢žÜУíð’JN‡žŒP|ù~܆³zdrÏÚôÒXÃ$\q¨Æ^þ0ìJÊüÿ<,pYL2Ð nBi«òó79¾,–ÝÊ PÛ„Ë:2³ûÒ¦†ß±e6'ÓëÀ<~5…¥HŠ¢¶ýÙeRw~Z--|0á°Ów÷9~¹ç¿ÿD~0ÕC–ŠbèV¢zêµd%¶§xRõ+_a¤ê3ÿ­bÁ™êyˆiòtt7ã”RF¯¼™H!hÓþæGÒ®f—‚±ßy!é’q¶#Åö“_ñT3Rq~§½ | “°ãóÌ¢XµÂÅ}?¸5¨qÛÀÓÍLßûÛ>T'à†sӍ1bø.'¤˜A@ç§ÉôÐغ/ZaJ;LGRÖ­ª â×ÕÍD¾F-¼å…2µÁêþù; ñ(5û.ÚŽÂpHMMö ^úFR “g᥷§²V+$åO1Ï6h¿×£jÁ¾Z1Èzý-אWÒiåÄËlU­Ém_où’·ì &Ñ™æW%<bK”©J‘J¥z£ ž¼&FRþ?{03d'§ÉÚ=—{e4ßS5JÙ¼I -1ŠYý¥ü}ÜméÊâHN—ß…{,€°ïÈÚúÛéÓyÇÓ!7׺CP†J£êþÐ%ÔýHÁï䍉bÉïhÏÆ$Bá ÿVÏ÷q|&hínx_{6{±áÁ[xªfi³¥?²¦u{÷œH°D*ý9†ps,8„STJÍÔuñnÅ‹|ZV>K¯Ü…êu¥”††nÏ(]£õ±*“,³4ŽWÿ¨h4mÚ‡ãI­»:-õ»T6?q ÄÞQûÒ—ÁØ_·|µ²"ëûl €15×EŽp>¥ E+o©”òsª¡˜'Þ=ð'ß ´q®y]ÔŸt›Ó•v§–ôImäû¡ÿ\ÌóÜ[ L$¹ÏSF¬[vüY‹n˜΀¾ÇšQz‹&GSRÛŠù¿Ë`A+>µBcŸrÍý&º‡²D“²Íˆ<ÂûòÚjá·›bßhžtŒ|UükH#1&5굧Ó_Fø7¼!è_‘Ç¿¬Y¿ùžqùG;!8ÿ¤PBæ%Ñ Ž‚XJÚ Th—k!xRZØbv\,èšxJ¡ˆ«f‚˜mÒA\rQùúÙº"è%et&!ão Ô$!@FÄ웘¹á"dÖ홐Ô7*ƒ¤ó@¢BŒ|H9m ðæ³cxöÔ8Q6Ëy-Jh±´O:ã=0B>ÐpǶI©`7ínn /SŒßÉ*ÐòÌemSw6Û*䆓§&(}r¨]~ÁÖ„Š÷ª0,ŸÓ]ô‡lÁ‚ó¶ûÁ”®ÑÉ­QQ.ûçWÝ"ó¯¢:/Dc£ÀÃçºÑõ¥ø½øø£Ô5ÎEÔÄže#™_kÜÿi^¬gyíz<dSU:eÏk¿I«k’EýÕ˜7D{’øfIœˆs“¢ÕF12-
Y¬áàüša8âáCˆw™Ü¿«©7bŽÕg{Mõi{8‹?¤Çz‰3ø¯“\gèøÀÕ/ê£{Aÿ»©Š;¯ºÖóÊÒý¶ÀcKŠWÑU"‹„¥*\/i³)¢Ú³CžUݱT®Ò™Ý"þ놶~âpîò»ÚG¶›•ÅÜJΩ^lêI
ƒlÜ$O!‘¨¯BC2ˆ|6šyË0*2\ÖW0p‡zO54ϵèâp¤j˜áÕ—HŠB‹ þiP! 7â×ó¤8ŽÞ¯‡™7 ÉqÝÛÁ=ì-ÐVµ3Ø|—šøZÄR2~0ëó¦3Ž–¦‘¤qgé( ›©Q¾U^¸ #®(re>)ö&® Ꙇ^Ð
BÔܐàj[…\–„ÜI¾ .å—0þŒ3T«p½­²Ä€3âdoµa`%ëI·½Bz1ÿ% â'd‘;
ÑBÆ
±ídCK¿.Qâ‘€¯Xe®¿”ÁB>×lò„uë…àT'•­k?‹}Ç`‹džS!ü­Æ)nYN!eNU1î°äbê¶ä€³k™Q‹OŽs]ŠÞ³¹1™Å$õÅ– &²n܈Å{Yм@ÕÒý¦ÖœYnü¾ˆÁ\§/‹ÜN´ëÓf{å@;^¬µDN…Ș)ÅLúkµ¬±!N™J2áÂÈȁ5tYÜÝc{:ý‹hÅÓ8r|ñÅ'¬S†_ØïÇiç<¶šÀº—Okiš«ñðµÁÛà4ðHÚµÅΥë½ñ¢ úv]Eò7Xóõà­œÜ@q-•î=Æ*¤4µ¤Ø‹çe^¤;LÓ-·ë¿àG);µ($‡Z|- ² ~æêÊÌp*;ÝýJ$Ì.¹’¶•eN‹ˆÖ7‚_é\ˆ»mÚÛÁtœ¯OFÂÊøëdÞd*»˜a£¬v£L¯^á4ÓfFÓUâ:þêœ@¦…õ,êØޏeSOkG³ku1LWì:N7cZm/{§aõ„±¶%€ÒøQÏ õ]ªœ¢Ÿ›bÚ40ÜMçööËæ»–Ê…\¬smˆ.®Áƒgž€›Ý ‰Ø…î'Jýüiž}rŒ|Ù$ÞÔó®Ô±È÷ލ&>7ƒlR$\Ÿ|¯_ÀÞj¶ÿ_ìîQºA½§µÃ[Ä-}¨x.Œú’;à,QI5$÷áäÞÔ5Ž¾ºøƁ*ÕŒx±Mø«”©Uk²™Ëžÿ}Þ+‰õ‰¶²ƒ­^8ï&UW‡¼u×~Ù2tO X´]¥Ž½ò!ˆ=Õ.&^lè`ªØ,Þ)â“ox+®L*¦;eôCm:ß«osÖ$òQP|+/±r)V`þØ/HO†pÒÏdƒ†þ÷×»ýëõÁ­àˆ&…ÌÛÀd£íÃ>b`xÞYõ¬[TäV´ ýвCäè¿7mµ™kºÙÒV©ÔËM=6÷ØŒ>[¯ô7‰96w>ª†£[LøqŽ<Hz´°Ÿ¤K;¿êº›NÜþ­ø(]—²O´I‘_A2~Ù‹k„¦~vz¹Þ۳Ã=ˆÓS3û!Àg228„®àãb9Ümö7‡¨Í8Ì`6b×ÚšDˆp»ýåô ™>«2Í»8à„#šÙn·nœw§j2ûÅg©¦4Z`ßØÛ'H³vß –b¨W·œGèÿúýÄ–ÜCþ$î|}Ü€sòá5þê²£‹~8´ƒ•ýê¥ÌÙ°Òôs¨n h4pÔËD^` ^ï„ź +½EàHÌ“€!Ŷ¿zV|.R{ ðò>æÐls”Â@C·åYîÕE”+üµzºVÈ:ÍŒøHUèõIybJŒwn3 ïÛ¼°ÆÃócn Í“–gò®üb9žôaPdHø'êe¢Z‘ä©DÛÆȉԲt‘'ì•ÿáŒëÕ¹4Ýì1›«¢Ï|å{>#Λü(…m°6oÎ:!ù¶9`F²6iÿa{Q•~1„Ô€äëØ•†€§ ³¶‚Wkïô§¼Uü·±ª²Wº›@æ6 œÖ’Ù:¨¾ï{ò¥Ž›³ÉIìÿžÎ}á tC{Nx“~Äm4òl؈Ц-‚¹¼5tÞÌiDâò%¨ÄY
äoøÊbOÔ}ª˜6Kn³¨fÞçZ÷ï1¶w~†»y/£·^B@ÑÞÍó# Ô!øšà@Ó‰r„¨Lø™L˸ïߦÁ¶Ý÷B?JÕkÍØŒV#òdÐSçº(nÉш!‡ä‰åÆùM‰
¡){w:´–­G$§t?R ­éãkÆ¡[ýÎÄ?ú5¥å/Ũ–Ü ^²Y“劵ëó÷ùÉ°ë»Ýµˆsñë[¡ôK«L…,bCC½2¢yp[Óß.»]ûŠŽß˜vúP"gÔ«´t@Õ8®ÖgÆèö3Än0kœs¡y®rǨ
2í–!ƒûüÈ…b²2ž€Gï?טãã,£-ãg·aG7«3+2«†º¼âÀüxb¶[MÙ{›–š˜˜®|¤\Oä=ÀIV'+þf+añTcÁCBXTË(.jü¸9³5+%Q£Úvc0ç¸)µs¤áåÂ4o3ŸK”ª‚Œ®Ä1`ÊÙÕÃ/:↠N{Qvð¬ñÖ–Š, “TG•R“×H¸S#>e”ò³ÿ²—‘åO¢p…ÆQçå½oŠuéóY( ÃŒn
ÓÚ!!B}—ýíaM_¥¡ËŠ¥ã∠Æ%º¯\–æA2¨UŸÁhjçúEtoÝÜq%óåàå}uýçõ|<› Â-8ó€—g>$Îä%ɧZ!.g½çƒ©OÿÊÛ¿w
±þ¬—±‰$€i%PmüŸµ}ȃª0qŠ|õÕ;Ò„£}ŒD4CŒš[þ5îŠB’…Ѿ:…hÝϤsu2»šoñL€¢7™ŸaJßWj^¨"Ûn>÷ëfB´‚LmPG©à®!
oA…¤õ2Ðwß$¾cÖ–0½æ°¹!5°K¥øT†A±ÏÛF©iì(‰ £­w…&fÎÓ²èB3°=AUé=¾Ã)`Q¿cWðT¾ÚeÞØK#¬˜¹…‹J~Ùêʤ rÂèåð¾™[Jà%ãlµÜˆí°‹'Ž,ö¿KÚY›c#ú.¥…'(*×H‹®Y–œ¤WÕÿŒ;w <€ÎÄÓjx`L^¢,³Ù ó=”F³eó)•üÓçz24J7Ë
þ©9;ɤ/zSÍ´i ‘¬PÙ¹a6y#ü(Ý£ïfa!ä„åæßØ›’ÕEG™ÛòÙ³gÃô­h±w|<åå ÛmZÙi»ÛÝBÂ×–„½We¨\ó ÷¨–-¼Cœu§£mê'@Ë·Hï– 0äŽSƒÅt·  ‚˜çZíCÇ2 Ñ1¯º±N’d\Þ1)FT²6ÏîùJ­‹_1aÄÛc…O^þØvÓb7ù¯Ó ÌCb«ÔŒÆ!‚Y:*ùs•öq\凙0—Y_vrR„˜:
¥èÆZ{rCŽÆ˜0Ä™“?:µMtáÂK½0,ïÑõf𯭑§©Ôm|!ÙOEŒ9S“F^ÓÅ·eè§@ýýTÁ`e;ùÑåba¬0ܝhViËÌJƒŠqûÂÅø"÷­“Òo]"b¨UC÷î=‹:tIo‡ÇÏ;æRw¾ÂïšN‚ £—†:sÒ+:{«WU‚ÿ䘪‰ißà¿Moå¿oéé+²Aìa”ÀÙì²;íËqâoSkÍ $µÜ–ê®íÐíhbÔÒÍ ø*䦼+…IðxáÔ¹ÕzÔp™FÐxí\Êu†’€¨Û )‘¸}ð5Dˆù~‘’Ç×é8µ: WzQ÷(„–š}\Ù½Ž2>²Þ¸ÔöŠ“ýNq.q}žÿµÕ’¾˜üHÆÄi¯³²”8ªØ~ò½úö_ Ôt³F•Ò<¥pæáùöCî-50)gñS\*¿þØVè§3=NXZàZPü<Úuü1¶ØLJò*­Þ2›E-¥þ‘Et:ÓqO“L爪Büt‰°|`Ь˜½PH…'ú™øMÅj«N‚j—Bê>Û Ý+ìH~^2;ówÈw”£ƒ_Ò´ÿ6Äy}W±,%(eQ
¼uEëíDîFŠÓ„Ø@›>«d><þöÊÕ¡€ÇÅ—G‘šZ¹K±*EÓDIÚCš½çyy7\9+ˆ³£¢d™8Àq/K4ìÊ¢EŽ*{K
šÀáÅÍa_bä+ä›cúåjveMÐç°V°ì |÷ýòY¸š/ª ÖÄ(Užc­~ïllE.%N$\Ëöµi'‹Ö%%,ãd'›¥¼.¦ô}Ú™ý#¾Ðû¡MgÐj; <Þ™ˆŸ¯Íƒ\<ìŽ'€7%ì&eáUn¥\Ïán­>Nž‡4©‚£9ÉAh-ïÖ[åď(MÍ—òœ"=ðôl”ñ`´†7Ã7Ò]ºA»rÍÖÿþ‰ÅXSËÄ<á=0s7‚£?èz÷XTScúô’&ÿït²q(˜€±d, •IÒ·Z^š~%¦5æÃå•¼ÉÖ=½¤³V ¨™M>Iœ½/J+ª y‘à>‹xâaz]Mµb ÙA³:Ú$c‰(P'䙪j×xR"îkÀêÖŒOŸ}–CÉ(’ò—2U£*“dÕ\Ý\ H_ÝŠ¼±rE„`´™é#òMÀ³Fsô!þ¸h]K¶€£{¹5K,n§×‘òÖù?90Án} ï#‹I1¥C¾n,˜´Á}É:®RNöc*ßøí_¦ÞC¨H‹=*/ü¯hk@Zõ;j4yB}ð!%Xë‘,ŠÌ\"ó·exÖ됆ΑTô¿Ü¢ÁH§xF·Z¨Ï4&±È÷-’¸
Ùt{1 NÆí’òçl…ªÏ˜qÁÅ”Í0D²TË:lšã¾?ñ È™#IÑÆÙìä„xÆzLjŒ¯i$hu#©¯0‚ïæ|Ã=‡SLxó5ûë}UÇ„žE~Y i{¤ë0ûÁ–ƒî·mJãÓ0N2gÂó!x¡žpÓá§ÊÊj!ê™Ó—oµ´Ï}ŽÖÔËC9â‹2N-œ(Œ#ÖhÛú$.»ùîX/~«=Œ÷1Çir¥ÿÓ]ÄâÙÐ<{Òqü`hy~¥RÄÏ·åžÂWW¼Lj–2Évè¸Åð9 £°Êèû –ÒœÄi’ãy˜£¹SÞ\M‹vVr M[ ±‡@ ¼ÿªÐÕ©gÙ¹XP?x¸Ò²rEÕ±8†~9å¨(?z!¾›,T’JHøHGTKC»ý^Û m¢¨2D3ƳҜŸ”¨öbd%•üë2nñzâ<8is~/B؉ã5£bÄ]üÚå°N­ S±KÃ,›àʬP—¸èAOŒªÆð¾:þ†ÈµW«}•§§Óy®<×iµ?Ñso° (Ì„ ˆØf9À¼]JêTöánûv¡íý6$ ÁÄ‘+oùÀ)À+rÔl`n‹3©³ï
\ºËúCÉf±Zÿ&oÈv8v±Ác82ò㢺\ÓvõƒÿK­ã++<$«¥ô³£mˆ¹-`]t’f󅀁Š3o‘1“ ÀþZ}×®ŒÄ@ë1Ð}ÆSŒFŽ%¶&út C=‰À .Q´‘ñ¸±pU˜ù SõùïÀê[¦ÀÙqVÀ†–MñÎu¥{œµkÞ<ü´4jœ~e8Q#rnW¤fEÁhÝ=S•`>!¡,™÷Z ^Т—žØÔo‡î9 “•V™s\d\<.½¨hÂäØ8çðü?õ»âeOjÝ1»2@¸2Ê¥ž…|¸N˜ü\æ÷ú¯Ë¢ô´ïgCSQzèš—ÄÚsyu98ðsA3Êà‹ñŸáõúO˜ÂW[üäGÙùûÝ4rn !Q™Þ—W‰ÄÏ!OH›@@ŸÒ¿Ã€Ü5•{$”þèÿ:WWÍ%K¾EÑ«Z_šr,SKÁß5 )!¼Ä0‘bgùP‰Ë?áê:q&vU
Óƒçѧ+tÙ'›æÝ
”Ι_Öþã7·HpeÊÈÏŽ[D g•¦\›~%–Y;–;Pÿ}XêZaÙ ÒÝNDàz²´’Œ’ÍlJ‹mgYæDÙóú‹²6sOD I` ¿};Òùw³ô)kæ]ã¦ô­ ±_óꘇò×Ô$«Ø°7]ˆN ¢ j_f`¨Õû½2›#Õ,3ç¨|0…¹½ÅÑ}9ßÀžDÁTñ›2oÀ¥™^êqL)’þœ}ºªÈ~EM¬ qU´b©¿‚ôþ܇¸d&‹WÃ>¦ùÏXchºÿ`þ §œD+D¦ˆDÀ¶ˆ;æ.cº·Î‰¿¸ ?üüÁ ´ŽCíÏj=ÛÏGý‹›}Ô¥’å[9Zä$o3q©‚å1NjUáðP’SFOs`ØYØwôøo¬ p<8&Ï$ËِìÊsÑ°‰'é6‹c¢¹ªó³pŸj0Áogá“É4×Yu¾­†Föðã
Š'ES°Í}ÚHàµ#5W¹³.'ãá+c9ñ¹Æà‹ºéÒ30Ï4—tXE)…\þÂdÜ:û”—ý‹{’™£lxHÚ¦÷ù¦ì1=wb5‹”¶?Ì`øBxiڐ‚è-ÁÕêKäé¤ð£¿.ÀLè5GÚ­ÅޘꊩÏ
2Åx‹h‡¦Le0_`þ0Zh+:Ñši&PšO *h¾'VóÃ(»È5¨zÌ6èå—%p €àí D‰üøléŸU*k®Êõì„™¶ÈÏÓ
 /_‡ö¾q’·öq-»iÀÃNDÆ¨jVÁ†ÄJmÇOH]l]ub¹²ÉzòÞ5øb…¼Gdwéî’MꍉÔÜèUN‹uŠS;
“è»Û D:Ea–ûÝkFÆź Ûº)œZj¹´¨oU÷Úu_YF‹…®«¸ÐÖØó¹DE$×E¯d×°WB1YWQéñõ:1¹ÎkéÆ€çGupCÇ4 hƒ 4÷#(”x]ZÍ›F…yž•ù˜>ñLçn!Ï»Øí¦¾ëÛ "N/µ¡î\íƒ\´.±õpD±âYçցÓ{c\pFŸ²—K¬Õý¦#ƒ8f ² {ÍŽ³Ã|ÎEE/¦{zž ¾ô½M´¡áM˜†èÚÜqQ2S7=@ˆ7³¹{)3BÔ+ÿE•ß¥5¡8,•kˆò¶çö´x) ÜTyÔ÷Ó©s¬PJÞ ë7½¸ÅÞ>!¯Þ”Òò áOj»ýûÎfFRÄjóäéàtcðaž ?í€`+Ô?îÌ‘ÙßIhu戶A´#L“æ,rµÑDG9ïѨ09Š<µÝ‘Bm™²~ßÕS]h²—b–§”nÿ¦K0j²î›ÇÒ3[YÓÈr\ÄÐÅ£àë'!,º…ˆØÖG ã÷ºY£Çug%£ªæôg;þ£#Æ8Ý¿>«@“-î«ØqäÕ˜ñFÕB’3ØŽ›¥b!zò/¬~!€SéŽÄÚ2óËG2™dÃþߘAŠ×°ÔR÷ i‹ÍÊ6/¤\Âz¦™´ÄW!“⬙æüÛ¶rrPM@ ÇwËraГG(æ½
®µ.]B² \ê‘D>7Á™›¡öúS'¨@q&œ#xcs0SP°ŒÎ¤GZŒŽ\1?NrÔe±3«J̳ճâÑÌýÓ®+WUˆh¢\ÛvÒ)õÖZþ?‡…Ésç¾Y;fíæõ°™KyÞwî]úÖ8YuÑ$ˆ›6(X³
á{çDÎFþ?È£¼÷pÉXI Œr8Pâ+Ëï‚°™ž•¹ùÏé7P¨?=½kăYC€V0£3ƒô,Eþ'»kÝ=_L…¾Ô|ƒKÔÉä{v¯)ŠÑqϾ³v9 ÊvÈ¥šdõãéj©Š¹a|…*y5jÂÈ-kú'@Ĺ4eó"ªkk§*÷ªÞÚ/ٵȿ¹ÄË>áƒrˆ^ÅeIZó&I)ûN¢ “)‹²ŠÅMÇ¡Ü.üœ#BnúöX• éú2îlQŸ–A;q’~`…Î÷祏ƒØ; ¢.Ê!ÄQÉ’Zp”ÔÈ …»QÎÎ%³jˆâL@8ÏòÍ¥ä ÒM¡+êª%°lpI¸^ç J‡ÝhÕÒÀ÷&úÛ£o¤omÄP™¡1µy,ð>ôÞèlpÁ"E)iYü˜¦àE9)Ìè* ½ò„þGï.¹:aAûM.’x’z]ÓáR¸bTäèÉ€>×Ïnôj‡ne¦ˆ¯U“qùÃ™Áb¥•™9™†?ŽwÛ»6°!ð//ց®Íáˆ[0rì˜ìwï²(’üuÅO.xMyJt«ì\ÒBÝ{[žŸÍΏkŸši‡‘ç–„­² bC—*ykJŽ×ÕˆÚÝbEµËñ¶
ÛB˜¼x šømÊ¥ƒŒƒ”Vcຂ¨Mò_2ý/Ù½|1Û<>M“¯‹ÍsJ … ÿ¿I!‡ZóÁ-eܝÐéaبHo°ð]|Ù5DD}aò„0ÅíƒÇL-X‘|ÈçÜàlžmkçì½{õm?Elý0œ>…6ºNÔäñ£nÆ4~6Üæ§Gˆåüß
ã§bµ&“x° Ëý©=€+p¾êö2U“©¹=ÏîU¸S‡!¶ä›ÞN0Ü4hÑ£¹3¥ØÝ="O´lÒ¾-H¬oóõ|!¯T&Š´î,]íø?Áö‚Ôã7ëzØ–ºì#
ùQJ\ ­És’DlÃöéé¸ãÅll_ä$2á“QÜ·ïº{c#kʪ×ÒW”ÃtrعÄwôøÄè……ûH’ë ø¿úü”´&±Ë™-Ç]wóLdЄƒß¯®Q‹+‘‰¯"ÿx¢æáÒ•XÆqdÒàŽtøH¤
Έ
Ìü§%äyïÚãÌaçUPš¡"- &æUMC…½vÿaÑÛLCšÿYÏkÞ( ~™(Ô@F æÿ¨=¬.gzƒÓåã1’—ÜÒóU2ƒ!öB3ÓÄCV›t¿}áË÷•3Àƒ(¦Ãc|3ARâ+=“_`¢½lk8w4iQ¡–“àÓ€k0"^bòªÄXj ßLv·Ý´ì"%¹·l¢°Ì»ä§"ª#ÞêØxШ¡7†jÉÅXö^~¶áªø ;ŘQAÂŽ+–)šißòêúÙÿO“ÓÏkƒ)IÅ4œ¡Å„$ü&•ÞÙV«]4AúÇú >{Ú=îýl”áÞÕŸ0Vt…÷“ñÔðÂ!~ºH‡];#Ý¿Fŧ’¨±Ä+¦ó§Pt #°í%Gpv“rƒ÷ Ül¶Ì]¶ Ò2M¶äd‘¹+( ìeϦ0t&®”bU<Ïù1nzÅÒÔ®K¹gêöŠ›¼”&þàÅyÃþÇa»Ù´è´`K„åâ2`¿>7I ûÖa
ˆùµ,V&I«Ñ—‚5«C†c¼ÞÓSÑ"dN¢˜SºæHŒ¿ càà`vÍBCŠžÞÉåþÕìŽ_ß:/%$è‡B¿TÖ?&ÿSžñOJx‡Ql܍¿w²K|K Ãî½Èì«0¹·_3uÌ%
 Mj|˜ïÞÛ舘¦ÍhÂ[eFñ]¦M-ˆ_1Cš¬èirÇLKü_zopõS1_s·Î,ú«9aÑDÌ DH4zÓ¿ ƒ&—`98¯JÖàIqøMO VO†dožÅç2uè‹¢š/Éø~MËÛ® ªºø ¹U'OÑŠ˜;wv) a߇ûšè?(”ªÄ µ*³^‚† oHÉs‰CJQ'åEGrÈ‹òÙÐÄÚ (À1¼¥<Ë‚Hz§Òü9ß'–Éô·eÇÎZv*O'kÚg‰£þF¡á°<éwèûÖ2–Ý%*“£q=!Ó -’šA:¥MÑŒ§R³°™4Oî]§Ë”q´jžþ,|P‹«¹Âþ‰÷{f”BA‡dalâ/~m·ú¶+8_/·yD}ŒÚÃûvY FA™(¢¤Å* m^Ahzª!¥•× _A¼RL÷‘]}}ˆœVFö9¨lT‚ê^¨ôÿå`!º I†øe!Oñ’ë4ô³®V•á6U|Þ"N•[ó¯n`«Î¼Â+K܍G€9»vÛ„¼Q¸ârë=zï¿Ž¢û˜8F“
9gP*+Íð19¹ûööݍ–¸±Ã'FÓ%‡<ïtD¼ë?S~ù×9³Ô£+òX)b6l8%Ÿª4{&»„ñD–xU:Äz@Öú1Y<üÉøxÛzáÛ$PÕÂbPÊóÕU~àXŠ1!Ö¨ž¨°^˜ù#¦czø[ íšó`³lÌniú´í”Nþ%߈„ž¥†!6ýIJ”Ô¸–o4!ý%ôÝ@¼3ôÕ ]m„tÓ>%Ï31áZî¿7Uã"ìlïtL¦LIeÓ7~ük(jÛ!=4"]hò¨ÁÛþ
æ\ÃBØäFoØ™"1t伌u݆·…üYÐ7âê«$t0WöC¤ê£w»¸¦pÑvö0nñÎ÷ü¡9Ím!Ð×Ó°"·î8ЫWÏI%ßjD;¾»$Ô$Nä;ÐXk?ÓNn¦@ljF¸lÑ-D\ú®£Ûñ )§ÃzÍ»»wQ*)+dM€Ä `è¾³À¢§Á¥{ñJïÒ 2-a¸ìµog锫KC¿‚¼AûÏ[´˜ê붤Lïå-C`ìÑ
ãoüåa0Ö"—y% ›«Ýy"ÜÈÍ?ÀÚñ»®N÷àoõãáƒÿ—vÅ1B~DV…GY‰N™tES½æ¸¶ºtÇ_渢’j¢_è£Ô3䏹'«?§qËÊBèn§,acmãx¤nFÖ)wm®ê’ÍäÛãØwÕ|±2ÀÎၧh0ŽU‡.D(ç©_L”,ñ%Ï4>Ά[Ídï´xÿN¿vr8LJÙúœÓ’cQ¶¾u:²|p¿n¥]Ô× B_4Œ.¿½€ã[û|öüÜo!
1ik-PkÆoáN«ó0ÀÿÂõ»ålEB•1NéðS¥û(°
86gF”’bì.ôò%Päëz;
Ñtðê\‚ú?ÀÜbŠÄxAÕt ÀCÄÒý=/¡ì7’ZØôD$i¹Bq.^pßZÍdÆÝÜ›¿’ &X¿]QäИˆd®Îç@lÿ÷Ë9õáÏõõ-Å $…>Ÿ?ƒ'Z8yæª6‡¸Vj÷z膂Ä~†éñPèD$âƒ)h̏Ðÿé„0ó±á‰¶FP£Fù28Kº¡¶,/'ìwÍû\0Âsde³–çÕ‰y9öHˆ±c<
â¨dz
n^¶¹äGkͼ½#¾Ý,{KÍšù”Iøø:­Y0C†~–Éf×:²
älg³µ÷¨|¸Hècw2»}2Œì†ö›þ”$qT¢ì†õá”B¤å©Ó/Q3÷¾<ôQ¯ M‰_y »Eúntê;Gd¥¬œ€­.5ž&M,(%×ėͶW7&5:°"5´t‰ûF#.¢uaEʏúÚqçZEgºû/ò„|æ¿m3}mÏeè°´æ.0$¬Ë™–Ûfukª{YƸÝmž5X)‹7ÁBTvAxEŽª®Ÿÿž%iEˆùË“(ŽÃ}(eFÖôýåh¯g3Œ¼•¨'M DÎH¦zhœˆ±oeSÝ­R »”{5áŽXî¿¥YÆ6¯½òA&UâÉÓÆÁ–•§tÛ„Ô°õ#X×·G¯Ñu~´gIm²fÜTo̱/æ¥Õ_Φñ+ô—7i©Ö½FèjýX.‘?`WùâòëKã³#Ýìè¼Ño×í±¨Ž}›çýà‚ž¹ÑÚVT—ÚW‰î‘øEBZ›2åÑIÇë]ä–A@V*a{òj
X)·íùgxgÇ€^#àƒ«aÖ£P¥ø0éœö)±#¿§(ï@±ðoüÛQOXð²±a#‘¨ÊwðYßåo ƒ*ð…¨W>Ã\HÀDt>Ǩ«c@–P>¹á_zó7Ú|.úwEÙ8KP>†Œñ $þëK5òñ­˜®³I]6M^Û¨‡-º`ZX‚˜ÊAøÓ —?/Òd‰`H÷3²GýšJ_*¸ÕÕº„RøP*8ð´îw¶–rwõAX̹h¡éKgdñ­¸±DûÉWûVÐ
÷iÝC9 Þƒƒ‡
‰’Ò^:”Dí®t§Ï¼8aŠ/X¶ýodÒø¬=E·yøÝÚVà‡+›ÚÄôaÙçüV±
róJ¥Š`=kdür:—4Õ›d^ñ“/ûàÂàÕ°¬yZ¶ òH„ ]EÃ'oÊýs–Y˜›³Þ®V3<“Iƒ'…sd7MÃÐ`iÔ¥ê3`Œ ™7b6æÛqeYÇœÜE4`·ˆš3H®V9¦r´"÷^(_³C)ÙD»Ý9ú¹E_¿,eG¾"–A“A_F(²‰­5å/ˆɵÑY2•îÝh34”VÐy·¿¦‚MZPŒßóqkz†!Rì ›n<@ªÉ ªž<¾èuò©IÂÆÊfåz¯ÈU·ƒM֝ª´„ÐVc@U ,rû?^݉¬a¨8þ‹³{¶!x¹x6b“.½ÖÀuC¦ ;ï;ì/"cH¦Þ÷ô$óÀ4˜¡.KÏóés‚î\úóM{Ñ@úˆšz$×aÞê}m‡Ð¥-‹··\õb×Áðn;Ip¨ñÁðºýOÒRà 0öd›“µ;^\¤´ËÍ_:£ŠK+;S+¾lüë5wír7×–·>úÓäã@•ßÑxXYåE/~1˜Ë"âŸ0ƒãxÝhÒ’&ØZX¬õTû^óÕ€[h‚ÁÝ™Ÿ|Ï¢óšN
r‘Ò¦’òÜQd¨¾vX7g±ôG 5à UâÏ9 ‹ç÷eýnòa<®aâ9˜×›yÓÒïI"ÛY)›ŸSȝŠkäâ]— —wäÍ¡ó¾²þ&à8÷gUJdR;°N;¨* #oŠIM`<£M*cê³Kñïâ¿h3"y¶D¢½hO‚Òi©ÈíÆE@ÆÉ–¨–%~5…Œ©÷ÞÓÍ9…¿é@©Àil»4¼û‘Aá<;‘C®ÞkŽ‰³lŽwJü7»âô/¬ãmŒ|F÷²\#“¡öÉ\[ý4E§}I!{wý !REUÔ…x€îšÊO0—–ñŒK•ùÃ@]ì§Pø…
sù.è^Ï©Œ¹b«‘R+ì!®eGÉ6ÒºQ*0¼SÝÉúÎÜ´ 0þ³1ñ—ÃIâÏå *bµ¬ñyçFa
Ú¤k1Y†ÿ‹£Á D—LØîè¡M­j5ö›D‡~ÓŸæ„ëå%ô©Ì74¼Ö‹Gé|@·~ßva!+àÝös}RÓ`zFŤí'‰¤oYYˆ¿åü`Šø°‚OQn¥!3@Äúz÷Òé˜A+ì3<ã£ÐïØ—Ða¸Úe vš“V“¡‰ýÉuᔨ×EŒDÅt—Ì-WYg^Üœ•ÀŒLÌk›ø‘2ü*<Ï8£kgï:ð±ýùR£6Öï ú
ÿg ±' 0»Ý'“êŒuk;ten":[_PŸÞ×5—Œ»zœƒÜÄS¯4ölÖQV±¹—9f†á¢T±Ì–ÃlêõD¤öSª* È‹=tZ°˜B“ÊY}4U%óÓ<5–w$„'fÜþÏÔ¸‚uÑÒu êé ó~#ay‰µ_}’µ¯ 8U™ $*ÃZÄ‘¼°+7Æ<|þ.ßx:éðKˆu|*™œe>ßSFÿI•Jèëô‰äÖ¡>BöñÐEÞnrðÃ.w5»Iø Ú|æµê¬Õ
ÃÙÀ‹²Àîä®ø² Çð=f™…t] RĹþ¬þc¾ì6Ý݆¤«înF(]Ž§fæK`ôdäÿƒÜ ̨Eíu¬c´YjG9!Óùuôû߇\]©‰J.œÐ>î‚4姚X«$9³’ωn@½§±y¡Md-ÃîN±î.rÌáqµÝmªJÒŒˍ†@ ’ˆÌ õI‡?(»¸Ì‹Œ§ºØhüïeZaófôY%K]û‚+„”<½§†™½¬YkEØóNˆ=ÏØ_ÛD«FBõ_‡¬ÆLkÌ~ƒM>S=ê½7> cðswØIÌÉ­Í8*Ãï?Ïð]ºÚ† xÉšjñç«Xû}5×±D¨™‹Ü£íöe¯ev—l*ÁŠ CпҴØ;Æáè?*T|Âá„DÒC¨ÓMc➇ʅ۴ôµ ÒÄß×ëDãCš½ Õ¸r²÷`YÁx·.Th«ú̪ô¥‚^‚gNÿ‰Ìè÷²îŒkið‘AÊ0Ô/¯åWe€™Á¼“ˆ%ứ!ùP)Lœx¸E|mÂÂS˜é3Õ‚.ò™#o¿ÑŠÿZd~óê±c,Ÿ…p¸ß¾ðÒ.¡VÔz´©û!$÷4ñ½-(nή;»#œCöË-„—äþ©ÔЩÚ¥ŸbMÈçuŽŠICäŽÙº/£ZXRP9_›æ? ^¦–î\$-5âÇñÅOvÑ‹ÑÎKqMƒe¶ßŸ\¤dô­ø#ZfY&ÒÚƒò"XÖÁàñ >ò+’€S„ü`?O” yæah‡½óG5 8'²U¨=cpö¯DIPL‚¸Â~9>^ê¤ôv²«3"ÞÐgüMç%ƒC¯åx‰€;²ëB­ª)‘xÔ­BZ~kÌEì¨]œ0Ù˜û¦5ùÈqLÎOãQSìÀ»;^|OV/*Å!ç¢:ÊNÝK§CE'î0fÄN“Ôaýp°tÚTLxp†ðŸY ë nˆ,ð£v'ë
¼ønq½§WU
þ$x„}L´ë÷÷·®¨¹¾ò8{Xb@à}Ý¥Õ »'&Ku‰óäJ€tÄw°Òp¯<‰;09s§¡ýo ;ö¶êçì,ÿá)› nBeD[”V¸Z9[…ÂÙ Œ©âõ¬ªM‰@¢ƒQx“,'wÞ˜¡¶K5à•fÊÇuV“p»s6Û7 ö<¯á2)Ù×Ü(ŽÐ&·„>¹×LIãtéô¦¿Kàè*RïëêŒfýèk9í èx[h²ÌÑY¤—uý‰v–ÎGT³ èö¼ÖKsj–ƒ„Ȫ€…{"æ|éÛÜ1Hñ |aÒÂL¶ÔèwɹþéfØàDß&}ÛZOïpÙëB1º†éýù pxdA7äƒzZáùª{Zñ8¿e²hƒŽß­Xô\5¾ê©01<Ó»5„]t™±tc¿¾³(‹9¥ø{ZŽ‹6Ð÷ÕfJ~d‘¨™¥ê©O3 ?;$zêƒ:$%2+옔òÕ ïZ]·ï}ÊʺS÷H\Á*ã—õÍ»3,‡"¾¨qµIB!Óýûà3x†L~%ŒÆ-¤å»pãA!¬AíãpékS_žªm¸ñxù—šÍ‘ËNŠDô/;!³Rˆ ¥tòåè¹ê…§¾‡'œ{s` ¡/ù¹—J+=ö]äí¤UHÝÓ)ô5Ì÷Â}
#Lnüâý¢’<¥Þ¢ªòäù³Ô¤Ä× ±b4xOà¬ÕSûýh<§ÝG¨lF,ø‹%„ÔÈýæ!ën<Ý÷OºÖ·Yp¬³¿Ú˜˜ätKZœ Àeïþ{¨ëe‡SbÎýaÕòÙ¶ºŸ1ÒdøíeÊ;V…„D®óžšN;ê›XརÛñO×OùÛÀ‘¸ÑÃâw¨0+9&x$ÊÜ„r¶£óÓiMK&£T‡‚N ©cßj¼ûª -^TÆZå
-DTí¤ü…~òæýŠ~[iÿMR™ŒDø ÕSÅ¡ÁS?édצ3¨kNñ·hƒÒXm÷•g7l§$»Á(AEP5Ü p4i+ð2´Jáª:KgÚ„>Â)CªÉ)Ã~`uPJ­GÞ@¬hŽŒÍâÅ2Ô3e"!jÝeé½Ê-z
½T×ÉUR·Q2Ç–…§Åç¡]ý>°~bPù­–?YÝèÍ"¿H¼V™à«!)'6ºÈ":®•|½7ü“×X']Åb8ô`Ö €¿ùJñsöVPùä\hcbœi˜›ÐÎM”'"|ÉÂÔ”ÞØ"ÀŠæUÅZÜÞâú¸¢uü¹Ÿ–„ö¼Ô€Ø¨¶€cÛ@«íߧÆp
Žˆ‡â=S$¾`R5MP_½Í‹ìê_gèí¿âj÷ÀÊzvÖ‹›@Ö6ÊÓÏó[IÊR%Ž|wl¤!ÚÑ·³§ºDu‰ÙŸ·æׄèIŒb,­ÆvÏͳ3šyV¥Ió¶Iò6¨÷´B¿­Ó•}ó •AêŠUðJdjbÁ@wjL\v·h+@$[›Í¼ 3ð#â؍
Rʨ+Öåå…ïiµPtEyæ17Œvê šÊV¨Ö™H´M
ÐýÌÎJ^™à 0~€Ü~É!\éîá„6­3¤Îˆ¿M0ž6®¦ÝQ ’ø+w–éèyÉ æ¬rƒ«zsÓõ;–I«lW.ƒEc\ñÌÜÑÀ AkˆÀàÛ
¤“Ŭnjæfµ­Èæk÷7:8DÄÓ·>"À²Ìâf‡b1!Ž…:(È xÙ_$ßQ®«uŒãÀªê©I¾ãä%Õ©Ìöw¦ZnW¯j×.['©¢4°O'vÞû»€t 7óJ¿CšYó“éóV'¼“;«~¦û<ìöU)Õx'Ä(ùÀ~‡š–-áÏÊN¤´DÂ.ÃQn!Žº¤^$ô4>g¢És%>EÛñæ®ÅD4o–žÈˆeX1T¤Õ:  ‹ PC÷߀å§":ºx
;U"9¢Q‹Y€­×éIYŽ©HG^OÉËçœQ’ÿÀ×àšÈÞï2½h»R!!¶¿Ñ… ý·óäâuWM³êfä^'ù’`ƒÇºI¼r˜WÞ¼¤¿aúT¯îlÿ!K‘úÜpšöYôn°¡ÃúdêsM. 3HÛì—^©LËßDU–ý•©‡¸ŒÎsOá,{Hþýû1w‘UGÈý´Ìöm‚Õýì¢xvýhªÓ†A9$(ëÀ [Gi\'s©Ü%ã"ꪀÎöþ/‡¿‡™¼”\WXõCØêÖ&ßæjMƒ¨T+êÿë?>d»ïY3),eÄ”TÅ.cžW©Åª‹ì` ¨;®î]¤8ÜÛö¼§.À,y.—nsT‡’ÒgF·ýeB´‚f1V™:»&u¯PØzÛÞbqÁì´Só«U@ºßvõo[P„5{ßÉÁ…óðâ@GNÕƒZ´@¬Ôzk"WÙ¨lŽÑI9ÜÊÒñ"oµ}ì×ÞµúՏ0ÝÏNQ4ñ†Òïéºx QÖ¾€ßÔHÝ>ªáÍèO«ÍADk7D;{XOºÈ W9¼43oƒ7”Œãö—L·e Ä,SG£ÕôŸ£­p(ó.F–†¾ÍDâÓޏçžûd"àå*ÝodÚ8e,¶4Ÿï0gâ ¸«¯f/f×ysAõ ñjwçyh©ßýùÜZfH.£»ö’EŠ'Ð/3Kz«Í†‘jêÁâß…"MŽ±4¼=º2r7¢¡Ôoùx«ÛBeE#¢b·o³9¬EǦ8uù'­ùïÃ{{o÷xØ×Jðý“Ï؉³?–Í«Ö¡Ú´«ÊœŠ…güS]âéë^V x¾Ü¿×ªüêóÄæ;r
qÐC’kK£ Û­H©¥Ût‚ü s,-æç²OUÎþˆk[˜½NxyåÖöÏ"åªF ¢GÈwÔã½VuV
ú>'âÂGwØ~LöNX>¬–w©Œ**ƒÿ{ŽPbx«ŒšJ nOt`"³wjŠ¯Ýü±™Xs2sf€{v𺢻ÀðT ßUˆQãO9ä_!M¥™b¤Z€4'z+­R½õ#¾s?°Ã뽤r¢»?³‰¯õVÃÎП¯/¥/ÓŸŽØ õꏞX¡ÑüÒ‚(„þ3%ôˆ™Ÿ/jöUšyj£cÉQ|ƒ–ÛKãîªÍhZdò
k˜–NâXzÌÄçœ9¾62Dš¥@«È8›PâŠÞDy ýgêuB?-+Ú™ŒÙ¡´2rR$ø›ÒJu†ìÚúi#cM3Ç…Aîš«ŒÚõ×[wO–_Õ~rô…Û¶Æqd†å ã¿‚r KQYtSýÚ£~‡ú]2úqk¡¹(Üh4™óM—ꓧ÷Õd‹ëAP}1cˆµW°–ÆzTi"áú3Âzí‘¥¸ò:;+…J —£’ÒþfB
•Csy ]NPýÛMD[¸H¼™!E5¸Ú¥a,(O&³o‡–å9.ˆfÁâƒuþâ&„7¢s–’õÆJµÕÞµu_)µ×a £ìF¨áòßâ!·†–R.½š%T77Ãö “x’§3úF¬IÙ! %Žü¼OAh¿­•ˆú5«3N^•™ðGá4}ÒÊ-1ž*b„Kþªµ ~Ò.„@äNë^Ü+šh¹Oîa+«7å’j‚ã§,œÇï´ }2C&éÁÁZšŠ!¡œÛ§8/•÷‡Ì Ì<صqš
écŽ\¡ò¯?#ixeWùî€Ë¬û5/@2¬3^%T›žü3¨!)?2¦ž~/xט>=x±è¡pÍýÏ`ËïW|eþ²ª0LQ
ùgH?oŸg£Uè‘ÚW¨œ<;Ö@ž3³ÕaÅ_`0Ç’1YÔwKÜ@o´ÝYZí׌nÜ•‰©3je&‘¦…—@~d»»þÝ/*Ù5P}Ë6$¤«2û‹>ÂÕ
ŒÈWk%«ßcRp{/tQ¶žÜE?¢­2Ü ;!±d°ü)*ÜËÖuú{ío)·"dÙYcpã Ê`:xJëdðñØbÂØ襪Uwÿ^—ŠÊÂhâPɝ‹°µµ}q¼äÅYt¶ÀÀÛæ<M…Ϩ*IµZµ–Ø|È¥(õM*oÒa“ðòn1@Í6¡õ©UþŒ`ôr2v¢k°BbunX¼§h’êdQ_ø¹’*iÍ5­‡Øí›=]-êN¥’'THâÂö`¡!;ôó‰?áisœªC×lP”}÷ÔûWaöк·=ÛUG'—'b)¦µ™Eú@à7?Ã*Œ]NQKžì·ò’û "uCN%½làóà©ç´X…a§mòŠÞ4}™t1$<�í–Uë8…ÅÑÖU±«Š㶧óÚÓîAi‘{^ôL™õÜàrùwxÔ³@¥\VÛåZbrµ©-r*øØPdËæŸÕQ6ç‚èö«Ç`ØLÀ:PLT_~{VÜdã®D7X£ù–cc‰FR­ †aqã@Pº¹$'Œ<†¸ “hgÜóeÄ]ô*zu…4V8p&íó¨a7”“ÚáôàçáZ¼ž¯bàG¸¢AtXG6]8CI£ÝŽqî‘.ša¾I‹îR³B—7ÉJ;¢è?¢™çi6<»]€½7¸Šn²–FÍ:2äÎM¦©><¹úFºíë}`ñÔB0‚Û2 ðRTJB¹-’F&…ˆ?5ܯ£äjAP³Ñ ë»⊣
n¿Jª
ÊUãë4
÷¸œì{Œñ”¨É†u*‹æÒô—Qýw’k`¬A÷^°®MÍs\_Ÿñµ æÑO§;XªŸ |í#ô±óÑ-^‘š[’J¡qwÓÞRŒ˜¾evDHP:ƒ¿»ORRŠ?Ób˜¤×Tc™Í¹a¢ê½ë²žG(¤½nE:¡Õú¦ PxàÆ»#ÛþrC9EÙðó))´1leÖÃ=»F©¾žŽ;J/©ñÆÄEoÙz4A êô•‡gõd KC×ð¨yíõ62øÄßiÀDª`¿Ûd%z´ôò’ˆAxbuŠW|í?<ö¸¿÷Ã8‹¾‰L¿q·y3ƒP0ª³ oÑÞ&o@¼XAê”âtÙG”iÍ)Vý* ×¾·>k¥‰5Nýñë%ãá=‰Ÿ.çO`¬ï¢q\šX;«t„ó‚e' 7>z~¯•Ñu½ìƒ'K^©¤´Ð
Ó üT{õÉÏMaiÍS¥5± &ó–X!¿ÎaB_³ôSáâ2‚ã>Çó˜#LýŽö:ªg¶³E&¿‹‹¾:]“^Ž£¨HP¡ù„Õ²ÇÒÜEÁæ`ï8£vè“úhbILÅZ‚G=3¼:M¥éۏ GaË"B±ÂO@) LŒ’ê'‚ Y_SK“_™ÿŒœ<cê{ÃŒ{|NRÒÏIDÏXލªBO}+á'–Q_–«éµ){Gæ$6‘¹…óh0;?óášú.×qbŠá…œœ{ÃZµKŒ@Û„W©ôgD?8•(ãv{˜#‹\¤gM|WÒýxÂß©Ñðÿ|¹çYñGíÇu–©‹'}q†
.Ãî'„¯ƒÂ#p)‡~þ>î5ðð•Z7)OÄCT³Õ5ØñoM,À¬H¯Ê¾äáÑÙ€PꌘÌÑÀ[—8Ãþ±¶.\Û™RM±P¡ é|^Ðà[? À¼Â©±†³ŒãÀ‹Ý¼îQ¿UÌ@‘8¾&ÀÂÀoVëM!¹¤_Fþ: MY`íR²…æÆø¨XLA'èïÏò4œæª!¥z›ìAñ‡Z®x^i7æ":tÜqÁðØúÌ—hûÖoºGŸ¶ ½-ÒÊL¹¾úx ¢}`OO²·,B$3öÓ‹„nüYÊ8X©•¯ÈìéEY4+¥‘3[¤ô­…e:àèûý)F[»RuÇëqnÙnz­Å%ýî2µÎ$ ÓL/©H3Y½÷±b>NúŸ]A±G•…]Ÿb5ï3FÿÆ+s ÷5ã2pÛðÑmJ–P¦üä¨^ÒíKPÃÄ…ãD–ù¶:ºšf Œ_¯5¼å‚Ð…²ÊÞ²ªÛ§Xü|®‚ùJ™21«óÇË/<áÜtuÁßîlZ¡T¶$Öë +4N¢¨{p˜“wdR&.͈QÈY*f€ïÒÀI’×xdé- ¯¬-©ïCo¤Ý.GwjJL,Óæ!Ú@:HZTD&·M^ ]x´NÁ¶b IpkôþÙ
Û?†\"rú - ×ì}hÁ”¦ÞÈ랪,Æòzx¼{¶è¸PD{y¿²9Ùm)‘xÝirö")9À¸´S§ÏY÷Zñpèñ^Çè–˜Yrê_6z"ŽoîH^C³Þnä{ŠX VzÀÀæóêßOJÞÝÒ‘eG•ÝgquQÊbë£#‡C-_Â8¢Úû8”(~ ~Œt™ˆfñÊbׁÑ6Ç{9*ƒV²µlÐðÌU}fV‰øµ–0º'ÛSjrªùuB☽çžkàŠÍ™oª‡&;êÓhÒM9I·‚:Ó¹*/ùg*°©O=X‡
lõÄŒÎûi%ù·¼fèÓ­½º&èd/ô´aÚ }ó0Œã¶.;?7‰¹P?ȇÉGçqC9½U¶©V/2ÕƒšùäG/ájiÿI›QÁÇÐ÷À°? ô½yF”õ*ö6iºµ¨ñaøD3\íìw©ƒÑ†ø‡B¶ÿåÿ¯sã_„º®õ·~OÒç¨rCõ¾Q,Eâ…mìP$ÖJA§ Þ8!œ©ÐÇìíù[Fëi«±Šù~jØž&<Ñú#CuªÅ†ÅÊO”Rgo+z¤†Éo'ÎŒúkYKÒÅfVjÓœ‹l‰3*àj%âQ™ÉÍ7¾}O6âäÔr„´Z;þu㉓‹§‚P¿ÙÕ„ð0§ÀôÂ{¸éF­òÛ‰áwÃ21ó^“NZsèè¹üBeqõy~î»Ik'N@Ý®‹Èª"³ªÀ•7L„éóïùB$Îìõ9Ç·WäfÔóP¿òIÜýœU†Ë-IXìôþàó¿L…¿'í‘ì˜_W^Ý¥C‰{™dø¶9OAa‚÷ol¯·~ü9‚·Ñ¥yLF–»=Oë”aPîËXém¥+øag"ùÙÞZfwáØxJÙƒ¸·û'ï‚š›Ž¥/î³k5¶æÞl0{ÿÖåÇ™öh0½sº×Ë1säùš­uïáûÔ/ɐùwÙÈÔr1˜Øî%Éq
$j‡À½áuÒõÄrní¸Ù™?e¸m0¼Œù˜*xwç“•@ïRHÄÕ0æœ}‡™ òJuúÖ™•q™œ‹ÞIŠ¦+í×ÏiPÕI ,ñ&Cɧ$´0XœOðx<=ÿ©3¨Í9œ‰,TàÇf]N zjÈGß/Ôˆœsª·¯)Ø'@g¤Q£à¨j6_*›YŽ2_òÆ?›¦ÝÔ°ø´Çðn_]ºBFU•£SéM> ¥ôÛ[LñŽ5¿6>œmd0qLŠ/-IÜ¢rÙÌ&†Áãý“ÎÊ­Ù4È@µ"ITrßËdŸ) "i¬ûLMsËæïZ ñ7™Íb×{чLÞ¤+Ñö:Ӂ:Èã¾ÅÌ8j«“sÄ× bF´‰Ðҝ·êɆF¿üÔ[ Êñð!—˜.Í1£+Ã¥’ :‰AeäU‡µQŒ›Üñ~öPWºRJšƒC„NÙêËfÆëûs•³Äó¿ò®x»¢©­˜äO»TiÁÀL6ÿÐíã‹ùA»(aöÚ!ªL"ڝnªCê W^±è°W/y&÷wdªx7 g7¼T­¼ež´Ê´8c^"‰ŸC]B⮩»srªWÛI=Ym›ôã™[k]èhªÝ-åÁ5k{£ÔÚîy óçÀëÞ Ã1o:£äÔWHŒÈyŒ"AíN؉•œ—6pK/£—3ž,J¾,Û„á— šJȹ•”ÄäÆT[¬ 뤝¶hètŒ5Uk9èѪíWµuŒä>Ý88†…w궇f,ÿWA1—è*d,³)«äD'áæ2é4ƒLŸò+9†Wm|¼€ßúWÔÓ£v,˜;vÈåO©hmë”·?û½ÅCÞ ‡!Ih—‘æMíéÞmÓP·x™”v²þïw%ŸÐ\Ä3„té«·Ýndg掠4—5ÓÁŒ(4mËý‹™à
Íò[<ýÕ…$[‡fnzÂ=¾ÿ¶Fµ¹zRÆõÐXõ›·Ÿ4‹WºÝ ºåj9÷SÈ ²¤.^%†V\6=\ñ£z»4Y@:o©2Þu¦³ -®­éU)Òò¥ÕèÃQ6í¤ÔìÚ³
,éÇЭŠSÓ ¦àÉk³*>ÓË(T;ìÁ+y¨ZΛw­­z¯Šæ3UIIi®²JŠíð¿ûP]f‘ÌW£¼EÀºuèhÇÎwy„P{º/wJ†nÉìLÍ4¢U…Ô;ù:¶j‚³)?¹â/á:˜pVŠk<Ï(N·ÜÀÑ8Õä,[»ŸìŠ­kÙ™â…Çâ
sý!G玖Ž›tt|qoµ‰$€p¬xpò´Qv÷yQá-X–¶ÎG’Ë(O-œ!º:*¶Z*Ržùr¡2»ƒþí•PºŽã'=ÒPGíØÅ]
W¤¾ù| kÒmAS4~®ðMܶí÷ m·Uâ„Ö€Uß&)¤ïÇâW+5ÛMÕºM؝€MË}nwçEÊÒ˜€HÑÉ>.>m? ñ8z[»ô ?JâTlæl¬ôȵI0ãó3Õ›Ä(¦#J㬸ܙ?ZæÌ6¦W\àóϼKïÑDñÒ¡(Ží0[ª;ã¾ ém6]wQ|ŠGÃÀ·Êj¸Ñ‰Ï ¨5õËÜÔNûrTÀÇׁ—Ôò¾œé…A] ŽæD6­ÐT7a°Md\ æÎѐ'Tý‰¾šíò¿ùG×gýsŠ€ÈÐÅ>6’Ìüt` ÁÔ2‰¹ó‚"cA¨Ìl †ˆ×Ou“p:æ  X4ìá99õô93wuðeDCx”v-„êÒÕºgçÌyÛñä´^bûfh7ãwL ýîSûHüYïn§ÌûØ×ýÓãvÂXרŠb03þìÔîÁÁÃ/›‹ Sim-„7Qb”6­dp>$&—Ÿ)°ý÷ò~‹‚ì5¿ºãÑÖŒ‹C‹ãÚjÍYgELgô­¾ÛêõÍÒ„.—Ãf14jì¦\EÂ#_›ÀJKµåoQž§CÁ‘Ó/Æþü_…ÅÅóôÕwwÖ¬Ž¹UèÁýåGœÈfÓ•B¬êê?â³®æÖeDlïÒ&u—d,}’í,ùC©›­Å/º=@<æÔ'z0^Û{WœÙi “ËþöЩاtk,n¸H=s‰®ø²}ý f *ÿR¾°b‰y¨ˆìgŒÌ,€-ÙÜ)ÝrÙ©Wh2t•FHÞ}ó÷©.|ZL±0EèRéà¶î™'ãÞžzÉV›ú˜Áß¿-ð.îÇ1f0¾.Æq‘`"'¯.?ï—+–ysM„j WÍ(a{º“æèhÕ¶‘ žX¢b,:åxG±°bRJ;:É’äZŽ£úÆÊy˜Žˆ‹7ŸˆÃs}ÏÙ~Z×3£a;‘=Ø©*Tâºófõ5×OŸ~½}?kr¼u
å)ö4ÿ «l5™õŠ±X½GKxû̓嫮yjAÌôj“*%ì2|.ÑĨ:Ç¢•ÌÁÚìm§-tŠ‡ÕØú©]WAø¸$4p˜gL”õŸ‹â«aÚ]©›½U:“u4&È@Vûû¦Ð„]IA„ÉÒ§øÕ­èüõ‚¿)DûË‚råꯄ‡w$Ãh";Ý. FI²LÛd6"îp+"M¥ÇéO(ÔŒ5ƒ€°Øºd©Ä·†RûÐkKY“VÚÈ7y+–<°$Ž˜«Éa³O9x:¾:jn~RšÔ…@°Ü}¹Ôel›•ß>$ß„°dWî /õ;l+g==wÖ@ §ÚbK€ï.8ò ‹‰pòýÙ êû¼Ýd«ºg6áúÓÓ¾r \b]4kǹìuÝASêòIj6,-Ñš"„ぱ ·ùU¿Zßx2þ "YŒ@‰ç°Å–ï¿sæ¸ËAä¤=!ÈÁ£·+<¾ë֝[¦MóŽ¬1#§1…^!Óù¥®TÍY‘­‘i?M©ü8@[:Ví)ahj«VµâŸïyËh¥©éãW9ÇKÇ"¤ªd:ÀT¨âGÔtÙBÁ[QjA¾Õ¥ÎÈ«¥0®ôüÔÝ#D´Ùß¬àúåè±P
µíþ(`®rÌÒºhãW é?:a,ÙW¨¾ƒ¤œ¡ŠGHiÿÚk—@Ú«MQÓ¬pxo’| »U˜ûȍØï] ¢{Ò©DLOpÏÇãr¶Í-ƒ¯4†âÑèŒ;*ÿF᯷¡ÛÁ˜p—%™7Z¯òҁ±¢±lƒî–›Ëä…&}ýÑ Ë1Š¥¼ Jgî<*F ÿŒØë»”ÎØË.Ô¸qu +›”â9•/Ð4ò(¿Rèï5ˆ[ì¡ñGúûIÏÛÑ8‹ÏؽYã¶_£8ÚµÀZÈ»´72Ÿ?zš«ÈŸ±½nBŒ>¨D´–ǐx?ZÜý¥ hVóØqŠ,¨ëh(ÚrìO‘L=LÀß»õ½Ù)fB:S#”§ÇÞCþÃчÔ;>:?öìªå[+dd¦)ŠÖXíXÄÔkfpY‹n^KŠ=W(ä+…­unM²]ËÊuX>ûªRÖZþ`ꀽþª¹[ÕXŠ ¨!Õ)n¹FÍ•:T3öcÜG1£Y¦ìlÕÃ’fCÆ9Ê&Yù›¥zeÌkþ¦4ž §&Ǹ&·êÛð3ëÌï¡×5UÅge"&½wƒ§ÙVʳåÿ§cÓ%
ˆ«÷©hã)ÕÚÝc¡-Ž00ÀÀBíhrm²ËÂkhs”.2ÚKõš÷\. ñ”»Òç^¿šC1mÉn©MŽN¯PÊÓê!Ôs É£ÅJ–?Ã)J(ôkßCóeèrGÉÒ /ÿøó±v®`Þ­
wµÞ4²fMï…#2Ž7AÚ…j&§ S±ª›{v°W°F8n™ÞðúÝ—¸ŠdˇãQqÖs±¾CÙ…æô»2þ*ÁDî½+¢²âáÞçyÃìÑúNìüß1#ß^
½²ãrvÊ~šoöàrd’PN†‰Ó™¡ãýhì_H)/Ô•G3òS'’w˜T]Źë³“B«äÇ5”ã«Þ-³gÂÀ“³EÍ5‰I"PoóY¾gnãtÔ¿¢î}‘á·³Ï}€tLƒ-ÇG­VHt‰‰Ñý€–d…ÔquË.¾/ďÐ'”±gæo”3á~µŠ¢àÆ…¹˜ÂÞÁ° le·Á¤ DJ¢ºø¯eÏéspàëÝðu{t'¤Nrúlx‘E¹¼þó#rÓ‹;¡\U{ïÒž2¡,‰Ë€¥&ÅIÑ=º_̘—B:zäÙGªADñùï0‹Ò:¿ç|gNÖ¦ù8Icn*‹ÝO‘¼BUÉ…”R¸øN¸'mÔ%§â”¶œ®[/*46ÚÃ8/$ÀŸüh ߺ>Ê[ä"¾5ßxr)‡TŠ÷uÛ=éÜpV0å¹Â³„ó“C]„ç×&8ÑWxùÎaò:ò—mÕn´âkkþöB œ%õ½ ¿í}¹a§‡÷™ÏØè Å„›?‚oc4æÛ^›s8iyø©f×ûþÂª[ÀŽxºT6™z¯êÒGP+àðÙqi"Ô›(ŽTvçcÎ)¡Šmgè9®ÅÇÎtÀ•@Qhn:؈œzîÇå6 ó¨+OÀÓp[€ —ëG¹.BòœÓšVîÆcupÒz %£fÁˆQ§vDì>œ5Ù»ä¿þDiŸgpŒ3m›¾!í¼¯øÙj(šÑºw‰y ÿN|Â}çƒqµèµÈ”¾Ÿ{íìiQ&6_Ñ–MhÇïD˜Z/×½¬×‰]ËŒ}V½[dFT‘ñ)íøÉ?csöÞp¼Ä?úêûì÷oÀÞ`ØÐøvØ/1|—Oøjã.8Pøn›œˆ¢{ô,iwxê¯A¤¤1«éUú:>Øî+ê@ÑZ(Êr¤+Ö8¢0ö6'>ÈÙ'È‹ÛJ
>+ræÓ`äj=‘‚~PÐ]Y¡—ÝèÁQQŠ›ß¹:|À¢Q˜KÁWrÀD¥ÂÒþô[ÅT.öô
Ð#œ–+Îñ•²¹¬q¾ïp@d<}Òai•¾ö÷z±Éh¸qƒ„ÙŒúpÒmÙ©ùí´ª~$7KØvìxM{“çZ´8ïŽm|•¹À×>8GÁÿò jèz”§Íòn²x›ÑÐaÜ!crсCeŒ6% eXVb'ÇåkY.€l¤u¥…$²6Äóî¾?КËst"Oæ™ÃÚg&ÂKn„)Tªí&bë
¶œщ8u‹o¹ &÷—° „¹ï’ªŠÛzÏ`Ÿ‰F~:¡”duð„}#o;ÜÂ7ˆ
·…¨Òµs¤+±Ñb¦
Øma2Ñ·ƒ&xî…R+­yå¸Ços2Në³$#â³ÍæoQ?×â>…mrŠ´ìã{Iß­]@Ÿ:ê…qÌf»wÚEWN¤¾
/h¹®ä—§a8”ä l¤÷y®ŒáŒÍvIôœvbÿŽ”¥šùŸV†d·Qd@F7»¨&A;ççzåó§ôtÄóxÆš@·¡ÍæˆlW1'1)ËÐwÇE~Ýq¬6
üŒg`ÉTŸø$¬¬£f2ÜÃpúr©ú&Bã¬Rf;î5ªy@mÄxîÒ\€¾ÎÌÛŽ›ùþöXƒD÷Ö¢¥hÓ{ƒ%ϝà !óù–ŠçZëÈD"{g<Ê«ŠZ‚B+¡HÔDÛ1Lº†îd3E.dv {“MtÒº+Çõœ•.»ˆTêžM¼¹êŠ`ßa;H°¤8I‹¼†°H‰ŠÞ€ ?û …Û”Ý-DL4IaêªgÝ^Ú1‘™Å½â
ûÔinë/–fC_@å¡}³zGiçZõ…£U#èíØÍ¥¦º—o\ÇÏ6Žƒ»ÁÏc'ŽÙïic3Üëç3ûêŒe…Ó:‘¥%²'D:'¿
î“Åî÷> rAÜd—ã·Rz1¦BÙ7ØÊj¦üÖéò®4”âØh;˜Í¯kþë°ÌŠ@E~¯ÎbOŠÔÑ?I×@™ð)i%›í@& ËÔ#ØUÐäK‹MG?Â0±éýR U"ÚÏ­”ÄM£àQ¥|GVÍmGìÛyBØɪª×•,ïÈÍâ‹-Ösu¯EìGÕ…
·c"hÑ*ˆ¤¬ä{Ò·ÚzvNuñŽ8ñå«$ÚÐw¦ N"˜œuÂ×3Z5ÄI¯Ù,rµÛöiz`ôþrT7¬Ú´1.‹ƒ……¥¾DØA[ùóåÇ¡†¨—÷N¬ìž`NûŽ8[\ªä"evA Xf'æµ°Ÿ5¹Š‰#Y¸'W¶±|ôP*ÖDr¸÷åIôÊ/ìʼn\â¹4$½ðÏï.\ È&[ç÷•Ú4¸\ƒ÷Ïèa3 ¸Ò¿ìwBÊèGÆv±r±Z¿LQ$sH¡ýøàS­Hv!è÷=¬ËbÌòóœnÓ2?ñz”èÔJA6¿æ(´®Õ£{ùÒH|h¯xrJƒ<"—£†œ•ÂÀ¾+9Çkײ'%M\"+mâþÃÙ„$pR¿hŸ©Ã?U™mÏ;~³ÓRS©`ÙŠ›œ:E”¦?¤ò‡¶Yl´Í[I~ÃoÄNäØf»o3Ø€Œ‰ŸoüiƧ€ô‰æ_vbpys´¿Z¨ƒZÅ<ƒB8,"U ¦õlÍ›ÖÍõƒhû¢}•Îvsä%çé ?ÝøK肃Ì]Q×!M–»ŽÜ±Pé»gÅ>^ÿjÆ°Åó/æP˜f«%Ðc£›QÙjÈ7xmQÆ9x,bÿ (i;‡Þ½*HDÒ‰ ‰s›>ôú’”†ÑÐÀˆRýÌFLù0±Ô_k–˨‹cM-ùÚ·µíCÏnßCøpLËŽÂN(˳æýî#u@ÐU¶EA»ë\Ñíkïì¾¾‡(ö#píg165°€ªw*PD¦µóîːԭÇ@‰ ¼›èü¼_ÓtKˆäʼnÉÃãFÏ·kIR®±Æ’ù”`ӐÜjmUδ՚–!Þ”ìÿ„i{­&:Åèb4 G†î,é;«»7@k=¯hd ‹¶l@[{œÌàÍa•ŽŽµb @•>ØšsƒÌdó(¿6®P1ÿ¤@
^p9Œ}{z¹(áâÑ¢Ÿ>L3nïsÀe·Z›D™’ËŒ¨Ýyì÷¬ØT°&LI¨âß8í†:Ȧz›W¦îü°x êÙ …°ÑII[ò¸K`aOïxFåBà5D€ó&PaØp}-u•ËìOLì4'VVŽ‰‰:ÇÒDñý×æ@¯h9g‹G\rÙÑw@ûSgèaJ+W“q²Z§ë¦ÇkÉ|€¨n±êíã(NIH*‡BF«”y×-þóFjãóš=äõjÿCJB;”ùW]F}/Ôïd :˜»›m×
PxÑ“ÑëÈ~í–Qh!Ê?¢cÊYœ–þ
ú Hä#@l^½:‰Ž¾LMã1»ƒö‡Ôm¤½.Ü–Š©f2 =`ëÄì:¶®ý<xã „‰ö鄶f!HúÐî*—ÐïZí,ãÆwO|šÅîv$bK_Ûq@ ò^y ·tp&t¼Ö$A©°rßLþ1r6KõˆF8Nÿʉ˜–ui¨^’rúe¾ÇE½ë樓âÍöÔ¹ŒõŸS–Öæûyw! ÷µ°¢¯˜@oë‹è#Ⱥ¥ßÒT°oКbР—4Žˆ4üd-9Ze˜¦­­`^×2PBÄĸƒrM@Íàgî$A"<)¬Bi•«”};ßÈf{ø&<²ŸÒð£¦m[MEøödKêzcî31`dêç#´ÌH{ü}jŽÎaÂœ'>töz„qÂ2´ó´6AU€,‹{¼ÔÑóZ#Nù¼Ü­¥b3Õp²"Ë0¯ã5õ#¢r*’ªØSËÚ'ʇ—<ƒ(—-þä•‰îC+¤ÒïÄìºã­TÂ÷1 Î¥T(±úŒÌMB›!^úã–([`aEÔ¢§–ŸƒÒ ë™Å>/MD-úb™çxÌÏ*Oçé¦Ä;1¸C˜në¬Ts ø¡}ìI:ÛÜ),Á1! ­Íðƪ’EÅž`pzU;ŽÍ-˼ƒ\æêWêÌY9·u}®í´†3M­Ñ*º 덇Џ‘¹É•ßzt¹U‡ÏÓÛ"ež|þèz±®+Ø{¡Õ¼à ¢µ˜ºhÎékïš{d³Ò±«Š¦§L"ÏìÓI”ï…Éù4›ÆéÍ%´½Ô—¡ñAÉ¡Hy\.Õ‚—ÒcsžYIãÊŠ?y=¦G™KnÍÿª>´òËV¥ÊŽ¨Íöüø£OQ7ðµÌÜ> ¶”ÏQ]n‘Ú=ÆržÑÓ/™ÔåXŒî¹ÔãO«Z Q4ÿhçÓbC'sš¼„⥪õÚ‘>cäQ˜ú‹pi©n¸ßÓøÐ’§Ÿø+¼²Èô`ÞÀš‰õãðÚy•4³"akß\ŸÅC);Ñúâ)ށm¨>pF£I,mµ_w_4G«ÖžmæL>(/•Ú”‚|B•xà²Ä$â<Ò;–
ÞÄï…Jp®#hU»È(ÂcR~:V|]Tü= X~Þø.d ä6ç“
êѤîÌ>†ùq•f””? §œW¡Œþ‚Á‡ÁMš8Ð9|z¿&æ˜ë´T ñÀ{¶®÷ÎQe¯oyúÔ6¹E´-ýõ aÔI)Nþˆƒë»ß >}¥CA»l#Bꌷ·Èf„%Ô‡% j=~¾åÇ3³Ãr; É})ÖÎäDI‹]b›-J©D‡Ñ•ÑòžA2„EËDàìFÏtÜGž7Rûs¸«²Múmí<ôÎoH¥ÏËć÷7ý“஦Øöìü5Ïf·¢™ý…ŠŸ:¨ӏ¸^WÐfAE|ζ&U|—Þ-uíÚú`H,B.% ’¼†)Xç÷Ù÷LXÌÝWlf^Á¾úT@m+îU¼âóùÕÕ†qé–DŸÐ¦þdJÚ. LDœFÿ«ôšŒƒ“Lã:‡¦¾‘ECÆ[’±×þÐô
œ2·±ªb÷³Èu#e«²iºÂÔ¦U%R¨B0f{ ïr»„.kˆÜ™HO ‚ø›‰>¢¶èÈi-ÎöN¹¬1!wã3Ÿž‚ÐB4à &ßµd­g7¤49‹!•%…rï*FZH:©¶äy%»­¹w¼AyY‡‡ÈÐÈ‘|£aX•.¨ QqWšmeÁ¥ ç¼1 ãüEMº2T©t«ÕðÎ÷¼!.Œ"ü&ù^~…çEê_×}Û_–£Ôü1#íju¥Õ¸0¾©(AÑQ¬ŠÛ/.|ï”åtØÜ\,×A¥UÀÆdÆ1ÜIŠ4%eãøžÙ$w«­i>Ïggx}CÜ3W!£ó>Ü“‚HãÖ?›3‡êö9b€ìӏ½àŒ"‹çò„sl Eµ>.íF=©È“ŒÍ%}lÔ‰‚ ¤™%oT‡ÒÇŒBo&uÜU™ïåvàçà9ÿºp]1Ô‡¥y²®›©ªÝ/ÝÑx8zmë:½¬½¥è›Ž–(³¦s«['±”¡cdQ$¯û,þI}hò[…EB:Bø<‰†g*²AÆpNÞW¶'2äFGhËþ­p&(Ñ–(ÅL¤ê¥ð“çêª[ë§pä–‹>‚Sh$ûAÓÓÕû&–LÛé/z«¶’‚Fp¾…pgrTÍé¯2Va¢Ö6b±–ñÁT›úTËþ¾*X&[“m*Á–&J@ÐJ¹¤kÉ?fF¾»q5ç‰ÞPW⤈HçV‹M¤«.©mÍDö}oº¢‹b‹ì:$Ûz½‘tš|„‘~ZK<¤Ø@Àk‹€ðuöïñái8º€w×^çÜÇÆÖiFƒq™‡áÐìߺ‚óà2ü Ö…™ròýÅ3•ºy# ÿ/çÿ&#è7¬1ôàt¦ß¥Ó®pù¿‹ÅàÜ)½ÝÜŠ¹#’ÃaØŸ‚fźHtXK"
øGè …F¡åPqlû0*à o×¥P03Û¼•£9ÌUU)ˆ°ï»n÷b¯5;ÃMIPƒÄXÂû¾¨Tˆ'1€‚u%E',p¸Ê§ª™¢¨õ7³Éµ„¬ì¹ÔkLŠ´ÂË° Ê$Kx¯Ml”ü©¸æÈwc¸D)쓏’…Àz<³;“ô˜J„ÃǽePÛÔT1^¦ò%€7F$.+`µo•©É+Kïåë ñ~kétUÅv²Ž
^&fáCê ÎC¡‰ÒÅât4˜ hÔ Í¬²Ê!‹,õ;±w7Ù’Õ$ÏÉytLA->ïµl÷à µ^ÍôêÆ…FA‹<Ñlà+=§@·á¯ÈG!Ëa÷"Ù„Ž = s6뵯A¹¬ê  •½Ïõ¢¢éÉ2:—jÏÒMù&
.“w6›"§ÆO„MŠ¾×g›4_Éõ8°Â«ËMa’\bÓ=;ç¢|ã­£NócrdìO¸lZÉŠ_á¦Ûi‚!äãåĐZøÄïš³ºSO½ÜînÂôW«¿=Ÿ~þ±ôg"ƒª?÷´w9¦#’<`‡·J"<Ý ñTá÷¼a˜¥‹R!)8¥v¡@AŽOòB*‡wê>Ý ˜-g,lpîßQsÑï« L>°ÃSo3je’Š¤v`<ìåãsZDž§~5¡·„Éôå³¾[înêˆÈ*ÂTô„-[Úl£uóyÂÍr!Ó Hø¹l“ç†Ü'­íÆ$ -g]V?0ôàì`ºÓæ ûÅC­™RµV[o4% »eªo¯ÏÖ•Ê·gMä‰×”#O‡Ëþä¾d:öÎî(órÏìsKÝ /¾wtìº6ä3ÎWmÛ|mƒ¸Ô©È
ÏJ
hc‹*´#ÏóEÙƒŒÄÚ¿ ¾éC^Äû÷ »e«V6<Äǵ&­‚d¢— •Òºyç®×Á;Æ;µSœ]kðBVf°owu}ñ¿Ë!ë!JX槍)Ÿn-x|&Ó¿È.Nì?F¼™E4IÐ {¶‡j‘nY ö µku³Þ)¬³ãŠ^dü°›—kF2b ý¬¦›nÔ3ëwŒÑørÝ4 ¼rìTJ o¡î´µþ_Ùº-ŠÑ8u\´¸¦çiÐýçqßðÔŠ‰p’X°–шµ~¿n_0›‚êš7Ê‘ü/0e¼Â65˜V
­÷›>¤Zó
Ô¨¸dLÏ59ýI§)ªEëNàayE&y‡ÔL/æ„Ü=Û –™K/î¦Úà*™d?C6FŁëŸôúŒµö‹#©Ô± ðÒ…·õ¬ŸåÃX…'5´´.jÀ‰Õ Èя>Ô‡‹O䌒ÜréÁù¦‹EÐQ 6ÿwÕ9ׂ׸k}2pÎÀäŒK FD7=;Ð[¼·ºì#ÊOŠ\ÕΛX“’éÓÓ€Óœ°Ûëdœ2ï³DLøÈu–kžœþ²/w>…Åld1MåaúøîÎ>9,E÷Í’©ÞT?¨3bˆš‰ªþ±—7f³4ð1uÇÀ ä;It´Œ³xýÈŒ8jíˆ%Î]Ö¹:Ô~G%`+ðO*o˜wâ£ÂšùÔã|»·kUoªc!0k§¡läÞõ«&ùÏTü4ÍEڙNjù>‹‡ØЄÈ€àqïÛ¥ã%ñ•dÙËë}OuÌQë*ºí¹Î~Ù“[o€Pè!/=R*ÂÓfí‚¥c——H+üÍnOÛù9w
»H““m>ϨŽ/©Œ<ðh כֿyöfÞ9ü¨Ëq&ÅŒ(M08›RA‹zó™Ej®¯òÅ
(Í3Aq³ž~SW'.«5#/.ôTlS”Ü/Ûb\kócƒ?™Àk¾¯+üspl計ï]ÄÌ^@„Lf©|[—ÔDU1®°ã‹®ú•‘§\Vä·Ç褉´‘€`)}.JR%gŒÇw„¼’þl"*rŸjüøvãcYÅ'å¹÷EÚFC†€}V9 竬ñ{*>¤ãuÓ5;cé½E,~ -&×SB>­ç,Žú0?‘>kæ¾ãF³¡G„=“Ž¤ŸNØáÞ,ïÙæQsη'‚…Æ&¸(èDºžº‹‘jy5ArÔÞr*B w+×8¹«§ŸF{>nùøM i
ýšºŠLyR$ó¼·ÿk‚ký½àÿ]îXÆ@×DfŽFµß*þ§Ñ°ôÆÌ9‚‹ûªì§>&
¾n2¦~rÒ”cññèÀYõôªãh,º§õe°7%꿐P“Sd§‰,‚}ŠÍZŒZ½hH«6<Íଯ“{{ÂòËHîùâ…®2£>*‚„Æo*“sûí_²æÙÙ×4T·>u$™X„J¥ÍPvÛ‚áë«Ï{Å—£XÖÀÕ”0’*ÆA…ÎKdtpuT­fš¦*‚†¯ÖnØM範u»î'kבÎ|Žª÷ùÖ+$Úù[lЗt³¡Ä+–²[S"R˜ŒR¯ù…0±Ø´œÖl9ò%žjúyvGcû¢\×"¼ýgËxβâÊú°¼+é’_ÊXݧԁŸÜì`Ñ`µÂˍP‰‰z€¿GäXx쏾z@ƒ‚5fÿ(¬ñB‘×¾Bw{D œzƒ-'Ê ‹®Æ5¡z†wðmq´Êá±ÌR2²ùô¾üò_ÆÏÜ”B"Ú äÿRC1 O¶ŠSŠÇСùѬÍWº¿¾œ™÷õ®[£à¢9iŒÁ2V„+˜€ÈO¿<²NÄ)â)9L%×æ2žž‹N)ùèžÆ ßÎÔ x'—§™ëÓ)Æe€¬®½#—à&¿,E¦›tÇ”—^HQƒâ ÇØ{·š'ÙjS·gÆY\?Ô‘Fc³mÄ'Ì:†éÖ߈K)P¸Z\°^¡’.Yº™œœËÊçV"K´é+‹)ñ6¶Õ²ÖûÖ¯yb[Cr yk*)•9Zu7U¿ô&‚#é@ÑSju3þY²ùÌÚØM!½ò#¤:‚:9¯ãU<1Ëy|ò¥·¥Muøõ4ûÙ|?ÎÝØÀšÙÐév‘FߊÞTS¶¨Q0ñYôí‹-ý#ë@šµxø#|ì(Ç
c!àC ­{NÝMøÂân®hʇ [˜XÉåGz§ùÖÃw.jOÒ™‚°<¿I˜7Œn0,êÚ!.ùÊÆT¾ô[ĪAx†FRÀ´¶>«mÚWsd¯¯WŽ›‘ÒŸ• i©I>«!2ÜÛÂJѐ%`wüPþ¼OÚw|ó¨OD\ C ›¶T0p”@C¸ò&xçö6~S¸uÿ¤Ä ·Þ>•k_@¼Ë¯±ÂÐ{›¥÷=ëò ;/ñPdkÿ/òÓl.ÐQ)pSü¼ÀÁÔÊÓ±4Iù€ˆ¢Ã9‡Üo¨/àKw´<±;ês¸_&-R¦¸>XJsÐÞ©pußÌ“û%>£ º!ô\ñ½?À>TmÛ>°lOå„/ó=”·‚­¢zb b?q´¢¸çé¸U™îÔÒ¤{¸2¢_{m•ÎöG_î(Ñ2Cõ˜ ¿çø§ñ[,•ï·Ÿ­ºŽùÎÓù"R1ä~¦¡ƒÝmÜð^B”±þûzäõ’ÔËøé–êêò%ëN¥o4ºWóÕísDž¼ÞÜP,c«1+„½X”t17²Ê"<>,S>UËAq 2lOÀ!©†WVZs?n”ªÉ‚±S¾o30@Ӑ‚ÑS`q[Ûœ·&܃ݦÕuŠò@{G$¢ùž2D’Ëà¾KìŠW\UÁcÎð-ÒÆöÜðG–ê5Q¦(õ²“ßÏ‚KaTµÀaážö‚ïÔ÷ ¦Yßû`˜@òvÖOí‚X&ÁwxBzõ´JîØóe‡†2—ß&Œ÷™Jxò«dнKëÈÜÕü¤¦ªWSøìùå+ˑ܃WøÉ7ÓxÂú:?82£ÍúÙ‹rê;°Çt¯Éh©HÒ knÕÂöqI[¸«÷ǦK­rltJU·íÏ3\SÄÖí^U{uLØå¯IÕ»üu¶
ŸçQ¯­¿as¦4 ¨¾Ãôv–쇝¨÷9¦@ÑÂÎÆý;ÊÔWØèý¬K±ã{]l½2äoÏ–5«‡ë$žã#\ªï5)‰G½uß~ÚoöL^}¦þÉàËEãm•X°œ%×Ï;b7í&2ßÙÀ%G慐Pç=ÎaaTu”D)9wT|Q¸ÇôV×+véâÀ®þ÷:£“y®Ì‹¡â}ßáQ±D t²à/ʝ(¯«®»ÕìÍàY#?2S«V~ã̱°#£1lÞ½õ<»-ÎÏ–²+¼’*[S&®hLþØ¢×ÔêWi½á³ìõÊ­[ܽ±çeV˺èä°`ÖÑdÏ„8¯±¤=v ‹´M·yŒ¼ð‹ À! þ«5»añ(Ù³ß}]Ÿ¥™¸õHßÙ9ÌqnŒÑ»D9"Ú°Å›C4l€xдˆÁ܆©5àÇXh8Pâ‹2Å3ݏvð’¥ø‚jÛ²—qئM `AÍWþÃ}—RøªPýy¦(b”h8@÷*ÿ!•È|=a(»I™TÏ¢„·Å]«šÏk5Í«¼iÅn_miKˆ†ˆÊ¤ÝTwœ²ŠÂ”å¸ ·cÃàª8TÚÿ"Ø:YÏSYÌ$Qá2ÌÑOÈk©À÷;]©LD§´°¤XLiX­I‹¸0W Ci©oÉM).ËìŸ=:Ö¼w#‡ œž)ØOA‹AxªÛ{=ìVÚ.ˆÕ¶wÛ´'Ïô7»ŽE-(ðüA灝¦´yށUÌ`nïî{º´W%yrþGÚç9\ÂéÇxWØõ(mð8BNd=H…**Dô„²10ôvÀð SרšBiÀ£²‘¬°3ódxû¾°tW(ÁÂN
[;Rì˜õÏa9ôJoX}hEc<_%í(‰‰ûæ5cºÔÏÒ^Hß…v×p@¯¹£±ìÅ»-Ê©6\ÛŒ¾EÃÕó¾-¨xÃm`,?å¾õ¤EÞaÍ“D'ð`cŠÐ¤c¬;ƒÅ™^•Ô™ÏqÿÌ;Í^þõã%-¿ÍU­"Ny
Ñ6^¥Ð”3iŽÊ½:¾ga7üÕzzçáp»e ¸ab
“Æ1L·g‡UáØüê‰Äx®¨ÕÞµKjJâ#{¹ÁM_´¬õŠ³În0Õ±Äf‘ZŠÍÅ0Y´Û„ZúÍÓ>°3ÎUT€&E¦ùòã«^ùt8!À€[熻ÿW5{.AV^võÞ!-ç©áÙ'å·ŸÀg9QÑ”¿¸Ïë'a=/’áXU-Þ¶®R»oC?W'Y"߶ÒbûÑåjv‹—Xåñà¿1 rH’\š²r‹®GßÌð@_S¹í1*éqlµ|¾m;.¨Êq7IãbNŸ8·.Ë'n±$¦»‡`PS©NVlÌBµÙ(„
jžá¶”„gõ8µëPB®I‡ ëv?g³µŸÂUm%åe›Q¶T ¾$°øeùy¹Îë"1ÒTÉÏ7¼øOÝ”•ÒkASØÜŽöaeǽ`›Y†Åã ¨bV«ß•Î§˜Ó²×–ùw¶_G°Ž\xÖ¢ò-¹pQ=Äc_0ä.·ÎýZtuò4HHO·78ª µôußÃv‡Ò¬c£)ÉB L½tåZ}RD!¿$£òWÊfåï¿ûËŽîÄ0_TR _Mò~YäN"ox®~1©÷¢ÐÆ''S…Õ”Ž7€—*
5·ê_Ït„.÷YŒðîmÞùÓ‹»ÊLãè÷³îݯ†Eäû¡=y²¦‹=@æ×ÏóMð¤}¸ó} •™ ÕéA¼Ï‚œÞÒ=ÞèJF‹š{N5Xý•׶TbA +•ÀQmæŠj
sqƵd{ø‹YúàÙøP\xIy•æÇµµKE혴:ý »ÕèeY¦oÜ]áLЧ•h>d­¸L8ÝÊÜhv~–ô¸ü
ÂN˜;NöZ÷‘bè©õ?ÔX+‰ª(ñ¼ú1•+\SÃEexÇ·‘'L=š=F,ûm¢ó{÷z{%ÊâÙ_ù‡G É~%`ÂD{6Öêµ*–úÄŒ!‡™¯bº‹-c¬è
?uíØ®UCÁê2Þð>ptß­ |vᤛT£æLö¾¥ŽœáÙÅ<ɽDþ|41úoz±å¿1`FŽå“Æì9N*VODp…;[Æ{ mK.•“V—*Àø7‚(F7•dà,Ðc-)Ù›ÝÒT~<)z&‚¶?Bˆ3¡Í>³A~åÚS×¼òØP§EY·L‹G’0;šnJƒË2<ô½îDã¿5^rÆs’üÕ7¬þs÷ØìÊÔhiGi­?Ã\&¶¸÷ˆ¦PÚyÊBL-¼è8êŸRù†<£ó»ð(¡K±³WOS2ýÁ`lb#ÚÊâ;ƒšÁšôh&ÁË€hc^Ùõ~n•u±Ù³›æ1uH˜Ò[±edÔß”ÄvÑ-éärÃw=£`•`¤ÞlFeB‡BÁ¬029÷Œ…îˆ0ß™ƒüâ(IòÉM~gŸ÷É¢©#`#üu[8øew.ÃÊQ (ßW²"ÅT¥LäG!Üpì’Å}XÜL&la(7oçâ©VèÄø[
»ÔËOÍ!̧¿ü`¾)§ ‡Ð±Dr›Ì´ W~zn”™0Vàá„n}}È°¸xñoÔQ|hÄšŸJBoû…Tè Ÿ|7ô ñà¡õГªŽÀ¢1æö«OüázŽ|HÍq¬ñ±ê*Þ`«–ôYnlw¾©¹ p¢žÇjfþS…")1=ª@W™Söê˜{*äëwªÁúÈ
¼¯|I•§hÖ¢£­nØà
”¬bwnšKâ“[Jƒf£âÖ^J2ÍÉ 1>Ú´é ÊtOnu ¼?š–!äËr–eþ’Øb¼}ÛœŠå%!›«ÿÚðb8?ŠÒ‚â'µÜò$Ä ùήŽ”œ-\ËÝçPê­¯¢¢ï»•öÒɉSøô`]hÎÊíÏ¡òªt‘:¶§Ë¹õ”à=÷Ì|IÇ[è…Òg©–{©CJÙ¢Xž?vr>bË•ÿ!®G2O c” þ>½ÏÄ­H†¿MÙ~ù&Y‘Ý ÛQ'⯎©,ô]3Õ®)ðXx×é{sa•Þ»¼?—H+™ø
Â﹩»“|aXpñÆbœ*ƒçãö88W3•œTt3̨ªmÞAhIŽI{ \èá^Ë®/¨‰ÚÃÝp`Ê¶ÛxevJñÀ_ÞBàcn\ò†Ie%¬6ÍÏn…gäÕÔ»vþ˜€ë±‰EŠŠ
t×H6ø2 —2Â@žŽ{%³È{@(*/¼R…ç
ZvüU7~±òrN*2þݼpãº8§à½jɘֶµÆ‘$µ¯,t ±ÅêW¾FÌÕ+wÕº4Ït—U~(H¾¿œìÞv¾zÆTêH[GçOíVS3Å’ t: íQ2Ä—¡=>u–’ÀئËÿvi={TUÕ‰A”þxrN?ŽUuZ¡°zæÔ¦Q8Ñûyƒv>` üe ¾¾|¯y­98c•Ø#?U¹Cß9=ôª NH˳Ë<ïn¸<ýrà´z£o– ÏŸR ÷‘gÏCÊ=ÞŝŸ,OÑÙ­ ™?Õ«@í6¥Û¡mNµ3}¨m |z„6@îkØNß_}sħU"¢+@²],x©Ã …µì„KlÀâdaV¿ïÈps Ú–iÁŠù÷=Ÿ‚ÿ˜ðCÆßå³Y¯Á°±§â)nɺ—þ·ËÒ÷æ )ÃÏIö졦;a÷_B`i}QIÉ~•M „dHzKð€Ò<>a+vÅêÎ6t<ªÀÏÞf~§ÅP†ˆYEC¡cS—liëÌ3äéMF–IÒ#7#aƒI-éQÀ`ΔÃÛS„eM.JÜ'ôûæ*šÌlð|bÔá\+µâYBjQÊÏô(‰ýËŸkŠ=rQö9,-8£.茖—ÔûMÔ}š"€.üKÆIÙ»XztUþÌÅPÕ“ßart çv²«“t=Àkœ1AÖ^ÝÑI+ß”G8Ûe#)O7(ŠFŠlŽ"•Ø\Heï¸úúÜ*Êd†mÙ#¿ëàñÙ`.š‘ZdžVòhkèy ­3ûÙø Ô2ƒApdNÜ›u@±)HHe½ùâ—®ÿ¥z—UoBSŠZ÷Þn‹Ú$„ZÜë&<Œ¾½âNM*=÷Ì\ÝGhÞè=Ä*h÷“ý'¦ Œ˜œ-Y¬úGzcå Sd »°5Ù•%\cÎY&¬=k¢Á[;rè󙤊ŒPâýbÖÉ|ÂÐ=›©ÃL-ÿž#סš„¯ô±@Óâ©î± Êx‰;=x¨O@ëZ[Óí·'Ì5bKýd*Q3 ©YõÚ±~ 4ý¢†Ãé(|Û<Õ)c÷(õÌHàZzš g ©/Ñ–¹P3™± ËBfj ä{2o·¨T—¹¹É¸QqM=¨/J[+*Þ
m.{ìWõøÄ€Þ5Eð¿ä‘Àgz†TðEüuªЀq ˆm¬+å'm5kðù¨)žÐžD8,8t©;›d€Ö®Tƒ¤Œ(‘YÚ:Ãê~QÓ…âè„~ûRNÏIܨ JsBû8f*o|શ$ð9TùoD]E%”ïDèãÝÅÏñµÝ2ã~߃”µ* õoß%6ªGÄ~ÕÆhpöØI®dZ&!—ÝŸ;¬» ùÇ¥É0b+¹ÔàÃ0 ­>åÁ…j`Q›l}”E•†Ü;ínE4ÔÍ8Ž§U%üçS\¨îÝ×à7èêûJŸHîvj÷)«X‘$?áJtB^åPÉC¶ÜáåB}Ä1Ìgý§XvÍð·Èày_XŠâ?;)‡%L&jÙ"Þ pdïO[aÈEw`‘ùV„
FÖ®O:WçbÌÒ§(‚ñ}Ù+¿$'Qó¤¥;Ó«kR4—+\¨Xº£ÙçÄcä„%äy›ŸéúÐâÕ´ËÏ€ NáËçµèï?É$VR 2Ë ÏÎ/\_£ùϝaQÀÜÝBZ¡Ç{Jh‰ª3äQ[ior€º:†Ùù§Kâ/ó‰$väZç
àÌF–WqLÑU·m³o®E×­n­s‘>=Ÿ%a+76éz+S,[•«}\¾[ø‹Ø
bëÊuͧ§ÎL)eµyV‚¢}ñ¨+E@ ÆÚYþÜã&§[0Ý+%oU3‰2·ˆY£áƒŸÈÇhŠ´Ï¢Û’»+ô‚èÐ˼ÐM±Æþ4ý†÷ê·†,äÀ¸E\©ºÄZxÔÚ¥å<™štÁæÞ» y2: ×ÜÒI‘²Á¬¡ð„ffqŠXù† ±óGûËMà¾(ìMV²zÝxs¢Bwv,ëÝ°B¡½IZ·ÈŠpŽ_›wÔ'ð/¡Ý¶ÃRø¨
¡¸¿‹”rþã‡nÒ[É¬u‡³äûn\*i(8ò "3#W‚É“«ÅßZ¿F§Ü5oá¥@(m€Wü AZþgufíUg4¢Dµ¸½¨@Î ƒEJµZ±ZÖÅáµõÉ20€¤˜Ð™µ¨mö¼4Fò(IE7là±Îw‹™‚1 YOï¬)MbÐ@ÈĦxÀB£R½Ý)VÇFTkfÒÓ¯ÙdÓ‹ùœáý6Jcê;r &Kåì²/#z ˜Ã7H§é˜½TㆶӪçãYÌ̃?Åžê:×¹™ÎÃ£âp÷$鸡Ӳֵ¡M›3còhº¥Ìü®·±Ë~ÆY¿ØßgõÖ£¨¼ Ö¤@‚ÀøÝO/‰àlß[w‡;¾ép­³Æzs>Ç?ñ{=îvwó’ÚD±Îè©„ H’•V¸•Sø¯v6­®&§m±[W '«I o{v¡'ênLftîE9x!¸n씲™îGº Ô±­áqsÈÛ¡¬* r RÆPR”*†4P èw,âÜè»N’
„ „„«9´ìØÍ9ñC·¿rZ~E›;¨Ô–hyázhTGª«¬ð“K~R…|tª»Ð,zæèÜRÊñ°ÞRíi«GhîçÏz–fcsµ€/4A—䬄tzm‹xE|ÿ ¶ƒÝ¸ã´ëÔqãÈþ©Ó"µ÷8lCÒüy}ù¢óoõ, ÑM\Èñ{.÷Dš
FƍË%­aQ€€û„œmhü­K:-8ÿ<²%”TÓ¸þúûg°™ƒ„
@`ˆ"©úóº`XÓÎõþ/mnž9g˜fé--ˆ‚D
!Ü1ï^§xô–£F}+ePÐzéä¹®ž
~wô©’3ßOF8z…wK✞Qô»y?"Ùþ½ÿ·Ê÷-=S wþ¤Ê§ö2íA=3‡&X”ß$úºÚº{¸ÔÄ$gÊ0‰ J¶£Ÿy¶=i3“=Ï/±*ܛ›»ûõµë CQ‡¤¼ð~ŠÕg8x«—»@Q¹¶ýl»•FӏEhž$ÞÜhöñ%õ˜5Q ±®aXH%ZnvîÂ(zodVÄj(,oh%Úâmïµ5Þ? „m qÍkò04°o–uò§Ïês½–½:SƐ½$¥ËÉ@¥(€ø:¹6£ã•ÆØ,¦T‰ÔîÕÊG
:,EeÛÕþnž‡ 诓ºX`;aeþ¦û=oÄÑOM†DD”À­ÖH‰⃥
è³´çF}j¡4¢H€HD'ô<äÇi‘{Œ…ÙBX›_Š*2è‘ðd9&+ÁB»F¥Ã_ÑÞ‹AWYdRW–«Ìuf·e‚|nºnr>è¾—Aè>a¢|ß¡Òor(1:ýÉB%F°¨ƒà–&À9Œöø´J
_v'ÅlÞ 3ȱʼÛ÷#\·mF¹©yàZôê÷U&À®‚’gU¸Ð[¢¶¼Íÿ~^Lè)².gÀåð^m6Å´dUk–]ÀôÆ¥¡Á‘ô¾Iù^
ÙeW¡Å³wú2XB*¾£#&²‰–¡ …ÇÃ'=Ñìw¥ÇÞPYŸÄå ¿+jÀÏá`@RÇÍ>½SÁêM‡e²_dƒ‡–VbMÒþMáëí8ÉÔ½ÞŠ-âÈy‰)4ªÐ㦱÷=ò—quNŠ«årKi“w΀Dâ°MšÚñläù$‹©¥×2õ¹S¼7¸¼V\íK²þ°vw¨òwi ¸4´…ª¿›Sµu‡›ªý?Xu]…å¿;k˜PÛ³´aøz­›{u7^²¦¸m(t>¤jy§´ÿB+Õ~y€€Åã¾¾Â\iþ»:¿ØgÖ_ÏÃŽÏK`»!«a–Ñ“õ[sâ1±óM£ýÿ\æüÞƒ/ºŸæüí8ún?@touT$Ì4œt–¤ºKlVÄ ÊL—¥2/euK±U¶šÃú]VÐk>µÁ{cþuãâ Ѷ$|BHkÞL{ZÜhÓy%v"YƒK""%cÊcæ«•„_µü´uðAXXÝZ:Ÿ„˜*2áÁ+äÈŽsžn™l¯§Ú<–¾o–c¶ÁtfŒ×§D$\@@Ddãá?½Ô_Wu¤€–HI¸À 娳<ð,¤‚Â’K°’¡=Úb˜ 7 Z€R@P‹ ,Â9íð kjÿG=ýß›ïün—Ðç盾ckëñµ ?ÉSuöç%ªá2’ÚáOmKÔ¾¶²ºzuà&›¯ ö‡eâˆMº´´/Vµu­(*±yôVR¢(±LSD¡Aå-vƯÚs¿Ÿ{Å#.ÊßòV4ñ¯1X†yÄ­ÌØìr¿Ž÷ͧZÛEŠ9©!ƒÈmõ
gH·ü|»„èpœ„L[›_îûC¬@Á
ⵆ~C>|?ž»”%†À¶4âL2ÍT\ðëÚ”aD8`ê2ŠåÂ!Ÿ÷a—Š‰mÔÍC :.xú%ûÜOoó«‹pUÈ®½ƒþÑ9çfT‹ ¬ÒIô‚™YvœÞôyNNÅ´x9ç‘a0Ôµ”"ºp¯bËöØØU¨¼ ­)Ô0=¬FÌV-Õ7¿+fÁËó¨þÓè•H;ªê+þ[aóå¢|¯þ7Înª/Þ^¦ûÞ¿ÞÇM1U«B:²Ä€sN}í!£ŠÑ Xd3rú[@&nï\õüÞ§‹µÐQZºb<*+€ÔX^èè˜óª Ł•%EËAB¦&PÄ€¨AÉ
wjú\?ÓL%šÒ<6>ggô´úY¯1Q©0‚•E°¶ŽÅlKšdR )ƒbqÐIèY™$”™3ڏ=Ùnsö:-üú7ºv®uY«éœ7m!Q»åo/ÛyšÙAéɼ§ÚNÞušü
~`Ãí§“j¹N“i¦û]i‡;D'¸/²IkY¬ª&åqíÔ º8ìz†\
#Ëó+Îe"õÕT{äZÁ͏m‡)Yå<¬¥Ê0³\·XœÌúTý Å–_5È™ÉuJ¡MÛ±¯
›Yqàœ2ùª~Éÿ¹ÄÅèþ¦³ç^Xe¬V¢¦4jzú“l®…ãZ';6RtLAQlØ£ŒÀv°ïJ°fz;ô™2ºúþ¢ÏŸoosÂþ¶Ÿ`wfRwI)€)H%tPw4Võºç§=땍r:Wüÿ/!>º>ð{û:¥ÇÄýåÁï+ä¯o]ßq[“Ô³>#ŸE|×}Ïì¦Èc’Û—1•0(’H& C…¤§ì†@J Ya 7Eª#«¹Þr;³k¡Í7A`þJ^ÛyiŸxDEò”!ŒR•U¾Ce³œ½zükq·Íðÿë¿ÞõGzåé·›Þ‹s/#­åÐz™
CÖ †`È ÈSŸEþßõ¿°Üœ¥ßº;ô<®ïuÂæ;¿
ºùùýÆ.ÑÍðô}ÊŠ¼ÿ‡õÛHo”.ÿ&iBgj”n×…ÙèIO(3»‹\ß{Ï֐&¢vIØd:Ô3ZçÈé9;™;-'_ØùÍ=b&æø¹ܦ¹
ŠĘH'/ ϼ¦Õ6¸žÑf@€
8’“$0I%2(AµLF¶ã–Ö-Œœ]¯ÎÌbù¿ûÃ¼Ê Ö¿!÷³Ê¿{¯6t(q ì±Lá‡-&!&ât=f&TAÔy…(ˆ! Þ€¯I|)Ûg«Pßù½onº43w˜uwÞó©Ë=Œ°ë¼}ßSÄèü¹Ï.ŸnÌJ$4%¤Ûy‰Áß\}¹ä¾{‹ö¦Ì…jPň[œY¾¥³¡¯H©²Zˆ7™Êù¢ µv½öm¶Û¢+OÅcü¬[õù±•Þ»ÆÎýÜ£G7.Éívrußr ãë»O€¦¦§f_ãåÙnѨõßÉú9yÏñ4:.ÜÓnÛûV;CI‹8Üú®pèÛÇ0`_­r5ªÌ˜žÁK+ Ò Öêï¾G#UA9›Í3ó¡ÞLUVéˆXDµ˜™‡>Øþ­‹q„š)„!WÀÖÐ LìúL„J/–ž#¸»œnïš¡nhƒ×ÑB#ÓZÍ˳[¿SÕþ–ö÷ø‹”R(ŽMÎkƒè³g{.oÕ`g¸ë:1.»iùöÉ¡Äõ 5qÒWžý¯IpÈR.éÔµvZ–-ÁHªe7×¾= í–×oá[Û&8þRLÙÔP®V’3 ¡TNöæÛ¼¯€óýÇòa¾æoŸ”ÔhE•˜„BúRØó¨ $'Y†Y”ƒ$̇‡õÝ "ˆ€K(Ã!
¤,aŸÜ~ŸÂ¼ê¸÷:Œ$¤ôuBn&%¸û³–ýÖó."mPHB̥§Åý?G¯ÓäÖÊåœt¾vR‘@²|+ÑðèEú O§érŸ…?À°êéÑô¥nñ8ü#€?žbŽKÝiù~ïÓüÿÛ×qþ-Õ1·Rç(*)L KŸLtÏ̾ÇUíkb ðڏà % ²Ž¾ÚœjÑÝLYëïð{üXÌ$‰#3’€ˆ(¥¼ûÅ7²>Oí|ç²î}§ÛN¦±Î^j0t†²M)§¹hT(ª/cUUŠ~Tfú¥&àes!HY€ÔÛ¦­,¶¨X²PS.[Ѷ…†ëx…‡JÇ?ó=5ÇÂøøY\SdöúV™vÅ‘Eû_øªÝ®ŽŽó<ô´êï…²¤‚Äc)ª[Qüßeõ|]óÃsÕᓖϧ5QĨV’R…ì…Y®üšlôÝ÷oÐ÷>û³õÞC¾ÛTä“IÒN`¨±äo-¾øÞSÚßÒÚ30qDœÊ#º!ióÊÓnç5cl¿ ÃÁá 1º EQ<&J²ÊÃ6®÷äþÏádÇ/edà[õ\‹?Té!‘uÊxûýAýW¼þWóú=¸IáÄ"ê«Î0öþ.É°1ƒ!Cš…Øìæ Æ1¹@“-T22dI0ØÃ.&rbb™^y Õ¡æ$÷А¡!$ÁÞ{eéõ<2ì&Â> ªò•I×ø’Îxч&ÕÚ^jed’B’†¶3+Ô^HLRFHSÅ=ïä°H@¸ñ¸öÓ«_…V–  ‰UQEÛëd„.@„6¯7óCïk[öùl2d‡ŒÃ9©Wª}•Ê´¡‘ü† ‹…Nm°±ŒW’©<‚ùPñ©ô˜@/Àʘݬ´/̯0ýŒ®&g< À~_‘ï~Ï_åúœ†m–iÔµBÈURIúž‡Ïxœîwñ:ìÖÿ;9šCÆuqáëܼHˆRPÅ‘vÌäjn^$ëýO#C­÷9f,s"h³;>„ù4zÖΓÏ \\âCD,¸+&5îs¼„Ég`
¡e*.å`/GD ,ÉQ›€\
!J 7í(õù™ò¦ˆQ _×ü›-Ž•k€‡á£òúö¾/jïÌ,0§_H\,)ÔWÏ\‡ÞØá§ÄA{ýûªWž†ÌÅÉ·ñVkæCÑ›çÁ¶”ý7`µè­WŽpòþÔŸmÁæ¯éJŒË&©¥~ÏÌúsØíËí<¸Zý‡fõPD󍳥Q+¡áó>©(4I#ƒv<ä8M€Ê#۔ۍûSÊ'’(Çh]²ˆçfo¬
Õ^n=>Øx?Å_î¾ÀeÓ-Áw
Cˆ;Ubqö%ÁJçú㍤ÎÃøÀw`CU¦CÙ55cûÇäSÐÌá9“‡Â²É膊’éäÁàÎË´ßÎq Rö9&ÍŸdˆ×ú~²åf?qˆ£]ÅœúÆ üÂìOW?éó?"’îD·{ÿÅcââb™wpdÐù<¤õ³lC^K^žwsƒâáÅs•$÷ ‘_Áì©^_b©Ao‘bºÜeeA£¤ŽVÍBÖyxÓ†‡}¹ÀÇü½-í~ÿ7pPàq Ok{ýÐØ«^ÑZ¢ºù00ªˆ. ’œ+ŸTAÍŠý@•üT XK]1pX6 NäL~ÜöÈSÁAš.òKírdòrlèB¨(»¶y¹»ÔcõÓ×ìÛÕ¥IVݵ’ðÝåïìP揉9{ª¶Ä vÅSQÝÍŠ·ämÏH¢]£\è*ÝÂÐ…U)+ ÝíývÇ „ëÎa}:ÔÞZL5€ñ+ñ£§S.i¼«´D\eŽ½Šø%‚"¹Z^woˆRZÀsuŒqç \5Ý¥üËD´ ©¥–ªáÔdÒ…Ö3(àÀƽŸÜÓÐÁ߰йŸIÐqñÊoÇŒ°Çݹ÷/'·à,ã·ÓacÁëì߀ù?+zŽÒÜ8ÚtÎ>0ˆ†i'›×¼‚folËì&¢!3ìiœ-Á‘mßµ[÷ô\eV<³z,¸#u̝ÛÛ…Ö·$µ"“«ŽsŸ{†!)’¾o°Èšg62ŽD®of-Ô:Ùµätq:W˜7n½Ë7{•õؽÈv¬ŸëéVm;1<åøÁy_öã?³ùoC™õ^”(rѯ•?…©°T8χӫbqÛÜ„›ù±õhWÌ&•=&À¤Ù¶DŠQ @£iÁˆ&mÐ^ówûÍñ=¿‰šÿC>¡‰åpÌÀœ!.ŽžK» ~×"
þ9Žròþ=‹œ@H¸¥¥ƒ…ïxG@7ö]þŽ'ÔÒÍÕïé2" `1ŠäœÚz)äÔ¤–½eCÒ‡ðnu­e{}Õð/‘ðß8w0l_ƒåœúÄe–ß]½”jgVÀØßpë9ÀiÞ*ø0>ð[ûÆòE¹”‹üº:CÓ¦õ³DSy)«îÏE;ÎÚÄ—ãö)J`5]”6ƒÖv:TóÓ­¬Æ”Qg9Œéj>™s6«¬ónNÍÆ pÒí+O‚ƒñ›¯»C—\eþJ—ùþ°þÙ'|@UÄ]›@BhÖî;ªkãëqìá§Ò8_¶@šúÕ„І¶ya6Þö®ÌŽÁD_ÒïkÁш˜è\ùÑ4|îÏÙor upeLö‹ÛhvÇÁçT› |/Êp}y‡ÀÏáÙDÄQcoÿó€À CÑ7d÷ïJïÒWÜÕîl÷qö]Kü; 6ÿËï_2ƒžã;µl_†fÎn«ªKï®|Í7^ØE"‡êŠ›ªp ¾K„=Ÿ‹“àðy‰[;‹íóUY·éÏÀ:yZ/𞬋ØÎ
ʆ7,e=¡…Ëñ˜H¹D« §Ÿ’‚ƒ<\þ2ÐÏ­’²üçX[W¶ÜÃyøNóç²£ÂÛOvWû¦.ÎUhÑÌß;‡F#z]%ž– Xc©­½šîe1“¦Å¨”ótËÂÑ-"fí½-ÑLÕø^^O™ðáwÿE›Üp;B×½4édCZc\ì{MHšuµ™E] 84»fyÛ̶åPÎvÛ<ː”6wåñO­êÆnPmHåMyYðREᏙ³À¡ µédèUv¢!«U ²Aƒlj²çãùqlz`ÕA±J.®`SCŠ"(iM*°Õ{W•‹”"Éôšmÿ3ý[=o§ö<àÍMCêU"²ä2Ä",¼£î•·©Ô!‰FªÉœl‰à­Åúßíø«ï4ñ‡j֏
–tô½5ÕuØZÖªO’)÷ÿ*¿•à³Ïýðòo&ùŒ†ýS1´ç¬¦QI¡Tž¾¾C„Öib÷?jÇøX~û ¤“î;œJ?A&¶åPö©²Ú™‘,g†xQÀz]ïÃ÷×þ_s7/–ÒTLL¡c­í(9&\íê“?E
a;NÿAÙûKk3לû®>cðoU馶ŸƒL'òŒoKJÝ4ÜÔbøpÃYŸ_§î†ò™­åP°¬Ä~q’ 0·àÂ!™K.|®³šßÍ°,S\°¡æˆNWÁ‚5êÙ©Mf–Äó4Â6ªÉÙH=òTaÑ8¬'£iÑ!õµþÚ<šOcº–“½“»w
ÞNŽhl÷/Ћz?‚íÔv´˜fIÜW,ù÷G¼Tà"+À·[¦¡®^f]Ü~÷Âb÷8´wØ¢ý4¿•¾‰ÙvkÛˆ’t¶Žf½ð8Ií.j/ƒS8#0ÈÜ–T03Q萐 Ì}i‘§ŠW~WMie
v2.±®«ÎøìÿÛ‡S*ÒÇ&}#»[Ëˆ>_i@:2ö —*@·W™hÓ¶ÇÁ°Óm~1^åzlçAd{àðë¹ÿ†@¿é¡fîjz«½½ð€j ±!…æj}}䔋f{ÀZL<å˜Iµ,@CÔæõ{Ž3¬_‰²ÍŠœzzúØsY¶È7яðuó‡,ùø;õFÓAa€&0ñýWIíês¡ƒ3©wwê?[FàåÒÒqýÐ]PXéEg2-pº1‹™Ã•zó¾÷QÏ}[ebÌ·bý¾zR@&
ü2¨HaŒ”IÑHH˜=úÞHœ‘%ñBlhgóѽ۱¿½Ž%ìæ¾é7Üg¸ƒÌL²¬,Ö~ öÍÝ<œ'¯[‡ —2Bç²8/qÇ}}¶‹æGÃ?ƒö£ QV¨\±M¤àâéå„DÆ•Rê)DŽ”J`•êoV¦bF©ãiÓØó8}6Ýêî‚CxôUµ˜  Á¦dZåMQ6óðsxØ!B¥/Q¾§u¾ðXæ‹9´éþi¼è³´ïÈ^3§k?–ƝîÛb¯
è$‹ÉÒŸ5ýÄiér½/{f[îìèðlßÖöûïÔÂz¹š¹ž³wZ¥k}w;lü[ýdª­Œ‚Ÿ1ŸìÙS¾³û`úéæðsxÑA6·†ôYêÔƒW/š|3udÏg?½Z§¦wh{ÊDãXÛ‰@"Ð+¹BóZÏ]¿}ä8ùÞŽ÷H$ ‚‰ðPÿ}È•ôÇE,ǃBj_í™YÂd;DtS;vº ·!˜ÙŽÅKëuâ&G‰ÑìÅë\tÏe¡Š‘%6&­bƒµÉS˜>ì‚H$xî£Hæ’p­U=žñåwm‡sq´±„DD¬V+ªf5,/­•ü¨ìêêV¯Ö/°º““SPb€áè÷ù/ð6¡.Yò˸a°Š&4‘­i´@(BΖúiµ@BÍt̐A2
d APªÊ˜¨fäq^Q±”¸Zö„ͱœ >r3ºa†
Ù-d«TftÎ`u@1fCSSDA²(ZS°
²§Õ@>ûkÓ£•aòÕ—uFP¸ÒU‹DäžÓ-)c©HPéY³«q¼X¨°h„ obœJ±
°C—
ëcÝ’0†½VwÓrX°¦Z¥Ì«}P¢(ÀȁiQí΢.3¥¡(¼HfÀ˜$«bfrT(,ÝÈ“2[”"¢ !ˆÞÑ ‡>UozoY¥®fJ¹XUš^ô–+3edÖBHJ’ ’È„©ŽKÜ0qÍh`ícb3W--Ë°ä³FD^*±¥0A8ØM¹`']pI‹„ÆŒ¥ÀšPÉ&
E@åž—{Þä™b^üÐjRbÊÍ@$ H"N2ÁÍYÚÄXÛbèÁŠ.†¦ mAn%£$NGÊ0­-RG%î¬qµ±XákGSE˜:aDaâ° éK™d$1 ‰ëÚ˜2¬UÌ3\‹ÈçUÍ%RÐlÝ¥#U66-ÍHR˜Åh‘©²îPÅ("ÆšgS伎YS((S|N¤H-ÙÉh©H0t¦]Ð^Cp“”æSÜ–ÉšpȐ†"òå6m¶@™ Ë2Xß Æ±Á ‚¶Q¬Äæ­`d…hµBIr­hI/E€(ª
YFTbHe“nJ¤A)R•¾¸ñÏ3.\š—È—ºàu»¼Ö„1’ B’ fJV2A2é­û£EL£NŒ™m#k‘nT ð»yÙ³#ÿBšW7cu¢€€&€€À‹ˆ
JÁŒ‚"]ÚÚž©¬ðX¡-à ›è=X"(dq$AHÒf‰¥Éä5ØßF£†jã,[qÌMb²7¡Ž»»,+,V3•Öˆ…&f®³H’8qÆ­!ÙA7:÷흲œqpm“ôȦ‰eÈQrt=3¥Ör1ÙQÆ…ÎAÇðÂøŒ$bõ'K7†©âΕ†U™“,¼¢2ÐÁä*3f¸ÚP(5ôwƒà¢ױÌù·á§äyÐÎ÷Åõ7ô{âÍßó©Ij—ÔþŽE&;ïƒÓ."Ÿ;ª]®ôÀŠ´Û¬ˆcyˆý/$.‹*
ý¨<.ìR
WÃÛT÷m)ÙF펧‹Ü$©<[ìªuS!´µÐËÛMÎ=˯ìõµ´ž5ê.ŠŠMþÿ”‘Q´8ÇQ_ßJòÆF}a&lœ8KÀÜ+µ—càIbå¶nHáïoœÑã …0E„¡˜5ÌK?à|Ì}©èr'Ûø+©ÁíüÉŸ–ìCø{w”YÙòHéT†æ 8¼™x´»f‰4ÅÌŠUA ÇIßží#Ò›\ìs™Ô]h¿J¨³a•Þbµ7íV]ý|NΆ¬f´#ÔÁ{„2:ñkZjæ5‹ô}yÕo„Ý™R¼v `‘ÿ˜®‡Œ±6ÂÙûaŸv¸žçK²†Pwèz'š4‹fãtPßkçyxœ±i¢€Pò82ÀÞVIð§!oš‡eê^ÉZp󩚆ÚÇ›%<‡Ÿ¡uòˆ‡ÇÔ.ˆÃÝ*R1ƒÑ­™Y8?Ývê"•i"‰†' tèÊæ©Û°ùÎb€a
A*È~_ˆÜêøÌ’oåD›ðm,†ÏAÈ’L¸åþ‹†]Y[%ͬm›ÕyU ³à¦I·¹Ù‹…oÀÖ¿uñ¾pH(¢Éýÿñ¬v‡áê9Ó­¢OµPë¡!l9«ö«†ÜsI™H
"""a· F0H
îȐHê%R0^^‚®Uˇջªëâ–ú¨tÞÄ\þqºí``hׁâó¾ßƒÂ‡OÝz«‚nÙ½¬Ö²Y[šDAÙ>2š.ýâôì—WÜU8«íþB‰:ìH†Ia@Ãi¤“01Sr*û̪–O=Ç:ý¼5O˜„ß0„“`{:hÿí‚t­x¤;ŸÂùÿÃŽð Omö¿k¬ð×íÿ¸>›Õ¸’B}Äô]Mý¯õ?Á~gMRI8HBN&Õ s™!Ía¨ûÔ“”ÿ$û¿j C™žA·ª¤ùª¢Ë4̳¼HmºjšjÌ©3Æ«@‡QG7æ?Ïò;_…Ž[ÌútßsÅw×ãÀI®Öã‹ø{6º^-ùÿËûù'³ïK@¹HúҨ«@ƒz7/FJ½§¤ª¼ÞIèSé S'19iµè*À ±åÕî¦~Zj±‹cÓk
§þ¸èÿŸ|ŸÇõ?îåú?ºò3žƒ¸é=gâë{%*¨¡Þf¦õ1ßÏóvtn$8oõØ[A˜,
dã2È ³BŒUT”À÷%(
âA![¢ºŠ5³#Uá½ânv.ž¿–äê+½/K{”OQù7G¹ÑÄßœ<'£ì:OQî½OO±êôiGëüÏ©iÈa¿O^Éï’ø>y®²üjGõ
óŒ6ž±Éþåx~Ñ|Ä;?¶þþW^Ü?xü‰.ßAÌ_Mø?ûZHä4s÷ØtqÑ9OáOîþ-ïŒwA_j³R‚€ù%«~ºÙ‚MëE%8—ügx›ü¤±ù,õ¯/Ô½r•Ž’âĵÆFƒ»®7]^IÒVSúzWö2ópQªÛè¹+)„P¢Ì¯qëNqäÛLÚ¤DÆ¡ô0á ñ 4„6Ï}R _–a$¦ë–‚DeBâBQ·™éüÕ ŽÓa—HÜ{:Ç ügø1£¥NAn?G›fÿEm[†ÙÌxí¬H«€^xü<í¿ý{`= ¶QTó’ó*¥!nÒÿÄŒ{>kÃQEc¾`us¾Ù$j?áK".|£ÅzÝÓO’¡x\þgëjñjqŽmÛçΣ³UÞz !¥tÖJž_y\ÌWAfÙ#3@ãågmȪÅGœGû{O…#û?ƒ®`y¼k›ÞîB½Ùü•¾ùLÜ‹Å´Ìû5#¤ä©ŒÛ?Úo ýê•â®›=VVŠðpmq ª˜ý)Ì…ûwÖûƒOH_c¯h­ã±]2mÖlÔÁóý4æzÚÈ¢vLO‡8Õ7»ZPé@ZÁ
7@ŠQB…Q}³Ìë1ßÈúâÂèoüz®ÏÖ·ZDA13ÊŸñn†>Ë #@ÁµÜq^BXÄö|ùU*{Pסcãþ?ŒŽ”ßèv¶œ_?´÷W¬®\ìß‚[šøa™”=O
**Ó‚Q­ÉHáˆ
hˆmÊQ'â$Á4Î> äV€‘XUt²•9?Ëeµãb 20V®iýh˺ƒx¦‡À2 È©§è,‰è‘"ºÁ™°ìËY$u…WÐ"BL@ y€(1%Æ !Ã0$('#ˆ%Ÿ/‹gnB—KÛ¶özpŽôSñs°Þþ”M·BosœFG¢l4Z9+û¤lMÑ摤:9ú8Ih0!DÈuf™îßñïUwÄ 4€8Ž»õæá叓RÈ ±»‘Ά,ò´N̽×Lö»¹ÓÖþŸY77 §Iì=ÃE[¯æö¢±H.<pè‚Œ©Ox¼NòQã+ÁâÛ”ìµüçt¹±Ÿd9‡[¿ým÷í`ð­ÏJ.£ö,^xœµTÚx¦G¢MÛl|6Åþ|¶k!§+åÖ·qÃôK¹c¬Z ! šS3@þ[ôü>óÆx£S$™ç#‚r¯¶NºÝÕˆY'~`qv ¼_¡&>&8ÌTX,g- ˆËºuyV£oµÂ˜Iú~§ó;_káó>•ª|¸¸$Ðø•†¾™Ÿ–ÑD ©Æq1Näš=Ä@J$(4ì]2o¯Ãûô¼ýûíù’ží&OÞç­'.„áhK‡krì³j¢2z¦ÓY8ßÏ_øS))úŒ–Im¶½oU €€/<‡ ^LÉÌýÕ\_èåVãþÁaðîú?RÔä³ZƒX.•˜Š8hY©³9»§#(b@ΠR·iÿ"0‹ä=¡ÄHp€Ùu¢":`NR«@Ĺõ  Až¿‘£ózðõ97©Â_Éo×é}}çwAI½ÚêñsO€nÌ·¿×ðZÔGx˜?Qd U %nÏñØõîÅÆû…\Ž×dRO“‡Âþäën¬T$öuCêð¯>—*f÷_ó=íàþE8¶SõþVïuî5=oÈû߯Þÿ»Ï{“î¬,ÆYÄ€ý8ç}ŸÂWDÛ‘ÔCÅ¥®£TdˆÓŒ_Š °L
ºÂº)=;ðû>m³ryÞ«þÏò¼lÐBèdyõ:þ§¬æ¹H ”¶£­
8C`±‘ ‚×lË  ²ßn;RmðyÙ[2=àcs·TÝ4˜3P¢@ñÕ²Ñ&š Yç“ 8ãG0ôHR“îr\œ’£•/jS1*I(Ù¬0iãÊ8‘˜Œ_
X€ÞT¥R_Óßò¦GEÔu øÿ!ù2VúmAô9`„‡ÉJÌ b_£­RØ»í¯÷øð'®òWVÈ6¿ù€wºpŒ€3 H@Ì_$®I#d¥Nv’¿J\q•s'ÀL!Y0/ˆ9:s*‡ h»^5’ÔeÓÀÙPÞ‹ØGŸ÷0M%19Kä!/”¨jk"rÏô¹¦ÐK-)[J ª?ûyqÌD‘¸À–{šy¾ÿMköTyxG° m¸‹¼5lo%Ãöÿåüv“+®›‚eÜx i£¢Õ0Ôg‚ñœP˜Èå?ooOs­ÉÙt°8yÖµS¼_¶Zbs”Â8f®7Šç­aº‹!/1êßHââô$ Â@!Z ~\«›šœ‰¡LiDsóóÍ•ÌN>ï„ÿçá^¿^
Âm?‘E¸-yç}øThF\“2Ïýä¥Ù#F€IÛXï.yñ¨˜Å&Ìb;{ÆîÆGB1=Ï¿n?—µ÷=÷Oì¯þÎOÁõ>ÏfC±aðøv´FFq_ð•å%rÿï¼wŽcIè¹ÛÒPs:y­‰Ž–Ì2Ü´›§Ë[Æê’Tj.˜´Z•Rü•!».JàìUï/¢Û_²É(óE÷ê퐸ÿJºØ@ƒSÊ`ɤ8¹†ú´BþO©àïz]¿‡ò'æÝÖd¶<{l2õ—[¦ ½F(ès3¡Ø3t[*4:
äNƹþzÌ@g0óã0Qµ„7éLë¸?‹qª÷?›…|̆³N«rMZ¾ß—ü§ñÿ‡Âׂ±ý–vd3•ñڏká›áÖå6¸0 6hÛdD'€†
é7²°„!á1ibŠhJßtn|8Š_n!2a©P¤á8B‰FÍ“/+uŽ<è ~QŸSðõ¥ÿauIÊÎF¥:€œ´>Þ?ãpc¼¦¹ïÞðœúêäM›ÂbÓlãq­ŸãÆñkºƒµ`¾£Ôµ͎ãÉG
d}€¤‡/´@8˜v݇gèê­w†–¢¥Ë_¬9]
÷IÜ‚%)<"žŠöì@ò€‚¤jŒbÓ•Ï#¦që㟯‹u†óËƒÊõq’®vÛDFŸKGCçkvÞÔn²=¬å;dø
$BNak«P¤ŸߥâÜ·7»«ÿ²61,¬úYêK½Ë3Ù&$—â(-:ƒ«Ò,_‰ˆÅèqs§ëðŸE?»¢áÙù»Þ(Í-­’¦‚EyoðøÀ…
$ð…Ó=oKT•7Q…ídçPRJê:J·Rv5¢
ÓâEjŒ?¹íãÚçÖ'oÝBW%øÿÄêñ_ôûŸËù°å­rƒãG‹‚éøµú~µ#Ëp ^·{nlz{ˆm—Óã¼Æp$ S›êsk2oqŸÓú9ÿ'Âv¼‘BuLZaÕ?%½—°ß‰À @Lë½,ýc†ÖJN9B¿´ß¯ò©/¼ÉðQ>üÉÓ+æë$v3ÌYÚPqä5(ŽdÇpk;+µ¡ê
ÕZ6ŒPX•CËv,÷*•ãÛû%À€¸Ûö°¿5ÔGí°­-ö%éÔGµŠ˜&ÉÂíRKЋ伙N5!Íàð7ko“ê»æ­d·Ê_nÔ%×Ø4/ìÍãÉó5ÛœÒ÷ÞC+Ÿéš“áéU·KÔ3\ÀÝÁ\{R•Õº³EmfçrºQ±åmX˜©¾Â×&ýç“ç4µ|æé÷ ñÜk?AÍí|—`rWp%uYBó$¿"h'Å—åãü°X^ô2^=—"Æ<\•í`ðjÔÉûmA8rùô«Âôý2#aˆõ~óöäO¡ün‡ãÍ©Ï?¨t~1éjícú|Eoé§óió™viû¥£ÏÂ5Y(ú*Zk˜ø×üíw‰ï9·{?¡µ5÷ü)=öYŠ*+¤7¥÷ü™ú€9¨B2FOî ´™×–õ_ã£Û¡¥hЈF€cfˆÃÁ6Æ IÓ?­?{…%ueÏ ¹x1X¥QÅ(ˆOâ”ÃVÀÖäeF‘¾`ÀU…b2˜/'Á‘ ÓMœ
>çƒW“׿ìŸ*“MCyc°<î$‹wF Ž×éĽ~:n^"Cé鳒´(ˆB” 

C!Ä@ø(rÜO4ÈlI0ô§×âô–»¹Ìz6xÏÌñø}Ö/–Ÿ)Ó½?—MV–zÔÖ?
>~îÜk“$0[Lüÿc·~±Õ‚Â᝕fJó*‡ÓfŸ4ˆ”(Pðïœ !W­mLz_¯~ð“س‡2™?ú¤å4yKâTæOŽL”y(²" ,PyuªÎ´c”¤Ý ¢LqjØaa-Ž5ç‘ÔA°£fP0×SH¨4ùJŒAcqæÑ¥_áVøvµN×î.õß&ó{öý¶×[¸„!„‘“©-bÏŠJDþÏaG—»Wê-¡¸Çú—ÿÓÀåJyŽAÌp¿[
dÐKݏY³c›†ÐY…™eFª“9€r3á¿×ÌÇ~!Æ…’UTÄ <þ+¶²T°1aU«
*£…0Д°;ßÁý¿'ð{‘–Rõ¿¿'¯£Éï¾P¶[4ÙJ¢
9Bå¼þz—뜆Òœ%.~KWmʇ«ßú&|$tnO¶É¬©ý—[áyÏâᄝ#hIĵÛ ÈZˆ@ì[C•¾Ce%ªQP¢0ê¼×q]Ç9vóÇcÑaæøµæGÂs¸•Oׁ¡ªÐiùD3ëG¡øêdç”wÏ{‘ÖÆþõÑ?»|†úÕ¾y f,r˜¶!Ø÷:1½êŽf;N}ºé¾Ç]ô:ߟÿjvêQ ñðwlûÒsÏPØŒÚ&‘×zä«'[™¦»ô?Ô×äŽzDóÚ~U¥¾­QÝë¯vÞOwºûL¢à
!.$ !1O‡(
N³)€ˆ„€B@’àD^Püoe‚ BiúýgdÖíœB‰H+AŠ+4‚¬§`½ŸªúXŬûÀχW9ð.ø6Ôƒ—ÛDqNéÄQ+ŸÃ*ÏÛäøHÛÔc‘?ÜO&S¶&‹—ç>†.‘ÚJECÿìIª1ƒ61Ö8›zÁ¯`Ý1cÅcbgbµAÂyËàT(C½y)õþl]N³øû|0ÎÌsÒèõ´ÆTD R€Ê”QºŠ²ñß'«±Kãô_zÖýÒÜ/×{ìv€¥Oråyþ¾„G×¼ôÜmð>¿î}4œÿºîù"(¤ól’’Aa9#çD
<£î¿»÷¼þysòê}'ñÑ N~’Þž'¸gÀü¿¸ø9r\¯¾røïœ\g·‡þi!uY(™I?Ù̵,äð”†í Œ ÔÀDÆÜ$_¥kՔѳàC¦ZµI¿A"Ðq/7èûO^¡éDÆ8ø+%0jDf)iÊQðäâܤpØ—%?‡£ÅtÉ_:›ûn‘‰nÁY¾Ã åojm[ŽökMŸü¦¾t©É^kwË­ü@ßû²“CÏí9ÞžäfåwýñâG×ü™Àï}nû”'zölê'hË2]‚„ºH-›+þÄ’™!$Ôðºª϶״þG‘îyÞ?¸÷¾>¥µ=Ê ð¬+?߁·æÒ1´ôg¿íÇæµ:¿ëò»ß•Ï\ÉP:dsúˆQQ-ŠJ—-“Øú\`ò¦p’ËÔÛ%Uó„Yæþ¯:?×1´ÏøW7_©Ê9›gCŒ(50e@¿—ò3vê¤"€¨¼ÃAÿ *yŠYR!„áø/Eûfž  róÍ|ÜBq£‰øga¶WOo–©gÙŒ_}6;3Œ«œòûÜ°ª€O·dîãE4‰ã=ÔR1rù^4r÷nšç5îP…ÿ³ÂP ¬9½¹“D¨ æÏèϵ )'îg¦ö~GÔÏÕUô™·#)&„(„А”¸@$ŠEž…‡ª@!ß!rI
Ɂ·s³¹eX@€A-/˜ÞŠä»ð^:} )’‚$!wé·î¦9N¶eý:I¥‡fÓ¢N–þ®Úð*È0S —®¿‹Ü¾¯¯’Ão[ò>Š’2,’sgê}¥YýZÍÂx.‡[s´ßØ[rмÚZÙ­ë,¶a *mUÝy&zܯ»–} ã㏢#xxâð4¸’ÊÒ›Tâ “Óê=¦x…âþ¹ÿ4š$Kü…‰F¬xVÅuŽ¼d
Ì…Åj˜(·üÉÿêÏü”¥&_¾àПñ—p¾3æhüt¿‘‰B¬ÌZ|¤_ôTûºpê@÷òœGs¶¡AK˜â 0þÓöýKWsë/8ÔO»‡HàÙ­ÒQa€§Cñ;1Ûý›|Nïsý}ÿ¢öN˜Å(}Å…ßIÕdÓçíÑÂsââ?õîŽÿËíò²,ýÀpÙÝÃå0û«–ÿ}—È/éÿ¦ë-~Ígg’ùùڝ®ŽÆSµuùù/TÜ^Éýü6g
ÿrº+ ×ù±]$òø<:_V#ùÍoÏøç/˜»ïÇõÀÁqu¼'^\_v+}£íÌA³%ì@„%€;¢B£ýº¦Bì„¿±£ç2NL)>sÛZ‹˜BÐÓÄšØ@œ~öÜz»PÚeÔ/¦K¯ ×åtT­q¶ûïR‹¯9XO¿ì½ìîX_ë><}.Žz×"^4f«ÁÎÍk-¢ T
OÅÊŠF‹Å7ÚãÒjÖªHJÿãDÒ=ñtMö®áèîT°9:ˆÆ‘=oß•ÿ4Ÿ¹jËLa(×lDÂæ$(„.BQ+ïþ¥çáÄ2avŽôÍ ‡¦äj’—ÐN¾+鸻|á®)Ó:à93‚»Í·,7cÚþû³ÉR§O0O73êdb(ðfFgáã̶Rªï9`JÓ)rû…@•*ÍþýÝdéÓ(iÏ0Pdüžž_ÑˆÈ´ÓÕÅÙÞKßmk˜ö¼uoNñˆqûþËFÄn¤(¬J¨ú½+æyÓ«CÐÁ<4é´¸7¢§à\Xu #ä
8 )ÄÜt¦ 1üæ¸ݺ©—Ï6wô¹=üsjâš29{Ϲúøù<_åw û×|Vü<9€s]…„ÐêX ˜HWe¯ñ!ÀÅ21d0cô2Aôˆ¢À#"/ HXD‘‡z”€ÂH³u5S4$Ÿµü'E†P6ÞŒ”þx(hGÞÛ«ôû>“£úÀ WSôýþ!…æ3¾6øýGÄÊ´ô¼ŸŸ|
üúµÏ±åk.fήºøüo_‹^ÿóó›½òrŒ8„oùQµ\Û‡íPÂù',=–lL<íb70a[¥ìÊfÔzËKaôþ®'ØCì
Ð1L™ÌÙƒXT»B_W‹MÒB§®å?3|t¼<ãŒ9rêÛRiN^NQxt¥¸ô£íº0˜rmíÕ‚!Vg¬áv ŽãDeJq«ç¹M
VUŒO”
2#"!"U@`$Œ*ŒT#X"(‚""(ˆ¯Âé!;¯k
‘„3“uÞxM­åºë«Î·ù¶N³Òîæý9Qw{w<°–³€Þ»­ Êø<:õœª–ñÍ2òD“+dcŠQ= HC˜Xà“¨º&Õ%óçéî™=Âtë«
0GÁÊC±ùs2[OÏÃÂüðN«–
W®å(i﫦JÙ‰Ì,¹Žh*0S¡%muÜañ¤ ¬H=8Iûc=VõŸþÓÿ‹U¨q ¸
S8•ÌÅZSˆþX7í×bÙ¥ç6.:ßH^–æð¢ÿÇDUoÆ7ŸÍãˆ%=b+»`i;°Ё ã» ”“ë1{ä;D9Dŏ“º©÷v
‘ó-$2öUœIrV}BBÌ…2vL ¦˜,ŠyD— ª’bÀžu‘±HS!‚ÜÚ¦,.*ˆ°.@øÌ%>™Ö¢.Äè{yåÁEEDëšRà¡~¿¶«ûBPYĵÞßðï8§]¢Ù±£¦µ€À¢ªTT 22!#"@U’ ±FAŠŒF‚""‘Š(‰…‚ö÷žÝïèwÔ*ïЗQl86µ870ÂÕzüÃ$Ô¦PÀÉ6˜¥|+LF3¬q*ÎlL¶ÔÉuUâ\ªÏîñ[h™b‚‚(¨¦êÁp©R§Cèôu²•M9M©´ÛÒ¢úL»ªt‹Ž
x¶½Äœ± R\­¹# bæÒ”a–Xâ"¸Ó2þ¬PuxòéûÒ‹\4b“³”È<.ä]ËEX@ëhºmÄW—ªÿâ*g­ŠÛøåS ŠHì;HaJl¯$è¾ûÙWŠÛö_Ö­®š4oË·^h%ƒ WB„‹!–dE¥ªM$q3V¬F†·A"$‘÷ÁÙ¯’ð®·bz3-ùoÝ’ÙLÃ<å¯N”’æFÈ©Tãbñ´¯ÞZ‰Nê©:3ÿÂ¥zQ üv#aÝAIA$ ¯ 42®D/Ps 8ì¨ä#?_ÙTÇßØÁ¿ìÑ6 B€-«c¡mp5ØÛa}àY¼!rKÄ$(µ÷×îò/*(­=Ã`–4jË(‘„KN)Ð?QM( dß÷x[´ët»Ú¶Öúacï“x2³¼w¹Âg/‹Øç놘ëڍ[™­yy}Õ¨ÑãP1 aD!}æB_y~7á}Í¡æº+\Šàkëß—zïFq“× ! ±è’"ð6 ¿½ÒØø=¥²;|!¬•WØ&ÞŽ=¬pñá†CbP~;#@Ò/D°xF»°jX’%.?§r®²Ê´ìabô
k.íe„zû¢±5Œâ¤HŒyŒO¶¬•A u¦ydßnÏWiïžfÿfŒÓ«²¡©z„’×¹,XI4ä±ò2OXÚü@ºy[]y¹yfh£j†Žyc«ˆ‘ª`"JŠ‘Kc¦ð‹ŒOd‘ˆt÷ ”ý±©8Ÿýü½Ê}öpÏ ³lZõ¡ ù}Ñ“ˆËÖN8œJ—„á6-†ƒœ(è³uatR8ÌWRýù€3œ3$_,¡RWÙù,yËCÍ@yß Ä¬úÞe0DQ‹„×CƒÐÞO;Ð`€ù¤çkÞèÇô9OP7‚ÞÁÀnñ`¥ ‘>!
>îrµ­"Às~Ïuø¶ðrQ‚_/ ¹ƒ!A ÍÐÒD”YŒÀ¨b=2ª¿ÐNXFñùo•ï¹ˆ|,7 W$fgU¥Ò€€©Þ6‘@Êa;Mz–Õ7õ1‰@L„12Eä•1ÈQ€¯öÙ©h‰O¿­U}—ˆ MäH€"¡>-eý½¸q CÞ^Q-Ò’†'Œú“…¤n‘·0¹Bã5hÀï,mQ’³¾›óªŒŒüi…†üßã<$á ù†¢$†?Šr›;JµÕj[ù[&†ü%Yò¹2dÌ,´âìØcV¶žo“ü¼hd2’#Aƒ%Ü)ýv®¥Dãùl?ØíÇïDì×¹rK¥¼·ÎÈÒ-­gKïË—''©Mæ˜9pÙÀ(òzc¸ OO†ÏNN‡§ÏÚ'數eþRÄkçU!Fi¡v'Ãá­Í];5¶u•`“˜¼O_^ôÚžŸžüž|8¿8G?ãßÖrüÒX0ûlÀÇ‹™/0Ÿ[ShêûuÄ–ôÿìïòH\¨L%œ-”(måå\çÚ¯…óu–ÝãIÿý³?¼Kƒ—y½pƒT͵4[-Nž zþÓ“î¤Æ»ÁÂÔü\VÉRߪ“¥/ò“Ee³)¾è#;…[‡ÃÇOôì¾,ÕJÌÌñ`!©£¯bv,¿F•L·£î5‘Ny‘ªLÖ¹™­ é½6‹{<"ÕNÎs%–ër©2˜åγßkçu¦“×c™Ò€ðê>¬ÈUæE!«…6š|ý0ÈTä÷†÷£Ë+q~}5_ME<M¦±x;žŒÅ£û:&F­_Þ¢ž³¾˜.µøkQQ6Œ3{t<úêD d©ºU•(+›(甓J/i!VQ\P‹É ñäj©*%ÚU„¬hã㩐&¥³ˆŠKŒßîJGÓhçH^¬½ÐæÖÞ(¶MNsÂbl¾n¦<¼¬<~ƒA©*è°¬²…pÅc•Xi3×&XÁNm\¤Ì K^Y`ƒR—xxlʇB±Ty¹
™Âa[é<óÐZp¶IeE;ûº$8‹Â:2OòœÑ…-ôÑ>)T1Ǧ!¼'£‹æÛCQ7±ë{¤:[Ów]ÿ°¹K*]z¶ãÊz…3(ð¦i0,±&Ó‹šCû¡ÝÝ"¼ºBã³Õ®X†‰¾²y;Ø Þ Í ç¹ ";ŒrÁ'&Ýêg#ë†j7ßO^ã>l9kG&ÿ“L=Ã9<´=?)wR© kzlé"·s «°%¹+lÉ<+~çµú2ËÞàÀ°U!“N¼™Ìše,ø"ÞŒ§”Ib$T=fW{¦ÓxØm›CœŠ+þ×Õõ‡ø2F£{ûAÌVfâAímð+:íf}°#_h@ó€6 „sÄ£¿ð(0¤ÀüµIypÖ7vÖo1ا'%?Hgâ¥^Ì@W·*ÝLc}çS[ûf, #Ó¹zuÖ¢„±94Ø. Á|uFåðúÕÙ­DHÛg¹’7³~¥¨õ‚ÝužóƒOì0ítã.¦ê¹ú¦ÌFH\ëX9ë‡Ì4•’é¦ë…‘9vL_e)p'Ÿ.ÏÇ¿=Þùí”C:Âß×_BZ.ÆñùäòÃôòú ™ùð!â²%IBUR24˜x"À%d+›ÿô0rµö!»X´—Fb>@¥vÄ;8++VrÍÕxiœM=$Ò)”4hí÷0êºm:Ìï:ú¿Aí«ºÅtD„8ÓÎm—ŵ؇½†1ÛÚÛëŠ=²UÔ0fDN [ðœœäQ(»‰Ýr¡•mØõ±r¸BA!ÚnDe§Â(Pªi+»$ßaƒ6ßjù|ÂGgß™á;'†ê$Òi ]ä07ÝOÞºdí‘QxlþËP‚sh”¼fɃ 4˜éíá?â&Io‘AaÔiTUQëEáÊÑVw)n'»}ªª —¼ú£u¾íP*V6(BÇL?Ò”`€ÎÑ–™á »wI¾Ýd³$×7JÄ“Oñ§óÖZ¬RTõìT€£ËyF§vm1Ý(…-¸÷JìÉê
_ˆÃ‘): qË*¾²ÕMç©o²(sÕã\¨4õ6õ7q£* ¿sÚʸ›V •Ö9='݃ùÕÎMgAµl˜ ^±Å(ĹZÊÛ66 dUP„®+ ­áÉyF^tôäÝC8B¬@5¹&yˆ àÁa¹[)t>‰\Ѐ¶ÀU@ÌH´®Ù?\TB›Õ¥‚ìt7]¢2æ ã:Åå!ciB˜R‡M”î†ÂE•²DHí ;.ìt¸æö‡þ´«¢Á$O#Ô½+U‚~¡Ò^HQ_¡ €ž:hrÕgÙ’^h¨@ma¯ ZIÐ9&ÿTy™,Yb;…äPXPŽ®Eø\&7A|fZå)K¥¾ÖÊ…¤Ò$Y¢XÊJÓYÜûqÈ5ŸM³;6u¡ºïÀgRÙÞ÷‘Oç¼µ+ˆŠ9ÔE8NT¢Tº%Öå]á ‡³®^Þp8þû-„µ„ÃîÉ’|’ÎÕÔât¶ï’ä©›«IÀ]§“ÂGœzΓq…;Úp‹‡=!-BB<€‚Èö¨³[¾> ½“œž@L …¤³ö‡ìqû&µJ‚MTú:!D´=Þ°Üm÷¡Èª/¾¹É$Q¥ç+l§ YU©ªxÕȍP“„jW!×áÚÀ•µïQ0t# ûq´µ‰k?×ý¡3»‰Ú—ë?X·ÔçöÛÜÁ,§(Jÿ4¯q6»U?ÏŸ{ÃÎÒ ÚårÜt‚&œ›sUÚ¹ÉÓÝtkR~Ò•àþBôÔ¯6{ñ¿¸œôxÌX|€¦ eˆÑ)¿1Z £rç¼F®m‡8zÖ¡VîØDi?«o¡èQ¯¤ئÆÚÈÓμds'›kG¨I}§–¶ äËö2²‘)~k
»›h$­Ò-—êŽ$êýʼ ÷ÛkËócß¼®;t©ÛÍáKt'¾¬o¢Os^À”šŸ’8ÜÖ‰h rÜA°!å~s" ™æÿV6:×VzAÄÓt^g3¿b”‘ÒP¹¤vR{zu¯I—Ó /Ô ¿ ™´BñL+.ÚÎÒ^Œ]Áyt0ä“'o%ÂTÉ¢yç!bšÿI!ðÿòN:—U{­‚ßSËÚm7'ÿ4¨Up07070100000000000000000000000000000000000000010000000000000000000000000000000000000000000000000000000b00000000TRAILER!!!þ27D§~œ®í†Põ'ÎdÈ‹*ªS™×%;±¸éþ?J¡
Ô“ÿ«V‚ƒh¶éß YZ