samba-client-libs-4.19.8+git.430.a10fe64854c-150600.3.18.2<>, 5,hvSp9|7c(]ƌE^`*'o"qj 4)%v̊@8Š<^3~!I Tk~ {[QPAM5G< J39!rGѺJa:r2MmA#^lc6D3!4QA/(Ri=}/ ;+G A{|W5{#JԡZ{AJ`FjmoГLrUmf=b;Rs>C՘?Ոd/ = T 9PV\v4v  v  v v v !v#v&v(h(v*x`dLK(u8|'9':'>MF@MUBMdFNGNvHPvIRdvXRYVZZ[Zh\\v]^v^hbi cidj4ej9fj<lj>ujPvvl(dwTvx,vy z(8<BՄCsamba-client-libs4.19.8+git.430.a10fe64854c150600.3.18.2Samba client librariesThe samba-libs package contains the libraries needed by samba client programs.hvSs390zp37GSUSE Linux Enterprise 15SUSE LLC GPL-3.0-or-laterhttps://www.suse.com/Development/Libraries/C and C++https://www.samba.org/linuxs390xH(8XXIې G(H7'gx0X wW''H7WG'GHKpx7)GW'!`GG0'W7X`y77(W`]X'7''g('7HAhvS9hvSQhvS;hvSQhvS:hvSQhvS:hvSQhvS9hvSQhvS9hvSRhvS9hvSQhvS:hvSQhvS9hvSRhvS9hvSRhvS9hvSRhvS:hvSRhvS9hvSRhvS:hvSRhvS;hvSRhvS:hvSRhvS:hvSRhvS9hvSRhvS:hvSRhvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSThvSUhvSThvSThvSThvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSUhvSU5b797373b1e2421fc33c8c59304c7049a3160cd8e2576d40e21c0e84b70b7840f3a736755f60a143d15d381672babe1f4239001c8af710275d10d9dd8896192482dcd7e17719d714887dc2eeeed6f9bf19e83280a3b2b0f0a80291e5e7dbed23ea4c22ca79cc87d0c03955bd7d6aef33b523c7fb6349dbc82be0ed2ad71ed42fe96e39e1aae48aac5c448c81948ccfa9ee753cad8517e2ab1105c8cdaa16bc2c33a59e3d018e48c9fb1ba54443b94713784ba5427bcc12a5a63ece2dd4c7fea35b44d43ff7f9f5525e04da0b181bd4c9d67681f83badb7bf93aa33533485543d69bfe5cbf7e6a474d5805822c278b0e1b70f205b7e86ab316538c284dc449d23ed216220a5ce613062ac7406c1041fb20a042cec4425c0935d3e7bff78bf99004c7f9c886c9e0b19dbb662e7ff9576bb18d65fda8517f8f92a2b1bd68d723f585511546033e3c5c638e806b9e0b90233a5101bf8d5b4f74e7d158de2ed9bccec73db8b4dd2f0939e56f977c36564da1fb5066d373b0eb31672da6e7f2d3bcba74ffd16d35571f546e5203d61bbb24155c95872695cb8fe3a50ebf44027c4dcc54a65be104f7f65f3a1ecefd81055da02f505a4cf7b6d1d2ada5cb4ebb5c3e26f398f6edc6d4214ce6d8a5861f79847bd234b2e8d21d8d1d2bc82a9a88237d7fd9f970652a848d288441f84e372ce9122166228fb5a12e326c5580f76e1033c5ff8622c28e5f2b8be157a19f979a82e31434bc44e3345c0319229854b80bd2af9a166f364b959699617a15cd6a60589ef4595c0cae2120fbe3496608342f8845cba610f41b237aed9a3bd2a8e7f4175a1928ba35586da0cdb019e652066e8c1baef2013f5c044807d8747e8375f49db688f357b2e7b6a820f8d85b592cbdf78e6b6b022cc4cba3827ccb45f3c75794ff644e7e5c54ec5894b3ea7ecb1a6bf34b975a0474fdd28cd6f0aeacb07af9cebf25feeb7ad16726196c09dcdfa8801642036fdf116048031b3dfeea287ad07afc018d745b6b737b0de0d989557d04becb8dae66a9bc3a2ed4bba751e807e027c0049e98fdae6850765f827aa0fa2d523c4a45d81f2bb5e513b6f66079457cfc2a6bb8f92d3ba8693436fa6d9316db8d4b7993d165135276b0fc3a4dc97e2149527b3520e7785907774116f773ad7b6587337a54dad8d052c715d197279c1edf8b4f566ae661cdd27e9f56744e57c1b2c28f4a28e20b434e0f1b692a7d35173dc856ceeb959a32f78f77af8847a990eafce072164af7ba611f290a43e4a515d0aa4470351a0d2ac838ad80bea2f21cb88242c5c88b5bf3065689ca90da39f416f7d339c2e64e43df876cfa8721ed07b4877fee1f4383c99437e3f58aaf634111245ffa4c8f6b8856f44dbcfca3d509f118543345d3161643de66333a7a1a1711b45b054b91bf1045c715fb965408ac5100525c1de35bc71990f149ba18563fce0447c366e032d94acdbdb14b42fcc7e2fe41c7780a7fcb23a499e68a2abda18c0002021f70a40aa1e6785fa3dc2aa107aa4e763ae541ca5e179bd940167ea0db34a7d24290315701fe2238145c8afcd1a0f9635b7c22433a8b48394a5e148d47be438ef46010a180e01026d5b21af39edb836db39c5c7c7ffc98dc7f37697cb196c80f2fb930db7148e0119d80f94f55a1f5eb79eb1b651b0ae4b1d056254fcf5ae9823fcfc061df29c0a8274bdd08cad749deb0d387e943d8628b6c92a6a09dfac1039e8d894ed0391b6b901eb30e3aa495307dea333979058c793d39269b6ba767e6a3cd72112c7096eebe357f45ee4b8f968c3d04535308a8982b3e7656d5bb3d5960765575036c7a2156608b800e403a14acef013a4cf555788685b816ed4e7ba0f99333a9159aaee677ff5de3351ca266293956d510d10b144314a160ebcf19b851c002abb56510f3d505d1de8bb4fa19217388feaf1c663eb4e741c6e188a52c314d179fc560c157e1938ffb0e87fd8d6bb9e148451e3628c262f286f93dbaf1ea556c84c72c89eeafae226ad2c7dc63819378a48449fc9852c2c4b968ec9ee946510944022212c63f1689563f6f2549e2f0fd72015abf7afbc7f32476c403e3bf1765976dc088b69196c3cbe7e6aa6c356357962b2bd1fd9af093b886158f15d573b2438e2609d2d917d0a6953ebf94ef44d0cd8e3720c1fd5bde98e8429fc01150a34d3d8c03053f03e99ad89de43201c3c397fdae04af03d418b9244e713581b5e4f0f6c6cccb957650e3ed6ceffabe3152e8357a4f23a402dfff87bf1dbdb5c6e4f30820adbb7034c58e321f1c0d2a54d3b89502449bfdb337e7f6938a30bf3250d7e42f4db45c87f5770bbf5d3a2b825edb96d45001c6a1f963052b7342c3da85cb463ee906f8c03ae567144ee7ca2c4ec041c2dab03174454ac69f68a7ac741721dcb3c6334ad7ff06a93e092287a6e51b66ecadafd69f2e97d17582cf74f1964a7c3811f1182927942707437152cf70a9e476f347539a22ecd8c7c510047188287f6baebc61b1f9ce87023ba1bde362b4ff98b6996fc599a353f4329a8b4a1ea9a7c8e337cda6316f7ab7f283508576bea65d40e55e28be45beb2b563e688f9fe5719fa6f707735d6c6d1b284ecb96da2e4ae500d17d3d0e0be4f708db369c9ac966df73e9a7a790c1f70d866e16a4dc31d32f40922a7c0dabc6f0fb82bd90e6b627da9d7a56778644932cfcb0e134f03ce553853bfa29ff5016525e7eef4de2d16571f85fe9dfe5e44238bf56cf869c3b3a5eef52280e6169de4675f48228b338057e958db1c0c0703907892af99ca0b93eb394c824ccca8a30231ae6490b113128c7918af846fe94720e38169037d80ceced97ceaef3401fb3fe27dad965825e923ba0e87736b66717adb221157b5e8fdd96eed57d277eeb9c71c9be35acc9eacba725014ee9cfa865c6fa193a64ae13ea917286373357cf7234bd5445b55b8bc1b707178bd066b4d483dd5de78f6794a2ca1f52f2a1d59e7bea8d707d2d04ee45f987b353b5030ff41bd0a77f60529648fc3a605032a8bff7b0f8525bfb7de18fd1299790ee409ed739cb4640d98ddbe7596964809cf4129182b1c28d59d24fbf9de171eecfbb74c4ad56ab27a68c664236070763fe5cff787a3eb7a084165035e4443589309b7e536462b3ff475369e7d7b123e01394d22d970eea52112f9459c359fe5068a30644e5e280b6945550241810c2d96f8da1922f78549dc19084708adb55637eb25b80e8a5b6c474d9a661e858c67f59ad8b3a38b640e604c6ad1c907f91daa42e5fa586e5d1ada86b62b707a6ab0ca189cf6dbc9d987f1163c13af9292c35ff31cdb149fb8e563af582858d19269a3a0c13fdd39697dab8c247b95eafc5f6b45a587b475287304f54a4a83e57490da5db17991e492d8edd694ab8d90c3d0d1aa9a7b7052de93dfea0461ee67bb962aed03454e0db0b2c29573abe641ff02d2ad4b7fe0919335d55554357242246dda7212d050a7ad4907de82a085683e0bd9377c67ea7608e22ea0fe1adbaaff8353b35994ba4a259513126188df50d71b0ed05e1a296a2ded219b135e75f8b47e25544688a5b8508effe0ef37b8c4616e8e6f3f44a6bd5b47ea6eab9abac067e59ce0267c2d74315f00f2b60416d8939c9c9925ceb9c4c58d5ef399fe9846911c63bfc2e9044e508eab5c427a2b8b05eb5cbef7291ec2a2515fbc6c745518339d1fef68452555b66b294ccdab29ebd74b93e77242e90840435e3bec80a08ef7808293ee089b8dc1136483ff36ba8c4a9b1db0ea52fa3ff8398afd6463eba9e43bb472b5aae1a2c8d2263adbf8c502d891cf4cf0cd982abceb9bab4293192b02564445fb9c10478b239b70fe8d5c366d8f2226684c10d2712fee6815fde55d6ce40781ea1c7db414b3e88a7e814f9f1e69b2308c25cbdf9acfcfc976a8dc6abdde77ea6a1952097447ffbaff1895e7bbc619ab47569659bbc6351f6176f72a40ad20a38780fa94a8cb9af72f6acbd40611a480ac745547fe8b84d9549c882a386da0b503d8fbdde320c838e261415556c248230a986272fe4919b3980e4c18a98bcfc55e675a4329588a7f4a5425f013d4b9fd105448bf15c7e5e877141e472f3789bf1d51deca0de3664761666e6ddf3df179006b1551b37bb961f2fbf87f5cc6680195c5d067296b1bb5c5c2e813bd35c0391b9e91ddf1cfc4be4cda1b56acc5e5d2b2a52a776a6a2ecb1c04c18b685b2a274c17f4bf17b8991a3312a1ac756077be934d1d8c251e5a04ef56c7f29cebfc541746ab24f662cb45478234f5d613b364403182a8b267fafdbb59a817ce8fd467de8e24062652b74242200f3ac9f0038f300774cbd4d6385c2d562dafa715bce571818367ffe866aa0b1df32b756c4af7e51376792f94c0fdf5f9e952b32d0e943d60a35libdcerpc-binding.so.0.0.1libdcerpc-server-core.so.0.0.1libdcerpc.so.0.0.1libndr-krb5pac.so.0.0.1libndr-nbt.so.0.0.1libndr-standard.so.0.0.1libndr.so.3.0.1libnetapi.so.1.0.0libsamba-credentials.so.1.0.0libsamba-errors.so.1.0.0libsamba-hostconfig.so.0.0.1libsamba-passdb.so.0.28.0libsamba-util.so.0.0.1libsamdb.so.0.0.1libsmbclient.so.0.7.0libsmbconf.so.0.0.1libsmbldap.so.2.1.0libtevent-util.so.0.0.1libwbclient.so.0.16rootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootrootsamba-4.19.8+git.430.a10fe64854c-150600.3.18.2.src.rpmlibCHARSET3-samba4.so()(64bit)libCHARSET3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libMESSAGING-SEND-samba4.so()(64bit)libMESSAGING-SEND-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libMESSAGING-samba4.so()(64bit)libMESSAGING-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libaddns-samba4.so()(64bit)libaddns-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libads-samba4.so()(64bit)libads-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libasn1util-samba4.so()(64bit)libasn1util-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libauth-samba4.so()(64bit)libauth-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libauthkrb5-samba4.so()(64bit)libauthkrb5-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-cldap-samba4.so()(64bit)libcli-cldap-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-ldap-common-samba4.so()(64bit)libcli-ldap-common-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-ldap-samba4.so()(64bit)libcli-ldap-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-nbt-samba4.so()(64bit)libcli-nbt-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-smb-common-samba4.so()(64bit)libcli-smb-common-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-spoolss-samba4.so()(64bit)libcli-spoolss-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcliauth-samba4.so()(64bit)libcliauth-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libclidns-samba4.so()(64bit)libclidns-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcluster-samba4.so()(64bit)libcluster-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcmdline-contexts-samba4.so()(64bit)libcmdline-contexts-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcmdline-samba4.so()(64bit)libcmdline-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcommon-auth-samba4.so()(64bit)libcommon-auth-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdbwrap-samba4.so()(64bit)libdbwrap-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdcerpc-binding.so.0()(64bit)libdcerpc-binding.so.0(DCERPC_BINDING_0.0.1)(64bit)libdcerpc-binding0libdcerpc-pkt-auth-samba4.so()(64bit)libdcerpc-pkt-auth-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdcerpc-samba-samba4.so()(64bit)libdcerpc-samba-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdcerpc-samba4.so()(64bit)libdcerpc-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdcerpc-server-core.so.0()(64bit)libdcerpc-server-core.so.0(DCERPC_SERVER_CORE_0.0.1)(64bit)libdcerpc.so.0()(64bit)libdcerpc.so.0(DCERPC_0.0.1)(64bit)libdcerpc0libevents-samba4.so()(64bit)libevents-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libflag-mapping-samba4.so()(64bit)libflag-mapping-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libgenrand-samba4.so()(64bit)libgenrand-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libgensec-samba4.so()(64bit)libgensec-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libgpo-samba4.so()(64bit)libgpo-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libgse-samba4.so()(64bit)libgse-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libhttp-samba4.so()(64bit)libhttp-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libinterfaces-samba4.so()(64bit)libinterfaces-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libiov-buf-samba4.so()(64bit)libiov-buf-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libkrb5samba-samba4.so()(64bit)libkrb5samba-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libldbsamba-samba4.so()(64bit)libldbsamba-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)liblibcli-lsa3-samba4.so()(64bit)liblibcli-lsa3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)liblibcli-netlogon3-samba4.so()(64bit)liblibcli-netlogon3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)liblibsmb-samba4.so()(64bit)liblibsmb-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmessages-dgm-samba4.so()(64bit)libmessages-dgm-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmessages-util-samba4.so()(64bit)libmessages-util-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmscat-samba4.so()(64bit)libmscat-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmsghdr-samba4.so()(64bit)libmsghdr-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmsrpc3-samba4.so()(64bit)libmsrpc3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-krb5pac0libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr-nbt0libndr-samba-samba4.so()(64bit)libndr-samba-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libndr-samba4.so()(64bit)libndr-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libndr-standard.so.0()(64bit)libndr-standard.so.0(NDR_STANDARD_0.0.1)(64bit)libndr-standard0libndr.so.3()(64bit)libndr.so.3(NDR_0.0.1)(64bit)libndr.so.3(NDR_0.0.2)(64bit)libndr.so.3(NDR_0.0.3)(64bit)libndr.so.3(NDR_0.0.4)(64bit)libndr.so.3(NDR_0.0.5)(64bit)libndr.so.3(NDR_0.0.6)(64bit)libndr.so.3(NDR_0.0.7)(64bit)libndr.so.3(NDR_0.0.8)(64bit)libndr.so.3(NDR_0.0.9)(64bit)libndr.so.3(NDR_0.1.0)(64bit)libndr.so.3(NDR_0.1.1)(64bit)libndr.so.3(NDR_0.1.2)(64bit)libndr.so.3(NDR_0.2.0)(64bit)libndr.so.3(NDR_0.2.1)(64bit)libndr.so.3(NDR_1.0.0)(64bit)libndr.so.3(NDR_1.0.1)(64bit)libndr.so.3(NDR_1.0.2)(64bit)libndr.so.3(NDR_2.0.0)(64bit)libndr.so.3(NDR_3.0.0)(64bit)libndr.so.3(NDR_3.0.1)(64bit)libndr2libnet-keytab-samba4.so()(64bit)libnet-keytab-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libnetapi.so.1()(64bit)libnetapi.so.1(NETAPI_1.0.0)(64bit)libnetapi0libnetif-samba4.so()(64bit)libnetif-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libnpa-tstream-samba4.so()(64bit)libnpa-tstream-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libprinting-migrate-samba4.so()(64bit)libprinting-migrate-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libregistry-samba4.so()(64bit)libregistry-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libreplace-samba4.so()(64bit)libreplace-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-cluster-support-samba4.so()(64bit)libsamba-cluster-support-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-credentials.so.1()(64bit)libsamba-credentials.so.1(SAMBA_CREDENTIALS_1.0.0)(64bit)libsamba-credentials1libsamba-debug-samba4.so()(64bit)libsamba-debug-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-errors.so.1()(64bit)libsamba-errors.so.1(SAMBA_ERRORS_1.0.0)(64bit)libsamba-errors0libsamba-hostconfig.so.0()(64bit)libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)(64bit)libsamba-hostconfig0libsamba-modules-samba4.so()(64bit)libsamba-modules-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-passdb.so.0()(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.24.1)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.24.2)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.25.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.26.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.1)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.2)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.28.0)(64bit)libsamba-passdb0libsamba-security-samba4.so()(64bit)libsamba-security-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-sockets-samba4.so()(64bit)libsamba-sockets-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-util.so.0()(64bit)libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit)libsamba-util0libsamba3-util-samba4.so()(64bit)libsamba3-util-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamdb-common-samba4.so()(64bit)libsamdb-common-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamdb.so.0()(64bit)libsamdb.so.0(SAMDB_0.0.1)(64bit)libsamdb0libsecrets3-samba4.so()(64bit)libsecrets3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libserver-id-db-samba4.so()(64bit)libserver-id-db-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libserver-role-samba4.so()(64bit)libserver-role-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmb-transport-samba4.so()(64bit)libsmb-transport-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmbclient-raw-samba4.so()(64bit)libsmbclient-raw-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmbclient.so.0()(64bit)libsmbclient.so.0(SMBCLIENT_0.1.0)(64bit)libsmbclient.so.0(SMBCLIENT_0.2.0)(64bit)libsmbclient.so.0(SMBCLIENT_0.2.1)(64bit)libsmbclient.so.0(SMBCLIENT_0.2.2)(64bit)libsmbclient.so.0(SMBCLIENT_0.2.3)(64bit)libsmbclient.so.0(SMBCLIENT_0.3.0)(64bit)libsmbclient.so.0(SMBCLIENT_0.3.1)(64bit)libsmbclient.so.0(SMBCLIENT_0.3.2)(64bit)libsmbclient.so.0(SMBCLIENT_0.3.3)(64bit)libsmbclient.so.0(SMBCLIENT_0.4.0)(64bit)libsmbclient.so.0(SMBCLIENT_0.5.0)(64bit)libsmbclient.so.0(SMBCLIENT_0.6.0)(64bit)libsmbclient.so.0(SMBCLIENT_0.7.0)(64bit)libsmbclient0libsmbconf.so.0()(64bit)libsmbconf.so.0(SMBCONF_0.0.1)(64bit)libsmbconf0libsmbd-base-samba4.so()(64bit)libsmbd-base-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmbd-shim-samba4.so()(64bit)libsmbd-shim-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmbldap.so.2()(64bit)libsmbldap.so.2(SMBLDAP_0)(64bit)libsmbldap.so.2(SMBLDAP_1)(64bit)libsmbldap.so.2(SMBLDAP_2)(64bit)libsmbldap.so.2(SMBLDAP_2.1.0)(64bit)libsmbldap2libsmbldaphelper-samba4.so()(64bit)libsmbldaphelper-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsocket-blocking-samba4.so()(64bit)libsocket-blocking-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libstable-sort-samba4.so()(64bit)libstable-sort-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsys-rw-samba4.so()(64bit)libsys-rw-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libtalloc-report-printf-samba4.so()(64bit)libtalloc-report-printf-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libtdb-wrap-samba4.so()(64bit)libtdb-wrap-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libtevent-util.so.0()(64bit)libtevent-util.so.0(TEVENT_UTIL_0.0.1)(64bit)libtevent-util0libtime-basic-samba4.so()(64bit)libtime-basic-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libtrusts-util-samba4.so()(64bit)libtrusts-util-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libutil-reg-samba4.so()(64bit)libutil-reg-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libutil-setid-samba4.so()(64bit)libutil-setid-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libutil-tdb-samba4.so()(64bit)libutil-tdb-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libwbclient.so.0()(64bit)libwbclient.so.0(WBCLIENT_0.10)(64bit)libwbclient.so.0(WBCLIENT_0.11)(64bit)libwbclient.so.0(WBCLIENT_0.12)(64bit)libwbclient.so.0(WBCLIENT_0.13)(64bit)libwbclient.so.0(WBCLIENT_0.14)(64bit)libwbclient.so.0(WBCLIENT_0.15)(64bit)libwbclient.so.0(WBCLIENT_0.16)(64bit)libwbclient.so.0(WBCLIENT_0.9)(64bit)libwbclient0samba-client-libssamba-client-libs(s390-64)@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@    /sbin/ldconfig/sbin/ldconfigld64.so.1()(64bit)ld64.so.1(GLIBC_2.3)(64bit)libCHARSET3-samba4.so()(64bit)libCHARSET3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libMESSAGING-SEND-samba4.so()(64bit)libMESSAGING-SEND-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libMESSAGING-samba4.so()(64bit)libMESSAGING-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libacl.so.1()(64bit)libacl.so.1(ACL_1.0)(64bit)libaddns-samba4.so()(64bit)libaddns-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libads-samba4.so()(64bit)libads-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libasn1util-samba4.so()(64bit)libasn1util-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libauth-samba4.so()(64bit)libauth-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libauthkrb5-samba4.so()(64bit)libauthkrb5-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libavahi-client.so.3()(64bit)libavahi-common.so.3()(64bit)libc.so.6()(64bit)libc.so.6(GLIBC_2.10)(64bit)libc.so.6(GLIBC_2.15)(64bit)libc.so.6(GLIBC_2.17)(64bit)libc.so.6(GLIBC_2.2)(64bit)libc.so.6(GLIBC_2.2.3)(64bit)libc.so.6(GLIBC_2.2.4)(64bit)libc.so.6(GLIBC_2.27)(64bit)libc.so.6(GLIBC_2.3)(64bit)libc.so.6(GLIBC_2.3.2)(64bit)libc.so.6(GLIBC_2.3.4)(64bit)libc.so.6(GLIBC_2.32)(64bit)libc.so.6(GLIBC_2.33)(64bit)libc.so.6(GLIBC_2.34)(64bit)libc.so.6(GLIBC_2.38)(64bit)libc.so.6(GLIBC_2.4)(64bit)libc.so.6(GLIBC_2.5)(64bit)libc.so.6(GLIBC_2.6)(64bit)libc.so.6(GLIBC_2.8)(64bit)libcli-cldap-samba4.so()(64bit)libcli-cldap-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-ldap-common-samba4.so()(64bit)libcli-ldap-common-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-ldap-samba4.so()(64bit)libcli-ldap-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-nbt-samba4.so()(64bit)libcli-nbt-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-smb-common-samba4.so()(64bit)libcli-smb-common-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcli-spoolss-samba4.so()(64bit)libcli-spoolss-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcliauth-samba4.so()(64bit)libcliauth-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libclidns-samba4.so()(64bit)libclidns-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcluster-samba4.so()(64bit)libcluster-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libcom_err.so.2()(64bit)libcommon-auth-samba4.so()(64bit)libcommon-auth-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdbwrap-samba4.so()(64bit)libdbwrap-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdcerpc-binding.so.0()(64bit)libdcerpc-binding.so.0(DCERPC_BINDING_0.0.1)(64bit)libdcerpc-pkt-auth-samba4.so()(64bit)libdcerpc-pkt-auth-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdcerpc-samba-samba4.so()(64bit)libdcerpc-samba-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libdcerpc.so.0()(64bit)libdcerpc.so.0(DCERPC_0.0.1)(64bit)libflag-mapping-samba4.so()(64bit)libflag-mapping-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libgenrand-samba4.so()(64bit)libgenrand-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libgensec-samba4.so()(64bit)libgensec-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libgnutls.so.30()(64bit)libgnutls.so.30(GNUTLS_3_4)(64bit)libgnutls.so.30(GNUTLS_3_6_10)(64bit)libgnutls.so.30(GNUTLS_3_6_13)(64bit)libgnutls.so.30(GNUTLS_3_6_3)(64bit)libgse-samba4.so()(64bit)libgse-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libgssapi_krb5.so.2()(64bit)libgssapi_krb5.so.2(gssapi_krb5_2_MIT)(64bit)libhttp-samba4.so()(64bit)libhttp-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libinterfaces-samba4.so()(64bit)libinterfaces-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libiov-buf-samba4.so()(64bit)libiov-buf-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libk5crypto.so.3()(64bit)libk5crypto.so.3(k5crypto_3_MIT)(64bit)libkrb5.so.3()(64bit)libkrb5.so.3(krb5_3_MIT)(64bit)libkrb5samba-samba4.so()(64bit)libkrb5samba-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)liblber-2.4.so.2()(64bit)libldap_r-2.4.so.2()(64bit)libldb.so.2()(64bit)libldb.so.2(LDB_0.9.10)(64bit)libldb.so.2(LDB_0.9.15)(64bit)libldb.so.2(LDB_0.9.16)(64bit)libldb.so.2(LDB_0.9.23)(64bit)libldb.so.2(LDB_1.1.1)(64bit)libldb.so.2(LDB_1.1.19)(64bit)libldb.so.2(LDB_1.1.30)(64bit)libldb.so.2(LDB_1.3.0)(64bit)libldb.so.2(LDB_2.6.1)(64bit)libldb.so.2(LDB_2.8.0)(64bit)libldbsamba-samba4.so()(64bit)libldbsamba-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)liblibcli-lsa3-samba4.so()(64bit)liblibcli-lsa3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)liblibcli-netlogon3-samba4.so()(64bit)liblibcli-netlogon3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)liblibsmb-samba4.so()(64bit)liblibsmb-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmessages-dgm-samba4.so()(64bit)libmessages-dgm-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmessages-util-samba4.so()(64bit)libmessages-util-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmsghdr-samba4.so()(64bit)libmsghdr-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libmsrpc3-samba4.so()(64bit)libmsrpc3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libndr-krb5pac.so.0()(64bit)libndr-krb5pac.so.0(NDR_KRB5PAC_0.0.1)(64bit)libndr-nbt.so.0()(64bit)libndr-nbt.so.0(NDR_NBT_0.0.1)(64bit)libndr-samba-samba4.so()(64bit)libndr-samba-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libndr-samba4.so()(64bit)libndr-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libndr-standard.so.0()(64bit)libndr-standard.so.0(NDR_STANDARD_0.0.1)(64bit)libndr.so.3()(64bit)libndr.so.3(NDR_0.0.1)(64bit)libndr.so.3(NDR_0.0.3)(64bit)libndr.so.3(NDR_0.0.4)(64bit)libndr.so.3(NDR_0.0.5)(64bit)libndr.so.3(NDR_0.0.6)(64bit)libndr.so.3(NDR_0.0.7)(64bit)libndr.so.3(NDR_0.0.8)(64bit)libndr.so.3(NDR_0.0.9)(64bit)libndr.so.3(NDR_0.1.1)(64bit)libndr.so.3(NDR_0.1.2)(64bit)libndr.so.3(NDR_0.2.0)(64bit)libndr.so.3(NDR_0.2.1)(64bit)libndr.so.3(NDR_1.0.0)(64bit)libndr.so.3(NDR_1.0.1)(64bit)libndr.so.3(NDR_1.0.2)(64bit)libndr.so.3(NDR_2.0.0)(64bit)libndr.so.3(NDR_3.0.1)(64bit)libnetif-samba4.so()(64bit)libnetif-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libnpa-tstream-samba4.so()(64bit)libnpa-tstream-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libnscd.so.1()(64bit)libnscd.so.1(LIBNSCD_1.0)(64bit)libpam.so.0()(64bit)libpam.so.0(LIBPAM_1.0)(64bit)libpopt.so.0()(64bit)libpopt.so.0(LIBPOPT_0)(64bit)libreplace-samba4.so()(64bit)libreplace-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-cluster-support-samba4.so()(64bit)libsamba-cluster-support-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-credentials.so.1()(64bit)libsamba-credentials.so.1(SAMBA_CREDENTIALS_1.0.0)(64bit)libsamba-debug-samba4.so()(64bit)libsamba-debug-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-errors.so.1()(64bit)libsamba-errors.so.1(SAMBA_ERRORS_1.0.0)(64bit)libsamba-hostconfig.so.0()(64bit)libsamba-hostconfig.so.0(SAMBA_HOSTCONFIG_0.0.1)(64bit)libsamba-modules-samba4.so()(64bit)libsamba-modules-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-passdb.so.0()(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.2.0)(64bit)libsamba-passdb.so.0(SAMBA_PASSDB_0.27.1)(64bit)libsamba-security-samba4.so()(64bit)libsamba-security-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-sockets-samba4.so()(64bit)libsamba-sockets-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamba-util.so.0()(64bit)libsamba-util.so.0(SAMBA_UTIL_0.0.1)(64bit)libsamba3-util-samba4.so()(64bit)libsamba3-util-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamdb-common-samba4.so()(64bit)libsamdb-common-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsamdb.so.0()(64bit)libsamdb.so.0(SAMDB_0.0.1)(64bit)libsecrets3-samba4.so()(64bit)libsecrets3-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libserver-id-db-samba4.so()(64bit)libserver-id-db-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libserver-role-samba4.so()(64bit)libserver-role-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmb-transport-samba4.so()(64bit)libsmb-transport-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmbclient-raw-samba4.so()(64bit)libsmbclient-raw-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmbconf.so.0()(64bit)libsmbconf.so.0(SMBCONF_0.0.1)(64bit)libsmbd-shim-samba4.so()(64bit)libsmbd-shim-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsmbldap.so.2()(64bit)libsmbldap.so.2(SMBLDAP_0)(64bit)libsmbldap.so.2(SMBLDAP_1)(64bit)libsmbldaphelper-samba4.so()(64bit)libsmbldaphelper-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsocket-blocking-samba4.so()(64bit)libsocket-blocking-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libstable-sort-samba4.so()(64bit)libstable-sort-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsys-rw-samba4.so()(64bit)libsys-rw-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libsystemd.so.0()(64bit)libsystemd.so.0(LIBSYSTEMD_209)(64bit)libtalloc-report-printf-samba4.so()(64bit)libtalloc-report-printf-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libtalloc.so.2()(64bit)libtalloc.so.2(TALLOC_2.0.2)(64bit)libtalloc.so.2(TALLOC_2.1.0)(64bit)libtalloc.so.2(TALLOC_2.3.5)(64bit)libtasn1.so.6()(64bit)libtasn1.so.6(LIBTASN1_0_3)(64bit)libtdb-wrap-samba4.so()(64bit)libtdb-wrap-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libtdb.so.1()(64bit)libtdb.so.1(TDB_1.2.1)(64bit)libtdb.so.1(TDB_1.2.2)(64bit)libtdb.so.1(TDB_1.2.5)(64bit)libtdb.so.1(TDB_1.3.0)(64bit)libtdb.so.1(TDB_1.3.11)(64bit)libtdb.so.1(TDB_1.3.17)(64bit)libtevent-util.so.0()(64bit)libtevent-util.so.0(TEVENT_UTIL_0.0.1)(64bit)libtevent.so.0()(64bit)libtevent.so.0(TEVENT_0.11.0)(64bit)libtevent.so.0(TEVENT_0.12.0)(64bit)libtevent.so.0(TEVENT_0.13.0)(64bit)libtevent.so.0(TEVENT_0.15.0)(64bit)libtevent.so.0(TEVENT_0.9.12)(64bit)libtevent.so.0(TEVENT_0.9.13)(64bit)libtevent.so.0(TEVENT_0.9.16)(64bit)libtevent.so.0(TEVENT_0.9.20)(64bit)libtevent.so.0(TEVENT_0.9.30)(64bit)libtevent.so.0(TEVENT_0.9.31)(64bit)libtevent.so.0(TEVENT_0.9.37)(64bit)libtevent.so.0(TEVENT_0.9.9)(64bit)libtime-basic-samba4.so()(64bit)libtime-basic-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libtrusts-util-samba4.so()(64bit)libtrusts-util-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libutil-reg-samba4.so()(64bit)libutil-reg-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libutil-setid-samba4.so()(64bit)libutil-setid-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libutil-tdb-samba4.so()(64bit)libutil-tdb-samba4.so(SAMBA_4.19.9_GIT.430.A10FE64854C150600.3.18.2SUSE_OS15.0_S390X_SAMBA4)(64bit)libwbclient.so.0()(64bit)libwbclient.so.0(WBCLIENT_0.13)(64bit)libwbclient.so.0(WBCLIENT_0.9)(64bit)libz.so.1()(64bit)rpmlib(CompressedFileNames)rpmlib(FileDigests)rpmlib(PayloadFilesHavePrefix)rpmlib(PayloadIsXz)3.0.4-14.6.0-14.0-15.2-14.14.3hm@g`@gRgR@gMgp@fٝ@fxfteԔ@ee5@ede6`@e-%e'e%ascabrero@suse.denopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comddiss@suse.comscabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comdmulder@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comscabrero@suse.dedmulder@suse.comscabrero@suse.denopower@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comscabrero@suse.denopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comddiss@suse.comnopower@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.dedimstar@opensuse.orgscabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.descabrero@suse.denopower@suse.comscabrero@suse.deddiss@suse.comddiss@suse.comddiss@suse.comscabrero@suse.descabrero@suse.dedmulder@suse.comnopower@suse.comscabrero@suse.descabrero@suse.dedmulder@suse.comscabrero@suse.descabrero@suse.denopower@suse.comnopower@suse.comnopower@suse.comdmulder@suse.comscabrero@suse.denopower@suse.comddiss@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comjmcdonough@suse.comnopower@suse.comscabrero@suse.denopower@suse.comnopower@suse.comddiss@suse.comddiss@suse.comnopower@suse.comnopower@suse.comddiss@suse.comnopower@suse.comdmulder@suse.comdmulder@suse.comddiss@suse.comscabrero@suse.dedmulder@suse.comddiss@suse.comnopower@suse.comjengelh@inai.dedmulder@suse.comscabrero@suse.descabrero@suse.descabrero@suse.dedmulder@suse.comdmulder@suse.comdmulder@suse.comjmcdonough@suse.comdmulder@suse.comscabrero@suse.dedmulder@suse.comscabrero@suse.dedmulder@suse.comdmulder@suse.comvcizek@suse.comdmulder@suse.comdmulder@suse.comnopower@suse.comscabrero@suse.dejmcdonough@suse.comscabrero@suse.deaaptel@suse.comjengelh@inai.dedimstar@opensuse.orgdmulder@suse.comjmcdonough@suse.comdavid.mulder@suse.comjmcdonough@suse.comaaptel@suse.comdmulder@suse.comscabrero@suse.comscabrero@suse.comkukuk@suse.dedavid.mulder@suse.comscabrero@suse.comrbrown@suse.comdmulder@suse.comscabrero@suse.comdimstar@opensuse.orgscabrero@suse.comaaptel@suse.comnopower@suse.comnopower@suse.comaaptel@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comddiss@suse.comnopower@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comddiss@suse.comdmulder@suse.comnopower@suse.comjmcdonough@suse.comaaptel@suse.comkukuk@suse.comkukuk@suse.denopower@suse.comaaptel@suse.comdmulder@suse.comddiss@suse.comdmulder@suse.comddiss@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comnopower@suse.comnopower@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comnopower@suse.comddiss@suse.comjmcdonough@suse.comddiss@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comjmcdonough@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comtchvatal@suse.comlmuelle@suse.comnopower@suse.comcrrodriguez@opensuse.orglmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.comnoel.power@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comnopower@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.comlmuelle@suse.comddiss@suse.comlmuelle@suse.commpluskal@suse.comlmuelle@suse.comnopower@suse.deddiss@suse.comddiss@suse.comddiss@suse.comlmuelle@suse.denopower@suse.delmuelle@suse.comnopower@suse.deddiss@suse.comlmuelle@suse.comlmuelle@suse.comlmuelle@suse.com- Windows security hardening locks out schannel'ed netlogon dc calls like netr_DsRGetDCName; (bsc#1246431); (bso#15876).- Fix Samba printers reporting invalid sid during print jobs; (bsc#1234210); (bso#15792).- Fix crossing automounter mount points; (bsc#1215212); (bsc#1236803);- Update shipped /etc/samba/smb.conf to point to smb.conf man page;(bsc#1233880).- Update to 4.19.9 * libldb: performance issue with indexes (ldb 2.8.2 is already released); (bso#15590). * DH reconnect error handling can lead to stale sharemode entries; (bso#15624). * Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated; (bso#15699). * irpc_destructor may crash during shutdown; (bso#15280). * Compound SMB2 requests don't return NT_STATUS_NETWORK_SESSION_EXPIRED for all requests, confuses MacOSX clients; (bso#15696). * Crash when readlinkat fails; (bso#15700).- Adjust spec to split out rpcd_* binaries into a separate sub package; (bsc#1231414).- Incorrect FSCTL_QUERY_ALLOCATED_RANGES response when truncated; (bso#15699); (bsc#1229684). - Update to 4.19.8 * Invalid client warning about command line passwords; (bso#15671); * Version string is truncated in manpages; (bso#15672); * --version-* options are still not ergonomic, and they reject tilde characters; (bso#15673); * cmdline_burn does not always burn secrets; (bso#15674); * Samba doesn't parse SDDL found in defaultSecurityDescriptor in AD_DS_Classes_Windows_Server_v1903.ldf; (bso#15685); * We have added new options --vendor-name and --vendor-patch- revision arguments to ./configure to allow distributions and packagers to put their name in the Samba version string so that when debugging Samba the source of the binary is obvious; (bso#15654); * When claims enabled with heimdal kerberos, unable to log on to a Windows computer when user account need to change their own password; (bso#15655); * Fix clock skew error message and memory cache clock skew recovery; (bso#15676); * CTDB RADOS mutex helper misses namespace support; (bso#15665); * The images don't build after the git security release and CentOS 8 Stream is EOL; (bso#15660); * Fix unnecessary delays in CTDB while processing requests under high load; (bso#15678); * Dynamic DNS updates with the internal DNS are not working; (bso#13019); * s4:nbt_server: does not provide unexpected handling, so winbindd can't use nmb requests instead cldap; (bso#15620); * Panic in vfs_offload_token_db_fetch_fsp(); (bso#15664); * "client use kerberos" and --use-kerberos is ignored for the machine account; (bso#15666); * Regression DFS not working with widelinks = true; (bso#15435); * ntlm_auth make logs more consistent with length check; (bso#15677);- Fix a crash when joining offline and 'kerberos method' includes keytab; (bsc#1228732); - Fix reading the password from STDIN or environment vars if it was already given in the command line; (bsc#1228732);- Update to 4.19.7 * ldb qsort might r/w out of bounds with an intransitive compare function (ldb 2.8.1 is already released); (bso#15569). * Many qsort() comparison functions are non-transitive, which can lead to out-of-bounds access in some circumstances (ldb 2.8.1 is already released); (bso#15625). * Need to change gitlab-ci.yml tags in all branches to avoid CI bill; (bso#15638). * netr_LogonSamLogonEx returns NR_STATUS_ACCESS_DENIED with SysvolReady=0; (bso#14981). * Anonymous smb3 signing/encryption should be allowed (similar to Windows Server 2022); (bso#15412). * Panic in dreplsrv_op_pull_source_apply_changes_trigger; (bso#15573). * winbindd, net ads join and other things don't work on an ipv6 only host; (bso#15642). * Smbcacls incorrectly propagates inheritance with Inherit-Only flag; (bso#15636). * http library doesn't support 'chunked transfer encoding'; (bso#15611). - Update to 4.19.6 * fd_handle_destructor() panics within an smbd_smb2_close() if vfs_stat_fsp() fails in fd_close(); (bso#15527). * samba-gpupdate: Correctly implement site support; (bso#15588). * libgpo: Segfault in python bindings; (bso#15599). * Packet marshalling push support missing for CTDB_CONTROL_TCP_CLIENT_DISCONNECTED and CTDB_CONTROL_TCP_CLIENT_PASSED; (bso#15580).- Update to 4.19.5 * Windows 2016 fails to restore previous version of a file from a shadow_copy2 snapshot; (bso#13688). * Symlinks on AIX are broken in 4.19 (and a few version before that); (bso#15549). * Fake directory create times has no effect; (bso#12421). * ctime mixed up with mtime by smbd; (bso#15550). * samba-gpupdate --rsop fails if machine is not in a site; (bso#15548). * gpupdate: The root cert import when NDES is not available is broken; (bso#15557). * samba-gpupdate should print a useful message if cepces-submit can't be found; (bso#15552). * samba-gpupdate logging doesn't work; (bso#15558). * smbpasswd reset permissions only if not 0600; (bso#15555).- Remove -x from bash shebang update-apparmor-samba-profile; (bsc#1218431).- Update to 4.19.4 * net changesecretpw cannot set the machine account password if secrets.tdb is empty; (bso#13577). * For generating doc, take, if defined, env XML_CATALOG_FILES; (bso#15540). * Trivial C typo in nsswitch/winbind_nss_netbsd.c; (bso#15541). * vfs_linux_xfs is incorrectly named; (bso#15542). * systemd stumbled over copyright-message at smbd startup; (bso#15377). * Following intermediate abolute share-local symlinks is broken; (bso#15505). * ctdb RELEASE_IP causes a crash in release_ip if a connection to a non-public address disconnects first; (bso#15523). * shadow_copy2 broken when current fileset's directories are removed; (bso#15544). * smbd does not detect ctdb public ipv6 addresses for multichannel exclusion; (bso#15534). * 'force user = localunixuser' doesn't work if 'allow trusted domains = no' is set; (bso#15469). * smbget debug logging doesn't work; (bso#15525). * smget: username in the smburl and interactive password entry doesn't work; (bso#15532). * smbget auth function doesn't set values for password prompt correctly; (bso#15538). * Unable to copy and write files from clients to Ceph cluster via SMB Linux gateway with Ceph VFS module; (bso#15440). * Multichannel refresh network information; (bso#15547).- Update to 4.19.3 * sid_strings test broken by unix epoch > 1700000000; (bso#15520). * smbd crashes if asked to return full information on close of a stream handle with delete on close disposition set; (bso#15487). * smbd: fix close order of base_fsp and stream_fsp in smb_fname_fsp_destructor(); (bso#15521). * Improve logging for failover scenarios; (bso#15499). * Files without "read attributes" NFS4 ACL permission are not listed in directories; (bso#15093). * CVE-2018-14628 [SECURITY] Deleted Object tombstones visible in AD LDAP to normal users; (bso#13595). * Kerberos TGS-REQ with User2User does not work for normal accounts; (bso#15492). * vfs_gpfs stat calls fail due to file system permissions; (bso#15507). * Samba doesn't build with Python 3.12; (bso#15513).- packaging: samba-tool domain provision requires python3-Markdown; (bsc#1216519).- Update to 4.19.2 * Use-after-free in aio_del_req_from_fsp during smbd shutdown after failed IPC FSCTL_PIPE_TRANSCEIVE; (bso#15423). * clidfs.c do_connect() missing a "return" after a cli_shutdown() call; (bso#15426). * macOS mdfind returns only 50 results; (bso#15463). * GETREALFILENAME_CACHE can modify incoming new filename with previous cache entry value; (bso#15481). * libnss_winbind causes memory corruption since samba-4.18, impacts sendmail, zabbix, potentially more; (bso#15464). * ctdbd: setproctitle not initialized messages flooding logs; (bso#15479). * CVE-2023-5568 Heap buffer overflow with freshness tokens in the Heimdal KDC in Samba 4.19; (bso#15491). * The heimdal KDC doesn't detect s4u2self correctly when fast is in use; (bso#15477).- use systemd-logind rather than utmp for y2038 safety; (bsc#1216159).- CVE-2023-4091: samba: Client can truncate file with read-only permissions; (bsc#1215904); (bso#15439). - CVE-2023-42669: samba: rpcecho, enabled and running in AD DC, allows blocking sleep on request; (bso#1215905); (bso#15474). - CVE-2023-42670: samba: The procedure number is out of range when starting Active Directory Users and Computers; (bsc#1215906); (bso#15473). - CVE-2023-3961: samba: Unsanitized client pipe name passed to local_np_connect(); (bsc#1215907); (bso#15422). - CVE-2023-4154: samba: dirsync allows SYSTEM access with only "GUID_DRS_GET_CHANGES" right, not "GUID_DRS_GET_ALL_CHANGES; (bsc#1215908); (bso#15424).- Update to 4.19.0 * File doesn't show when user doesn't have permission if aio_pthread is loaded; (bso#15453). * ctdb_killtcp fails to work with --enable-pcap and libpcap ≥ 1.9.1; (bso#15451). * Logging to stdout/stderr with DEBUG_SYSLOG_FORMAT_ALWAYS can log to syslog; (bso#15460). * ‘samba-tool domain level raise’ fails unless given a URL; (bso#15458). * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420). * missing return in reply_exit_done(); (bso#15430). * TREE_CONNECT without SETUP causes smbd to use uninitialized pointer; (bso#15432). * Avoid infinite loop in initial user sync with Azure AD Connect when synchronising a large Samba AD domain; (bso#15401). * Samba replication logs show (null) DN; (bso#15407). * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346). * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446). * CID 1539212 causes real issue when output contains only newlines; (bso#15438). * KDC encodes INT64 claims incorrectly; (bso#15452). * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449). * Windows client join fails if a second container CN=System exists somewhere; (bso#9959). * regression DFS not working with widelinks = true; (bso#15435). * Heimdal fails to build on 32-bit FreeBSD; (bso#15443). * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441). - Update to 4.18.6 * reply_sesssetup_and_X() can dereference uninitialized tmp pointer; (bso#15420); * Missing return in reply_exit_done(); (bso#15430); * post-exec password redaction for samba-tool is more reliable for fully random passwords as it no longer uses regular expressions containing the password value itself; (bso#15289); * Windows client join fails if a second container CN=System exists somewhere; (bso#9959); * Spotlight sometimes returns no results on latest macOS; (bso#15342); * Renaming results in NT_STATUS_SHARING_VIOLATION if previously attempted to remove the destination; (bso#15417); * Spotlight results return wrong date in result list; (bso#15427); * "net offlinejoin provision" does not work as non-root user; (bso#15414); * rpcserver no longer accepts double backslash in dfs pathname; (bso#15400); * cm_prepare_connection() calls close(fd) for the second time; (bso#15433); * 2-3min delays at reconnect with smb2_validate_sequence_number: bad message_id 2; (bso#15346); * samba-tool ntacl get segfault if aio_pthread appended; (bso#15441); * DCERPC_PKT_CO_CANCEL and DCERPC_PKT_ORPHANED can't be parsed; (bso#15446); * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390); * Regression DFS not working with widelinks = true; (bso#15435); * mdssvc: Do an early talloc_free() in _mdssvc_open(); (bso#15449); - Update to 4.18.5 * CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). * CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). * CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). * CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). * CVE-2023-3347: Samba doesn't require SMB2+ signing if `server signing = mandatory` is set; (bso#15397); (bsc#1213170). * secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384). - Update to 4.18.4 * Backport --pidl-developer fixes; (bso#15404). * Named crashes on DLZ zone update; (bso#14030). * smbcacls and smbcquotas do not check // before the server; (bso#2312). * cli_list loops 100% CPU against pre-lanman2 servers; (bso#15382). * smbclient leaks fds with showacls; (bso#15391). * smbd returns NOT_FOUND when creating files on a r/o filesystem; (bso#15402). * NSS_WRAPPER_HOSTNAME doesn't match NSS_WRAPPER_HOSTS entry and causes test timeouts; (bso#15355). * net ads lookup (with unspecified realm) fails; (bso#15384). * Register Samba processes with GPFS; (bso#15381). * Python tarfile extraction needs change to avoid a warning (CVE-2007-4559 mitigation); (bso#15390). * The winbind child segfaults when listing users with `winbind scan trusted domains = yes`; (bso#15398). * Remove comments about deprecated 'write cache size'; (bso#15383). * smbget memory leak if failed to download files recursively; (bso#15403). - Update to 4.18.3 * Symlinks to files can have random DOS mode information in a directory listing; (bso#15375). * vfs_fruit might cause a failing open for delete; (bso#15378). * winbind recurses into itself via rpcd_lsad; (bso#15361). * wbinfo -u fails on ad dc with >1000 users; (bso#15366). * DS ACEs might be inherited to unrelated object classes; (bso#15338). * a lot of messages: get_static_share_mode_data: get_static_share_mode_data_fn failed: NT_STATUS_NOT_FOUND; (bso#15362). * aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(); (bso#15374). * Setting veto files = /.*/ break listing directories; (bso#15360). * "samba-tool domain provision" does not run interactive mode if no arguments are given; (bso#15363). * dsgetdcname: assumes local system uses IPv4; (bso#15325). - Update to 4.18.2 * Log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower; (bso#15302). * Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c; (bso#15306). * test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners; (bso#15328). * Reduce flapping of ridalloc test; (bso#15329). * large_ldap test is unreliable; (bso#15351). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * mdssvc may crash when initializing; (bso#15354). * large directory optimization broken for non-lcomp path elements; (bso#15313). * streams_depot fails to create streams; (bso#15357). * shadow_copy2 and streams_depot don't play well together; (bso#15358). * Flapping tests in samba_tool_drs_show_repl.py; (bso#15316). * winbindd idmap child contacts the domain controller without a need; (bso#15317). * idmap_autorid may fail to map sids of trusted domains for the first time; (bso#15318). * idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings; (bso#15319). * net ads search -P doesn't work against servers in other domains; (bso#15323). * Temporary smbXsrv_tcon_global.tdb can't be parsed; (bso#15353). * Tests use depricated and removed methods like assertRegexpMatches; (bso#15343). - Update to 4.18.1 * CVE-2023-0225: AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users. (bso#15276);(bsc#1209483). * CVE-2023-0614: Access controlled AD LDAP attributes can be discovered (bso#15270); (bsc#1209485). * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext(bso#15315);(bsc#1209481). * ldb wildcard matching makes excessive allocations; (bso#15331). * large_ldap test is inefficient; (bso#15332). - Update to 4.18.0 * SMB server performance improvements * More succinct samba-tool error messages * Color output with samba-tool --color The NO_COLOR environment variable will disable colour output * New samba-tool dsacl subcommand for deleting ACEs * New wbinfo option --change-secret-at * Net option to change the NT ACL default location * Azure AD / Office365 synchronization improvements- Fix DFS not working with widelinks enabled; (bsc#1213607); (bso#15435);- Move libcluster-samba4.so from samba-libs to samba-client-libs; (bsc#1213940);- net ads lookup with unspecified realm fails; (bso#15384); (bsc#1213826);- secure channel faulty since Windows 10/11 update 07/2023; (bso#15418); (bsc#1213384).- CVE-2022-2127: lm_resp_len not checked properly in winbindd_pam_auth_crap_send; (bso#15072); (bsc#1213174). - CVE-2023-34966: Samba Spotlight mdssvc RPC Request Infinite Loop Denial-of-Service Vulnerability; (bso#15340); (bsc#1213173). - CVE-2023-34967: Samba Spotlight mdssvc RPC Request Type Confusion Denial-of-Service Vulnerability; (bso#15341); (bsc#1213172). - CVE-2023-34968: Spotlight server-side Share Path Disclosure; (bso#15388); (bsc#1213171). - CVE-2023-3347: Samba doesn't require SMB2+ signing if `server signing = mandatory` is set; (bso#15397); (bsc#1213170).- Update to 4.17.9 * Backport --pidl-developer fixes; (bso#15404). * smbd_scavenger crashes when service smbd is stopped; (bso#15275). * vfs_fruit might cause a failing open for delete; (bso#15378). * named crashes on DLZ zone update; (bso#14030). * winbind recurses into itself via rpcd_lsad; (bso#15361). * cli_list loops 100% CPU against pre-lanman2 servers; (bso#15382). * smbclient leaks fds with showacls; (bso#15391). * aes256 smb3 encryption algorithms are not allowed in smb3_sid_parse(); (bso#15374). * winbindd gets stuck on NT_STATUS_RPC_SEC_PKG_ERROR; (bso#15413). * smbget memory leak if failed to download files recursively; (bso#15403).- Update to 4.17.8 * log flood: smbd_calculate_access_mask_fsp: Access denied: message level should be lower; (bso#15302). * Floating point exception (FPE) via cli_pull_send at source3/libsmb/clireadwrite.c; (bso#15306). * test_tstream_more_tcp_user_timeout_spin fails intermittently on Rackspace GitLab runners; (bso#15328). * Reduce flapping of ridalloc test; (bso#15329). * large_ldap test is unreliable; (bso#15351). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * mdssvc may crash when initializing; (bso#15354). * Large directory optimization broken for non-lcomp path elements; (bso#15313). * streams_depot fails to create streams; (bso#15357). * shadow_copy2 and streams_depot don't play well together; (bso#15358). * wbinfo -u fails on ad dc with >1000 users; (bso#15366). * winbindd idmap child contacts the domain controller without a need; (bso#15317). * idmap_autorid may fail to map sids of trusted domains for the first time; (bso#15318). * idmap_hash doesn't use ID_TYPE_BOTH for reverse mappings; (bso#15319). * net ads search -P doesn't work against servers in other domains; (bso#15323). * DS ACEs might be inherited to unrelated object classes; (bso#15338). * Temporary smbXsrv_tcon_global.tdb can't be parsed; (bso#15353). * Setting veto files = /.*/ break listing directories; (bso#15360); (bsc#1212375). * CVE-2020-25720 [SECURITY] Create Child permission should not allow full write to all attributes (additional changes); (bso#14810). * dsgetdcname: assumes local system uses IPv4; (bso#15325).- Update to 4.17.7 * CVE-2023-0922: Samba AD DC admin tool samba-tool sends passwords in cleartext; (bso#15315); (bsc#1209481). * CVE-2023-0225: Samba AD DC "dnsHostname" attribute can be deleted by unprivileged authenticated users; (bso#15276); (bsc#1209483). * CVE-2023-0614: samba: Access controlled AD LDAP attributes can be discovered; (bso#15270); (bsc#1209485). * large_ldap test is inefficient; (bso#15332). * CVE-2020-25720 [SECURITY] Create Child permission should not allow full write to all attributes (additional changes); (bso#14810). - Update to 4.17.6 * streams_xattr is creating unexpected locks on folders; (bso#15314). * Use of the Azure AD Connect cloud sync tool is now supported for password hash synchronisation, allowing Samba AD Domains to synchronise passwords with this popular cloud environment; (bso#10635). * Spotlight doesn't work with latest macOS Ventura; (bso#15299). * New samba-dcerpc architecture does not scale gracefully; (bso#15310). * vfs_ceph incorrectly uses fsp_get_io_fd() instead of fsp_get_pathref_fd() in close and fstat; (bso#15307). * With clustering enabled samba-bgqd can core dump due to use after free; (bso#15293). * fd_load() function implicitly closes the fd where it should not; (bso#15311). - Update to 4.17.5 * smbc_getxattr() return value is incorrect; (bso#14808). * Compound SMB2 FLUSH+CLOSE requests from MacOSX are not handled correctly; (bso#15172). * synthetic_pathref AFP_AfpInfo failed errors; (bso#15210). * samba-tool gpo listall fails IPv6 only - finddcs() fails to find DC when there is only an AAAA record for the DC in DNS; (bso#15226). * smbd crashes if an FSCTL request is done on a stream handle; (bso#15236). * DFS links don't work anymore on Mac clients since 4.17; (bso#15277). * vfs_virusfilter segfault on access, directory edgecase (accessing NULL value); (bso#15283). * CVE-2022-38023 [SECURITY] Samba should refuse RC4 (aka md5) based SChannel on NETLOGON (additional changes); (bso#15240). * %U for include directive doesn't work for share listing (netshareenum); (bso#15243). * Shares missing from netshareenum response in samba 4.17.4; (bso#15266). * ctdb: use-after-free in run_proc; (bso#15269). * irpc_destructor may crash during shutdown; (bso#15280). * auth3_generate_session_info_pac leaks wbcAuthUserInfo; (bso#15286). * smbclient segfaults with use after free on an optimized build; (bso#15268). * smbstatus leaking files in msg.sock and msg.lock; (bso#15282). * Leak in wbcCtxPingDc2; (bso#15164). * Access based share enum does not work in Samba 4.16+; (bso#15265). * Crash during share enumeration; (bso#15267). * rep_listxattr on FreeBSD does not properly check for reads off end of returned buffer; (bso#15271). * Avoid relying on C89 features in a few places; (bso#15281).- Make (32bit) samba-libs conflict with old samba-ad-dc-libs package to satisfy installcheck.- Make samba-libs conflict with old samba-ad-dc-libs package to satisfy installcheck.- Remove non functioning ifup/ifdown samba-winbindd scripts; (bsc#1207414).- libdsdb-module-samba4 should be packaged as part of samba-libs and not samba-ad-dc-libs. Additionally no need for it to be removed conditionally.- Clean up logic for PAM migration settings in spec file.- Change with_dc default to 0 (for non TW builds), ADDC feature is deprecated and will no longer be included in >= SLE15-SP5; (jsc#PED-1122).- Update to 4.17.4 * CVE-2022-44640 Upstream Heimdal free of user-controlled pointer in FAST; (bsc#14929); * CVE-2021-20251 Bad password count not incremented atomically; (bsc#14611); * CVE-2022-42898 krb5_pac_parse() buffer parsing vulnerability; (bsc#15203); * CVE-2022-37966 rc4-hmac Kerberos session keys issued to modern servers; (bso#15237); * CVE-2022-37967 Kerberos constrained delegation ticket forgery possible against Samba AD DC; (bso#15231); * CVE-2022-38023 RC4/HMAC-MD5 NetLogon Secure Channel is weak and should be avoided; (bso#15240); * pam_winbind uses time_t and pointers assuming they are of the same size; (bso#15224); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * filter-subunit is inefficient with large numbers of knownfails; (bso#15258); * smbd allows setting FILE_ATTRIBUTE_TEMPORARY on directories; (bso#15252); * The KDC logic arround msDs-supportedEncryptionTypes differs from Windows; (bso#13135); * libnet: change_password() doesn't work with dcerpc_samr_ChangePasswordUser4(); (bso#15206); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); * Memory leak in snprintf replacement functions; (bso#15230); * RODC doesn't reset badPwdCount reliable via an RWDC (CVE-2021-20251 regression); (bso#15253); * Prevent EBADF errors with vfs_glusterfs; (bso#15198); * %U for include directive doesn't work for share listing (netshareenum); (bso#15243); * Stack smashing in net offlinejoin requestodj; (bso#15257); * Windows 11 22H2 and Samba-AD 4.15 Kerberos login issue; (bso#15197); * Heimdal session key selection in AS-REQ examines wrong entry; (bso#15219); - Remove deprecated if-{down,up} scripts; (bsc#1206444); - Adjust the systemd drop-in file for named service; (bsc#1201689); * Paths are additive so do not repeat paths from named.service * Prefix the samba DLZ directory with "-" to ignore this path if it does not exists- Introduce without-smb1-server spec flag; (bsc#1205104); - Update to 4.17.3 * CVE-2022-42898: Samba buffer overflow vulnerabilities on 32-bit systems; (bsc#1205126); (bso#15203); - Replace obsolete python-gpgme with python-gpg * Upstream replaced it in v4.9.5 -- bso#13728 - Update to 4.17.2 * CVE-2022-3592 [SECURITY] samba: Wide links protection broken; (bso#15207); (bsc#1204499). * CVE-2022-3437 [SECURITY] samba: Buffer overflow in Heimdal unwrap_des3();(bso#15134); (bsc#1204254). - Update to 4.17.1 * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * smbXsrv_connection_shutdown_send result leaked; (bso#15174). * Flush on a named stream never completes; (bso#15182). * Permission denied calling SMBC_getatr when file not exists; (bso#15195). * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189). * pytest: add file removal helpers for TestCaseInTempDir; (bso#15191). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * Samba 4.5 sometimes cannot be upgraded to Samba 4.6 or later over DRS: WERROR_DS_DRA_MISSING_PARENT due to faulty GET_ANC; (bso#15189). * Flush on a named stream never completes; (bso#15182). * vfs_gpfs silently garbles timestamps > year 2106; (bso#15151). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). * multi-channel socket passing may hit a race if one of the involved processes already existed; (bso#15200). * memory leak on temporary of struct imessaging_post_state and struct tevent_immediate on struct imessaging_context (in rpcd_spoolss and maybe others); (bso#15201). * Since popt1.19 various use after free errors using result of poptGetArg are now exposed; (bso#15205); (boo#1204279). * Remove special case for O_CREAT in SMB_VFS_OPENAT from vfs_glusterfs; (bso#15192). * GETPWSID in memory cache grows indefinetly with each NTLM auth; (bso#15169). * CVE-2021-20251 [SECURITY] Bad password count not incremented atomically; (bso#14611). - Install a systemd drop-in file for named service to allow read/write access to the DLZ directory; (bsc#1201689); - Fix use after free errors resulting from using return of poptGetArg exposed since popt-1.19; (boo#1204279); (bso#15205). - s3: smbd: Fix memory leak in smbd_server_connection_terminate_done(); (bso#15174). - Disable SMB1 for tumbleweed builds. - Update to 4.17.0 * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1; (bso#15153). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * Cross-node multi-channel reconnects result in SMB2 Negotiate returning NT_STATUS_NOT_SUPPORTED; (bso#15159). * winbind at info level debug can coredump when processing wb_lookupusergroups; (bso#15160). * Make use of glfs_*at() API calls in vfs_glusterfs; (bso#15157). * Possible use after free of connection_struct when iterating smbd_server_connection->connections; (bso#15128). * `net usershare add` fails with flag works with --long but fails with -l; (bso#15145). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Performance regression on contended path based operations; (bso#15125). * Missing READ_LEASE break could cause data corruption; (bso#15148). * libsamba-errors uses a wrong version number; (bso#15141). * SMB1 negotiation can fail to handle connection errors; (bso#15152). * New filename parser doesn't check veto files smb.conf parameter; (bso#15143). * 4.17.rc1 still uses symlink-race prone unix_convert(); (bso#15144). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Manpage for smbstatus json is missing; (bso#15147). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Performance regression on contended path based operations; (bso#15125). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). * Fix issues found by coverity in smbstatus json code; (bso#15140). * Backport fileserver related changed to 4.17.0rc2; (bso#15146). - Migration to /usr/etc: Saving user changed configuration files in /etc and restoring them while an RPM update. - Update to 4.16.4 * CVE-2022-2031: Samba AD users can bypass certain restrictions associated with changing passwords; (bsc#1201495); (bso#15047); * CVE-2022-32744: Samba AD users can forge password change requests for any user; (bsc#1201493); (bso#15074); * CVE-2022-32745: Samba AD users can crash the server process with an LDAP add or modify request; (bsc#1201492); (bso#15008); * CVE-2022-32746: Samba AD users can induce a use-after-free in the server process with an LDAP add or modify request; (bsc#1201490); (bso#15009); * CVE-2022-32742: Server memory information leak via SMB1; (bsc#1201496); (bso#15085); - Update to 4.16.3 * Using vfs_streams_xattr and deleting a file causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * Samba with new lorikeet-heimdal fails to build on gcc 12.1 in developer mode; (bso#15095); * Crash in streams_xattr because fsp->base_fsp->fsp_name is NULL; (bso#15105); * Crash in rpcd_classic - NULL pointer deference in mangle_is_mangled(); (bso#15118); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * Fix check for chown when processing NFSv4 ACL; (bso#15120); * The pcap background queue process should not be stopped; (bso#15082); * testparm: Fix typo in idmap rangesize check; (bso#15097); * net ads info returns LDAP server and LDAP server name as null; (bso#15106); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * CTDB child process logging does not work as expected; (bso#15090); - Update spec file to fix the optional Heimdal DC build - Fix external trusts with MIT Kerberos 1.20 - Add missing samba-client requirement to samba-winbind package; (bsc#1198255); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Add sysuser-shadow requirement for packages using systemd-sysusers - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979); - Moved logrotate files from user specific directory /etc/logrotate.d to vendor specific directory /usr/etc/logrotate.d. - Update to 4.16.2 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * Reintroduce netgroups support; (bso#15087); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Update from 4.15 to 4.16 breaks discovery of [homes] on standalone server from Win and IOS; (bso#15062); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient -E doesn't work as advertised; (bso#15075); * The samba background daemon doesn't refresh the printcap cache on startup; (bso#15081); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Fix samba4.blackbox.net_ads_dns_async test with bind9 >= 9.17.7 - Support building with MIT Kerberos 1.20 - Bronze bit and S4U support with MIT Kerberos 1.20 for Samba AD DC; (CVE-2020-17049); - Resource Based Constrained Delegation (RBCD) for Samba AD DC - Support building with gcc 12.1 - Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362); - Update to 4.16.1 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * Need to describe --builtin-libraries= better (compare with - -bundled-libraries); (bso#8731); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * Username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * KVNO off by 100000; (bso#14951); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * smbd doesn't handle UPNs for looking up names; (bso#15054); - Update update-apparmor-samba-profile script, replace non-printable delimiter with more human readable separator as sed can accept separators that can appear in the input data. - Fix update-apparmor-samba-profile script, sed doesn't like multibyte separators; (bsc#1198309). - Update to 4.16.0 * New samba-dcerpcd binary to provide DCERPC in the member server setup * Certificate Auto Enrollment * Ability to add ports to dns forwarder addresses in internal DNS backend * No longer using Linux mandatory locks for sharemodes * SMB1 protocol has been deprecated, particularly older dialects * SMB1 protocol SMBCopy command removed * SMB1 server-side wildcard expansion removed - Add python3-dnspython to samba-ad-dc recommens; (bsc#1187101); - Use systemd-sysusers to create system users; (bsc#1182847);- Install a systemd drop-in file for named service to allow read/write access to the DLZ directory; (bsc#1201689);- Update to 4.15.12 * CVE-2022-42898: samba: heimdal: Samba buffer overflow vulnerabilities on 32-bit systems; (bso#15203); (bsc#1205126). - Update to 4.15.11 * Allow rebuild of Centos 8 images after move to vault for Samba 4.15; (bso#15193). * CVE-2022-3437: samba: Buffer overflow in Heimdal unwrap_des3(); (bso#15134); (bsc#1204254)- Update to 4.15.10 * Possible use after free of connection_struct when iterating smbd_server_connection->connections; (bso#15128); (bsc#1200102). * smbXsrv_connection_shutdown_send result leaked; (bso#15174). * Spotlight RPC service returns wrong response when Spotlight is disabled on a share; (bso#15086). * acl_xattr VFS module may unintentionally use filesystem permissions instead of ACL from xattr; (bso#15126). * Missing SMB2-GETINFO access checks from MS-SMB2 3.3.5.20.1; (bso#15153). * assert failed: !is_named_stream(smb_fname)") at ../../lib/util/fault.c:197; (bso#15161). * Missing READ_LEASE break could cause data corruption; (bso#15148). * rpcclient can crash using setuserinfo(2); (bso#15124). * Samba fails to build with glibc 2.36 caused by including in libreplace; (bso#15132). * SMB1 negotiation can fail to handle connection errors; (bso#15152). * samba-tool domain join segfault when joining a samba ad domain; (bso#15078). - Update to 4.15.9 * CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). * CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). * CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); * CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). * CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); * CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493).- CVE-2022-1615: Do not ignore errors in random number generation; (bso#15103); (bsc#1202976); - CVE-2022-32743: Implement validated dnsHostName write rights; (bso#14833); (bsc#1202803);- Fix Use after free when iterating smbd_server_connection->connections after tree disconnect failure; (bso#15128); (bsc#1200102).- CVE-2022-32746: samba: Use-after-free occurring in database audit logging; (bso#15009); (bso#15096); (bsc#1201490). - CVE-2022-32745: samba: ldb: AD users can crash the server process with an LDAP add or modify request; (bso#15008); (bso#15096); (bsc#1201492). - CVE-2022-2031: samba, ldb: AD users can bypass certain restrictions associated with changing passwords; (bso#15047); (bsc#1201495); - CVE-2022-32742:SMB1 code does not correct verify SMB1write, SMB1write_and_close, SMB1write_and_unlock lengths; (bso#15085); (bsc#1201496). - CVE-2022-32744: samba, ldb: AD users can forge password change requests for any user; (bso#15074); (bso#15047); (bsc#1201493).- Update to 4.15.8 * Use pathref fd instead of io fd in vfs_default_durable_cookie; (bso#15042); * Setting fruit:resource = stream in vfs_fruit causes a panic; (bso#15099); * Add support for bind 9.18; (bso#14986); * logging dsdb audit to specific files does not work; (bso#15076); * vfs_gpfs with vfs_shadowcopy2 fail to restore file if original file had been deleted; (bso#15069); * netgroups support removed; (bso#15087); (bsc#1199247); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); (bsc#1199734); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * smbclient commands del & deltree fail with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556); * vfs_gpfs recalls=no option prevents listing files; (bso#15055); * waf produces incorrect names for python extensions with Python 3.11; (bso#15071); * Compile error in source3/utils/regedit_hexedit.c; (bso#15091); * ldconfig: /lib64/libsmbconf.so.0 is not a symbolic link; (bso#15108); * smbd doesn't handle UPNs for looking up names; (bso#15054); * Out-by-4 error in smbd read reply max_send clamp; (bso#14443); - Move pdb backends from package samba-libs to package samba-client-libs and remove samba-libs requirement from samba-winbind; (bsc#1200964); (bsc#1198255); - Use the canonical realm name to refresh the Kerberos tickets; (bsc#1196224); (bso#14979);- Fix smbclient commands del & deltree failing with NT_STATUS_OBJECT_PATH_NOT_FOUND with DFS; (bso#15100); (bsc#1200556).- Revert NIS support removal; (bsc#1199247);- Use requires_eq macro to require the libldb2 version available at samba-dsdb-modules build time; (bsc#1199362);- Add missing samba-client requirement to samba-winbind package; (bsc#1198255);- Update to 4.15.7 * Share and server swapped in smbget password prompt; (bso#14831); * Durable handles won't reconnect if the leased file is written to; (bso#15022); * rmdir silently fails if directory contains unreadable files and hide unreadable is yes; (bso#15023); * SMB2_CLOSE_FLAGS_FULL_INFORMATION fails to return information on renamed file handle; (bso#15038); * vfs_shadow_copy2 breaks "smbd async dosmode" sync fallback; (bso#14957); * shadow_copy2 fails listing snapshotted dirs with shadow:fixinodes; (bso#15035); * PAM Kerberos authentication incorrectly fails with a clock skew error; (bso#15046); * username map - samba erroneously applies unix group memberships to user account entries; (bso#15041); * NT_STATUS_ACCESS_DENIED translates into EPERM instead of EACCES in SMBC_server_internal; (bso#14983); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Crash of winbind on RODC; (bso#14641); * uncached logon on RODC always fails once; (bso#14865); * KVNO off by 100000; (bso#14951); * LDAP simple binds should honour "old password allowed period"; (bso#15001); * wbinfo -a doesn't work reliable with upn names; (bso#15003); * Simple bind doesn't work against an RODC (with non-preloaded users); (bso#13879); * Uninitialized litemask in variable in vfs_gpfs module; (bso#15027); * Regression: create krb5 conf = yes doesn't work with a single KDC; (bso#15016);- Add provides to samba-client-libs package to fix upgrades from previous versions; (bsc#1197995);- Add missing samba-libs requirement to samba-winbind package; (bsc#1198255);- Update to 4.15.6 * Renaming file on DFS root fails with NT_STATUS_OBJECT_PATH_NOT_FOUND; (bso#14169); * Samba does not response STATUS_INVALID_PARAMETER when opening 2 objects with same lease key; (bso#14737); * NT error code is not set when overwriting a file during rename in libsmbclient; (bso#14938); * Fix ldap simple bind with TLS auditing; (bso#14996); * net ads info shows LDAP Server: 0.0.0.0 depending on contacted server; (bso#14674); * Problem when winbind renews Kerberos; (bso#14979); (bsc#1196224); * pam_winbind will not allow gdm login if password about to expire; (bso#8691); * virusfilter_vfs_openat: Not scanned: Directory or special file; (bso#14971); * DFS fix for AIX broken; (bso#13631); * Solaris and AIX acl modules: wrong function arguments; (bso#14974); * Function aixacl_sys_acl_get_file not declared / coredump; (bso#7239); * Regression: Samba 4.15.2 on macOS segfaults intermittently during strcpy in tdbsam_getsampwnam; (bso#14900); * Fix a use-after-free in SMB1 server; (bso#14989); * smb2_signing_decrypt_pdu() may not decrypt with gnutls_aead_cipher_decrypt() from gnutls before 3.5.2; (bso#14968); * Changing the machine password against an RODC likely destroys the domain join; (bso#14984); * authsam_make_user_info_dc() steals memory from its struct ldb_message *msg argument; (bso#14993); * Use Heimdal 8.0 (pre) rather than an earlier snapshot; (bso#14995); * Samba autorid fails to map AD users if id rangesize fits in the id range only once; (bso#14967);- Fix mismatched version of libldb2; (bsc#1196788). - Drop obsolete SuSEfirewall2 service files.- Drop obsolete Samba fsrvp v0->v1 state upgrade functionality; (bsc#1080338).- Fix ntlm authentications with "winbind use default domain = yes"; (bso#13126); (bsc#1173429); (bsc#1196308).- Fix samba-ad-dc status warning notification message by disabling systemd notifications in bgqd; (bsc#1195896); (bso#14947).- libldb version mismatch in Samba dsdb component; (bsc#1118508);- Update to 4.15.5 * CVE-2021-44141: UNIX extensions in SMB1 disclose whether the outside target of a symlink exists; (bso#14911); (bsc#1193690). * CVE-2021-44142: Out-of-Bound Read/Write on Samba vfs_fruit module; (bso#14914); (bsc#1194859). * CVE-2022-0336: Re-adding an SPN skips subsequent SPN conflict checks; bso#14950); (bsc#1195048).- CVE-2021-44141: Information leak via symlinks of existance of files or directories outside of the exported share; (bso#14911); (bsc#1193690); - CVE-2021-44142: Out-of-bounds heap read/write vulnerability in VFS module vfs_fruit allows code execution; (bso#14914); (bsc#1194859); - CVE-2022-0336: Samba AD users with permission to write to an account can impersonate arbitrary services; (bso#14950); (bsc#1195048);- Update to 4.15.4 * Duplicate SMB file_ids leading to Windows client cache poisoning; (bso#14928); * Failed to parse NTLMv2_RESPONSE length 95 - Buffer Size Error - NT_STATUS_BUFFER_TOO_SMALL; (bso#14932); * kill_tcp_connections does not work; (bso#14934); * Can't connect to Windows shares not requiring authentication using KDE/Gnome; (bso#14935); * smbclient -L doesn't set "client max protocol" to NT1 before calling the "Reconnecting with SMB1 for workgroup listing" path; (bso#14939); * Cross device copy of the crossrename module always fails; (bso#14940); * symlinkat function from VFS cap module always fails with an error; (bso#14941); * Fix possible fsp pointer deference; (bso#14942); * Missing pop_sec_ctx() in error path inside close_directory(); (bso#14944); * "smbd --build-options" no longer works without an smb.conf file; (bso#14945);- Use pkgconfig(krb5) as dependency for the -devel package: allow OBS to pick the right flavor of krb5-devel (full vs mini). - Do not require the 'krb5' symbol by samba-client-libs: this package has an automatic dependency due to linkage on libgssapi_krb5.so.2. Automatic deps are always better. - Do not require the 'krb5' symbol from samba-libs: samba-libs requires samba-client-libs, which in turn requires krb5 libraries. Samba-libs itself has no need for krb5 (but get it indirectly anyway).- Reorganize libs packages. Split samba-libs into samba-client-libs, samba-libs, samba-winbind-libs and samba-ad-dc-libs, merging samba public libraries depending on internal samba libraries into these packages as there were dependency problems everytime one of these public libraries changed its version (bsc#1192684). The devel packages are merged into samba-devel. - Rename package samba-core-devel to samba-devel - Add python-rpm-macros to build requirements - Update the symlink create by samba-dsdb-modules to private samba ldb modules following libldb2 changes from /usr/lib64/ldb/samba to /usr/lib64/ldb2/modules/ldb/samba- Update to 4.15.3 * Recursive directory delete with veto files is broken in 4.15.0; (bso#14878); * A directory containing dangling symlinks cannot be deleted by SMB2 alone when they are the only entry in the directory; (bso#14879); * SIGSEGV in rmdir_internals/synthetic_pathref - dirfsp is used uninitialized in rmdir_internals(); (bso#14892); * MaxQueryDuration not honoured in Samba AD DC LDAP; (bso#14694); * The CVE-2020-25717 username map [script] advice has undesired side effects for the local nt token; (bso#14901); (bsc#1192849); * User with multiple spaces (eg FredNurk) become un-deletable; (bso#14902); * Avoid storing NTTIME_THAW (-2) as value on disk; (bso#14127); * smbXsrv_client_global record validation leads to crash if existing record points at non-existing process; (bso#14882); * Crash in vfs_fruit asking for fsp_get_io_fd() for an XATTR call; (bso#14890); * Samba process doesn't log to logfile; (bso#14897); * set_ea_dos_attribute() fallback calling get_file_handle_for_metadata() triggers locking.tdb assert; (bso#14907); * Kerberos authentication on standalone server in MIT realm broken; (bso#14922); * Segmentation fault when joining the domain; (bso#14923); * Support for ROLE_IPA_DC is incomplete; (bso#14903); * rpcclient cannot connect to ncacn_ip_tcp services anymore; (bso#14767); * winexe crashes since 4.15.0 after popt parsing; (bso#14893); * net ads status -P broken in a clustered environment; (bso#14908); * Memory leak if ioctl(FSCTL_VALIDATE_NEGOTIATE_INFO) fails before smbd_smb2_ioctl_send; (bso#14788); * winbindd doesn't start when "allow trusted domains" is off; (bso#14899); * smbclient login without password using '-N' fails with NT_STATUS_INVALID_PARAMETER on Samba AD DC; (bso#14883); * A schannel client incorrectly detects a downgrade connecting to an AES only server; (bso#14912); * Possible null pointer dereference in winbind; (bso#14921); * Fix -k legacy option for client tools like smbclient, rpcclient, net, etc.; (bso#14846); * Add Debian 11 CI bootstrap support; (bso#14872); * Crash in recycle_unlink_internal(); (bso#14888);- Fix dependency problem upgrading from libndr0 to libndr2 and from libsamba-credentials0 to libsamba-credentials1; (bsc#1192684);- Fix regression introduced by CVE-2020-25717 patches, winbindd does not start when 'allow trusted domains' is off; (bso#14899); - Update to 4.15.2 * CVE-2016-2124: SMB1 client connections can be downgraded to plaintext authentication; (bso#12444); (bsc#1014440); * CVE-2020-25717: A user on the domain can become root on domain members; (bso#14556); (bsc#1192284); * CVE-2020-25718: Samba AD DC did not correctly sandbox Kerberos tickets issued by an RODC; (bso#14558); (bsc#1192246); * CVE-2020-25719: Samba AD DC did not always rely on the SID and PAC in Kerberos tickets; (bso#14561); (bsc#1192247); * CVE-2020-25721: Kerberos acceptors need easy access to stable AD identifiers (eg objectSid); (bso#14557); (bsc#1192505); * CVE-2020-25722: Samba AD DC did not do suffienct access and conformance checking of data stored; (bso#14564); (bsc#1192283); * CVE-2021-3738: Use after free in Samba AD DC RPC server; (bso#14468); (bsc#1192215); * CVE-2021-23192: Subsequent DCE/RPC fragment injection vulnerability; (bso#14875); (bsc#1192214); - Update to 4.15.1 * vfs_shadow_copy2: core dump in make_relative_path; (bso#14682); * Log clutter from filename_convert_internal; (bso#14685); * MacOSX compilation fixes; (bso#14862); * rodc_rwdc test flaps; (bso#14868); * Provide a fix for MS CVE-2020-17049 in Samba [SECURITY] 'Bronze bit' S4U2Proxy Constrained Delegation bypass in Samba with embedded Heimdal; (bso#14642); * Python ldb.msg_diff() memory handling failure; (bso#14836); * "in" operator on ldb.Message is case sensitive; (bso#14845); * Release LDB 2.4.1 for Samba 4.15.1; (bso#14848); * samldb_krbtgtnumber_available() looks for incorrect string; (bso#14854); * Fix Samba support for UF_NO_AUTH_DATA_REQUIRED; (bso#14871); * Allow special chars like "@" in samAccountName when generating the salt; (bso#14874); * Correctly ignore comments in CTDB public addresses file; (bso#14826); * Fix transit path validation; (bso#12998); * Fix that child winbindd logs to log.winbindd instead of log.wb-; (bso#14852); * SMB3 cancel requests should only include the MID together with AsyncID when AES-128-GMAC is used; (bso#14855); * Prepare to operate with MIT krb5 >= 1.20; (bso#14870); * Heimdal prefers RC4 over AES for machine accounts; (bso#14864);- Enable samba-tool without ad dc.- Adjust spec to use pam macros; (bsc#1191046).- Adjust spec for size * allow some Recommends instead Requires to be configured for cifs-utils, samba-libs-python3 & samba-gpupdate; (bsc#1182847). * remove fam, undocumented and unneeded.- Add missing build dependency on bison when building with the embedded Heimdal Kerberos- Update to 4.15.0 * Removed SMB development dialects SMB2_22, SMB2_24 and SMB3_10 * VFS layer modernized. * Add the ability to set allow/deny lists for zone transfer clients in Bind DLZ plugin * Server multi-channel support no longer experimental * Improved command line user experience, unifying the options in different commands * Winbindd no longer scans trusted domains on startup and will use enterprise principals by default. * The net utility is now able to support the offline domain join feature * New options for 'samba-tool dns zoneoptions' for aging control and to mark old records as static or dynamic * DNS tombstones are now deleted as appropriate and use a consistent timestamp format * The 'samba-tool dns update' command validates and rejects now malformed IPv4 and IPv6 addresses * The 'samba-tool domain backup' command correctly takes out locks against concurrent modification during backup when using the LMDB backend * TruACL support has been removed * NIS support has been removed- Fix 'net rpc' authentication when using the machine account; (bsc#1189017); (bso#14796);- Fix dependency problem upgrading from libndr0 to libndr1; (bsc#1189875); - Fix dependency problem upgrading from libsmbldap0 to libsmbldap2; (bsc#1189875); - Fix wrong kvno exported to keytab after net ads changetrustpw due to replication delay; (bsc#1188727); - Add Certificate Auto Enrollment Policy; (jsc#SLE-18456). - Update to 4.13.10 * s3: smbd: Ensure POSIX default ACL is mapped into returned Windows ACL for directory handles; (bso#14708); * Take a copy to make sure we don't reference free'd memory; (bso#14721); * s3: lib: Fix talloc heirarcy error in parent_smb_fname(); (bso#14722); * s3: smbd: Remove erroneous TALLOC_FREE(smb_fname_parent) in change_file_owner_to_parent() error path; (bso#14736); * samba-tool: Give better error information when the 'domain backup restore' fails with a duplicate SID; (bso#14575); * smbd: Correctly initialize close timestamp fields; (bso#14714); * Spotlight RPC service doesn't work with vfs_glusterfs; (bso#14740); * ctdb: Fix a crash in run_proc_signal_handler(); (bso#14475); * gensec_krb5: Restore ipv6 support for kpasswd; (bso#14750); * smbXsrv_{open,session,tcon}: Protect smbXsrv_{open,session,tcon}_global_traverse_fn against invalid records; (bso#14752); * samba-tool domain backup offline doesn't work against bind DLZ backend; (bso#14027); * netcmd: Use next_free_rid() function to calculate a SID for restoring a backup; (bso#14669); - Update to 4.13.9 * s3: smbd: SMB1 SMBsplwr doesn't send a reply packet on success; (bso#14696); * Add documentation for dsdb_group_audit and dsdb_group_json_audit to "log level", synchronise "log level" in smb.conf with the code; (bso#14689); * Fix smbd panic when two clients open same file; (bso#14672); * Fix memory leak in the RPC server; (bso#14675); * s3: smbd: Fix deferred renames; (bso#14679); * s3-iremotewinspool: Set the per-request memory context; (bso#14675); * rpc_server3: Fix a memleak for internal pipes; (bso#14675); * third_party: Update socket_wrapper to version 1.3.2; (bso#11899); * third_party: Update socket_wrapper to version 1.3.3; (bso#14639); * idmap_rfc2307 and idmap_nss return wrong mapping for uid/gid conflict; (bso#14663); * Fix the build on OmniOS; (bso#14288); - Update to 4.13.8 * CVE-2021-20254: Fix buffer overrun in sids_to_unixids(); (bso#14571 - Update to 4.13.7 * Release with dependency on ldb version 2.2.1.- CVE-2021-20254 Buffer overrun in sids_to_unixids(); (bnc#14571); (bsc#1184677).- Fix offline domain backup not possible using lmdb version >= 0.9.26; (bso#14676); - Require libldb >= 2.2.1; (bsc#1183572); (bsc#1183574); - Update to 4.13.6 * CVE-2020-27840: samba: Unauthenticated remote heap corruption via bad DNs; (bso#14595); (bsc#1183572). * CVE-2021-20277: samba: out of bounds read in ldb_handler_fold; (bso#14655); (bsc#1183574). - Update to 4.13.5 * s3:modules:vfs_virusfilter: Recent talloc changes cause infinite start-up failure; (bso#14634); * s3: libsmb: Add missing cli_tdis() in error path if encryption setup failed on temp proxy connection; (bso#13992); * smbd: In conn_force_tdis_done() when forcing a connection closed force a full reload of services; (bso#14604); * dbcheck: Check Deleted Objects and reduce noise in reports about expired tombstones (bso#14593); * s3: Fix fcntl waf configure check; (bso#14503); * s3/auth: Implement "winbind:ignore domains"; (bso#14602); * smbd: Use fsp->conn->session_info for the initial delete-on-close token; (bso#14617); * s3: VFS: nfs4_acls. Add missing TALLOC_FREE(frame) in error path; (bso#14648); * classicupgrade: Treat old never expires value right; (bso#14624); * g_lock: Fix uninitalized variable reads; (bso#14636); * s3:pysmbd: Fix fd leak in py_smbd_create_file(); (bso#13898); * lib:util: Avoid free'ing our own pointer; (bso#14625); * HEIMDAL: krb5_storage_free(NULL) should work; (bso#12505);- Spec file fixes around systemd and requires; (bsc#1182830); - Align systemd service unit files with upstream provided ones.- Update to 4.13.4 * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * lib: Avoid declaring zero-length VLAs in various messaging functions; (bso#14605); * Do not create an empty DB when accessing a sam.ldb; (bso#14579); * vfs_fruit may close wrong backend fd; (bso#14596); * Temporary DFS share setup doesn't set case parameters in the same way as a regular share definition does; (bso#14612); * vfs_virusfilter: Allocate separate memory for config char*; (bso#14606); * vfs_fruit may close wrong backend fd; (bso#14596); * Work around special SMB2 IOCTL response behavior of NetApp Ontap 7.3.7; (bso#14607); * The cache directory for the user gencache should be created recursively; (bso#14601); * Be more flexible with repository names in CentOS 8 test environments; (bso#14594);- Uninstalling samba-client: Failed to disable unit, cifs.service does not exists; (bsc#1180388);- Update to 4.13.3 + libcli: smb2: Never print length if smb2_signing_key_valid() fails for crypto blob; (bso#14210); + s3: modules: gluster. Fix the error I made in preventing talloc leaks from a function; (bso#14486); + s3: smbd: Don't overwrite contents of fsp->aio_requests[0] with NULL via TALLOC_FREE(); (bso#14515); + s3: spoolss: Make parameters in call to user_ok_token() match all other uses; (bso#14568); + s3: smbd: Quiet log messages from usershares for an unknown share; (bso#14590); + samba process does not honor max log size; (bso#14248); + vfs_zfsacl: Add missing inherited flag on hidden "magic" everyone@ ACE; (bso#14587); + s3-libads: Pass timeout to open_socket_out in ms; (bso#13124); + s3-vfs_glusterfs: Always disable write-behind translator; (bso#14486); + smbclient: Fix recursive mget; (bso#14517); + clitar: Use do_list()'s recursion in clitar.c; (bso#14581); + manpages/vfs_glusterfs: Mention silent skipping of write-behind translator; (bso#14486); + vfs_shadow_copy2: Preserve all open flags assuming ROFS; (bso#14573); + interface: Fix if_index is not parsed correctly; (bso#14514);- Update to 4.13.2 + s3: modules: vfs_glusterfs: Fix leak of char **lines onto mem_ctx on return; (bso#14486); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471); + smb.conf.5: Add clarification how configuration changes reflected by Samba; (bso#14538); + daemons: Report status to systemd even when running in foreground; (bso#14552); + DNS Resolver: Support both dnspython before and after 2.0.0; (bso#14553); + s3-vfs_glusterfs: Refuse connection when write-behind xlator is present; (bso#14486); + provision: Add support for BIND 9.16.x; (bso#14487); + ctdb-common: Avoid aliasing errors during code optimization; (bso#14537); + libndr: Avoid assigning duplicate versions to symbols; (bso#14541); + docs: Fix default value of spoolss:architecture; (bso#14522); + winbind: Fix a memleak; (bso#14388); + s4:dsdb:acl_read: Implement "List Object" mode feature; (bso#14531); + docs-xml/manpages: Add warning about write-behind translator for vfs_glusterfs; (bso#14486); + nsswitch/nsstest.c: Avoid nss function conflicts with glibc nss.h. + vfs_shadow_copy2: Avoid closing snapsdir twice; (bso#14530); + third_party: Update resolv_wrapper to version 1.1.7; (bso#14547); + examples:auth: Do not install example plugin; (bso#14550); + ctdb-recoverd: Drop unnecessary and broken code; (bso#14513); + RN: vfs_zfsacl: Only grant DELETE_CHILD if ACL tag is special; (bso#14471);- Adjust smbcacls '--propagate-inheritance' feature to align with upstream; (bsc#1178469).- Update to samba 4.13.1 + CVE-2020-14383: An authenticated user can crash the DCE/RPC DNS with easily crafted records; (bsc#1177613); (bso#14472); + CVE-2020-14323: Unprivileged user can crash winbind; (bsc#1173994); (bso#14436); + CVE-2020-14318: Missing handle permissions check in SMB1/2/3 ChangeNotify; (bsc#1173902); (bso#14434); - Adjust systemd tmpfiles.d configuration, use /run/samba instead of /var/run/samba; (bsc#1177355);- Fix vfs_ceph query_directory regression; (bso#14519) - Drop liburing-devel for SLE15-SP2; (bsc#1177245)- Register CTDB recovery lock holder with ceph-mgr - Add liburing-devel dependency- Update to samba 4.13.0 + Require Python 3.6 + Move wide links functionality into VFS module + Deprecate NT4-like 'classic' Samba domain controllers + Deprecate SMBv1 only protocol options + Remove deprecated "ldap ssl ads" option + Unify asynchronous DCE-RPC server; (jsc#SES-645) + Replay multichannel lease break requests; (bso#11897); (jsc#SES-655) + Drop internal byteorder.h header from util-devel package + Remove final code for the AD DC LDAP backend + Add AD DC Group Policy Scripts + Only use gnutls_aead_cipher_encryptv2() for GnuTLS > 3.6.14; (bso#14399) + Fix %U substitutions if it contains a domain name; (bso#14467) + Fix krb5.conf creation for 'net ads join'; (bso#14479) + Fix build problem if libbsd-dev is not installed; (bso#14482) + Toggle vfs_snapper using "--with-shared-modules"; (bso#14437) + Fix idmap_ad RFC4511 response handling; (bso#14465) + Fix panic in get_lease_type(); (bso#14428)- Update to samba 4.11.13 + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Protect netr_ServerPasswordSet2 against unencrypted passwords; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s3:rpc_server/netlogon: Support "server require schannel:WORKSTATION$ = no" about unsecure configurations; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): s4 torture rpc: repeated bytes in client challenge; (bsc#1176579); (bso#14497); + CVE-2020-1472(ZeroLogon): libcli/auth: Reject weak client challenges in netlogon_creds_server_init() "server require schannel:WORKSTATION$ = no"; (bsc#1176579); (bso#14497); - Update to samba 4.11.12 + s3: libsmb: Fix SMB2 client rename bug to a Windows server; (bso#14403); + dsdb: Allow "password hash userPassword schemes = CryptSHA256" to work on RHEL7; (bso#14424); + dbcheck: Allow a dangling forward link outside our known NCs; (bso#14450); + lib/debug: Set the correct default backend loglevel to MAX_DEBUG_LEVEL; (bso#14426); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + lib/util: do not install "test_util_paths"; (bso#14370); + lib:util: Fix smbclient -l basename dir; (bso#14345); + s3:smbd: PANIC: assert failed in get_lease_type(); (bso#14428); + util: Allow symlinks in directory_create_or_exist; (bso#14166); + docs: Fix documentation for require_membership_of of pam_winbind; (bso#14358); + s3:winbind:idmap_ad: Make failure to get attrnames for schema mode fatal; (bso#14425);- Add obsoletes to libsmbldap2 package to fix upgrades from previous versions; (bsc#1172810);- Fix net command unable to negotiate SMB2; (bsc#1174120);- Update to samba 4.11.11 + CVE-2020-10730: NULL de-reference in AD DC LDAP server when ASQ and VLV combined; (bso#14364); (bsc#1173159] + CVE-2020-10745: invalid DNS or NBT queries containing dots use several seconds of CPU each; (bso#14378); (bsc#1173160). + CVE-2020-10760: Use-after-free in AD DC Global Catalog LDAP server with paged_result or VLV; (bso#14402); (bsc#1173161) + CVE-2020-14303: Endless loop from empty UDP packet sent to AD DC nbt_server; (bso#14417); (bsc#1173359). - Update to samba 4.11.10 + Fix segfault when using SMBC_opendir_ctx() routine for share folder that contains incorrect symbols in any file name; (bso#14374). + vfs_shadow_copy2 doesn't fail case looking in snapdirseverywhere mode; (bso#14350) + ldb_ldap: Fix off-by-one increment in lldb_add_msg_attr; (bso#14413). + Malicous SMB1 server can crash libsmbclient; (bso#14366) + winbindd: Fix a use-after-free when winbind clients exit; (bso#14382) + ldb: Bump version to 2.0.11, LMDB databases can grow without bounds. (bso#14330) - Update to samba 4.11.9 + nmblib: Avoid undefined behaviour in handle_name_ptrs(); (bso#14242). + 'samba-tool group' commands do not handle group names with special chars correctly; (bso#14296). + smbd: avoid calling vfs_file_id_from_sbuf() if statinfo is not valid; (bso#14237). + Missing check for DMAPI offline status in async DOS attributes; (bso#14293). + smbd: Ignore set NTACL requests which contain S-1-5-88 NFS ACEs; (bso#14307). + vfs_recycle: Prevent flooding the log if we're called on non-existant paths; (bso#14316) + smbd mistakenly updates a file's write-time on close; (bso#14320). + RPC handles cannot be differentiated in source3 RPC server; (bso#14359). + librpc: Fix IDL for svcctl_ChangeServiceConfigW; (bso#14313). + nsswitch: Fix use-after-free causing segfault in _pam_delete_cred; (bso#14327). + Fix fruit:time machine max size on arm; (bso#13622) + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294). + ctdb: Fix a memleak; (bso#14348). + libsmb: Don't try to find posix stat info in SMBC_getatr(). + ctdb-tcp: Move free of inbound queue to TCP restart; (bso#14295); (bsc#1162680). + s3/librpc/crypto: Fix double free with unresolved credential cache; (bso#14344); (bsc#1169095) + s3:libads: Fix ads_get_upn(); (bso#14336). + CTDB recovery corner cases can cause record resurrection and node banning; (bso#14294) + Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680). + ctdb-recoverd: Avoid dereferencing NULL rec->nodemap; (bso#14324) - Update to samba 4.11.8 + CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850); + CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - Update to samba 4.11.7 + s3: lib: nmblib. Clean up and harden nmb packet processing; (bso#14239). + s3: VFS: full_audit. Use system session_info if called from a temporary share definition; (bso#14283) + dsdb: Correctly handle memory in objectclass_attrs; (bso#14258). + ldb: version 2.0.9, Samba 4.11 and later give incorrect results for SCOPE_ONE searches; (bso#14270) + auth: Fix CIDs 1458418 and 1458420 Null pointer dereferences; (bso#14247). + smbd: Handle EINTR from open(2) properly; (bso#14285) + winbind member (source3) fails local SAM auth with empty domain name; (bso#14247) + winbindd: Handling missing idmap in getgrgid(); (bso#14265). + lib:util: Log mkdir error on correct debug levels; (bso#14253). + wafsamba: Do not use 'rU' as the 'U' is deprecated in Python 3.9; (bso#14266). + ctdb-tcp: Make error handling for outbound connection consistent; (bso#14274). - Update to samba 4.11.6 + pygpo: Use correct method flags; (bso#14209). + vfs_ceph_snapshots: Fix root relative path handling; (bso#14216); (bsc#1141320). + Avoiding bad call flags with python 3.8, using METH_NOARGS instead of zero; (bso#14209). + source4/utils/oLschema2ldif: Include stdint.h before cmocka.h; (bso#14218). + docs-xml/winbindnssinfo: Clarify interaction with idmap_ad etc; (bso#14122). + smbd: Fix the build with clang; (bso#14251). + upgradedns: Ensure lmdb lock files linked; (bso#14199). + s3: VFS: glusterfs: Reset nlinks for symlink entries during readdir; (bso#14182). + smbc_stat() doesn't return the correct st_mode and also the uid/gid is not filled (SMBv1) file; (bso#14101). + librpc: Fix string length checking in ndr_pull_charset_to_null(); (bso#14219). + ctdb-scripts: Strip square brackets when gathering connection info; (bso#14227).- Add libnetapi-devel to baselibs conf, for wine usage; (bsc#1172307);- Installing: samba - samba-ad-dc.service does not exist and unit not found; (bsc#1171437);- Fix samba_winbind package is installing python3-base without python3 package; (bsc#1169521);- Require libldb2 >= 2.0.10 after security release.- CVE-2020-10704: LDAP Denial of Service (stack overflow) in Samba AD DC; (bso#14334); (bsc#1169851); - CVE-2020-10700: Use-after-free in Samba AD DC LDAP Server with ASQ; (bso#14331); (bsc#1169850);- Fix smbclient crash with double free (with unresolved krb5 credential cache); (bso#14344); (bsc#1169095).- Starting ctdb node that was powered off hard before results in recovery loop; (bso#14295); (bsc#1162680).- CTDB doesn't retry outgoing connections on bind (and some other) failures; (bso#14274); (bsc#1162680).- Revert: Allow idmap_rid to have primary group other than "Domain Users"; (bsc#1087931).- Fix nmbstatus not reporting detailed information about workgroups; (bsc#1159464); - Fix querying all names registered within broadcast area; (bso#8927);- Update to samab 4.11.5 + CVE-2019-14902: Replication of ACLs down subtree on AD Directory is not automatic; (bso#12497); (bsc#1160850). + CVE-2019-19344: Fix server crash with dns zone scavenging = yes; (bso#14050); (bsc#1160852). + CVE-2019-14907: server-side crash after charset conversion failure (eg during NTLMSSP processing); (bso#14208); (bsc#1160888). - Update to samba 4.11.4 + Ensure SMB1 cli_qpathinfo2() doesn't return an inode number; (bso#14161). + Ensure we don't call cli_RNetShareEnum() on an SMB1 connection; (bso#14174). + NT_STATUS_ACCESS_DENIED becomes EINVAL when using SMB2 in SMBC_opendir_ctx; (bso#14176). + SMB2 - Ensure we use the correct session_id if encrypting an interim response; (bso#14189). + Prevent smbd crash after invalid SMB1 negprot; (bso#14205). + printing: Fix %J substition; (bso#13745). + Remove now unneeded call to cmdline_messaging_context(); (bso#13925). + Fix incomplete conversion of former parametric options; (bso#14069). + Fix sync dosmode fallback in async dosmode codepath; (bso#14070). + vfs_fruit returns capped resource fork length; (bso#14171). + libnet_join: Add SPNs for additional-dns-hostnames entries; (bso#14116). + smbd: Increase a debug level; (bso#14211). + Prevent azure ad connect from reporting discovery errors reference-value-not-ldap-conformant; (bso#14153). + krb5_plugin: Fix developer build with newer heimdal system library; (bso#14179). + replace: Only link libnsl and libsocket if required; (bso#14168); + ctdb: Incoming queue can be orphaned causing communication; breakdown; (bso#14175). + ldb: Release ldb 2.0.8. Cross-compile will not take cross-answers or cross-execute; (bso#13846). + heimdal-build: Avoid hard-coded /usr/include/heimdal in asn1_compile-generated code; (bso#13856).- Fix Ceph snapshot root relative path handling; (bso#14216); (bsc#1141320).- Update to samba 4.11.3 + CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). + CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- CVE-2019-14861: DNSServer RPC server crash, an authenticated user can crash the DCE/RPC DNS management server by creating records with matching the zone name; (bso#14138); (bsc#1158108). - CVE-2019-14870: DelegationNotAllowed not being enforced, the DelegationNotAllowed Kerberos feature restriction was not being applied when processing protocol transition requests (S4U2Self), in the AD DC KDC; (bso#14187); (bsc#1158109).- Update to samba 4.11.2 + CVE-2019-10218: Client code can return filenames containing path separators; (bsc#1144902); (bso#14071). + CVE-2019-14833: Samba AD DC check password script does not receive the full password; (bso#12438). + CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040). - Fixes from 4.11.1 + Overlinking libreplace against librt and pthread against every binary or library causes issues; (bso#14140); + kpasswd fails when built with MIT Kerberos; (bso#14155); + Fix spnego fallback from kerberos to ntlmssp in smbd server; (bso#14106); + Stale file handle error when using mkstemp on a share; (bso#14137); + non-AES schannel broken; (bso#14134); + Joining Active Directory should not use SAMR to set the password; (bso#13884); + smbclient can blunder into the SMB1 specific cli_RNetShareEnum() call on an SMB2 connection; (bso#14152); + Deleted records can be resurrected during recovery; (bso#14147); + getpwnam and getpwuid need to return data for ID_TYPE_BOTH group; (bso#14141); + winbind does not list forest trusts with additional trust attributes; (bso#14130); + fault report points to outdated documentation; (bso#14139); + pam_winbind with krb5_auth or wbinfo -K doesn't work for users of trusted domains/forests; (bso#14124); + classicupgrade results in uncaught exception - a bytes-like object is required, not 'str'; (bso#14136); + pod2man is not longer required, stop checking at build time; (bso#14131); + Exit code of ctdb nodestatus should not be influenced by deleted nodes; (bso#14129); + username/password authentication doesn't work with CUPS and smbspool; (bso#14128); + smbc_readdirplus() is incompatible with smbc_telldir() and smbc_lseekdir(); (bso#14094);- CVE-2019-14847: User with "get changes" permission can crash AD DC LDAP server via dirsync; (bso#14040); (bsc#1154598); - CVE-2019-10218: Client code can return filenames containing path separators; (bso#14071); (bsc#1144902);- CVE-2019-14833: samba: Accent with "check script password" Samba AD DC check password script does not receive the full password; (bso#12438); (bsc#1154289).- Update to samba 4.11.0 + For details on all items see WHATSNEW.txt in samba-doc package + Python2 runtime support removed; python 3.4 or later required + Security improvements: - SMB1 disabled by default - lanman and plaintext authentication deprecated - winbind: PAM_AUTH and NTLM_AUTH events logged - GnuTLS 3.2 required; system FIPS mode setting honored + CephFS Snapshot integration, exposed as previous file versions + ctdb changes: - onnode -o option removed - ctdbd logs when using more than 90% of a CPU thread - CTDB_MONITOR_SWAP_USAGE variable removed + AD Domain controller improvements: - Upgrade AD databse format - BIND9_FLATFILE deprecated - default process model chagned to prefork - bind9 dns operation duration logging - Default schema updated to 2012_R2; function level is unchanged - many performance improvements + Configuration webserver support removed- Fix broken username/password authentication with CUPS and smbspool; (bsc#1152143); (bso#14128).- Fix auth problems when printing via smbspool backend with kerberos; (bnc#1148539); (bso#13832).- Update to samba 4.10.8 + CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267);- Fix build on newer systems by modifying samba.spec to use consistent non-relative paths for pammodules in configure line and specification of pam_winbind.so library to package.- Update to samba 4.10.7 + Unable to create or rename file/directory inside shares configured with vfs_glusterfs_fuse module; (bso#14010). + build: Allow build when '--disable-gnutls' is set; (bso#13844) + samba-tool: Add 'import samba.drs_utils' to fsmo.py; (bso#13973). + Fix 'Error 32 determining PSOs in system' message on old DB with FL upgrade; (bso#14008). + s4/libnet: Fix joining a Windows pre-2008R2 DC; (bso#14021) + join: Use a specific attribute order for the DsAddEntry nTDSDSA object; (bso#14046). + vfs_catia: Pass stat info to synthetic_smb_fname(); (bso#14015). + lookup_name: Allow own domain lookup when flags == 0; (bso#14091). + s4 librpc rpc pyrpc: Ensure tevent_context deleted last; (bso#13932). + DEBUGC and DEBUGADDC doesn't print into a class specific log file; (bso#13915). + Request to keep deprecated option "server schannel", VMWare Quickprep requires "auto"; (bso#13949). + dbcheck: Fallback to the default tombstoneLifetime of 180 days; (bso#13967). + dnsProperty fails to decode values from older Windows versions; (bso#13969). + samba-tool: Use only one LDAP modify for dns partition fsmo role transfer; (bso#13973). + third_party: Update waf to version 2.0.17; (bso#13960). + netcmd: Allow 'drs replicate --local' to create partitions; (bso#14051). + ctdb-config: Depend on /etc/ctdb/nodes file; (bso#14017).- CVE-2019-10197: user escape from share path definition; (bso#14035); (bsc#1141267).- Prepare for use future use of kernel keyrings, modify /etc/pam.d/samba to include pam_keyinit.so; (bsc#1144059).- Update samba-winbind script to work with systemd; (bsc#1132739); - Drop samba dhcpcd hook scripts - Update to samba 4.10.6 + s3: winbind: Fix crash when invoking winbind idmap scripts; (bso#13956). + smbd does not correctly parse arguments passed to dfree and quota scripts; (bso#13964). + samba-tool dns: use bytes for inet_ntop; (bso#13965). + samba-tool domain provision: Fix --interactive module in python3; (bso#13828). + ldb_kv: Skip @ records early in a search full scan; (bso#13893). + docs: Improve documentation of "lanman auth" and "ntlm auth" connection; (bso#13981). + python/ntacls: Use correct "state directory" smb.conf option instead of "state dir"; (bso#14002). + registry: Add a missing include; (bso#13840). + Fix SMB guest authentication; (bso#13944). + AppleDouble conversion breaks Resourceforks; (bso#13958). + vfs_fruit makes direct use of syscalls like mmap() and pread(); (bso#13968). + s3:mdssvc: Fix flex compilation error; (bso#13987). + s3/vfs_glusterfs[_fuse]: Avoid using NAME_MAX directly; (bso#13872). + dsdb:samdb: schemainfo update with relax control; (bso#13799). + s3:util: Move static file_pload() function to lib/util; (bso#13964). + smbd: Fix a panic; (bso#13957). + ldap server: Generate correct referral schemes; (bso#12478). + s4 dsdb/repl_meta_data: fix use after free in dsdb_audit_add_ldb_value; (bso#13941). + s4 dsdb: Fix use after free in samldb_rename_search_base_callback; (bso#13942). + dsdb/repl: we need to replicate the whole schema before we can apply it; (bso#12204). + ldb: Release ldb 1.5.5; (bso#12478). + Schema replication fails if link crosses chunk boundary backwards; (bso#13713). + 'samba-tool domain schemaupgrade' uses relax control and skips the schemaInfo update provision; (bso#13799). + dsdb_audit: avoid printing "... remote host [Unknown] SID [(NULL SID)] ..."; (bso#13916). + python/ntacls: We only need security.SEC_STD_READ_CONTROL in order to get the ACL; (bso#13917). + s3:loadparm: Ensure to truncate FS Volume Label at multibyte boundary; (bso#13947). + Using Kerberos credentials to print using spoolss doesn't work; (bso#13939). + wafsamba: Use native waf timer; (bso#13998). + ctdb-scripts: Fix tcp_tw_recycle existence check; (bso#13984).- Update to samba-4.10.5 (including updates for 4.10.4, 4.10.3) + CVE-2019-12435 rpc/dns: Avoid NULL deference if zone not found in DnssrvOperation2; (bso#13922); (bsc#1137815). + CVE-2019-12436 dsdb/paged_results: Ignore successful results without messages; (bso#13951); (bsc#1137816). - Update to samba-4.10.4 + s3: SMB1: Don't allow recvfile on stream fsp's; (bso#13938). + py/provision: Fix for Python 2.6; (bso#13882). + netcmd: Fix 'passwordsettings --max-pwd-age' command; (bso#13873). + s3-libnet_join: 'net ads join' to child domain fails when using "-U admin@forestroot"; (bso#13861). + vfs_ceph: Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245). + vfs_ceph: Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). + ctdb-common: Avoid race between fd and signal events; (bso#13895). + ctdb-common: Fix memory leak in run_proc; (bso#13943). + lib: Initialize getline() arguments; (bso#13892). + winbind: Fix overlapping id ranges; (bco#13903). + lib util debug: Increase format buffer to 4KiB; (bso#13902). + nsswitch pam_winbind: Fix Asan use after free; (bso#13927). + s4 lib socket: Ensure address string owned by parent struct; (bso#13929). + s3 rpc_client: Fix Asan stack use after scope; (bso#13936). + s3:smbd: Handle IO_REPARSE_TAG_DFS in SMB_FIND_FILE_FULL_DIRECTORY_INFO; (bso#10097). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#10344). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#12845). + smb2_tcon: Avoid STATUS_PENDING completely on tdis; (bso#13698). + smb2_sesssetup: avoid STATUS_PENDING responses for session setup; (bso#13796). + dbcheck: Fix the err_empty_attribute() check; (bso#13843). + vfs_snapper: Drop unneeded fstat handler; (bso#13858). + vfs_default: Fix vfswrap_offload_write_send() NT_STATUS_INVALID_VIEW_SIZE check; (bso#13862). + smb2_server: Grant all 8192 credits to clients; (bso#13863). + smbd: Implement SMB_FILE_NORMALIZED_NAME_INFORMATION handling; (bso#13919). + s3/vfs_glusterfs: Dynamically determine NAME_MAX; (bso#13872). + s3: modules: ceph: Use current working directory instead of share path; (bso#13918); (bsc#1134452). + winbind: Use domain name from lsa query for sid_to_name cache entry; (bso#13831). + memcache: Increase size of default memcache to 512k; (bso#13865). + docs: Update smbclient manpage for "--max-protocol"; (bso#13857). + s3:utils: If share is NULL in smbcacls, don't print it; (bso#13937). + s3:smbspool: Fix regression printing with Kerberos credentials; (bso#13939). + ctdb-scripts: CTDB restarts failed NFS RPC services by hand, which is incompatible with systemd; (bso#13860). + ctdb-daemon: Revert "We can not assume that just because we could complete a TCP handshake"; (bso#13888). + ctdb-daemon: Never use 0 as a client ID; (bso#13930). + ctdb-common: Fix memory leak; (bso#13943). + s3:debug: Enable logging for early startup failures; (bso#13904) - Update to samba-4.10.3 + CVE-2018-16860: Heimdal KDC: Reject PA-S4U2Self with unkeyed checksum; (bso#13685); (bsc#1134024).- CVE-2019-12435: zone operations can crash rpc server; (bso#13922); (bsc#1137815).- Fix cephwrap_flistxattr() debug message; (bso#13940); (bsc#1134697). - Add ceph_snapshots VFS module; (jsc#SES-183).- Fix vfs_ceph realpath; (bso#13918); (bsc#1134452).- Update to samba-4.10.2: + CVE-2019-3870 (World writable files in Samba AD DC private/ dir); (bso#13834). + CVE-2019-3880 (Save registry file outside share as unprivileged user); (bso#13851). + py/kcc_utils: py2.6 compatibility; (bso#13837). + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869). + regfio: Improve handling of malformed registry hive files; (bso#13840). + ctdb-version: Simplify version string usage; (bso#13789). + lib: Make fd_load work for non-regular files; (bso#13859). + dbcheck: in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816). + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818). + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854). + acl_read: Fix regression for empty lists; (bso#13836). + s4:dlz make b9_has_soa check dc=@ node; (bso#13841). + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832). + s4:librpc: Fix installation of Samba; (bso#13847). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793). + s3:lib: Fix the debug message for adding cache entries; (bso#13848). + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853). * ctdb-build: Drop creation of .distversion in tarball; (bso#13789). * ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838). - Update to samba-4.10.1: + py/kcc_utils: py2.6 compatibility; (bso#13837); + libcli: permit larger values of DataLength in SMB2_ENCRYPTION_CAPABILITIES of negotiate response; (bso#13869); + regfio: Improve handling of malformed registry hive files; (bso#13840); + ctdb-version: Simplify version string usage; (bso#13789); + lib: Make fd_load work for non-regular files; (bso#13859); + dbcheck in the middle of the tombstone garbage collection causes replication failures, dbcheck: add --selftest-check-expired-tombstones cmdline option; (bso#13816); + ndr_spoolss_buf: Fix out of scope use of stack variable in NDR_SPOOLSS_PUSH_ENUM_OUT(); (bso#13818); + s4/messaging: Fix undefined reference in linking libMESSAGING-samba4.so; (bso#13854); + acl_read: Fix regression for empty lists; (bso#13836); + s4:dlz make b9_has_soa check dc=@ node; (bso#13841); + s3:client: Fix printing via smbspool backend with kerberos auth; (bso#13832); + s4:librpc: Fix installation of Samba; (bso#13847); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:utils: Add 'smbstatus -L --resolve-uids' to show username; (bso#13793); + s3:lib: Fix the debug message for adding cache entries; (bso#13848); + s3:waf: Fix the detection of makdev() macro on Linux; (bso#13853); + ctdb-build: Drop creation of .distversion in tarball; (bso#13789); + ctdb-packaging: Test package requires tcpdump, ctdb package should not own system library directory; (bso#13838); - Update to samba-4.10.0: + s4-server: Open and close a transaction on sam.ldb at startup; (bso#13760); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s4/scripting/bin: Open unicode files with utf8 encoding and write + unicode string. + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + Fix idmap cache pollution with S-1-22- IDs on winbind hickup; (bso#13813); + passdb: Update ABI to 0.27.2. + lib/winbind_util: Add winbind_xid_to_sid for --without-winbind; (bso#13813); + lib:util: Move debug message for mkdir failing to log level 1; (bso#13823);- MacOS credit accounting breaks with async SESSION SETUP; (bsc#1125601); (bso#13796). - Mac OS X SMB2 implmenetation sees Input/output error or Resource temporarily unavailable and drops connection; (bso#13698)- Explicitly enable libcephfs POSIX ACL support; (bso#13896); (bsc#1130245).- CVE-2019-3880: Save registry file outside share as unprivileged user; (bso#13851); (bsc#1131060 ).- CVE-2019-3870 pysmbd: missing restoration of original umask after umask(0); (bso#13834); (bsc#1130703);- Update to samba-4.9.5 + audit_logging: Remove debug log header and JSON Authentication: prefix; (bso#13714); + Fix upgrade from 4.7 (or earlier) to 4.9; (bso#13760); + s3: lib: nmbname: Ensure we limit the NetBIOS name correctly; (bso# CID: 1433607; (bso#11495); + smbd: uid: Don't crash if 'force group' is added to an existing share connection; (bso#13690); + s3: VFS: vfs_fruit. Fix the NetAtalk deny mode compatibility code; (bso#13770); + s3: SMB1 POSIX mkdir does case insensitive name lookup; (bso#13803); + s3:utils/smbget fix recursive download with empty source directories; (bso#13199); + samba-tool drs showrepl: Do not crash if no dnsHostName found; (bso#13716); + s3:libsmb: cli_smb2_list() can sometimes fail initially on a connection; (bso#13736); + join: Throw CommandError instead of Exception for simple errors; (bso#13747); + ldb: Avoid inefficient one-level searches; (bso#13762); + s3: libsmb: use smb2cli_conn_max_trans_size() in cli_smb2_list(); (bso#13736); + tldap: Avoid use after free errors; (bso#13776); + Fix idmap xid2sid cache churn; (bso#13802); + access_check_max_allowed() doesn't process "Owner Rights" ACEs; (bso#13812); + s3-smbd: Avoid assuming fsp is always intact after close_file call; (bso#13720); + s3-vfs-fruit: Add close call; (bso#13725); + s3-smbd: Use fruit:model string for mDNS registration; (bso#13746); + s3-vfs: add glusterfs_fuse vfs module; (bso#13774); + printing: Check lp_load_printers() prior to pcap cache update; (bso#13766); + vfs_ceph: vfs_ceph strict_allocate_ftruncate calls (local FS) ftruncate and fallocate; (bso#13807); + lib/audit_logging: Actually create talloc; (bso#13737); + netcmd/user: python[3]-gpgme unsupported and replaced by python[3]-gpg; (bso#13728); + dns: Changing onelevel search for wildcard to subtree; (bso#13738); + samba-tool: Don't print backtrace on simple DNS errors; (bso#13721); + sambaundoguididx: Use the right escaped oder unescaped sam ldb files; (bso#13759); + ctdb: Print locks latency in machinereadable stats; (bso#13742); + messages_dgm: Messaging gets stuck when pids are recycled; (bso#13786); + audit_logging: auth_json_audit required auth_json; (bso#13715); + man pages: Document prefork process model; (bso#13765); + CVE-2019-3824 ldb: Release ldb 1.4.6; (bso#13773); + s3:auth: ignore create_builtin_guests() failing without a valid idmap configuration; (bso#13697); + s3:auth_winbind: Ignore a missing winbindd as NT4 PDC/BDC without trusts; (bso#13722); + s3:auth_winbind: return NT_STATUS_NO_LOGON_SERVERS if winbindd is not available; (bso#13723); + s4:server: Add support for 'smbcontrol samba shutdown' and 'smbcontrol debug/debuglevel'; (bso#13752); + Python: Ensure ldb.Dn can doesn't rencoded str with py2; (bso#13616); + vfs_glusterfs: Adapt to changes in libgfapi signatures; (bso#13330); + s3-vfs: Use ENOATTR in errno comparison for getxattr; (bso#13774); + notifyd: Fix SIGBUS on sparc; (bso#13704); + waf: Check for libnscd; (bso#13787); + s3:vfs: Correctly check if OFD locks should be enabled or not; (bso#13770); + lib/util: Count a trailing line that doesn't end in a newline; (bso#13717); + Recovery lock bug fixes; (bso#13800); + s3: net: Do not set NET_FLAGS_ANONYMOUS with -k; (bso#13726); + s3:libsmb: Honor disable_netbios option in smbsock_connect_send; (bso#13727); + vfs_fileid: Fix get_connectpath_ino; (bso#13741); + vfs_fileid: Fix fsname_norootdir algorithm; (bso#13744);- Fix vfs_ceph ftruncate and fallocate handling; (bso#13807); (bsc#1127153).- Fix update-apparmor-samba-profile script after apparmor switched to using named profiles. The change is backwards compatible; (bsc#1126377);- LoadParm().load_default() fails with "Unable to load default file"; (bsc#1089758);- Abide by load_printers smb.conf parameter; (bso#13766); (bsc#1124223);- Update to samba-4.9.4 + libcli/smb: Don't overwrite status code; (bso#9175). + wbinfo --group-info 'NT AUTHORITY\System' does not work; (bso#12164). + Session setup reauth fails to sign response; (bso#13661). + vfs_fruit: Validation of writes on AFP_AfpInfo stream; (bso#13677). + vfs_shadow_copy2: Nicely deal with attempts to open previous version for writing; (bso#13688). + Restoring previous version of stream with vfs_shadow_copy2 fails with NT_STATUS_OBJECT_NAME_INVALID fsp->base_fsp->fsp_name; (bso#13455). + CVE-2018-16853: Fix S4U2Self crash with MIT KDC build; (bso#13571). + s3-vfs: Prevent NULL pointer dereference in vfs_glusterfs; (bso#13708) + PEP8: fix E231: missing whitespace after ','. + winbindd: Fix crash when taking profiles;(bso#13629) + CVE-2018-14629 dns: Fix CNAME loop prevention using counter regression; (bso#13600) + 'samba-tool user syscpasswords' fails on a domain with many DCs; (bso#13686). + CVE-2018-16853: Do not segfault if client is not set; (bso#13571). + lib:util: Fix DEBUGCLASS pointer initializiation; (bso#13679) + ctdb-daemon: Exit with error if a database directory does not exist; (bso#13696). + s3:libads: Add net ads leave keep-account option; (bso#13498).- Drop more %if..%endif guards which are idempotent. - Drop requires on ldconfig which are already auto-discovered. - Do not ignore errors from useradd/groupadd.- Remove python2 build dependency from samba-libs; (bsc#1116900);- Update update-apparmor-samba-profile script to ignore the shares's paths containing substitution variables in any place, not only at the beginning of the path.- Update to samba-4.9.3 + CVE-2018-14629: Unprivileged adding of CNAME record causing loop in AD Internal DNS server; (bso#13600); (bsc#1116319); + CVE-2018-16841: Double-free in Samba AD DC KDC with PKINIT; (bso#13628); (bsc#1116320); + CVE-2018-16851: NULL pointer de-reference in Samba AD DC LDAP server; (bso#13674); (bsc#1116322); + CVE-2018-16852: NULL pointer de-reference in Samba AD DC DNS servers; (bso#13669); (bsc#1116321); + CVE-2018-16853: Samba AD DC S4U2Self crash in experimental MIT Kerberos configuration (unsupported); (bso#13678); (bsc#1116324); + CVE-2018-16857: Bad password count in AD DC not always effective; window; (bso#13683); (bsc#1116323);- Update to samba-4.9.2 + dsdb: Add comments explaining the limitations of our current backlink behaviour; (bso#13418); + Fix problems running domain backups (handling SMBv2, sites); (bso#13621); + testparm: Fix crashes with PANIC: Messaging not initialized on SLES 12 SP3; (bso#13465); + Make vfs_fruit able to cleanup AppleDouble files; (bso#13642); + File saving issues with vfs_fruit on samba >= 4.8.5; (bso#13646); + Enabling vfs_fruit looses FinderInfo; (bso#13649); + Cancelling of SMB2 aio reads and writes returns wrong error NT_STATUS_INTERNAL_ERROR; (bso#13667); + Fix CTDB recovery record resurrection from inactive nodes and simplify vacuuming; (bso#13641); + examples: Fix the smb2mount build; (bso#13465); + libtevent: Fix build due to missing open_memstream on Illiumos; (bso#13629); + winbindd_cache: Fix timeout calculation for sid<->name cache; (bso#13662); + dsdb encrypted_secrets: Allow "ldb:// and "mdb://" in file path; (bso#13653); + Extended DN SID component missing for member after switching group membership; (bso#13418); + Return STATUS_SESSION_EXPIRED error encrypted, if the request was encrypted; (bso#13624); + python: Allow forced signing via smb.SMB(); (bso#13621); + lib:socket: If returning early, set ifaces; (bso#13665); + ldb: Bump ldb version to 1.4.3, Python: Ensure ldb.Dn can accept utf8 encoded unicode; (bso#13616); + smbd: Fix DELETE_ON_CLOSE behaviour on files with READ_ONLY attribute; (bso#13673); + waf: Add -fstack-clash-protection; (bso#13601); + winbind: Fix segfault if an invalid passdb backend is configured; (bso#13668); + Fix bugs in CTDB event handling; (bso#13659); + Misbehaving nodes are sometimes not banned; (bso#13670);- lib:socket: If returning early, set ifaces; (bso#13665); (bsc#1111373);- winbind requires latest version of libtevent-util0 to start- Backport latest gpo code from master + Read policy from local gpt cache + Offline policy application + Make group policy extensible via register/unregister gpext + gpext's run via a process_group_policy method- Enable profiling data collection- Change samba-kdc package name to samba-ad-dc - Move samba-ad-dc.service to the samba-ad-dc package- Update to samba-4.9.1 + s3: nmbd: Stop nmbd network announce storm; (bso#13620); + s3-rpcclient: Use spoolss_init_spoolss_UserLevel1 in winspool cmds; (bso#13597); + CTDB recovery lock has some race conditions; (bso#13617); + s3-rpc_client: Advertise Windows 7 client info; (bso#13597); + ctdb-doc: Remove PIDFILE option from ctdbd_wrapper man page; (bso#13610);- Tumbleweed doesn't define the sle_version macro, so we must include a check for suse_version also. Otherwise python3 is disabled on Tumbleweed.- Update to samba-4.9.0 + samba_dnsupdate: Honor 'dns zone scavenging' option, only update if needed; (bso#13605); + wafsamba: Fix 'make -j'; (bso#13606);- Update to samba-4.9.0rc5 + s3: VFS: vfs_full_audit: Ensure smb_fname_str_do_log() only returns absolute pathnames; (bso#13565); + s3: util: Do not take over stderr when there is no log file; (bso#13578); + Durable Reconnect fails because cookie.allow_reconnect is not set; (bso#13549); + krb5-samba: Interdomain trust uses different salt principal; (bso#13539); + vfs_fruit: Don't unlink the main file; (bso#13441); + smbd: Fix a memleak in async search ask sharemode; (bso#13602); + Fix Samba GPO issue when Trust is enabled; (bso#11517); + samba-tool: Add "virtualKerberosSalt" attribute to 'user getpassword/syncpasswords'; (bso#13539); + Fix CTDB configuration issues; (bso#13589); + ctdbd logs an error until it can successfully connect to eventd; (bso#13592);- Update to samba-4.9.0rc4 + s3: smbd: Ensure get_real_filename() copes with empty pathnames; (bso#13585); + samba domain backup online/rename commands force user to specify password on CLI; (bso#13566); + wafsamba/samba_abi: Always hide ABI symbols which must be local; (bso#13579); + Fix a panic if fruit_access_check detects a locking conflict; (bso#13584); + Fix memory and resource leaks; (bso#13567); + python: Fix print in dns_invalid.py; (bso#13580); + Aliasing issue causes incorrect IPv6 checksum; (bso#13588); + Fix CTDB configuration issues; (bso#13589); + s3: vfs: time_audit: fix handling of token_blob in smb_time_audit_offload_read_recv(); (bso#13568);- Add missing zlib-devel dependency which was previously pulled in by libopenssl-devel- Update to samba-4.9.0rc3+git.22.3fff23ae36e + CVE-2018-10858: libsmb: Harden smbc_readdir_internal() against returns from malicious servers; (bso#13453); + CVE-2018-1140: ldbsearch '(distinguishedName=abc)' and DNS query with escapes crashes, ldb: Release LDB 1.3.5 for CVE-2018-1140; (bso#13374); + CVE-2018-10918: cracknames: Fix DoS (NULL pointer de-ref) when not servicePrincipalName is set on a user; (bso#13552); + CVE-2018-10919: acl_read: Fix unauthorized attribute access via searches; (bso#13434); + ctdb_mutex_ceph_rados_helper: Set SIGINT signal handler; (bso#13540); + CVE-2018-1139 libcli/auth: Do not allow ntlmv1 over SMB1 when it is disabled via "ntlm auth"; (bso#13360); + s3-tldap: do not install test_tldap; (bso#13529); + ctdb_mutex_ceph_rados_helper: Fix deadlock via lock renewals; (bso#13540); + CVE-2018-1140 Add NULL check for ldb_dn_get_casefold() in ltdb_index_dn_attr(); (bso#13374); + ctdb-eventd: Fix CID 1438155; (bso#13554); + Fix CIDs 1438243, (Unchecked return value) 1438244 (Unsigned compared against 0), 1438245 (Dereference before null check) and 1438246 (Unchecked return value); (bso#13553); + ctdb: Fix a cut&paste error; (bso#13554); + systemd: Only start smb when network interfaces are up; (bso#13559); + Fix quotas don't work with SMB2; (bso#13553); + s3/smbd: Ensure quota code is only called when quota support detected; (bso#13563); + s3/libsmb: Explicitly set delete_on_close token for rmdir; (bso#13204); + s3:waf: Install eventlogadm to /usr/sbin; (bso#13561); + Shorten description in vfs_linux_xfs_sgid manual; (bso#13562);- Update to samba-4.9.0rc2+git.21.a1069afb007 + s3: smbd: Using "sendfile = yes" with SMB2 can cause CPU spin; (bso#13537); + s3: smbd: Fix path check in smbd_smb2_create_durable_lease_check(); (bso#13535); + samba-tool trust: Support discovery via netr_GetDcName; (bso#13538); + s4-dsdb: Only build dsdb Python modules for AD DC; (bso#13542); + Fix portability issues on freebsd; (bso#13520); + DNS wildcard search does not handle multiple labels correctly; (bso#13536); + samba-tool domain trust: Fix trust compatibility to Windows Server 1709 and FreeIPA; (bso#13308); + Fix portability issues on freebsd; (bso#13520); + ctdb-protocol: Fix CTDB compilation issues; (bso#13545); + ctdb-docs: Replace obsolete reference to CTDB_DEBUG_HUNG_SCRIPT option; (bso#13546); + ctdb-doc: Provide an example script for migrating old configuration; (bso#13550); + ctdb-event: Implement event tool "script list" command; (bso#13551);- Update to samba-4.8.4+git.37.a7a861d7982; + CVE-2018-1139: Weak authentication protocol allowed; (bsc#1095048); (bsc#13360); + CVE-2018-1140: Denial of Service Attack on DNS and LDAP server; (bsc#1095056); (bso#13466); (bso#13374); + CVE-2018-10858: Insufficient input validation on client directory listing in libsmbclient; (bsc#1103411); (bso#13453); + CVE-2018-10918: Denial of Service Attack on AD DC DRSUAPI server; (bsc#1103414); (bso#13552); + CVE-2018-10919: Confidential attribute disclosure from the AD LDAP server; (bsc#1095057); (bso#13434); + s3:winbind: winbind normalize names' doesn't work for users; (bso#12851); + winbind: Fix UPN handling in canonicalize_username(); (bso#13369); + s3: smbd: Fix SMB2-FLUSH against directories; (bso#13428); + samdb: Fix building Samba with gcc 8.1; (bso#13437); + s3:utils: Do not segfault on error in DoDNSUpdate(); (bso#13440); + smbd: Flush dfree memcache on service reload; (bso#13446); + ldb: Save a copy of the index result before calling the + lib/util: No Backtrace given by Samba's AD DC by default; (bso#13454). + s3: smbd: printing: Re-implement delete-on-close semantics for print files missing since 3.5.x; (bso#13457). + python: Fix talloc frame use in make_simple_acl(); (bso#13474). + krb5_wrap: Fix keep_old_entries logic for older Kerberos libraries;(bso#13478). + krb5_plugin: Add winbind localauth plugin for MIT Kerberos; (bso#13480).- Add missing package descriptions; (bsc#1093864); - Fix dependency issue between samba-python and samba-kdc; (bsc#1062876); - Call update-apparmor-samba-profile when running samba-ad-dc; (bsc#1092099);- Update to 4.8.2 + After update to 4.8.0 DC failed with "Failed to find our own NTDS Settings objectGUID" (bso#13335). + fix incorrect reporting of stream dos attributes on a directory (bso#13380). + vfs_ceph: add asynchronous fsync; fake synchronous call (bso#13412). + vfs_ceph: add fake async pwrite/pread send/recv hooks; (bso#13425) + vfs_ceph: Fix memory leak; (bso#13424). + libsmbclient: Fix hard-coded connection error return of ETIMEDOUT; (bso#13419). + s4-lsa: Fix use-after-free in LSA server; (bso#13420). + winbindd: Do re-connect if the RPC call fails in the passdb case; (bso#13430). + cleanupd: Sends MSG_SMB_UNLOCK twice to interested peers; (bso#13416). + cleanupd: Use MSG_SMB_BRL_VALIDATE to signal cleanupd unclean process shutdown; (bso#13414). + ctdb-client: Remove ununsed functions from old client code; (bso#13411). + printing: Return the same error code as windows does on upload failures; (bso#13395). + nsswitch: Fix memory leak in winbind_open_pipe_sock() when the privileged pipe is not accessable; (bso#13400). + s4:lsa_lookup: remove TALLOC_FREE(state) after all dcesrv_lsa_Lookup{Names,Sids}_base_map() calls; (bso#13420). + rpc_server: Fix NetSessEnum with stale sessions; (bso#13407). + s3:smbspool: Fix cmdline argument handling; (bso#13417).- Move libdfs-server-ad-samba4.so library from kdc to libs package, as it is required by some client libs; (bsc#1074135); - Update to 4.8.1; (bsc#1091179); + s3: ldap: Ensure the ADS_STRUCT pointer doesn't get freed on error, we don't own it here; (bso#13244); + s3: smbd: Fix possible directory fd leak if the underlying OS doesn't support fdopendir(); (bso#13270); + Round-tripping ACL get/set through vfs_fruit will increase the number of ACE entries without limit; (bso#13319); + s3: smbd: SMB2: Add DBGC_SMB2_CREDITS class to specifically debug credit issues; (bso#13347); + s3: smbd: Files or directories can't be opened DELETE_ON_CLOSE without delete access; (bso#13358); + s3: smbd: Fix memory leak in vfswrap_getwd(); (bso#13372); + s3: smbd: Unix extensions attempts to change wrong field in fchown call; (bso#13375); + ms_schema/samba-tool visualize: Fix python2.6 incompatibility; (bso#13337); + Fix invocation of gnutls_aead_cipher_encrypt(); (bso#13352); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + winbindd: Recover loss of netlogon secure channel in case the peer DC is rebooted; (bso#13332); + s3:smbd: Don't use the directory cache for SMB2/3; (bso#13363); + ctdb-client: Fix bugs in client code; (bso#13356); + ctdb-scripts: Drop "net serverid wipe" from 50.samba event script; (bso#13359); + s3: lib: messages: Don't use the result of sec_init() before calling sec_init(); (bso#13368); + libads: Fix the build '--without-ads'; (bso#13273); + winbind: Keep "force_reauth" in invalidate_cm_connection, add 'smbcontrol disconnect-dc'; (bso#13332); + vfs_virusfilter: Fix CIDs 1428738-1428740; (bso#13343); + dsdb: Fix CID 1034966 Uninitialized scalar variable; (bso#13367); + rpc_server: Fix core dump in dfsgetinfo; (bso#13370); + smbclient: Fix notify; (bso#13382); + Fix smbd panic if the client-supplied channel sequence number wraps; (bso#13215); + Windows 10 cannot logon on Samba NT4 domain; (bso#13328); + lib/util: Remove unused '#include ' from tests/tfork.c; (bso#13342); + Fix build errors with cc from developerstudio 12.5 on Solaris; (bso#13343); + Fix the picky-developer build on FreeBSD 11; (bso#13344); + s3:modules: Fix the build of vfs_aixacl2.c; (bso#13345); + s3:smbd: map nterror on smb2_flush errorpath; (bso#13338); + lib:replace: Fix linking when libtirpc-devel overwrites system headers; (bso#13341); + winbindd: 'wbinfo --name-to-sid' returns misleading result on invalid query; (bso#13312); + s3:passdb: Do not return OK if we don't have pinfo set up; (bso#13376); + Allow AESNI to be used on all processor supporting AESNI; (bso#13302);- Use new foreground execution flags for systemd samba daemons; (bsc#1088574); (bsc#1071090); (bsc#1065551); + Add %post scriptlet to clear old sysconfig flags - Update vendor-files to commit 880b3e7. + Set samba sysconfig template variables to "" + Add required daemon flags directly to systemd unit- Specfile cleanup + Remove %if..%endif guards which don't affect the build + Remove redundant %clean section + Replace old $RPM_* shell vars with macros- BuildRequire pkgconfig(systemd) and pkgconfig(libsystemd) in place of systemd and systemd-devel: Allow OBS to optimize the workload by allowing the usage of the 'build-optimized' systemd packages.- Enable building samba with python3, and create a samba-python3 package.- Update to 4.8 + New GUID Index mode in sam.ldb for the AD DC + GPO support for samba KDC + Time machine support with vfs_fruit + Encrypted secrets + AD Replication visualization + Improved trust support - ability to not scan global trust list - AD external trusts have limited support - verbose trusted domain listing + VirusFilter VFS module + NT4-style replication removed + vfs_aio_linux removed- Disable samba-pidl package, due to the removal of dependency perl-Parse-Yapp; (bsc#1085150);- Update to 4.7.6; + CVE-2018-1050: DOS vulnerability when SPOOLSS is run externally; (bso#11343); (bsc#1081741); + CVE-2018-1057: Authenticated users can change other users' password; (bso#13272); (bsc#1081024).- Disable python until full python3 port is done; (bsc#1082139); + Remove contents of package samba-python + Remove contents of package libsamba-policy0 + Remove contents of package libsamba-policy-devel + Remove library libsamba-python-samba4.so from samba-libs package + Remove library libsamba-net-samba4.so from samba-libs package + Remove smbtorture binary and manpage from samba-test- samba fails to build with glibc2.27; (bsc#1081042);- Update to 4.7.5; (bsc#1080545); + smbd tries to release not leased oplock during oplock II downgrade; (bso#13193); + Fix copying file with empty FinderInfo from Windows client to Samba share with fruit; (bso#13181); + build: Deal with recent glibc sunrpc header removal; (bso#10976); + Make Samba work with tirpc and libnsl2; (bso#13238); + vfs_ceph: Add fs_capabilities hook to avoid local statvfs; (bso#13208); (bsc#1075206); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + ctdb-recovery-helper: Deregister message handler in error paths; (bso#13188); + samba: Only use async signal-safe functions in signal handler; (bso#13240); + Kerberos: PKINIT: Can't decode algorithm parameters in clientPublicValue; (bso#12986); + repl_meta_data: Fix linked attribute corruption on databases with unsorted links on expunge. dbcheck: Add functionality to fix the corrupt database; (bso#13228); + Fix smbd panic when chdir returns error during exit; (bso#13189); + Make Samba work with tirpc and libnsl2; (bso#13238); + Fix POSIX ACL support on HPUX and possibly other big-endian OSs; (bso#13176);- Update to 4.7.4; (bsc#1080545); + s3: smbclient: Implement 'volume' command over SMB2; (bso#13140); + s3: libsmb: Fix valgrind read-after-free error in cli_smb2_close_fnum_recv(); (bso#13171); + s3: libsmb: Fix reversing of oldname/newname paths when creating a reparse point symlink on Windows from smbclient; (bso#13172); + Build man page for vfs_zfsacl.8 with Samba; (bso#12934); + repl_meta_data: Allow delete of an object with dangling backlinks; (bso#13095); + s4:samba: Fix default to be running samba as a deamon; (bso#13129); + Performance regression in DNS server with introduction of DNS wildcard, ldb: Release 1.2.3; (bso#13191); + vfs_zfsacl: Fix compilation error; (bso#6133); + "smb encrypt" setting changes are not fully applied until full smbd restart; (bso#13051); + winbindd: Fix idmap_rid dependency on trusted domain list; (bso#13052); + vfs_fruit: Proper VFS-stackable conversion of FinderInfo; (bso#13155); + winbindd: Dependency on trusted-domain list in winbindd in critical auth codepath; (bso#13173); + repl_meta_data: Fix removing of backlink on deleted objects; (bso#13120); + ctdb: sock_daemon leaks memory; (bso#13153); + TCP tickles not getting synchronised on CTDB restart; (bso#13154); + winbindd: winbind parent and child share a ctdb connection; (bso#13150); + pthreadpool: Fix deadlock; (bso#13170); + pthreadpool: Fix starvation after fork; (bso#13179); + messaging: Always register the unique id; (bso#13180); + s4/smbd: set the process group; (bso#13129); + Fix broken linked attribute handling; (bso#13095); + The KDC on an RWDC doesn't send error replies in some situations; (bso#13132); + libnet_join: Fix 'net rpc oldjoin'; (bso#13149); + g_lock conflict detection broken when processing stale entries; (bso#13195); + s3:smb2_server: allow logoff, close, unlock, cancel and echo on expired sessions; (bso#13197); + s3:libads: net ads keytab list fails with "Key table name malformed"; (bso#13166); (bsc#1067700); + Fix crash in pthreadpool thread after failure from pthread_create; (bso#13170); + s4:samba: Allow samba daemon to run in foreground; (bso#13129); (bsc#1065551); + third_party: Link the aesni-intel library with "-z noexecstack"; (bso#13174); + vfs_glusterfs: include glusterfs/api/glfs.h without relying on "-I" options; (bso#13125);- Re-enable usage of libnsl (did got lost with glibc change) - Use TI-RPC (sunrpc is deprecated and will be removed soon from glibc)- smbc_opendir should not return EEXIST with invalid login credentials; (bnc#1065868).- Update to 4.7.3; (bsc#1069666); + Non-smbd processes using kernel oplocks can hang smbd; (bso#13121); + python: use communicate to fix Popen deadlock; (bso#13127); + smbd on disk file corruption bug under heavy threaded load; (bso#13130); + tevent: version 0.9.34; (bso#13130); + s3: smbd: Fix delete-on-close after smb2_find; (bso#13118); + CVE-2017-14746: s3: smbd: Fix SMB1 use-after-free crash bug; (bsc#1060427);(bso#13041); + CVE-2017-15275: s3: smbd: Chain code can return uninitialized memory when talloc buffer is grown; (bsc#1063008); (bso#13077); - Build with AD DC support only in openSUSE.- Replace references to /var/adm/fillup-templates with new %_fillupdir macro (boo#1069468)- samba-tool requires samba-python; (bnc#1067771).- Run all daemons in the foreground and let systemd handle it; (bsc#1065551). - Update to 4.7.1; + Fix exporting subdirs with shadow_copy2; (bso#13091); + Currently if getwd() fails after a chdir(), we panic; (bso#13027); + Ensure default SMB_VFS_GETWD() call can't return a partially completed struct smb_filename; (bso#13068); + sys_getwd() can leak memory or possibly return the wrong errno on older systems; (bso#13069); + smbclient doesn't correctly canonicalize all local names before use; (bso#13093); + Fix broken linked attribute handling; (bso#13095); + Missing LDAP query escapes in DNS rpc server; (bso#12994); + Link to -lbsd when building replace.c by hand; (bso#13087); + Cannot delete non-ACL files on Solaris/ZFS/NFSv4 ACL filesystem; (bso#6133); + Map SYNCHRONIZE acl permission statically in zfs_acl vfs module; (bso#7909); + Samba fails to honor SEC_STD_WRITE_OWNER bit with the acl_xattr module; (bso#7933); + Missing assignment in sl_pack_float; (bso#12991); + Wrong Samba access checks when changing DOS attributes; (bso#12995); + samba_runcmd_send() leaves zombie processes on timeout; (bso#13062); + groupmap cleanup should not delete BUILTIN mappings; (bso#13065); + Enabling vfs_fruit results in loss of Finder tags and other xattrs; (bso#13076); + man pages: Properly ident lists; (bso#9613); + smb.conf.5: Sort parameters alphabetically; (bso#13081); + Fix GUID string format on GetPrinter info; (bso#12993); + Remote serverid check doesn't check for the unique id; (bso#13042); + CTDB starts consuming memory if there are dead nodes in the cluster; (bso#13056); + ctdb-common: Ignore event scripts with multiple '.'s; (bso#13070); + libgpo doesn't sort the GPOs in the correct order; (bso#13046); + Remote serverid check doesn't check for the unique id; (bso#13042); + vfs_catia: Fix a potential memleak; (bso#13090); + Fix file change notification for renames; (bso#12903); + Samba DNS server does not honour wildcards; (bso#12952); + Can't change password in samba from a Windows client if Samba runs on IPv6 only interface; (bso#13079); + vfs_fruit: Replace closedir() by SMB_VFS_CLOSEDIR; (bso#13086); + Apple client can't cope with SMB2 async replies when creating symlinks; (bso#13047); + s4:rpc_server:backupkey: Move variable into scope; (bso#12959); + Fix ntstatus_gen.h generation on 32bit; (bso#13099); + Fix a double free in vfs_gluster_getwd(); (bso#13100); + Fix resouce leaks and pointer issues; (bso#13101); + vfs_solarisacl: Fix build for samba 4.7 and up; (bso#13049);- Add samba-kdc to baselibs.conf. - Do not wrap samba-kdc's package definition into if/endif: the package won't be generated simply based on the fact that there is no files section for the package. Allows the source validator to ensure samba-kdc is a built package.- Update to 4.7.0; + Whole DB read locks: Improved LDAP and replication consistency; (bso#12858). + Samba AD with MIT Kerberos + Dynamic RPC port range: Default range changed from "1024-1300" to "49152-65535". + Authentication and Authorization audit support: New auth_audit debug class. + Multi-process LDAP Server: The LDAP server in the AD DC now honours the process model used for the rest of the 'samba' process. + Improved Read-Only Domain Controller (RODC) Support; (bso#12977). + Additional password hashes stored in supplementalCredentials. + Improvements to DNS during Active Directory domain join. + Significant AD performance and replication improvements. + Query record for open file or directory. + Removal of lpcfg_register_defaults_hook(). + Change of loadable module interface. + SHA256 LDAPS Certificates: The self-signed certificate generated for use on LDAPS will now be generated with a SHA256 self-signature, not a SHA1 self-signature. + CTDB no longer allows mixed minor versions in a cluster. + CTDB now ignores hints from Samba about TDB flags when attaching to databases. + New configuration variable CTDB_NFS_CHECKS_DIR. + The CTDB_SERVICE_AUTOSTARTSTOP configuration has been removed. + The CTDB_SCRIPT_DEBUGLEVEL configuration variable has been removed. + The example NFS Ganesha call-out has been improved. + A new "replicated" database type is available.- CVE-2017-12163: Prevent client short SMB1 write from writing server memory to file; (bso#13020); (bsc#1058624).- CVE-2017-12150: Some code path don't enforce smb signing, when they should; (bso#12997); (bsc#1058622).- CVE-2017-12151: Keep required encryption across SMB3 dfs redirects; (bso#12996); (bsc#1058565).- Clean specfile assuming SUSE-only system and product >=SLE11 + %{ul_version}, %{rhel_version}, %{mandriva_version}, %{centos_version} are always undefined + %{_vendor} is "suse" and %{suse_version} is at least 1100- Update to 4.6.7; (bsc#1054017) + Joining a Huawai storage fails: empty CLDAP ping answer; (bso#11392). + smbcacls can fail against a directory on Windows using SMB2.; (bso#12937). + vfs_ceph provides inconsistent directory listings; (bso#12911). + Misused talloc context can cause a user to crash their smbd by chaining SMB1 commands.; (bso#12836). + Use-after free can crash libsmbclient code.; (bso#12927). + Server exit with active AIO can crash.; (bso#12925). + Ensure notifyd doesn't return from smbd_notifyd_init; (bso#12910). + fd leak to ctdb sub-processes leads to SELinux AVC denial in audit logs; (bso#12898). + vfs_fruit shouldn't send MS NFS ACEs to Windows clients; (bso#12897). + smbspool_krb5_wrapper does not tell CUPS that it requires negotiate for authentication; (bso#12886). + finder sidebar showing question mark instead of icon when using ip to connect with vfs_fruit; (bso#12840). + Winbind stops obtaining the 'unixHomeDirectory' & 'loginShell' attributes from AD.; (bso#12720). + KCC run at selftest startup can fail spuriously due to a race; (bso#12869). + winbindd changes the local password and gets NT_STATUS_WRONG_PASSWORD for the remote change; (bso#12782). + rpc_pipe_client memory leaks due to long term memory context passed to rpc_pipe_open_interface(); (bso#12890). + CVE-2017-2619 breaks accessing previous versions of directories with snapshots in subdirectories of the share; (bso#12885). + dns_name_equal doing OOB read; (bso#12813). + replica_sync tests flap; (bso#12753). + Selftest should not call 'net cache flush' and wipe important winbind entries; (bso#12868). + Old Samba versions don't support using recent ldb versions (>=1.1.30); (bso#12859). + pam_winbind fails with kerberos method = secrets and keytab; (bso#10490). + race starting winbindd against posixacl test; (bso#12843). + Crash in the reentrant smbd_smb2_create_send() if the something fails in the subsequent try; (bso#12832). + spnego.c passes the wrong argument order to gensec_update_ev() for the FALLBACK case; (bso#12788). + Clients with SMB3 support can't connect with "server max protocol = SMB2_02"; (bso#12772). + A log message of samb-tool user syncpasswords reverses string arguments in a debug message "Call Popen[...".; (bso#12768). + The smb tarmode tests kills the share dir contents; (bso#12867). + Fix for a bug in MacOS X Sierra NTLMv2 processing; (bso#12862). + CVE-2017-2619 regression with non-wide symlinks to directories; (bso#12860). + manpage/index.html lists links not in alphabetical order; (bso#12854). + smbcacls got error NT_STATUS_NETWORK_NAME_DELETED; (bso#12831). + If a record is locked in a database, then recovery does not complete; (bso#12857). + debug_locks.sh script does not log any information; (bso#12856). + SIGSEGV in cm_connect_lsa_tcp dereferencing conn->lsa_tcp_pipe->transport after error; (bso#12852). + smbclient can't parse DOMAIN+username if a different winbind separator is used; (bso#12849). + Related requests with SessionSetup fail with INTERNAL_ERROR; (bso#12845). + Related requests with TreeConnect fail with NETWORK_NAME_DELETED; (bso#12844). + cli->server_os not filled correctly; (bso#12779). + REGRESSION: smbclient doesn't print the session setup anymore; (bso#12824). + smblcient doesn't handle STATUS_NOT_SUPPORTED gracefully for FSCTL_VALIDATE_NEGOTIATE_INFO; (bso#12808). + CTDB NFS call-out failures do not cause event failures; (bso#12837). + net command fails due to incorrectly return code; (bso#12828). + Fix building Samba with GCC 7.1; (bso#12827).- Fix duplicate CTDB_LOGGING params when downgraded and upgraded again; (bsc#1048339).- fix cephwrap_chdir(); (bsc#1048790). - Update to 4.6.6 + CVE-2017-11103: Orpheus' Lyre KDC-REP service name validation; (bsc#1048278).- Fix ctdb logs to /var/log/log.ctdb instead of /var/log/ctdb; (bsc#1048339).- Fix inconsistent ctdb socket path; (bsc#1048352). - Fix non-admin cephx authentication; (bsc#1048387).- Update to 4.6.5; (bsc#1040157) + Specifying CTDB_LOGGING=syslog:nonblocking causes ctdbd to crash at startup; (bso#12814). + vfs_expand_msdfs tries to open the remote address as a file path; (bso#12687). + PANIC (pid 1096): assert failed: lease_type_is_exclusive(e_lease_type); (bso#12798). + With clustering get update_num_read_oplocks failed and PANIC: num_share_modes == 1 assertion failure; (bso#11844). + contend_level2_oplocks_begin_default oplock optimisation doesn't carry over to leases; (bso#12766). + `ctdb nodestatus` incorrectly displays status for all nodes with wrong exit code; (bso#12802). + CTDB can spin hard on revoking readonly delegations if a node becomes disconnected; (bso#12697). + Printing a share mode entry with leases can crash in the ndr code; (bso#12793). + Fix flakey unit tests for eventd; (bso#12792). + CTDB daemon crashes if built with clang; (bso#12770). + smbcacls fails if no password is specified; (bso#12765). + idmap_rfc2307: Lookup of more than two SIDs fails; (bso#12757). + samba-tool user syncpasswords doesn't trigger the script when a user gets removed; (bso#12767). + systemd: fix detection of libsystemd; (bso#12764). + Notify subsystem only maps first inotify mask to Windows notify filter; (bso#12760). + Allow passing trusted domain password as plain-text to PASSDB layer; (bso#12751). + Can't case-rename files with vfs_fruit; (bso#12749). + wrong sid->uid mapping for SIDs residing in sIDHistory; (bso#12702). + vfs_acl_common should force "create mask = 0777", not 0666; (bso#12562). + Ordering of notify responses broken; (bso#12756).- s3: libsmb: Fix error where short name length was read as 2 bytes, should be 1; (bso#11822); (bsc#1042419).- Revert explicit winbind %{version}-%{release} dependency. + The ABI has stabilized since (bsc#936909), so remove to fix cross-media dependencies; (bsc#1037899).- Fix CVE-2017-7494 remote code execution from a writable share; (bso#12780); (bsc#1038231).- Update to 4.6.3; (bsc#1036011) + s3:vfs:shadow_copy2: vfs_shadow_copy2 fails to list snapshots from shares with GlusterFS backend; (bso#12743). + Fix for Solaris C compiler; (bso#12559). + s3: locking: Update oplock optimization for the leases era; (bso#12628). + Make the Solaris C compiler happy; (bso#12693). + s3: libgpo: Allow skipping GPO objects that don't have the expected LDAP attributes; (bso#12695). + Fix buffer overflow caused by wrong use of getgroups; (bso#12747). + lib: debug: Avoid negative array access; (bso#12746). + cleanupdb: Fix a memory read error; (bso#12748). + streams_xattr and kernel oplocks results in NT_STATUS_NETWORK_BUSY; (bso#7537). + winbindd: idmap_autorid allocates ids for unknown SIDs from other backends; (bso#11961). + vfs_fruit: Resource fork open request with flags=O_CREAT|O_RDONLY; (bso#12565). + manpages/vfs_fruit: Document global options; (bso#12615). + lib/pthreadpool: Fix a memory leak; (bso#12624). + Lookup-domain for well-known SIDs on a DC; (bso#12727). + winbindd: Fix error handling in rpc_lookup_sids(); (bso#12728). + winbindd: Trigger possible passdb_dsdb initialisation; (bso#12729). + credentials_krb5: use gss_acquire_cred for client-side GSSAPI use case; (bso#12611). + lib/crypto: Implement samba.crypto Python module for RC4; (bso#12690). + ctdb-readonly: Avoid a tight loop waiting for revoke to complete; (bso#12697). + ctdb_event monitor command crashes if event is not specified; (bso#12723). + ctdb-docs: Fix documentation of "-n" option to 'ctdb tool'; (bso#12733). + smbd: Fix smb1 findfirst with DFS; (bso#12558). + smbd: Do an early exit on negprot failure; (bso#12610). + winbindd: Fix substitution for 'template homedir'; (bso#12699). + s4:kdc: Disable principal based autodetected referral detection; (bso#12554). + idmap_autorid: Allocate new domain range if the callers knows the sid is valid; (bso#12613). + LINKFLAGS_PYEMBED should not contain -L/some/path; (bso#12724). + PAM auth with WBFLAG_PAM_GET_PWD_POLICY returns wrong policy for trusted domain; (bso#12725). + rpcclient: Allow -U'OTHERDOMAIN\user' again; (bso#12731). + winbindd: Fix password policy for pam authentication; (bso#12725). + s3:gse: Correctly handle external trusts with MIT; (bso#12554). + auth/credentials: Always set the realm if we set the principal from the ccache; (bso#12611). + replace: Include sysmacros.h; (bso#12686). + s3:vfs_expand_msdfs: Do not open the remote address as a file; (bso#12687). + s3:libsmb: Only print error message if kerberos use is forced; (bso#12704). + winbindd: Child process crashes when kerberos-authenticating a user with wrong password; (bso#12708). + vfs_fruit: Office document opens as read-only on macOS due to CNID semantics; (bso#12715). + vfs_acl_xattr: Fix failure to get ACL on Linux if memory is fragmented; (bso#12737).- Generate and update vendor-files tarball from Git + SuSEfirewall2 service samba-client only setup IPv4 rule; (bsc#1034416).- Generate source tarball directly from Git using OBS tar_scm + use version string derived from parent Git tag and commit hash - remove obsolete vendor-files/tools/package-data version ID + explicitly generate ctdb manpages, needed without "make dist"- Update to 4.6.2 + remove bso#12721 patches now upstream- Enable samba-ceph build for openSUSE and SLE12SP3+; (fate#321622). + x86-64 and aarch64- Enable librados CTDB lock helper for samba-ceph package; (fate#321622).- Build and install the html man pages (bsc#1021907).- Fix CVE-2017-2619 regression with "follow symlinks = no"; (bso#12721).- Update to 4.6.1 + symlink race permits opening files outside share directory; CVE-2017-2619; (bso#12496); (bsc#1027147) + testparm checks for valid idmap parameters + add new krb client encryption types + support for printer driver upload from windows 10 + inherit owner = 'unix only' for improved quota support + improved CTDB event support + new primary group support for idmap_ad + idmap_hash deprecated + mvxattr added to recursively rename extended attributes- Remove chkconfig requirements for systemd systems- Don't call insserv if systemd is used- Fix check if we need to require insserv- async_req: make async_connect_send() "reentrant"; (bso#12105); (bsc#1024416).- Force usage of ncurses6-config thru NCURSES_CONFIG env var; (bsc#1023847).- add missing patch for libnss_wins segfault; (bsc#995730).- Fix vfs_ceph builds against recent Ceph versions; (bsc#1021933).- Document "winbind: ignore domains" parameter; (bsc#1019416).- Add base Samba dependency to samba-ceph package.- Update to 4.5.3 + Heap-based Buffer Overflow Remote Code Execution Vulnerability; CVE-2016-2123; (bso#12409); (bsc#1014437). + Don't send delegated credentials to all servers; CVE-2016-2125; (bso#12445); (bsc#1014441). + denial of service due to a client triggered crash in the winbindd parent process; CVE-2016-2126; (bso#12446); (bsc#1014442). - 4.5.1 and 4.5.2 updates + various streams vfs fixes + various printing fixes + ntlm_auth: do not map explicitly empty domain + various stability fixes in smbd + match file compression ReFS behavior- Add missing ldb module directory; (bnc#1012092).- s3/client: obey 'disable netbios' smb.conf param, don't connect via NBT port; (bsc#1009085); (bso#12418).- Include vfstest in samba-test; (bsc#1001203).- s3/winbindd: using default domain with user@domain.com format fails; (bsc#997833).- Fix segfault in libnss_wins; (bso#12277); (bso#12269); (bsc#995730).- Update to 4.5.0 + NTLM1 Authentication disabled by default + SMB2.1 leases enabled by default + Support for OFD locks + ctdb tool rewritten + Added shadow copy snapshot prefix parameter- Fix illegal memory access after memory has been deleted; (bso#11836); (bsc#975299).- Prevent core, make sure response->extra_data.data is always cleared out; (bsc#993692).- Don't package man pages for VFS modules that aren't built; (boo#993707).- Fix population of ctdb sysconfig after source merge; (bsc#981566).- Enable vfs_ceph builds for Factory (x86-64) + Package as samba-ceph to avoid Ceph dependency in base package.- Update to 4.4.5 + Prevent client-side SMB2 signing downgrade; CVE-2016-2119; (bso#11860); (bsc#986869).- Remove obsolete syslog.target; (bsc#983938).- Honor smb.conf socket options in winbind; (bsc#975131).- Don't use htons() with IP_PROTO_RAW; (bso#11705); (bsc#969522).- Update to 4.4.4 + SMB3 multichannel: Add implementation of missing channel sequence number verification; (bso#11809). + smbd:close: Only remove kernel share modes if they had been taken at open; (bso#11919). + notifyd: Prevent NULL deref segfault in notifyd_peer_destructor; (bso#11930). + s3:rpcclient: Make '--pw-nt-hash' option work; (bso#10796). + Fix case sensitivity issues over SMB2 or above; (bso#11438). + s3:smbd: Fix anonymous authentication if signing is mandatory. (bso#11910) + Fix NTLM Authentication issue with squid; (bso#11914). + pdb: Fix segfault in pdb_ldap for missing gecos; (bso#11530). + Fix memory leak in share mode locking; (bso#11934).- Update to 4.4.3 + Various post-badlock regressions; (bso#11841); (bso#11850); (bso#11858); (bso#11870); (bso#11872). + Only allow idmap_hash for default idmap config (bso#11786). + smbd: Avoid large reads beyond EOF; (bso#11878). + vfs_acl_common: Avoid setting POSIX ACLs if "ignore system acls" is set; (bso#11806). + libads: Record session expiry for spnego sasl binds; (bso#11852).- Fix NTLMSSP regressions caused by previous CVE fixes; (bso#11849); (bsc#975962); (bsc#979268), (bsc#977669).- Revert shared library packaging to comply with SLPP- Update to 4.4.2 + A man-in-the-middle can downgrade NTLMSSP authentication; CVE-2016-2110; (bso#11688); (bsc#973031). + Domain controller netlogon member computer can be spoofed; CVE-2016-2111; (bso#11749); (bsc#973032). + LDAP conenctions vulnerable to downgrade and MITM attack; CVE-2016-2112; (bso#11644); (bsc#973033). + TLS certificate validation missing; CVE-2016-2113; (bso#11752); (bsc#973034). + Named pipe IPC vulnerable to MITM attacks; CVE-2016-2115; (bso#11756); (bsc#973036). + "Badlock" DCERPC impersonation of authenticated account possible; CVE-2016-2118; (bso#11804); (bsc#971965). + DCERPC server and client vulnerable to DOS and MITM attacks; CVE-2015-5370; (bso#11344); (bsc#936862).- Fix samba.tests.messaging test and prevent potential tdb corruption by removing obsolete now invalid tdb_close call; (bsc#974629).- Obsolete libsmbclient from libsmbclient0 while not providing it; (bsc#972197).- Update to 4.4.0. + Read of uninitialized memory DNS TXT handling; (bso#11128); (bso#11686); CVE-2016-0771. + Getting and setting Windows ACLs on symlinks can change permissions on link target; (bso#11648); CVE-2015-7560. + Sockets with htons(IPPROTO_RAW); (bso#11705); CVE-2015-8543. + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystem with no ACL support; (bso#10489). + docs: Add example for domain logins to smbspool man page; (bso#11643). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + docs: Add smbspool_krb5_wrapper manpage; (bso#11690). + winbindd: Return trust parameters when listing trusts; (bso#11691). + ctdb: Do not provide a useless pkgconfig file for ctdb; (bso#11696). + Crypto.Cipher.ARC4 is not available on some platforms, fallback to M2Crypto.RC4.RC4 then; (bso#11699). + s3:utils/smbget: Set default blocksize; (bso#11700). + Streamline 'smbget' options with the rest of the Samba utils; (bso#11700). + s3:clispnego: Fix confusing warning in spnego_gen_krb5_wrap(); (bso#11702). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + s3:vfs:glusterfs: Fix build after quota changes; (bso#11715). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + lib:socket: Fix CID 1350010: Integer OVERFLOW_BEFORE_WIDEN; (bso#11723). + smbd: Fix CID 1351215 Improper use of negative value; (bso#11724). + smbd: Fix CID 1351216 Dereference null return value; (bso#11725). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + docs: Add manpage for cifsdd; (bso#11730). + param: Fix str_list_v3 to accept ; again; (bso#11732). + lib/socket: Fix improper use of default interface speed; (bso#11734). + lib:socket: Fix CID 1350009: Fix illegal memory accesses (BUFFER_SIZE_WARNING); (bso#11735). + libcli: Fix debug message, print sid string for new_ace trustee; (bso#11738). + Fix installation path of Samba helper binaries; (bso#11739). + Fix memory leak in loadparm; (bso#11740). + tevent: version 0.9.28: Fix memory leak when old signal action restored; (bso#11742). + smbd: Ignore SVHDX create context; (bso#11753). + Fix net join; (bso#11755). + s3:libads: setup the msDS-SupportedEncryptionTypes attribute on ldap_add; (bso#11755). + passdb: Add linefeed to debug message; (bso#11763). + s3:utils/smbget: Fix option parsing; (bso#11767). + libnet: Make Kerberos domain join site-aware; (bso#11769). + Reset TCP Connections during IP failover; (bso#11770). + ldb: Version 1.1.26; (bso#11772). + s3:smbd: Add negprot remote arch detection for OSX; (bso#11773). + vfs_glusterfs: Fix use after free in AIO callback; (bso#11774). + mkdir can return ACCESS_DENIED incorrectly on create race; (bso#11780). + "trustdom_list_done: Got invalid trustdom response" message should be avoided; (bso#11782). + Mismatch between local and remote attribute ids lets replication fail with custom schema; (bso#11783). + Quota is not supported on Solaris 10; (bso#11788). + Talloc: Version 2.1.6; (bso#11789). + smbd: Enable multi-channel if 'server multi channel support = yes' in the config; (bso#11796). + build: Fix build when '--without-quota' specified; (bso#11798). + lib/socket/interfaces: Fix some uninitialied bytes; (bso#11802). + Access based share enum: handle permission set in configuration files; (bso#8093). + See also WHATSNEW.txt from the samba-doc package.- Update to 4.3.6. + Getting and setting Windows ACLs on symlinks can change permissions on link target; CVE-2015-7560; (bso#11648); (bsc#968222). + Fix Out-of-bounds read in internal DNS server; CVE-2016-0771; (bso#11128); (bso#11686); (bsc#968223).- Upgrade on-disk FSRVP server state to new version; (bsc#924519).- Only obsolete but do not provide gplv2/3 package names; (bsc#968973).- Relocate existing lock files to /var/lib/samba/lock; (bsc#968963).- Obsolete no longer existing samba-32bit package; (bsc#967625).- Update to 4.3.5. + s3:utils/smbget: Fix recursive download; (bso#6482). + s3: smbd: posix_acls: Fix check for setting u:g:o entry on a filesystemi with no ACL support; (bso#10489). + s3:smbd/oplock: Obey kernel oplock setting when releasing oplocks; (bso#11400). + vfs_shadow_copy2: Fix case where snapshots are outside the share; (bso#11580). + smbclient: Query disk usage relative to current directory; (bso#11662). + winbindd: Handle expired sessions correctly; (bso#11670). + smbd: Show correct disk size for different quota and dfree block sizes; (bso#11681). + smbcacls: Fix uninitialized variable; (bso#11682). + s3:smbd: Ignore initial allocation size for directory creation; (bso#11684). + s3-client: Add a KRB5 wrapper for smbspool; (bso#11690). + s3-parm: Clean up defaults when removing global parameters; (bso#11693). + Use M2Crypto.RC4.RC4 on platforms without Crypto.Cipher.ARC4; (bso#11699). + s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703). + ctdb: Remove error messages after kernel security update; CVE-2015-8543; (bso#11705). + loadparm: Fix memory leak issue; (bso#11708). + lib/tsocket: Work around sockets not supporting FIONREAD; (bso#11714). + ctdb-scripts: Drop use of "smbcontrol winbindd ip-dropped ..."; (bso#11719). + s3:smbd:open: Skip redundant call to file_set_dosmode when creating a new file; (bso#11727). + param: Fix str_list_v3 to accept ";" again; (bso#11732).- Shift samba-client sysconfig data into samba and samba-winbind; (bsc#947361).- Simplify shared library packaging; (bsc#966956).- Enable clustering (CTDB) support; (bsc#966271).- s3: smbd: Fix timestamp rounding inside SMB2 create; (bso#11703); (bsc#964023).- Add quotes around path of update-apparmor-samba-profile; (bnc#962177).- Remove autoconf build-time requirement.- Update to 4.3.4. + vfs_fruit: Enable POSIX directory rename semantics; (bso#11065). + Crash: Bad talloc magic value - access after free; (bso#11394). + Copying files with vfs_fruit fails when using vfs_streams_xattr without stream prefix and type suffix; (bso#11466). + samba-tool: Fix uncaught exception if no fSMORoleOwner attribute is given; (bso#11613). + Fix a typo in the smb.conf manpage, explanation of idmap config; (bso#11619). + Correctly initialize the list head when keeping a list of primary followed by DFS connections; (bso#11624). + Reduce the memory footprint of empty string options; (bso#11625). + lib/async_req: Do not install async_connect_send_test; (bso#11639). + Fix typos in man vfs_gpfs; (bso#11641). + Make "hide dot files" option work with "store dos attributes = yes"; (bso#11645). + Fix a corner case of the symlink verification; (bso#11647); (bnc#960249). + Do not disable "store dos attributes" on-the-fly; (bso#11649). + Update lastLogon and lastLogonTimestamp; (bso#11659).- Prevent access denied if the share path is "/"; (bso#11647); (bnc#960249).- Update to 4.3.3. + Malicious request can cause Samba LDAP server to hang, spinning using CPU; CVE-2015-3223; (bso#11325); (bnc#958581). + Remote read memory exploit in LDB; CVE-2015-5330; (bso#11599); (bnc#958586). + Insufficient symlink verification (file access outside the share); CVE-2015-5252; (bso#11395); (bnc#958582). + No man in the middle protection when forcing smb encryption on the client side; CVE-2015-5296; (bso#11536); (bnc#958584). + Currently the snapshot browsing is not secure thru windows previous version (shadow_copy2); CVE-2015-5299; (bso#11529); (bnc#958583). + Fix Microsoft MS15-096 to prevent machine accounts from being changed into user accounts; CVE-2015-8467; (bso#11552); (bnc#958585).- Update to 4.3.2. + vfs_gpfs: Re-enable share modes; (bso#11243). + dcerpc.idl: Accept invalid dcerpc_bind_nak pdus; (bso#11327). + s3-smbd: Fix old DOS client doing wildcard delete - gives an attribute type of zero; (bso#11452). + Add libreplace dependency to texpect, fixes a linking error on Solaris; (bso#11511). + s4: Fix linking of 'smbtorture' on Solaris; (bso#11512). + s4:lib/messaging: Use correct path for names.tdb; (bso#11562). + Fix segfault of 'net ads (join|leave) -S INVALID' with nss_wins; (bso#11563). + async_req: Fix non-blocking connect(); (bso#11564). + auth: gensec: Fix a memory leak; (bso#11565). + lib: util: Make non-critical message a warning; (bso#11566). + Fix winbindd crashes with samlogon for trusted domain user; (bso#11569); (bnc#949022). + smbd: Send SMB2 oplock breaks unencrypted; (bso#11570). + ctdb: Open the RO tracking db with perms 0600 instead of 0000; (bso#11577). + s3:smb2_server: Make the logic of SMB2_CANCEL DLIST_REMOVE() clearer; (bso#11581). + s3-smbd: Fix use after issue in smbd_smb2_request_dispatch(); (bso#11581). + manpage: Correct small typo error; (bso#11584). + s3: smbd: If EAs are turned off on a share don't allow an SMB2 create containing them; (bso#11589). + Backport some valgrind fixes from upstream master; (bso#11597). + auth: Consistent handling of well-known alias as primary gid; (bso#11608). + winbind: Fix crash on invalid idmap configs; (bso#11612). + s3: smbd: have_file_open_below() fails to enumerate open files below an open directory handle; (bso#11615). + Changing log level of two entries to DBG_NOTICE; (bso#9912).- Ensure samlogon fallback requests are rerouted after kerberos failure; (bnc#953382); (bnc#953972).- Ensure to link with --as-needed flag by removing SUSE_ASNEEDED=0. - Always use the default optimization even on pre-9.2 systems.- Remove redundant configure options while adding with-relro.- Relocate the lockdir to the /var/lib/samba/lock directory.- Cleanup and enhance the pidl sub package.- Require renamed python-ldb-devel and python-talloc-devel at build-time. - Requires python-ldb and python-talloc from the python subpackage.- Update to 4.3.1. + s3: smbd: Fix our access-based enumeration on "hide unreadable" to match Windows; (bso#10252). + nss_winbind: Fix hang on Solaris on big groups; (bso#10365). + smbd: Fix file name buflen and padding in notify repsonse; (bso#10634). + kerberos: Make sure we only use prompter type when available; winbind: Fix 100% loop; (bso#11038). + source3/lib/msghdr.c: Fix compiling error on Solaris; (bso#11053). + s3:ctdbd_conn: make sure we destroy tevent_fd before closing the socket; (bso#11316). + s3: smbd: Fix mkdir race condition; (bso#11486). + pam_winbind: Fix a segfault if initialization fails; (bso#11502). + s3: dfs: Fix a crash when the dfs targets are disabled; (bso#11509). + s4:lib/messaging: Use 'msg.lock' and 'msg.sock' for messaging related subdirs; (bso#11515). + s3: smbd: Fix opening/creating :stream files on the root share directory; (bso#11522). + lib/param: Fix hiding of FLAG_SYNONYM values; (bso#11526). + net: Fix a crash with 'net ads keytab create'; (bso#11528). + s3: smbd: Fix a crash in unix_convert(); (bso#11535). + s3: smbd: Fix NULL pointer bug introduced by previous 'raw' stream fix (bso#11522); (bso#11535). + vfs_fruit: Return value of ad_pack in vfs_fruit.c; (bso#11543). + vfs_commit: set the fd on open before calling SMB_VFS_FSTAT; (bso#11547). + s3:locking: Initialize lease pointer in share_mode_traverse_fn(); (bso#11549). + s3:smbstatus: Add stream name to share_entry_forall(); (bso#11550). + s3:lib: Validate domain name in lookup_wellknown_name(); (bso#11555). + s3: lsa: lookup_name() logic for unqualified (no DOMAIN component) names is incorrect; (bso#11555).- Fix 100% CPU in winbindd when logging in with "user must change password on next logon"; (bso#11038).- Relocate the tmpfiles.d directory to the client package; (bnc#947552).- Do not provide libpdb0 from libsamba-passdb0 but add it to baselibs.conf instead; (bnc#942716).- Package /var/lib/samba/private/sock with 0700 permissions; (bnc#946051).- Package /var/lib/samba/msg with 0755 permissions; (bso#11515); (bnc#945502).- Require to install libfam0-gamin from samba-libs on post-12.1 and pre-13.15 systems; (bnc#945013).- Update to 4.3.0. + Samba "map to guest = Bad uid" doesn't work; (bso#9862). + revert LDAP extended rule 1.2.840.113556.1.4.1941 LDAP_MATCHING_RULE_IN_CHAIN changes; (bso#10493). + No objectClass found in replPropertyMetaData on ordinary objects (non-deleted); (bso#10973). + Stream names with colon don't work with fruit:encoding = native; (bso#11278). + NetApp joined to a Samba/ADDC cannot resolve SIDs; (bso#11291). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + "force group" with local group not working; (bso#11320). + strsep is not available on Solaris; (bso#11359). + smbtorture does not build when configured --with-system-mitkrb5; (bso#11411). + Build with GPFS support is broken; (bso#11421). + Build broken with --disable-python; (bso#11424). + net share allowedusers crashes; (bso#11426). + nmbd incorrectly matches netbios names as own name; (bso#11427). + Python bindings don't check integer types; (bso#11429). + Python bindings don't check array sizes; (bso#11430). + CTDB's eventscript error handling is broken; (bso#11431). + Fix crash in nested ctdb banning; (bso#11432). + Cannot build ctdbpmda; (bso#11434). + samba-tool uncaught exception error; (bso#11436). + Crash in notify_remove caused by change notify = no; (bso#11444). + Poor SMB3 encryption performance with AES-GCM; (bso#11451). + Poor SMB3 encryption performance with AES-GCM (part1); (bso#11451). + fix recursion problem in rep_strtoll in lib/replace/replace.c; (bso#11455). + --bundled-libraries=!ldb,!pyldb,!pyldb-util doesn't disable ldb build and install; (bso#11458). + xid2sid gives inconsistent results; (bso#11464). + ctdb: Fix the build on FreeBSD 10.1; (bso#11465). + Handling of 0 byte resource fork stream; (bso#11467). + AD samr GetGroupsForUser fails for users with "()" in their name; (bso#11488).- Configure with --bundled-libraries=NONE; (bso#11458).- Adapt net-kdc-lookup patch for post-3.3 Samba versions; (bnc#295284).- Remove libiniparser-devel build-time requirement.- Update to 4.2.3. + s4:lib/tls: Fix build with gnutls 3.4; (bso#8780). + s4.2/fsmo.py: Fixed fsmo transfer exception; (bso#10924). + winbindd: Sync secrets.ldb into secrets.tdb on startup; (bso#10991). + Logon via MS Remote Desktop hangs; (bso#11061). + s3: lib: util: Ensure we read a hex number as %x, not %u; (bso#11068). + tevent: Add a note to tevent_add_fd(); (bso#11141). + s3:param/loadparm: Fix 'testparm --show-all-parameters'; (bso#11170). + s3-unix_msg: Remove socket file after closing socket fd; (bso#11217). + smbd: Fix a use-after-free; (bso#11218); (bnc#919309). + s3-rpc_server: Fix rpc_create_tcpip_sockets() processing of interfaces; (bso#11245). + s3:smb2: Add padding to last command in compound requests; (bso#11277). + Add IPv6 support to ADS client side LDAP connects; (bso#11281). + Add IPv6 support for determining FQDN during ADS join; (bso#11282). + s3: IPv6 enabled DNS connections for ADS client; (bso#11283). + Fix invalid write in ctdb_lock_context_destructor; (bso#11293). + Excessive cli_resolve_path() usage can slow down transmission; (bso#11295). + vfs_fruit: Add option "veto_appledouble"; (bso#11305). + tstream: Make socketpair nonblocking; (bso#11312). + idmap_rfc2307: Fix wbinfo '--gid-to-sid' query; (bso#11313). + Group creation: Add msSFU30Name only when --nis-domain was given; (bso#11315). + tevent_fd needs to be destroyed before closing the fd; (bso#11316). + Build fails on Solaris 11 with "‘PTHREAD_MUTEX_ROBUST’ undeclared"; (bso#11319). + smbd/trans2: Add a useful diagnostic for files with bad encoding; (bso#11323). + Change sharesec output back to previous format; (bso#11324). + Robust mutex support broken in 1.3.5; (bso#11326). + Kerberos auth info3 should contain resource group ids available from pac_logon; winbindd: winbindd_raw_kerberos_login - ensure logon_info exists in PAC; (bso#11328); (bnc#912457). + s3:smb2_setinfo: Fix memory leak in the defer_rename case; (bso#11329). + tevent: Fix CID 1035381 Unchecked return value; (bso#11330). + tdb: Fix CID 1034842 and 1034841 Resource leaks; (bso#11331). + s3: smbd: Use separate flag to track become_root()/unbecome_root() state; (bso#11339). + s3: smbd: Codenomicon crash in do_smb_load_module(); (bso#11342). + pidl: Make the compilation of PIDL producing the same results if the content hasn't change; (bso#11356). + winbindd: Disconnect child process if request is cancelled at main process; (bso#11358). + vfs_fruit: Check offset and length for AFP_AfpInfo read requests; (bso#11363). + docs: Overhaul the description of "smb encrypt" to include SMB3 encryption; (bso#11366). + s3:auth_domain: Fix talloc problem in connect_to_domain_password_server(); (bso#11367). + ncacn_http: Fix GNUism; (bso#11371).- Disable rpath usage; (bnc#902421).- Make the winbind package depend on the matching libwbclient version and vice versa; (bnc#936909).- Backport changes to use resource group sids obtained from pac logon_info; (bso#11328); (bnc#912457).- Order winbind.service Before and Want nss-user-lookup target.- Remove fam-devel build-time dependency for post-6 RHEL systems.- Update to 4.2.2. + s3:smbXsrv: refactor duplicate code into smbXsrv_session_clear_and_logoff(); (bso#11182). + gencache: don't fail gencache_stabilize if there were records to delete; (bso#11260). + s3: libsmbclient: After getting attribute server, ensure main srv pointer is still valid; (bso#11186). + s4: rpc: Refactor dcesrv_alter() function into setup and send steps; (bso#11236). + s3: smbd: Incorrect file size returned in the response of "FILE_SUPERSEDE Create"; (bso#11240). + Mangled names do not work with acl_xattr; (bso#11249). + nmbd rewrites browse.dat when not required; (bso#11254). + vfs_fruit: add option "nfs_aces" that controls the NFS ACEs stuff; (bso#11213). + s3:smbd: Add missing tevent_req_nterror; (bso#11224). + vfs: kernel_flock and named streams; (bso#11243). + vfs_gpfs: Error code path doesn't call END_PROFILE; (bso#11244). + s4: libcli/finddcs_cldap: continue processing CLDAP until all addresses are used; (bso#11284). + ctdb: check for talloc_asprintf() failure; (bso#11201). + spoolss: purge the printer name cache on name change; (bso#11210); (bnc#901813). + CTDB statd-callout does not scale; (bso#11204). + vfs_fruit: also map characters below 0x20; (bso#11221). + ctdb: Coverity fix for CID 1291643; (bso#11201). + Multiplexed RPC connections are not handled by DCERPC server; (bso#11225). + Fix terminate connection behavior for asynchronous endpoint with PUSH notification flavors; (bso#11226). + ctdb-scripts: Fix bashism in ctdbd_wrapper script; (bso#11007). + ctdb: Fix CIDs 1125615, 1125634, 1125613, 1288201 and 1125553; (bso#11201). + SMB2 should cancel pending NOTIFY calls with DELETE_PENDING if the directory is deleted; (bso#11257). + s3:winbindd: make sure we remove pending io requests before closing client sockets; (bso#11141); (bnc#931854). + Fix panic triggered by smbd_smb2_request_notify_done() -> smbXsrv_session_find_channel() in smbd; (bso#11182). + 'sharesec' output no longer matches input format; (bso#11237). + waf: Fix systemd detection; (bso#11200). + CTDB: Fix portability issues; (bso#11202). + CTDB: Fix some IPv6-related issues; (bso#11203). + CTDB statd-callout does not scale; (bso#11204). + 'net ads dns gethostbyname' crashes with an error in TALLOC_FREE if you enter invalid values; (bso#11234). + libads: record service ticket endtime for sealed ldap connections; (bso#11267). + lib/util: Include DEBUG macro in internal header files before samba_util.h; (bso#11033).- Avoid a crash inside the tevent epoll backend; (bso#11141); (bnc#931854).- Remove the independently built libraries ldb, talloc, tdn, and tevent and the post-10.3 renamed libsmbclient from baselibs.conf.- Drop redundant doc attribute from man pages.- Update to 4.2.1. + s3:winbind:grent: Don't stop group enumeration when a group has no gid; (bso#8905). + Initialize dwFlags field of DNS_RPC_NODE structure; (bso#9791). + s3: lib: ntlmssp: If NTLMSSP_NEGOTIATE_TARGET_INFO isn't set, cope with servers that don't send the 2 unused fields; (bso#10016). + build:wafadmin: Fix use of spaces instead of tabs; (bso#10476). + waf: Fix the build on openbsd; (bso#10476). + s3: client: "client use spnego principal = yes" code checks wrong name; (bso#10888). + spoolss: Retrieve published printer GUID if not in registry; (bso#11018). + s3: lib: libsmbclient: If reusing a server struct, check every cli->timout miliseconds if it's still valid before use; (bso#11079). + vfs_fruit: Enhance handling of malformed AppleDouble files; (bso#11125). + backupkey: Explicitly link to gnutls and gcrypt; (bso#11135). + replace: Remove superfluous check for gcrypt header; (bso#11135). + Backport subunit changes; (bso#11137). + libcli/auth: Match Declaration of netlogon_creds_cli_context_tmp with implementation; (bso#11140). + s3-winbind: Fix cached user group lookup of trusted domains; (bso#11143). + talloc: Version 2.1.2; (bso#11144). + Update libwbclient version to 0.12; (bso#11149). + brlock: Use 0 instead of empty initializer list; (bso#11153). + s4:auth/gensec_gssapi: Let gensec_gssapi_update() return NT_STATUS_LOGON_FAILURE for unknown errors; (bso#11164). + docs/idmap_rid: Remove deprecated base_rid from example; (bso#11169); (bnc#913304). + s3: libcli: smb1: Ensure we correctly finish a tevent req if the writev fails in the SMB1 case; (bso#11173). + backupkey: Use ndr_pull_struct_blob_all(); (bso#11174). + Fix lots of winbindd zombie processes on Solaris platform; (bso#11175). + s3: libsmbclient: Add missing talloc stackframe; (bso#11177). + s4-process_model: Do not close random fds while forking; (bso#11180). + s3-passdb: Fix 'force user' with winbind default domain; (bso#11185).- Prevent samba package updates from disabling samba kerberos printing.- Add sparse file support for samba; (fate#318424).- Purge printer name cache on spoolss SetPrinter change; (bso#11210); (bnc#901813).- Correctly retain errno from Btrfs snapshot ioctls; (bnc#923374).- Simplify libxslt build requirement and README.SUSE install. - Remove no longer required cleanup steps while populating the build root.- Remove deprecated base_rid example from idmap_rid manpage; (bso#11169); (bnc#913304).- Update to 4.2.0. + smbd: Stop using vfs_Chdir after SMB_VFS_DISCONNECT; (bso#1115). + pam_winbind: fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Make 'profiles' work again; (bso#9629). + s3:smb2_server: protect against integer wrap with "smb2 max credits = 65535"; (bso#9702). + Make validate_ldb of String(Generalized-Time) accept millisecond format ".000Z"; (bso#9810). + Use -R linker flag on Solaris, not -rpath; (bso#10112). + vfs: Add glusterfs manpage; (bso#10240). + Make 'smbclient' use cached creds; (bso#10279). + pdb: Fix build issues with shared modules; (bso#10355). + s4-dns: Add support for BIND 9.10; (bso#10620). + idmap: Return the correct id type to *id_to_sid methods; (bso#10720). + printing/cups: Pack requested-attributes with IPP_TAG_KEYWORD; (bso#10808). + Don't build vfs_snapper on FreeBSD; (bso#10834). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3: smb2cli: query info return length check was reversed; (bso#10848). + s3: lib, s3: modules: Fix compilation on Solaris; (bso#10849). + lib: uid_wrapper: Fix setgroups and syscall detection on a system without native uid_wrapper library; (bso#10851). + winbind3: Fix pwent variable substitution; (bso#10852). + Improve samba-regedit; (bso#10859). + registry: Don't leave dangling transactions; (bso#10860). + Fix build of socket_wrapper on systems without SO_PROTOCOL; (bso#10861). + build: Do not install 'texpect' binary anymore; (bso#10862). + Fix testparm to show hidden share defaults; (bso#10864). + libcli/smb: Fix smb2cli_validate_negotiate_info with min=PROTOCOL_NT1 max=PROTOCOL_SMB2_02; (bso#10866). + Integrate CTDB into top-level Samba build; (bso#10892). + samba-tool group add: Add option '--nis-domain' and '--gid'; (bso#10895). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + Fix smbclient loops doing a directory listing against Mac OS X 10 server with a non-wildcard path; (bso#10904). + Fix print job enumeration; (bso#10905); (bnc#898031). + samba-tool: Create NIS enabled users and unixHomeDirectory attribute; (bso#10909). + Add support for SMB2 leases; (bso#10911). + btrfs: Don't leak opened directory handle; (bso#10918). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: fix keytab array NULL termination; (bso#10933). + s3:passdb: fix logic in pdb_set_pw_history(); (bso#10940). + Cleanup add_string_to_array and usage; (bso#10942). + dbwrap_ctdb: Pass on mutex flags to tdb_open; (bso#10942). + Fix RootDSE search with extended dn control; (bso#10949). + Fix 'samba-tool dns serverinfo ' for IPv6; (bso#10952). + libcli/smb: only force signing of smb2 session setups when binding a new session; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + socket_wrapper: Add missing prototype check for eventfd; (bso#10965). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + vfs_streams_xattr: Check stream type; (bso#10971). + s3: smbd: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + vfs_fruit: Add support for AAPL; (bso#10983). + Fix spoolss IDL response marshalling when returning error without clearing info; (bso#10984). + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279). + Fix IPv6 support in CTDB; (bso#10996). + ctdb-daemon: Use correct tdb flags when enabling robust mutex support; (bso#11000). + vfs_streams_xattr: Add missing call to SMB_VFS_NEXT_CONNECT; (bso#11005). + s3-util: Fix authentication with long hostnames; (bso#11008). + ctdb-build: Fix build without xsltproc; (bso#11014). + packaging: Include CTDB man pages in the tarball; (bso#11014). + pdb_get_trusteddom_pw() fails with non valid UTF16 random passwords; (bso#11016). + Make Sharepoint search show user documents; (bso#11022). + nss_wrapper: check for nss.h; (bso#11026). + Enable mutexes in gencache_notrans.tdb; (bso#11032). + tdb_wrap: Make mutexes easier to use; (bso#11032). + lib/util: Avoid collision which alread defined consumer DEBUG macro; (bso#11033). + winbind: Retry after SESSION_EXPIRED error in ping-dc; (bso#11034). + s3-libads: Fix a possible segfault in kerberos_fetch_pac(); (bso#11037). + vfs_fruit: Fix base_fsp name conversion; (bso#11039). + vfs_fruit: mmap under FreeBSD needs PROT_READ; (bso#11040). + Fix authentication using Kerberos (not AD); (bso#11044). + net: Fix sam addgroupmem; (bso#11051). + vfs_snapper: Correctly handles multi-byte DBus strings; (bso#11055); (bnc#913238). + cli_connect_nb_send: Don't segfault on host == NULL; (bso#11058). + utils: Fix 'net time' segfault; (bso#11058). + libsmb: Provide authinfo domain for encrypted session referrals; (bso#11059). + s3-pam_smbpass: Fix memory leak in pam_sm_authenticate(); (bso#11066). + vfs_glusterfs: Add comments to the pipe(2) code; (bso#11069). + vfs/glusterfs: Change xattr key to match gluster key; (bso#11069). + vfs_glusterfs: Implement AIO support; (bso#11069). + s3-vfs: Fix developer build of vfs_ceph module; (bso#11070). + s3: netlogon: Ensure we don't call talloc_free on an uninitialized pointer; (bso#11077); CVE-2015-0240; (bnc#917376). + vfs: Add a brief vfs_ceph manpage; (bso#11088). + s3: smbclient: Allinfo leaves the file handle open; (bso#11094). + Fix Win8.1 Credentials Manager issue after KB2992611 on Samba domain; (bso#11097). + debug: Set close-on-exec for the main log file FD; (bso#11100). + s3: smbd: leases - losen paranoia check. Stat opens can grant leases; (bso#11102). + s3: smbd: SMB2 close. If a file has delete on close, store the return info before deleting; (bso#11104). + doc:man:vfs_glusterfs: improve the configuration section; (bso#11117). + snprintf: Try to support %j; (bso#11119). + ctdb-io: Do not use sys_write to write to client sockets; (bso#11124). + doc-xml: Add 'sharesec' reference to 'access based share enum'; (bso#11127).- Update to 4.2.0rc5. + Ensure we don't call talloc_free on an uninitialized pointer; CVE-2015-0240; (bso#11077); (bnc#917376).- Fix usage of freed memory on server exit; (bso#11218); (bnc#919309).- Fix tdb_store_flag_to_ntdb() gcc5 build failure.- Fix vfs_snapper DBus string handling; (bso#11055); (bnc#913238).- Update to 4.1.16. + dsdb-samldb: Check for extended access rights before we allow changes to userAccountControl; (bso#10993); CVE-2014-8143; (boo#914279).- Adjust baselibs.conf due to libpdb0 package rename to libsamba-passdb0.- Fix libsmbclient DFS referral handling. + Reuse connections derived from DFS referrals; (bso#10123); (fate#316512). + Set domain/workgroup based on authentication callback value; (bso#11059).- Update to 4.2.0rc4. - Add libsamba-debug, libsocket-blocking, libsamba-cluster-support, and libhttp to the libs package; (boo#913547). - Rename libpdb packages to libsamba-passdb. - Drop libsmbsharemodes packages.- Enable avahi support on post-12.2 systems.- Update to 4.1.15. + pam_winbind: Fix warn_pwd_expire implementation; (bso#9056). + nsswitch: Fix soname of linux nss_*.so.2 modules; (bso#9299). + Fix profiles tool; (bso#9629). + s3-lib: Do not require a password with --use-ccache; (bso#10279). + s4:dsdb/rootdse: Expand extended dn values with the AS_SYSTEM control; (bso#10949). + s4-rpc: dnsserver: Fix enumeration of IPv4 and IPv6 addresses; (bso#10952). + s3:smb2_server: Allow reauthentication without signing; (bso#10958). + s3-smbclient: Return success if we listed the shares; (bso#10960). + s3-smbstatus: Fix exit code of profile output; (bso#10961). + libcli: SMB2: Pure SMB2-only negprot fix to make us behave as a Windows client does; (bso#10966). + s3: smbd/modules: Fix *allocate* calls to follow POSIX error return convention; (bso#10982). + Fix 'domain join' by adding 'drsuapi.DsBindInfoFallBack' attribute 'supported_extensions'; (bso#11006). + idl:drsuapi: Manage all possible lengths of drsuapi_DsBindInfo; (bso#11006). + winbind: Retry LogonControl RPC in ping-dc after session expiration; (bso#11034).- yast2-samba-client should be able to specify osName and osVer on AD domain join; (bnc#873922).- Lookup FSRVP share snums at runtime rather than storing them persistently; (bnc#908627).- Specify soft dependency for network-online.target in Winbind systemd service file; (bnc#889175).- Fix spoolss error response marshalling; (bso#10984).- Update to 4.1.14. + pidl/wscript: Remove --with-perl-* options; revert buildtools/wafadmin/ Tools/perl.py back to upstream state; (bso#10472). + s4-dns: Add support for BIND 9.10; (bso#10620). + nmbd fails to accept "--piddir" option; (bso#10711). + nss_winbind: Add getgroupmembership for FreeBSD; (bso#10835). + S3: source3/smbd/process.c::srv_send_smb() returns true on the error path; (bso#10880). + vfs_glusterfs: Remove "integer fd" code and store the glfs pointers; (bso#10889). + s3-nmbd: Fix netbios name truncation; (bso#10896). + spoolss: Fix handling of bad EnumJobs levels; (bso#10898). + s3: libsmbclient-smb2. MacOSX 10 SMB2 server doesn't set STATUS_NO_MORE_FILES when handed a non-wildcard path; (bso#10904). + spoolss: Fix jobid in level 3 EnumJobs response; (bso#10905). + s3: nmbd: Ensure NetBIOS names are only 15 characters stored; (bso#10920). + s3:smbd: Fix file corruption using "write cache size != 0"; (bso#10921). + pdb_tdb: Fix a TALLOC/SAFE_FREE mixup; (bso#10932). + s3-keytab: Fix keytab array NULL termination; (bso#10933). + Cleanup add_string_to_array and usage; (bso#10942).- Remove and cleanup shares and registry state associated with externally deleted snaphots exposed as shadow copies; (bnc#876312).- Use the upstream tar ball, as signature verification is now able to handle compressed archives.- Fix leak when closing file descriptor returned from dirfd; (bso#10918).- Fix spoolss EnumJobs and GetJob responses; (bso#10905); (bnc#898031). + Fix handling of bad EnumJobs levels; (bso#10898).- Remove dependency on gpg-offline as signature checking is implemented in the source validator.- Update to 4.1.13. + s3-libnet: Add libnet_join_get_machine_spns(); (bso#9984). + s3-libnet: Make sure we do not overwrite precreated SPNs; (bso#9984). + s3-libads: Add all machine account principals to the keytab; (bso#9985). + s3: winbindd: Old NT Domain code sets struct winbind_domain->alt_name to be NULL. Ensure this is safe with modern AD-DCs; (bso#10717). + Fix unstrcpy; (bso#10735). + pthreadpool: Slightly serialize jobs; (bso#10779). + s3: smbd: streams - Ensure share mode validation ignores internal opens (op_mid == 0); (bso#10797). + s3: smbd:open_file: Open logic fix; Use a more natural check; (bso#10809). + vfs_media_harmony: Fix a crash bug; (bso#10813). + docs: Mention incompatibility between kernel oplocks and streams_xattr; (bso#10814). + nmbd: Send waiting status to systemd; (bso#10816). + libcli: Fix a segfault calling smbXcli_req_set_pending() on NULL; (bso#10817). + nsswitch: Skip groups we were not able to map; (bso#10824). + s3-winbindd: Use correct realm for trusted domains in idmap child; (bso#10826). + s3: nmbd: Ensure the main nmbd process doesn't create zombies; (bso#10830). + s3: lib: Signal handling - ensure smbrun and change password code save and restore existing SIGCHLD handlers; (bso#10831). + idmap_rfc2307: Fix a crash after connection problem to DC; (bso#10837). + s3-winbindd: Do not use domain SID from LookupSids for Sids2UnixIDs call; (bso#10838). + s3: smb2cli: Query info return length check was reversed; (bso#10848). + registry: Don't leave dangling transactions; (bso#10860).- Update to 4.2.0rc2./sbin/ldconfig/sbin/ldconfiglibdcerpc-binding0libdcerpc0libndr-krb5pac0libndr-nbt0libndr-standard0libndr0libndr1libndr2libnetapi0libsamba-credentials0libsamba-credentials1libsamba-errors0libsamba-hostconfig0libsamba-passdb0libsamba-util0libsamdb0libsmbclient0libsmbconf0libsmbldap0libsmbldap2libtevent-util0libwbclient0s390zp37 1752585133  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcdefghijklmnopqrstuv4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c-150600.3.18.24.19.8+git.430.a10fe64854c-150600.3.18.24.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854c4.19.8+git.430.a10fe64854clibdcerpc-binding.so.0libdcerpc-binding.so.0.0.1libdcerpc-server-core.so.0libdcerpc-server-core.so.0.0.1libdcerpc.so.0libdcerpc.so.0.0.1libndr-krb5pac.so.0libndr-krb5pac.so.0.0.1libndr-nbt.so.0libndr-nbt.so.0.0.1libndr-standard.so.0libndr-standard.so.0.0.1libndr.so.3libndr.so.3.0.1libnetapi.so.1libnetapi.so.1.0.0libsamba-credentials.so.1libsamba-credentials.so.1.0.0libsamba-errors.so.1libsamba-errors.so.1.0.0libsamba-hostconfig.so.0libsamba-hostconfig.so.0.0.1libsamba-passdb.so.0libsamba-passdb.so.0.28.0libsamba-util.so.0libsamba-util.so.0.0.1libsamdb.so.0libsamdb.so.0.0.1libsmbclient.so.0libsmbclient.so.0.7.0libsmbconf.so.0libsmbconf.so.0.0.1libsmbldap.so.2libsmbldap.so.2.1.0libtevent-util.so.0libtevent-util.so.0.0.1libwbclient.so.0libwbclient.so.0.16libCHARSET3-samba4.solibMESSAGING-SEND-samba4.solibMESSAGING-samba4.solibaddns-samba4.solibads-samba4.solibasn1util-samba4.solibauth-samba4.solibauthkrb5-samba4.solibcli-cldap-samba4.solibcli-ldap-common-samba4.solibcli-ldap-samba4.solibcli-nbt-samba4.solibcli-smb-common-samba4.solibcli-spoolss-samba4.solibcliauth-samba4.solibclidns-samba4.solibcluster-samba4.solibcmdline-contexts-samba4.solibcmdline-samba4.solibcommon-auth-samba4.solibdbwrap-samba4.solibdcerpc-pkt-auth-samba4.solibdcerpc-samba-samba4.solibdcerpc-samba4.solibevents-samba4.solibflag-mapping-samba4.solibgenrand-samba4.solibgensec-samba4.solibgpo-samba4.solibgse-samba4.solibhttp-samba4.solibinterfaces-samba4.solibiov-buf-samba4.solibkrb5samba-samba4.solibldbsamba-samba4.soliblibcli-lsa3-samba4.soliblibcli-netlogon3-samba4.soliblibsmb-samba4.solibmessages-dgm-samba4.solibmessages-util-samba4.solibmscat-samba4.solibmsghdr-samba4.solibmsrpc3-samba4.solibndr-samba-samba4.solibndr-samba4.solibnet-keytab-samba4.solibnetif-samba4.solibnpa-tstream-samba4.solibprinting-migrate-samba4.solibregistry-samba4.solibreplace-samba4.solibsamba-cluster-support-samba4.solibsamba-debug-samba4.solibsamba-modules-samba4.solibsamba-security-samba4.solibsamba-sockets-samba4.solibsamba3-util-samba4.solibsamdb-common-samba4.solibsecrets3-samba4.solibserver-id-db-samba4.solibserver-role-samba4.solibsmb-transport-samba4.solibsmbclient-raw-samba4.solibsmbd-base-samba4.solibsmbd-shim-samba4.solibsmbldaphelper-samba4.solibsocket-blocking-samba4.solibstable-sort-samba4.solibsys-rw-samba4.solibtalloc-report-printf-samba4.solibtdb-wrap-samba4.solibtime-basic-samba4.solibtrusts-util-samba4.solibutil-reg-samba4.solibutil-setid-samba4.solibutil-tdb-samba4.sopdbldapsam.sosmbpasswd.sotdbsam.so/usr/lib64//usr/lib64/samba//usr/lib64/samba/pdb/-fmessage-length=0 -grecord-gcc-switches -O2 -Wall -D_FORTIFY_SOURCE=2 -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables -fstack-clash-protection -gobs://build.suse.de/SUSE:Maintenance:39674/SUSE_SLE-15-SP6_Update/aeeab13b449b36a000127e6292fbe0fc-samba.SUSE_SLE-15-SP6_Updatedrpmxz5s390x-suse-linux  !"#$%&'()*+,-./0123456789:;<=>?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\]^_`abcELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e3460a0d41357b45e76958527f320a962f4ceb03, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=19c9768f864683d0e68bc4a67742e7b4978a9311, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=cc96c80a328306b5b6e079069b851d6fe027bb62, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=eb53a3be1b2f8d4810b249986d54e9467f108e5f, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2af8f0d75e3941fb6722e46f2b5092055b3bb716, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=674ed77aefc112a4d31b6d8f754038a62da64777, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a213837df46b5353e1cad074664b0a6a86406983, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=26817aba11f6db5e5666aa8c8c1e774c5e9b9088, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=df1af65d411e90bf6a103626156a706f7b6141e7, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=669381d0d53907eae52e07382419ff2e8d2e011d, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=05acbaa51980e5ee216aa1e0037a3b70ec85c658, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=0f10871586cfb0bdc71f06a70222ee85c766917e, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3a89ad5667e115f3524f2be5a30fa82e0b7727ac, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=9a5c0d85390e8c927fb9ca8cdf3d72d31504a8bf, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=78b1f448879b5510df753436641500323ea7e8cc, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3623aba69ba7011b542227698f5e62e4cb426fc1, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a03812a56a6eed01c50392d11b247b252987afcb, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=96323c60842848ea0143a7f901d0f2ec125aeb47, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=347083b073e5978b3cdda39f90fe52efcd9cae30, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c2007e4572c476d90e29d9ff93db2a9d24ced28a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=4d268b5a0195549a03d3bad0397ad2354d180d87, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d86b3c6567841686f6b23f41671e802cce0917c8, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=88001fa1058270ad8ffe1e7dd01c5c57fa6092b5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c4e21b91dce5d924b099e001f7e7eb002e32def0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f457d081669eb3d01a98994bc1cf54a8d4d9384c, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f93ed86b76a139a63ab12bfa4d99fc7e612204bf, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a23f2f20f66656ec9df63b8acbba2b72dc2463e3, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=84cc529c11b54931c3aa5efd6b940bc88a3ac9ac, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=b76109e6f8e46d8d930431617d5e4a608b2737a8, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3c5631ab4d941d159a65d191839207120c077ca7, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=4decfd1e714b4ad7d041293d7a28abd5caf42600, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=234afe33df1339e0660c5f43e9d98d1dfc1e6fe6, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=6ba5c83f0b382c04483a8bb77004e434486547c3, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2051db1afd6002510be190480a1417a87a49a6b8, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a9ad21c3176bd362d792482446e775db8a959e3b, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=afae5b06c19d96f9ac654838b9fa063b14b97782, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=284d65cd670cb595443b826c5d8446e64b781c24, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f0ed9672186c249d14a1778ca9822c0346055fc9, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=b9c62044f85453bfe851c8b5a2a979410fe333d5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=5b89efd650f5dab67488ada48b082cc8882b9c46, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=195bfaefedfecd148e17c160b463442ff847a9c8, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=22b765a2ecd631ddd0aa0783c2243b5fafae1dd4, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=8f9978bece2a51737513ba26547447a6dee61191, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e82d81ee9a225c84f5e274fc739051f69d991c9a, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d2dd510a71c74797aa8074876b41f60c66b33e60, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=9453bde6d537589b8988b1420348d6b2830a40b4, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=880f9b29b1c8045c34813563cf98decbebe30dea, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=59aa83f9e7f85937c6fe15c529e7521eb7de4e09, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=ec3ca97e34e9286cfa056de76962d5c15bae36d0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=bb9d627bff825384836a32a04eb68b48c9bcc0ef, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e5e63f4e45c1eaff1f755c1c2140f466f7b521d5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=0d6ece56dcadc0530b97570eefb13980675347f3, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=08ed17084e240dcc20a8ede1230cf24693382d83, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=43d38be0d15ed7c421699a80659f30ae071775a8, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a4ca6f1bd58e5e165d75db965aec84f705bca457, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3823b36bcdc4c5e79429ce2ff388f9931ec959a6, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e61e54a2bd01a2f6bb98f3afa7854e69fb845d3b, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d74d5e93e98fee6614d57da6c14fc9307c2ec952, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=14d126565c62af0a6637266f874be40a7e395298, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c9c204d6835afe60f13d303c3028d5be8fde5d3f, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d559bd9af891312d699a42554eabe0a6523bb23b, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2e20605b6dcd26e75cabd2e1a1cdd3b48c371862, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=c81a6437c454c56ce629632cd03e1e3b9f4d3733, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=3119da6d8f2d092ff523df28b589ae6e58f647e3, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=8ee24e6d4c49793646ac6b89439414331e046853, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=ec211a3ba53551d621329a48a35a65dd8ebea89b, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=805e99670640cc5f4e028306caf8b4fa73c2cdbb, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=fd264e1b5129624cb817dce48b854b6eb2c36928, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=cc6fa4abcfd3e2823022308291a7d35c6ac0d729, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=93c486a584aa67173f97736461e5dcd4ba6b138c, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a5be4a5c1dd61d3e03a479f306760676e6b0dfbe, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=80142338286fc9243712f574949a25bd2662c6a4, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2522e6d1528cf0001d12a455baeb25d4fac8cfb0, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=a824025b8415b06086a545c5fe3dca5b0471df17, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=bc30ebdf98b875fb3c0d3c1703717d3e4ef3c254, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f2618f3373a8a5191df907daef3131f223fe9804, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2bfefb74feb09ad948bd2ccd69ecd333b7fa7755, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=94150a7fa86f1652dfeb3fd9d4ac04825c8eface, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=d43dfb75270e8e79dc9c6b54c83236aa7cb82983, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=5c001f181e1c576a28b3c50c9e597d2d645c44fb, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=8690ec519e7d1efe2d4eea7b1ffd5eaa6c82f3e5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=79f1e425acb7b7a4e577f8700b81cb346375b253, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=2d37a2a1086b6567001339c53ca9ccbe6f69f328, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=44184e4c87224fc804e281760e75daf25472cf69, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=9e137fe8ff2e7cd45d8a36414f4b24428289cb5f, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=247f2233966df67d2182bc13c66961cf2bd328b9, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=18028a0de1946e3ec5eaf27432c0bd7396940245, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=585d9bb5a53b43d87ac530c7b1132e449bbda56b, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=cdcf8f7968e84688bb8953aff8dbadea20cdc062, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e68744409e65225cd886b5f905d205d4c2ba66b5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=f2b5045bc5ffa447b8ab3f9bfda027451485dd5d, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=8ff956d4b08cbfe467df3420f9e19b055830ffcf, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=0bb8e10f6cf0c6e737b4733e4bdf2f8571474606, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=5bce097b8812b938534fc7c23403ad0d0e47a023, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=e4ffbe6b3ae61ab1347909ad06e1a411a5330c68, strippeddirectoryELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=885e7d9b745c737d4471eb1533b499ce906c0df7, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=ad19baba272da416b1233f77e9da4734321a33f5, strippedELF 64-bit MSB shared object, IBM S/390, version 1 (SYSV), dynamically linked, BuildID[sha1]=18af7c731336ca642674353e5e7cbeb1b6a981d6, stripped"JIy:/<Ox/X} +Ogt| W~3Fg%Abz . F d z +   " + O j"(B7C0 G%2Lc )?I)%2+ $  ;'= 0!:!G!"(3*.  $P+P*RMRRRRRRRRR'R&R*RRRRRRRRRRRRRRRRRLRRRP4P3RMRRRRRRRERRR%R'RRORRCRRRRRRRRDRBRRRRNRRRLRRRRRRP6P5RRRER8RRRRRRR4R,RRRR&R*R'RRRRMRRRRRRRGR0RORZRRRRCRRDRBRRRRR3RRRR7RRRRYRNRFRR+RRRRLR/RRRP_P^RRRR'RRRRRRRRRRRRRRRRRRR RPbPaRR R'RRRRRRRRRRRRRPiPhRRR'RRRRRRRRRRRRRRRRRRPlPmPmPnPnPoPoPpPpPqPqPrPrPsPsPtPtPuPuPvPvPwPwPxPxPyPyPzPzP{P{P|P|P}P}P~P~PPkRMRRR*R'RRRRRRRRRLRRPPRR4RKRRQRSRRR8RRyRRVRRRRwR&R'RRRRRuRMRRRRRRRRRRGRRvRRRRRRRRFRRRR7RtRRJRRxRRRURRRLRR3RRPRPPRRQR RRRRMRRRsRRdR8RXRhRRARRR&R'R"RRbRRRrR@RRRRcRRRRR7RRLRaR=RRWRPRgRPPRRR'RRRRPPRRRMRRRR'R&R RRRQRRRRRRRRLRRRPRPPPPPPPPPPPPPPPPPRRRRR8RRRR RRRRR*R&R'RRR R RRMRRARRRRRRR RRRR7RRRR@RRRRRRRRLRRRRRRRPPRRRMRRRRRRRRR$R'R&R R*R!RR%R"R#RRRQRLRRRRRRPRRRRPPRRXRRMRR7RtRRRRRRRRRRRNRRR RRRURRRLRRRRRRRPPRMRR`RRR?RRdRR'RRRRRRRXRRbRQRR>RRcRRRRRRRLRaR_R=RRRWRPRPPRhRRRRRRRRRRRRRRR.R'RRRRRRRRRRRRR-RRgRRRPPRRR'RRRhRRRRRRRRRRRRRRRgRPPRhRRRRRRRRRRRR'R&R%RR2RRORR.RRRRR RRR RR1RRNRR-RRRRRRRRRRRRgRPPRRRRRRRRRRR&R'RRRRRRRRRRRPPRRRORR^RMRRRRRRQR'R"RRRRRRRRRRRRRRRRNRR]RRRRLRRRRRPRPPRRRORRRRRRR'RR&RRRRGRRNRFRRRRRRRRRRRPPRRRRRMRRQR RR&R'RRRRARRRRRRR@RRRRRRRRLRRRPRPPRRRMRRRRRRR'RRRRRRRRRLRRRP!P RARRR'RRRRR@RRP#P"RRRRRRP%P$RMRRRRR%R'RRRRRRRRRRRRLRRRP'P&RRRRRR'RRRRRRRRRRRRRRRRRP)P(RMRRRRRRRR RR$R'RRRRRRRRRRRRLRRRRRP.P-R'RRRCRRORRNRBRRRRP0P/RR'RRRRRRRCRRRRBRRRRRRP2P1RRR'RRRRRRCRRRBRRRRP9P8RRRRRRP;P:RRRRP=PRRdR?RRRRR RRRRRRXR"R'RRR8RRRMRRRQRRRRRRRRRRRRRRR RRRR7RR>RcRRRLR=RRRWRPR RPAP@RRRRRRRVRyRR$R&R'RRRRRRRRRRRRRRRRRRRxRRURRRRPCPBRR RRRRRMRRRRRRRdROR'R&R*R"RRXRRR2RR,RRRRbRRRRRRcR RRRRNRR+RRRRRRRRLR1RfRaR=RRRWRPEPDRR:RRRRRRRR'R&RRRRRORNR9RRRRRRRRRRPGPFRRR&R R'RRRRRRPIPHRRRRPKPJRMRR'R"RRRRR`RbRXRRRLRRRWRaR_R=RPMPLRMRRRRRRRR*R'R&R RR"RRRRRRmRlRoRqRiRnRhRRRRRRRRRRRRRLRRRRRRgRPOPNRRRR'RRRRRGRRFRRRRRRPQPPRR4RRRRMRR'RRR8RRRRRRRRRR7RRRRRRRLR3RRPSPRRdRQRRRRRRRR8RRRR&R'RRRMRVRRRORRRRRRRR4RRRRURcRR3RRRNRR7RRRRRRRLRRR=RRRPRPUPTRMRRRRRR^RRRRRRR%R#R&R"R'RR!RRLR~RRRR]RRRRPWPVRRRRPYPXRR'RR$RRQRRRRRRRPRP[PZR^RR]RP]P\R RVRRRRRRRR4RRRRyRR&R'RRRRR8RRORRMRRRRRRAR?RCRRRGRRRBRxR@RRRURRRRR7RRRRRNRFRRRR3RRRLRRR>RRRPePdRR'R&RR*RRRRRRRRRRRRRRRRRRRRRPgPfRRRRR'RRRRRRRRRRRRRRRRRRRRRRRRRRPPRRMRR'RRRVRdRRRbRcRRRURRLRRRaR=RPPRRR&R'RRRRR\R[RRRRRRPPRMRRRRR'RRRRRRRRRRRRRRRRRLRRRPPRRRRRRR'R RRRR6RRGRRRR5RRFRRRRRRRRRRRRPPRIRRRRRRsRRRRMR*R'R&RR RGRRRhRRRrRRHRFRRRRRRLRRRRgRRPPR&R'RRPPRRRRRRR&R'RRRRRRRRRRRPPRRRRRR R*R$R%R'R&RRRRRRPPRRRRR'RR%RRRRRPPRMRRR R&R'RRRRRRRRRRRRRRLRRPPRMRR^RR\RRRRRRRR R&R'RRRR[RRRR]RRLRRRPPRMRRRRR R%R'R&RRRRRRRLRRRRPPRMRRRRRRRR.RRR&R'R RRjRkRpRiRhRRRKRRRRRRRRJRRRR-RRRRRRRRRLRRRgRRPPRRRR RMRRRRdRR&R'R*RRRbRRRRARRR@RRRcRRRRRRRRRLRRRaR=RPPRRR RR'RRRRRRRRPPRRRRPPR^RRRRRRR'RRRR]RRRPPRRMRRRR8RQRRRORR&R'RRRRRRRRR4RRRRRRRRRR3RRRNRRR7RRLRRPRRPPRRyR RRR8RuRR?R^R{RdRRVR}RRRRR6RRTRQRRORRRRRRRRRMRRRRRRRRRRRRRRR RR4RRRRRGRRRRRRRRARRR*R"RR)R R'R%R&RRR|R5RxRR@RRRRcRRzRRRRRRRRR]RRRRRRNRFRRUR3R7RRRRLRRRRRRRR>RtRR R=RRRPRRRPPRRPPRRRRR'RR*RRRRRRRRRRRRRRRRfRPPRRPPRRRRPPR^R'RR]RPPRR'RR$RRPPRRRR*R'RRRRRRRPPR'RRPPRMRR'RRRRRR RRRCRRRRRRRRRBRRRRLRRPPRR'RRRRRPPRRPPRR'RRRRRRMRRRR8RR&R'R*RRRRRRRRRRRRRR7RRRRRRRLRRRRfReRRMRRRRRRRRR&R'R R$R"RRRRRRRLRRRRRRRMRRRR&R'R*RRR RRRRRRRARR@RRRRRRRLRRRRR"Lrqг@%Dutf-808241b42afb2c1fe718259711b373e9e84bac1b60fe4dcbe1059e65633554a01?7zXZ !t/d]"k%~2_e#Ȅj((KytG1 @6InIv}&<0j_[x?la6!7WrYPN<nUG/+S4\3F-qL0B& |j$ҤyҔj^jom;`b+l)YIPȴ5kʱ;-9Ίwזkߊ `\k&asL[RrsbsB CK4|ԫoIL{hPm6s%% xr=6%BO<vS+Duoa@&0$j?h??σb#' f4?󑵙!;@h 9}RP 2LkZ{0ERxp86^ H¼1*Y(rU"YA'#k&ȝ%T&Q!1 L}uxF@`c"O~ag3/uLFk p)OKF{Q)n ʨa&&Ж<[a88 Tn;&zθ:DzCi_[8 ؿ(|UyZeq=Y\=>Ўv +{ Z!`9g~4|;,Rf GOQ[qb|)7j@Vq=?:Sk gsxgl5ȁۢyh8'"KEl8PGeѾ&4yأ 9ńdiխdGmD qꦪY&*z.i߂2 n6&L13GxH6/Eܮ٣ M'FQτ`Ikbn1b-pj`Ԫ 9V$G@%mm)j@}mPVp1^ mΦd!SQCΦ.9SP,CZs2V$ygb`-1{>>9m]װ03PZDJ?Q*j&ga:R:?vܫaT"I-Z&<]'ִbچ m$RI"Ipx_. uW a/OGm v4G, i3Ve{0~4ޏ7K'tς.-Q[+~:OMwi&~AY,aogvKy´hUf|ã4WHahWMyBÓFCM[pC/=ktE O `yZ|H[zZ@f$70̃Fk㻥4qW3y\fJo%\M\#9=%訷[CF*w{p" &.uU.`%ΣDޫ1-9S!6իc nl]NtbCd @5| A.4Pʻȟ9+P{G!;wz%xYyxw\+0Γ].zd0 en!N,.E6 rSU20Ӈǜ-G]ozI_y 0ܒ^,!jN"||z`!qš]p#ug Fwq)b-ѻѽqEiRSt^o)μ/wC#aSyML<9\۴iH0jRYPN 7C~z\VQ вuYߖ -AJxKj.ETc|O4@/(zӸefp2\)÷]N*^ B(: 9O/&5Cژ8}kaPf ⶀ2~cHGUAX$PY=Z!"׎gb^ menakI=H'b$w$BZrS_LuY)SׄIޔ: x8B%C7z 0 ceV39ogtBl] lrڝ/l"߅hȅ,F}JSS5yO|yt{W ޏR B\A^OkؑZA@ ޣbV]|Py{ هEi0sCwm_Pv?QΫ &Sh٧]2e#^ @Lg9X-)Z mG?d<7djF9*.,>MULdo44'njgakGQ Zf tTC8_&?w Eg z vd0riK|Wڰj-# ELnj"^xQ/d`L7*Ո ԣ#D6ǥmӈӠ0 ?Rfi{cNw;(']N5Ě݂4âk~iQ{'ޱcLIe5څRֵ]>9 z.B+\`sp)Qrm^ٵۑdov4RAbO'[ Qs(.{vC:E PzV6xX i;If6"=DZDZHr 4 eDfS:` W_i{ sTPM,F.͚7m+sИǐ^d]V. a&:E;% 7棒Y1bd5qxL:4LU GXǗ Rz^hG豁Г`K[A`Ǡl \JD/ČG9ET RFwV|ꊰkv:3]*>$QQn&BJn[cC~'l'/8os"~Р0diuohhr%VTUZ4Z|N'[j/i +FVNIw=Rei㢹dUwzL /# ֽdiJ $ MI٠D XCZyi\.[>i !K(OI<3YHs/{XI{m6_ H S[yn&Fss24 Z }[[&pC8a $,OrO][7JHl|c/j{I.U}/~Yq 5)GkLT75?k!Ͼ4=1tMyLکͨֈ(tE>18҃1qOTUR"W-##:Tn֧;lAq.`0:T:N>^YiҠ1D4a+97vL;2Rw jJ"mv "YJAP{a$ Nk(y;7`(|6Z\K A ]~7Nj뷵sDeLӕN7,SV0y'DC]zSOdC{\&/\0@0C4կʙKGsw^yH,>sæ4{6FEUL+x3֓)u ʿEҰۦqO$ڐ)*\1ܵ\.xե b; ^[ҵ/CbTpoz:X+@gjEAƽ%wiWF9G)S#Ϡ}d g'} l*}x6{NY-uUAd^Q=5?u=dTïN.KEc 抲$ {!v@/u|Ո4 #%jAT4Zs4*>arRnZ]?aMp:( Մ`+$PL1*H]v5c}4!eWf+\5R6@"3Y2luf!He0I˅yP@eƶנœ3*HU Z之tLmCyR15'q䕼lu^'1 8ѲJYöh!_P%Qh!{93Ve?&Sܕo)'7 [Rdo#*jaԓ:=k-%:xP*"|S(Ow;cɑbP*oʜnuc_aEw[יU`{GBA\EFN~[d^y#?=g:y|'baCX,̔k cKCZ)Nl4o f#J豴r8PX;G/ HRDS*eh}0#Bzf0v*btĕkiHXR/Eځ !$F6߆w$dhfI/Kz"k F*v۲d~|Zv|.mqPÕ߅PLq. ͦ?+^5_*-H%E^e'^ wLT !ՏJ 07RY.E\̐4z]r礎k+cN_^dzF 2]n%;wѨ4dzy:* 5 ^buQxy +KU-{E f&!y t2e"J?Z::,l'+l2n11ld@;Oi'W$zCv|P$WN4=`ʃȪiÁ.:QU'W#F%j^z&U.>$5R`|.Sؠ}  ?pUP6 ~e\<ԪӏK23cGJKccp ^$O#= Z\\P 찯 9*3\DrF;RK/M 6qɴ e#dtp=Ah mͽv([*pZ dPVc1O(]ߍ~cvxEуeC=!s>uyм 82o[l﫤;Jzf>ѫ2H\ 10sʀ.A`)t`^ъ6S2IsC5{k Oɣx"yP 0 Т}CE!b#IU2+18Z5ğ˴=&\%G#RDh226'tpmjlzѱ=b_ߞ j *Tg)&7Uf0f~_&N˙='pXuxmbfD-NR]}4')c$u+xFaLi |CHNG4>\ Z܃E'a:w@٥=&~Pg9E;0b [Q[7gX";Q|&-Wisp S߽yv bGPq<:Xhä-VZ=ڥ^ 4Էh {YU5}t"B'FJO]I*V~u"Qez+>n%_ՌTӚd&Ƥ'TܫC%X73@=2:RٔIL axO pcmoAY,aEtC{]oܬ *6GMQhmr&hGMcWE ߄U dсA2)乃^sΓ#'XM3ifD fqa픆&Ui+$@%NsZ<$GKA1jY| F}e0g+fv\`͋k":K*U쀯ޔQLB49@%{?eU}@"l]%+51|q3{!͡ %(hr`:ԋ*N+4R 5;fAÈO]pK`wnuFz#<#g$n@S6 6Ⱥ}/ վS≔9blDbk;4-LF' ڵlq/3CFIX/['1D:'A^~5`έSDz#e+#S%@wa FIIMeCLYifho'_(uN[ zBG?ǀ{ϼ2/fit/BμkaO%wERj'ǽ -IzoF.x:,)wя?/T͑pn-ل®m&;MD/Y A{-QdB_Tv(a lUޚhzN_.FU4؉IBp#9RzG6չDz0Ltu|5DCPc30? |_:1Q}WX-|'>gÄgUF\Xyx0vT ;RcEɑ9࠹PIܴgUekG4S@ߝT(KM'3-W-ڮ4}!.FiۆYK"d?ZZNj8~{'l|?@X7J-_jw =1(:2Ӛ>cp0Twu}~QN .˶~߮֊J`GnL]o#JC01\7c+8r*(U媢z+Iegb_GiχoOTZŅDD+CjҌ@Qs8$ﯗ#!W9c"&_|mJk-{#~ď^TFm97Cy䯓T9?Q5|#*6ii$J>)w>vMmthM$4o]c-@#6fOqY`D٦aNĽNgS1sp݌!$ASbY#a _c@ K\YN [{u b :U>߷glF7t!;{2ٖdQ>Y^|(2#.LM4 ɖ4TcHmz2Blۉ*@g!PnDyk@cHl0}Pd%̌Ҧ|vI=>%BWNo;pJ!*H!t4J]1 pRzA|qTG58>Mքba`RSX)Vو'5 ꓍%|,~݃)f-=pB)K X!r*VJ!Ŋ?zF®+|B{>3X} ofX#k x(?ͬi%SgCYtv\P {zgCՍQCpS| 9ANT2=WeoQ`_$Bv~{yM ;ہ`|KpڃQ+zǏ;g4#EC`a׊U@RACMq`tPSgj_kT5l7l T+'Ŕ[{DM5e{F44mN\\]g=;Jz LdP!3@v~:VJ@z( 6W}_C%XyNc])A 50wmh9X>ţg֕^^)Uk(Ffܻ^Zb-=̥S'Q= {5/)Ji,C,4h)m8ЩMcX,JF ][d;mONPQgܕ%&7PWm ú0;j5BLR-)^ξa7Sc/mD^L?:;lG@Ę-LFȃ^6ՓyU3O.aU6Weͺ.Fܷ6@~$aw+O{x3.^38A6=qo_u QjmP|Zyvz/l}\,[8&̝E^K !h7Sڨ)6^,O{v Z{ y՝6ҡzdN$TD'G̩0Ps}zJ#,m/ :]@Zz8C|Wz$RM)${k:j!-U6|!ړXi!ݷ뿇c (V%-A{B-+K[NG kAss)wɋ-g 3<]܊9%kX2 MyRH14c*8[Yb4Gė`^u'ʲPpe^)aaD2 \{HlbU?# PAySn1:ev!8`)=T \&?8 8Ry6gaд4EH-WV0ϗם{(8)eѷa>zlוq뗾SoRF%}eQ 3wߚmH|r^N1`jstl9o9WQUlHzEN"s.[yYdY  eސT܊_OzkͨOM8Aޙ5' 6Xe/GB$%0MF$ )&"^¨3)R,։ì[;͊G/5)^{E3-?9 |fGf`@v# JVbW`\B3]9#X8q5?4;`fFR[Ff^š4]Ċ)ވv\s0[2z.ؓ|g"Hn㯥@/H5z?Y2l8RɑK0ld;՝,w'ڀg 4 3Xg.Zsr61)N} SV=6-6+{qV!"5ϼ+LSX4 -Yք=&u=ц7wi+Y= -,C'ňα,4lK?\xW;9] a+@MȧKN`I^aT3g4#CuB3 T`6Y}&l}T|h<_?/,q+AyV'䋅IvgrpL2^P9JlxeI2*TV)9(J2uBp 3 );Iicfk.&Z}="j悬&-OBs00)E[/}Gf>s?wE2{YvT MLH%EOBbkńƊ LgL=S/-"KɗȈ+J&I+lJ+^ك: 妁kn&tdkYsfJxΒt.fKȏi_ (  '4C*!;h6o֧*~Ż`m6h3jխ]chmz $6ēhm™1Y@㜘r!B%a9Rɚ7niv)$Y!"ft ?QQ Įq*BѲ̱IemjSH9*a0N+^j| 5tǦF` ݴES6Q܄ẏEqcr/0>oYqZE< mFN.A׫M\ qjx6<S)T<$e#A׼v~j9g4|3yPB*OEmt XHXF2^J%<.sԜcl4]f5jbdȪd8* ccjGCކ#t;lu7}V(g ;={OZ@{KE}Vɓ*QTSubة=?PPE-ߡ5/Mվ.&lpKN߼ThWw-#Tba,=|/H0MIH,$W7~$O~^=3 H(9U,)_8 OdXia")eTC6e4+&tn nN" wXޏMܜ-((^"~!5&E]̽O&+ToJv)$jy)_ˡLL@d.]ǃ 9\5VBʵ /Ue$X\TW_>\sbb'.FIŐrXM~:6,pr7)qSy4 11C`g&%/p-,  [Ew횞h$T~ƞܵM85ZN.AHz;`؀1G-fp` o*T6w춯j2ՓLwFbɉ@J +ayNOӋNK , KAG7$W38,ڢǮ雙, \8Z^|;V/9mB)go` xfJԓpZRD_@@~5r|qSc"x}aqN+>tqGg,ppJlo[8zWHэHyN(OPN FbƖav-! \F$7uƜaj.u:nt$No([Ii"W6Nxשi[|䳅O1W5MGmd:{әHReSj`X_[dņk#Xݞ@W6]>wj. $|Ծ ;C'8V^аTy2S=9%;J|0* I魛 s#ueXOUăZt҂IS -pSz)^ !]`&wWJD54>.`;F L4֡}O4H((~css1JdoJ|)qd#2PB{_,^tjݓfɟN`e` 9 !㠒êv ciU.HLq1AL2!-f=XuUUPUEНf12;Ð~̈Fpsda(?T@9Ѿ[#o0h~? bP,}McRG'v̵64ҩ>(+QWA[*1)#tnZ/|;[]Ϗ̙Y*NUCyk8uZ>{2r]<1lDp4oVI-453\a 팢]# nnSh]:Q"A{wa"Qrt_t"M0#kaN6&j~Ottj:P, LEE~kOO/P?^'ڎɹs9*Ng}Eɵ D*eF>0QrVm+%f<6O+-fUc,YGۃd L@VE6PwwdcI#.ˠSDHJkȳRZ"y8ׂts,$7poϋ,{/)u5|r*-2\X-$ M> bW*n"wARդԉ L.g !8,HX^՟đ&k>\XBI}zn-y {Vb@}x|djTRD<́뎂Neګ{1_ne9>l>ױ_1:n_yB!?kU&>rB]oBbh`Rj##ɤq ل᛫4 V f1Тor8sZc3(Ta)Fa9H]cV Ԩtz貄٬c}bnݕQ" oE$|`G\rT V*[Tnhr[`)%t vMHH,ݗUHNWJ%I!aH &jAM~$D -pg F?.U dʟuWpu/劫]M)zN.Y,4(f^.mCE!| re6eJ0ʫ(pvt<Mъ թsQ+sú  ܌Rֳ+xJ+Ì#mӥB!f]L+S̢/Y<'u\JNu"G!A 4;IH]'#=d 'w 1C#"o#Cň0m[f87"!^Ai(Xq0y'`-&gYj"-,w9oRQ+r( 4y=9o312iJE>[:HJ9han?W7F6NHO*q~Q~CKuI*'clDϽʱTk(C~xpMKGLלy zNUҫvZU<|]&X!,pэ*7At5y-V0dl\_+x-68ͱptH/AhUX?y%(@d8' &Z2괁_3v obcr|?mFEEY6%@8j`c #CgʔY!/ )\Gr>r4Yr'BV^Ӌo=C\'8Cq,SټܱHPꇋm&@vyAC}!+aVg3$/4&'x= ő|` |AZ43=Յ<'\F}`g3 ]/jёjluz#\@= G$щ]s4mXOJHT$P56^ {R,ZᐽW<`X'j'%b CNB9{׹7Lbن ,6VL@ 7ҳ4!ꏐ7mʩq4WA$Ar (3w/l"j{ҋ&vv4Y Cו?\[P9ߣG Ow;w?8χ *k@LK3d6-j}U% wWyKxbh{e  n] TVCℱ7$iuF474z]3kG۸g .F"M$hyWX!c3nD(psK+4f,,sv~mB{ wm6fͽAiDRyUVG)t7AWȡchVWl'Yq~nANTTF76khY:flΪ^%|8NkC#iyrP3o1 /rmyԵLɲ, u>"44 0e^1,]k; Ƅ26y1y0o\σb)C$_SK8rk1a `!s+'}TfD۟*bE)k+P&P AWa.3v$oX L]I zz2Jaw|iqYQez k'fA$d XI8#ug&'w%,L KoJ+T_fPG_r5D0pmH緑#nH0u)SI(E) Txhlⶌ%ri~>/J@~W9^s,~w3HuQ|Q3Ĺ#kQ^Y%c{'t CYxj>j,5"sKO.TٴHG_& XVom9jҕ!#>6"|7VIjG 4ӴY\4ڦY_TqL'zidA;Cd[]V5vgĭX@}kBg}YKw/R|Sl ӿLknB4oCSa c;PM݂|%g]g0TF`%ϯ`l/\xi&z@W'F6߰T%Tk Vnhv+1|FLE @0S\Up9VL}g#R1:_qT&!iwZ˕^S / dmHv)^\B{]V11ʍ? D)A)WzHC:*^!T)1"aan5 Fy3~$yE.r"0*3b ܁[ gLYv@V[2qtsg26*gp$./tLQMuY&WIx2hR4EkU$N)\J=QUڻM%vqoMW[~ߔ~or9>2XUpe1EwkFbpҬ,4ĴGGf{+: }3>\;)2ZLTM i]'G"Mď:P1Ħ+m"j&h0ZEb>⢛hm;֐ I=66Ae02CKhMuxuj"DˑIzx$gQxdxqRÅ LUR͔xuK vtgҁCbcl =mlڙkk5eOZ#\@3+ 4Beֿw|9Cz.)o҃Rb]lbe+EI|e׏NpB'j7#wA|_5d}̥;iolFP}]( g͒bl+.c]Q)?y?ȁcVj?C?#b3p}'[Mz^f-PS|qj pH4芳/‘) }9~fj's(l۽맩7-z| Myj.|7woØZpj|`BEc C+tqx2;TKI]!y ްNSFxYšDߴdv^甬(#ସGK,t(hǏ^ez'kxlRuO?åA}ꀢv$gV>Γ'"N? Qp\gI`^1>9bb{<7ܕT^t~}|9EGJuT 9# |70MV[( 8N/jix!蝲ߴP\R*'㳃\?do€<͈iQ~1 ?6 |-"Ä\:u˿9]s[Pkc+ZG3^*W.t5jwfu.kb,*6QZpSv .tK~C !I όe"X„`e2O:j!g.h>}aa*1I,,tN2y]7ic YHr "aZh+cf +^$kdlRM7o^mFvA-ꂣZ4zҚi$c"2EP{ɼd#̎\ˮ*M)U5J+hn ΍h!\F¬*dzX EXmˢ4X6P௻}+=.LZ*R@|bEHFI̙" Qt1vit<ƵH䜂(I(9"U5P)osש4](o$znV)ȶVP*Dpێ4v^\?Dqj35Р"f@92VqP1ŀO/iZy6,- xyt~n]jVgiɘJsF82ܿW1'Z/.R\ ᕯצ"4&">CqOmS(-i+mW`ޘfodWΆ F0B8'b`7}q#&ľ& "N|Z<XȤ9^2R/fEG2S7r}9٢!S%\ʛ{zkb=ڛ]8TOGFt"+5c ڞ(ٹ9s _G' *\mB P|pJPPh7nؖJ$=B} EBQCq|+=;TM'Ll(FRS`q2hǀ LcqHrff8; kZb?e$v@C'WkEU1"V${ٹ֬l}K,Ȥ"PXxerC"SH2cܻI-x%8op66k00'J%.ie㠼d%Nk_ 36\J@K;+@*[ 6N|ӈMIǘmC;7)#s]$Oʐ-x7A@AQV" Gn(Χbl̷ySָvb eM ѱ I5BQiN"dgؖ";D|؋htc i]^b<4=IN̫~SBCANJ%;J&E4| %rKasD~Th&dY,vX6;0o޺*{ Pyk-ϏF^cI :;_E|[Oꊾ 1&b8  i wdkƫK ح ܣ:/1hdL;cUdWY=>h90?kAPt'~F8D~01# &513B| jeGmy(_\c1=b]S/q5/n]5ebU]9# ,7+|Qd˵@aSe;a>qЀA8n(Lr{>'6XGF)eQ^|(͵$@[M\IFtXzd mP}q9]k.K"߄!^krmg߇ Z,[C.ˍꗯr#YK"l8XWafhMsznԈļNOgqSw&њ3o a0$rNn6Qwė>u)HG/K9*΄=P&ȐD95:rjep^4M. F5o<{cna~ˈ&!#$.hK]V|g1XcHUScsI[ٍ$C$Kl=4,6}#T 13Rqs;_Aq7Og/34?URkoφU:yT#d`GE"K1Mi3]K88#uPKS CPߩCK4:ft'7 Z)Yd $穢3轆+*XJcxgl\ \270G0oQw? %Ĉ7N_?QKrƋ7:T;qT'M({s' eWuAjZg7XcuPN&r:26 礻|,C'd2z6C‹ nþc?,O۸i+W[V3=.V!4G0idï;a*x5o82׽ ԣ%Si_h3w~NG.[Q܃=D:A!]^ӗޞvh>ѕx.uPqW>8|ym@PI"Bܪ:`,pАث&|p}=8)֏^3e|S.U2 Zm\zlڪ(.Jx7?z=- a)ct`Lm o}43V<48ȱKkzgXK^d|]rɸݢ)wdޏu&$-ztPm$X {\$̨VByQg1쬟+OPEpr_(_{rA0EoP:л?`hr $0+ nulYx̘=cا  }̘-U:&&zb/h_+n*G?,K)ۈJ_2hzf,oթ8\ECHʊ9f<*Qs2㏸jI0ە {)ܲtqHyT'T9BRM_C&RjFtKjG_'B{ۛ RsA0  àvٍ:Mò+4(]?↺j|_4/ Na%aPݜX 0-p4P\}r\;:߾x89Pyln%<]z'yԏ-TFAB !F)N?.nvaC 6`f@&3/.(7Mj~d0k-ψE/|B;n8Q^3PHtq.jL+ SG1> 2`NkMDN~w ذ9 ?(Jܿ0+1ChۊЮJSAF*?ax%_ǍS/Mq׆ ;ax5ȥ7阗BTzo<ӉԡkX+$bo&Wv3B@V޾2O"*W7f\I;@ b9OKlJD:[9MF}{?t,vOL>+i9[C:n%r ? nԯgch$Q@b+xNiݎ𷑨qDk'su#naG:ĉ,orE*_v5(2CuUBKMy'hɠ漘]Q9r*pwzDa% (+19{B#"9IVqrԌ~+p1]m0W axt/r1yaq~߷l~ 8!դ;/^rwd[Fi^1J[+o9'~L!FG)I䇙.,}͆Zb~aVȞK >~:Zϴ' "=9nH~KEg m836Ń "͆t3RgD {llRb9yw`G= ,A&}42hUtm{NLȎ L8E4 ɛۚʡ=޺U14W7i#P v virK6&c[[nOAkf:eTO@;6 q .mWtWD_O-y$OVꋩȯ%/0-' s{36zm)L!)tTE茁jWFRtBh4L}b+ZFC"Z͊@UzRcGSloIWAvpiA؟*lď0ZF OdzjI^#Tm\L7y _29ձ.hc FrK*9˯bY#2f'nwE]N#\<,6ݏ]r Rz]wdp^7۲2uŧ.bJ܊6w h)?@]ɨ ri0IJL`82:u1RoIsZxbIۻD$kDX[qxfkvHu/biXn2do?=굆…6d3Tkx.6z4lxDz6!j J,n 0\W" eKTnHszqq"&kZŠE19e_36JcO44)wqA߁8wyB -Isg'i:ƬȐ}͗A匞 Y}@9ÏNkP 0@l-^]ʲ}堋3xw+X#xJrBd=-u؜n1iY$F~m EA$*cG s9wJaţ"k V:BT9cHɔը49 ?O9;)a#ch)@.H<5xtw@YeD'`7pVX%ÇW 4CdD )%ܽӑ,vr `d:)ߔ MȑH~^wR{]`;se}w} ljx;Hp WE≶4[7 e⯑c3t&\**3GE#DCȤQ%=D2z8k?@$phoF6?=1|;[f/ƢZ׊L*?xqɔxv<0ʷAʚC~&4W՗\ֳpK5~{թh٩BoOph$@x^gw^{e`fy!@ aǀ?c32b,jax{E9.4IJ;$R'"DT%.!v&S显;21YN]z)2z"ۃ9A\9lwwZ? \ud7ufҾvK029`A%;ODrF}FG&3'";r>V,"m@r𙇟DI LgbթN3 CC7 􁮾rP|m+2މWVOg ;_hk=<6BԈ+4(OD5ߦ ZI6-rQP2ޟUS_:/N<%ɟHW|kmJwdUUQeRLoLDnɘK EI`cxb;9`\Y\uZ_ﭥf4`=zPc<A+n &Qv`jb,Ʃl(}Mp] NyUJl4 9@]wxzq)t)_]ـsZgn edNro b|øST 6ح=0Kg1׮csP]^=0]XzLֵA[VC-ڟ ($Ok`Z]CU)yPNI݄ .ǿdwvI7,%'1هv~K"jՄ,D8q7T {.ilPُ2'$Rbh;-C /uM&Ͽ>4ehv(Y%'W ck۩&58ؕ=~0tv[ض=?)['$7jl6!?RwZ) ׹7)n%ȭEa6ϴ|_f7Pl \gfJhC#<(BDSK>L@WA ȸm)q:RM| QjxHwpW}?䳿ܥŪ>#oY>NJ^]\|4IGFV˼zC$IN3q "x+ZJ`.3ZAìN2Fg f>-]"KCed )`"3W{,cL13LA׹zrXň=`0OpW$=3HrÇ)rւdv|$hcJc1E20.>mMq (ޱ%ԷgK/!y=b{QI$[i8Ԥm Ӌ>T{7o}Ie% oл}z:B-\ x}ղ?$Z܋&$;p*h\xkG~h13OMQXOnG/#'҈\\N{r ǟC)pB&O, zɀ7*zuʛ('.WLEů>w=:mPFH bAB HI/ZW4T'A m .2}L#~p}"_cp W#j'r|f}|[;qgY~0'vS^#EDfoAi6OOkw4^N9kTӱ|!O(Q;:S-l6i\./VrP35\LVU ?Ywl.Ri 0&NoW*ɁTY5]J^l\r X~9Q6dwB:J4 D*^` 7PP!Ep!ɬ:V\PJ)O hTBMmD i 3!* "dϩg"N.ehY>4CKԫA&1` ?d5Tj{^y _ r_S?mσ^5vEۏ48"݉[X~`wFm- Eq7<]'Sc Y~ϙ2+d]h($9Ygܚc/n/~<:6Zާ 5&70J&kh.GjjM6v|BɼA{M*MIQ0 BWũ,MHwj^ku-s:,>< 'ŧ0@9 LO#%ϜR $n8qν;cB(eP j.zja` X?lVQm,4.1"5ha14K,zu6g%ȊvDQL$I$!qz8)J+[ U/Jt5qи$\n e|]ѡLo`/ (rH%aPXho|^?#߆8D7,'o2AnJ5Zu87Y (vCա'd,~gJ@8P+&IeJv/[P_FJf;v(ڕd 0(ᣲRp͘DoG䄜J;ZMp Gc~fl@?$iލ8kIt~C2\Gj?g"1?^'gn29(Q4:׎vZ}$$ s ˪^Cd \&KcUGE]{-Qn/"pr/:Zy= QXϐ/jq#a2x5bMYY rߍw-v?'W+53>jʜڙ5` :}\%-ΈFam IvçlէhS"ABW%fށTCg #ۊNd%Ab0a|~8̘^m)պ;pL`f6"$ny;}zHԿ fUl. !b/o63P(Yc-8מ[{>W})-j@81򹽺{GLjpokஈէFavEF^AOX!|jrhbxN*`{ACr->\_/'z 掁>]>/Yիg#%7 򆐯AJP 2&(OMX])qƄ:hydp] [q\T e V=F+Cw:*/Ԭ]qFQ !!]Sr+P,E*^>۵)cŎ4lGQ# )R5r'^fY.Rd(›͗Q/ؚڑ&AB A6]&l^/nwN|hw=b6'FUN[Cw#+wu?PxuG@מ/F#'zv?U˻N~ uȡ@H(PEOFZ\a'-b~/=hΜE3?hXdb]s3_>ĝVbp!q+kz%llbhr#K)J4;=))XűE'[UuL9 IWB|yn$2 `Μw e{!Bn泱gQz7sr!Kg齤uk䚇 ga91ôŷ8*lpf ӫtB!%o<^X$y},g|Cy3JD\ |eoj 1*Zhrla}+TF:v:BV T~uNvɠe#=f~7=hK?~]\kG HXnp@z"09b,Otx?{!cP}YjmsM0ѭRʿ%I̺ڎv[7Sl%fPp~V0%Qp3X&2NT-_>ѷl[˸U/5v CToOku"Xˤ6OE**vX%c7 sAi=>R[UӃ7n;l9 ~nϲ:Q"mM>%?h~J7ԅxuEA}XĂf(jڪ9U?RC"Bըia2.ޗ5c5dϪd fh:J*ӆ1G\M WPz e <8B@ofn\bB}E)AD޵R58-{tDO-9>oB/vC6m ^Gpîq6)tD}7R^:3P&WJK@!u;CA+kgMm ш&/,=ff$*n7{~_³").^j sY%ajm}7]xEڅ<.̵,_f+)ǂ[e۱&'9KȊ^=ZH<.Yٖ_O kO첱b_ =wzLJ!<siC8r%l@`ߣ opedP0H@ 1eޅFִ`cr2W݄m}ii g`Iv(>;Pe=6c|Ug`H8j {N}%k&JBi/¸S40tr`5naY՞Uo5ٻa>ǽ$uB21y:?gsb^"z)ղ~|5:tRѾ33Et_&/!UcD JťɑaKH8-ʻ6ɊNGX*^V4YMxtYkvHv@tc>G} 0j*mY:KF_tS aZq>-#߲{yWŮM!-hn# xkcA зyDx|)*ŅzQN īO eqEAPi$_+ꬿ%iO!fj\OƈlRVvFX-!ȠtfP ؿ1F 5 Qr\Ky;!6BzbhNK|UmOs でXT9 StDR9lM6bTm&яGQ(+1U+Pj_n^ dă )'!]82qgov1tmw?VBW+]I[28O%޵>䉐XG_0zmNd @q-Bz2w֚x`VA(bYɺIw3\ kA SXI/G943ZX\톯%F*lQ,k>C1[:lsWC(c2p{Ө>!+J=Bu/*)S)`M衵>%>[՜9쏗O<~c /}?%iA=_ 32heS>> `@÷wpBBEmۭi3#\!މqK8Ql ^n#x {K:f5 aA">XHjPL^&ciaEoV/V E`a&UְiPjZ"3{ĩ?.lew<$ĜP|X !emfp+zH&]@%pҲw6!pDzQY%_@ҥ?4n#x[yz:"E\Co}($y"]FϝsYuImiQxd0>r$&-i*\7J矕l |)9d4$)G|, \>űY6 {^;slѐN,3qZ(6HhKCp,ZZavTm>۞tpyJy vBecIzsJgL;z %@~睔5?LĄSq> ^t{?}bo=p}<0L{BlGls.9?MQfMu |6|vϋr]Έ}Yǜ`w?hGN$I,zjR*[~Z֓h[OOgD3/-H|ȼSFWT;8ĂU,g7Dgi|ܓ$31o_cΨ1"<%><%g'(PG0)?Az`7"c̲pɲ$Q򬳃h @'z165Dy '=+ؾ-tE3s<$YM"2x{GnK׹NJhGhJmCduiDO(d5ڍ2>G#륀fe|رh0Ҋb RKwZGuY&VpRf<Lrr!tUޗN $3j"UGj}pe?1<$ޗF_eOq4Ǥ+{Gc ޟ.!=t5tliPϨ0HS,?wZ͚& (=]=w f=Ɯ1)sX*ָK71hFza0ZzAh4fireu'‚8Rt+(.kϳX+r^M`82% Z|~&UIq ث{]H& >+d@;(~o+:侖Ejizу=9NϠ|qج,ŵ)^Its]Y_Dc^%e?вps 2f[HX=1h39 ĺ^¹ȁ"|H8fk.qFkLJ,ׁyE.|gEkى܊:.V1/B^؃LUJ5BAOdk{!VҜtB6V?b^'K=z@s hY`e-ooqֶNĔ@/Q+&6hITi&f>:Z#wVyv}M'D3lh6lGW+nF3BzeC;&nW qWvF26f6Ulz-N9 }; :]5 X9$.I!"Bj0{]ǯTT|5ޅ{Y2 oWu=-/UqK]@lz "{bΕhS.ب>ʝ_Sݦ#-z P;7D.%fh3%c%H( ˢ:_[IQ|'ؾG'0UPݷlqse(OHZ~Z)3XN&ƌwMug? Ƹ\shqUFkX T'\פ^MT,P:߶EVmfBVA֦{9q GaI7cY{2sp1'ݘ%.~e^A#7,s8*.JE_ *a?sspKqdՌWZ9Ek'?jac7+erJM =X ]NZj&杲uL+fs)>gF㯰i k0gR;42Vx_k#K$bU.^ݟ<ZGy;Q˗$Bȴ?v(\&F)w˄4é*p: [<͠yT ?YZM޶c㫉Ns}OQy 4${ƞWL"'q <)#!`y_I<ѓE̢C e\M@jGY9\Y?ML(qNPNO7d5 <ON{$f_ٺPXuQc'nf #/GyX" }@ ;rM%F'U)Da;!%cd8?0_+vY d.P m' y/jv z$C3|1H "h Xuٍ sT?g؜aMC@>؎$7(2ɒEsn̈b5BkzL4UӚo Z Bca^ ixyIiG9zH4_K÷[ʹ3O `Hi !H~&(yJgCm.59TczߏԗXC[AvFqhņp#o:)@PL\v2-8\ uFzX8GI4>7ivE(ڏ wCo6_ l%Nb6Wb^/&` gpks$[ p;2;K%ep:Za(S_e k O2,a"Ϭgx&nxlZAG)jSEXJΓ㈇Վy2I % nϹ…nV Q(M9Xpg<_r&Žh t8(oQ1(Ֆ):0vĈc{ƺ7 G&>n1HHGM !`4C6[WNBy)ǢMg@^Ԡ99si2&q,*ƃG0] qq?)==@ͣUTϑ[?HX# :LYoqgGjr-L8+Dgn/'HBIMc\l}pf,VELU'C=A,a;\t6r ·kJ*k Kˏ*̒2iGC6k*MFMC.CFP2Qшf,g.Y(z񐭂[<OkFGiUp!w3l>[{4^Țw™1,+rj<ˌ$6h%jwP &]LZb0+{#sdwlтnjvV4 n2N/K`z2;ߺ;p.G`Q>4MTA /&M]=r%/˝ѣ#`1G̽fAC4verGzU7Ā7w0w %5#F)MV'OZͽώGeP!0p?kh1p r"3(C`6d_aՔ%.ZRN`* ƃtd,3Yg#p.Sٖ'r=Zȋo ^PjzsJ32\M)E)냖':`+v9o=x BiH7m(D+."7/QvM@ ?kq^;T3V3bOe{r0a~tztWQ ;x?[b ǃ&2liWhf!:b9>F>1ȋÍEd 75t 77Kn6B6m ۗT!* !2 ŰW}ݬXt>XR@V$"^˘?킫hM#ɟtJtG,}qNKWdGHT@da3 (&2^?hԚFC&.?H%E'~p]Vb B"^~`l(++8)I8fޟ9ke395AED5/]q}](?7dtpy]\,u]_e&Ŕ&kKXomSrog=M B7x}mZ ]r2ר7^}`pr&<5U4tKQ$d0 {ӌmX)!~i!MIsS:3+!-$y%ipY3J`~'Ixf}aUԂ  +"OJ>Q҅|"{tAW"႗4h #qOhV{?=O[9v#УghЏxD|D?em?@,ux8`Tn~X33DQZYkg {vJIlVlyL/QA_WK2 =2~L#YR`{/SJqBL᧺L;BoMmN/~xviJc t_ eAlJ]1@?w:ȋKHL(_ةr)i_ed-o8Uʺ)ox{27&SS fSTƜ[q}Nϰ5J`Nhiq13:8|O=p=CJɖϚvhHGGIo" DF-uU7FзF%ZHK1%W&z~QQ;o(|'y}T1.@g"t :QSw xv '^ؑԂœ+x22jUb)k(}Ux2EZQx).+cA̕Í$Tf>yVҐ.XZ7qnϝeiR̕m5YMPݕ;H {1-3}qތ`78?34RVhgK!{ESfݦSx+d׻B:2U<鮣5&584P¨$p]q$+Iu6t=kf+X+V˼mIF/@˓q0 śXߧmZI:lVN~Y2ocd5K@-ؚ@a.KJR)D>OmG7Qm &mPv3a!0RFO=z;tzfʈvhɡuO0.+VB TmN.# f֕}8LMU sP0 ]k7sXADP{FFRrp~T5exy3 8Idl 0>q+:ՎӠ.!֪q &WU7]ܓjP VqÄ \Y>]؋T/3},/8I>0k$K I"68ܓ!X) 0 PJ嶗@Wg >֔&;P=mOli~V9{aqwY=h+f C3SW~?% /k+Y]=|bhR-~aIÌ4oUAM`|VC#)2iKoS֗zT~4հĵݥӟiDǺukm7S"cRxX1'3sD5MEnƁWٽY촷?&Miue坬,qDĘ}%B)I"ywRd5Sۈ-~>u`,o<_]yDݞ&Q7>" Kk3-ҜI+:S˫20輔#6&B]Y_ (5++ݒm:0`⪛x(O,̅Y|7^aI2z4; .-])^ !Ițv*Z^5JuJ8V~ 鬱y͙ ݡ~cD TYFR`bE~`&qВ%f>c$&T=&B?=k(  x! *ӘT7;'y=ўI:(t,qM} ,Kce\&W.央q:P{Ż9XA^ڬ }gtĨD͕Y2_{~r0$7Ղ1Ka$734 -ǚTWR`,F-ˆ5agNЦg(9,B%9-Y1B.T+z{g `'2KfQ$a&"qU/bX-:}xxN2^]vh|"Zb8ui&K ̂aHDLH`v]z:1D^6;R$Br&8+ Eง~~ʋ^-x-_fC  Ԡ.(xu^umw,+4H%WVfvLy:HVک ǃdVj鿴匎΀^GaZyIqM'&Z.Sqyڢ?ڐ@Z=Tt؁Uf2N_N'Okx}. ˝ya[0 -tFHVmZ=n-Ь>~"nZT y=Ax%iG3 յ0?Z8)m)=25`*xLŠ1r#jC7иqO<[6xlE0"f;#[i=~%04tcִf)nVVJ†:iiAX|pΔȣU$S ȱГ =wq79t?*'du7)Q7+pcQ8g`6x/iV[K!ZڂpivVHb~crsۂoIJT"Ϛɚ Z ݑYuUmi/ Ć߱<70JEԅ:ǗG=D ra[EqM1,)L ֤(\mbȤ͚p5.]\CdoNJ=96]R"96:4fjѻv&>ƒ7c7D[kηiuy3'=hQ?BFSC8=w=g(}fAl\<׀̞0jxuen4S~S埂qo?New8*tf!UKՐ]I*b^,"e}Ab\_,AF_wtˀ'fohQ/\W,]mׁPW]u?"woۀJW;Hަ(JݜLmހWN]1< SF_hE3ni']Gu=PF]K, USȿtJRƓX^;TW.se}õ9t fG4jKKYbY@n8W9<:v#kďe,Gqg`Y;sCE+}I`>.շ榆$o嘻hGVFnnM)AY s/oex"ΒqN1yyP4_kpȄ#*, %/ >D+;JnW?sH猤H7CƇ ?u4P?2q` Nw7Ѫ̯T )Ti$ۘ 6'j)}ɗԎ.iXպBݏO>tQ7Q[^#N\n9UO~bWh I8N龏uc/Ih ≉`;ҕsG#T#L7&3fjcUNclE%*g- &V/oM:{uQ!f󪄆|Фuz^O`*ц<3r,$lۇgqk8#tG J{{Nμ fEp4UQ!AUfr %k?` ~#FnT{-ѕdf9Di[> g9 bB #@+jٿz3c>k=(M@o$qؙ䌒D'߽mGy :=!ݡ ey -nUVSkނb`'}@@y[b9/uaO̊.W d&V$`nzi63/ȴ!G4]] '7Nf Q/ggo@I~#}UJ.nؼjbk\fCdprjA'f~Po-?r)Pw4m7p̽ y#ͅJ5GBP+ j] EݔY؆+b='ON6WpI2I;s3s4L;Hn$EtSi@ZMwj <;cR=OU TznR]K P[R 5A0Y 唎i*?,5q9:~:Uk 9(H[ 艔]Clmx;Mxj: ´+Jo!fHvyaW͡M }8vaȘqWH ~ûZЕ$#ąuVXPG}j`.HR>Vo9[c~\!(ʄpŠP !9`~>DjErG0͌/=⺩NQKO2Fs6P] &V xl8 ^$qk/(5 bV*AeW4%T Ǝf$f +k}_']Cx2kF*txjDQgщlz@/㴖{|buAq!GѴ&քٵ?g:lOF~6vpjS)jX|2Bw<ɚGZ[."zDkRB'= N9>_Xʬ**RwhuQhCc†~lĞpnL2rRά_.aROKN,^BګsWMX1@v⽝}m޻Z^}H< EX+߻0 PW6HYސdvr,_r.+t=t!`[ۊߔUJRh9IWٿwKXi,sH\p#)}/*Glu5R_-hQ?A*|! u+ތ("ܒd'' +ݠG'Ep%|f漃ɔG'*fN>s"yQO^|#|d=E)|$WiLώ@:VJ]!gEAX $zE0LYJ%('[T_dː) B>sҁo xv3hx9gڥ s3;\hݕ+O0 Ln|Y$V#K K&z0YnoiT,8}F+E=ޡVEŦl6Jg'&OүINi)0gl?ž.@#Sj\b+AucF=YC,7-)A@<* LY_QRyH9jP߷!rN./qlA3F_/ )giM۩uOc0CiR*̎gՁZGm)~Flx-swn@wvn7+hFv A3]SRGXUmV fYj'*mYon>BXܗ Cfw*%MP2)φbWq,4F*jAKܣ# }Z]B3Qj0hg{0W0:jx<1I\BK: =&V>Pa¿C.&{=k`Zd0IwVdRm "6M|/g@1 , X*cOd=@TSfHZ?@*xrID|΢{se| 0q.&{]KX5x-5_8AnczW:߹\Lstp",КG 4 UxR)ӪH%+'#XԘC%GkjEfQPNN\U7*z cѴǎnQ juZ[}`"@]M xB-+8.c;ЯV)uK2eϥiSϐ9VOw[ޖL.!7ZRMQz ߮ ad05rѮƒ܅Ν-d;7ZLy 1w-Hj~iS4H΄y1l~SZ.(HqE,GOku*@"(P4,e$s Xʈ.W-*-ϧ| AAc~!:w<VDT"L+v)){L?1|x754> k^O[X,^5naab鰉֬!X\wq_z^vr QʫQȾ OYB_cB+dQo6x4<@ L9XmAr9+9LI64aPp.!HRZwpPAROᘗؙcmm,^_:\AP^ N9:S!}8ɹ!eh_O!Zi(%{fNyfޫ!48 8ݣnBqT FQwZtObyӲ8F *C6WA(K\޿'# rv[:q[~="ek%:Zc P ϙk.)ůFl }ttDP0#I)=O"%O^R˴kOPFvr -[|c(f"sJ*+h,$GAȘgo?Rҧ2Ƹ U^Sc? Sn#՚77p;@LǦh*S2+߇~yfB{4$Q8Z(K?i2rtY P Dv΃܏r?Ym;hd}cq[wYX=Bmrڲ|\Y+ 8NHoOjU,  ?G$guIЎ]SDa⹥Jhe{=4#~(n0豓[PQV);XM}U7~?z`>ok NAhëF,ꟊV~-")1Ǜ'k%@P0 KaXNHb.rV= c%*#iКܣ?1,M4/oWw|mg}\nk}9A23amv8 uyCx6vL ti7,W(e;(^~]tdKtlJ_ _A0ЇE o˽TP< XĞP;6B2vlI*oBofvUg77(&`!K(`U"l]D._5/Ϋп7*/'@;]Ϻ㮣ղ24FIc-Lce{YP(0؁Җ\Q!*f1/WZh@J́aOogk1Y28~DCbJ [L.y Md%A ,[$fRa>S辀1RId8˟Qv,2hfe[^gfxTyl2Ǽը;Xm7SDc昺KV0_Kb m]wL!5]⺜eYL!~Y_sf鑣KTj,a6cʽe&2ȵ122 Dye@@Gd_sfX4c{~iʌū'*6d"$sCH|.Vby/<zk}S [Jx=X H|丐ݎx+>( %>R6Q7_F)+/ݜW;ZC=W1^'sĸ0=={};/Li[=l;z[ ,xM_\ ,d - :`Bcͻ#!\v_䁧OPÙJ2Hpi;, y.iϗ;6 Cl!b~CE73뾌xdB[iqiԾK|[%MV%fPg. [Ha"r" 7'Yt;2jtY> GkX3կMp5%"7A^c.3vm#׳KEc[ɥ0;Q4^MEW.Iߘku _nn|ESCײ^ ,ܘlҏV] ytpJRѦwW7F_hy9޷#?}˯R U:y =ֆs7I܄҆k{m^Q"N> N'n S\tLIĮB1$Jamr`m2R8?2ǵ1":`= G##U̡(UV~?'3 098ߡqx~PwC{ef#vW:lCTSO@*@ _we&֑ܡf5SM,>/K^h1ge3]RIG" T`E.l_rXOs7g9t3Ӛ-tEQہC= k{(P}:^y0zu1BAlH@|d^nbFa&T+:B ]Saz)E hBBxRPvm}CH2E`<{qPb) kZa )qH2kJyv)P#u&{6f?٧rĕ&)&:hIM ק#~|BSyYj@n X#@U͋γEEBgw}we)z&JG{QuV8+R=SW2 W]>-TGri׋wFKe֪6Mfco{ƭqT3D7Z&irQ|} -pۃR]u ͳ>;`O*t )|xbWZ| xw#ŝJ4{^ :ֵ;&:ۧz@^@bSZ1/[­k*o[^r2{Dg;tr+X~=K8&[/GIӯ*J=a҆"=Cko!{Ϳq5j^܅;n6x5!nHG/@s\A(!Ϋڝϣu 2ثQ(Ha%1w[IsFoE'CwIJW%چ3o똩5 Q"KbɠDۡ{?$# nS/'R]BVEq cX L9!T ""14Iq˄Z(uXV{2l Qw|!۫(We=9-϶a5h;r[И(ȧ)uCy.hW!CB-L]%j:WKڒۢ},~~c%#z)˳g`~Yk)41๋~zQWU-,ܐtQuIk#ip*7+Լۿ~Ԕ"Th]tP/<7{wqT.zjnnւ݁/wOW>^;HquBfԵՄRP`BJ!wgEK#g Ss]"'AI טpa,̘; E1]#;*XɄV-1)+Kz,>||LA(2@"ʉڭJ'Wx;W,S|XmI.Ԥ+vWy`"ctWH@|kY˱[* ϘDQ1f>FWjf:6s:׷1Rs9,6'|SڟmnmvN8"-?G$Pm]ẓ} t몤㲚RIԎ1a 4Ӛi pU;mXf"BA $0 ꖻ44y1(![8jT#ޥK u;Od;iܝ?7u&Bt[ñjV*dPOrtd[~ Y#|Vɲi$vGiטF85Q\gk [u&yTAn^:MQǶָ@Z2=)=7m5l"pQ}gcc?yr)Q( Fk[W}y\:"1{-RipȏtRb*Dt9u7Ɗ+k@xԛ%iw% Ȗ]Fu$#̳ vjJ;+ާ'Y^߻d\rףmůsc+k3/TSE{яB̸4>`gEg9<gogws7H@tKhG񑠂.WO Lsg+/A = Ŋ=_*$s=[kȾje+:}\i 㪦̒^_#}!n*sb/@1ddGU+w-$,(E`HQTgjTrjqd5x ĉSv!ׂne~+f`s*{6';LM^{/4wϦ/8m[m+Y. 6yuGtBզN՛DpYXc3ZŽ{C?cf]Ը ~dGF?!{~ T}' ˁ#d Y\3&>SnA~{%*M+8Mق)6]T'c$C& tzFj!J66Fގd k Meҫ9ܨ=JyE;"URWت ~L̪*%4*: WeɷڞLV;;=J GPT|͑3TLQO#jcHJH"@HRa`@}>R~WDe܋'Pf-f*twU@(VA NlY[(q=LoK*K3dJuxkK(A~3CݝT߼R\[q ^OmoY\OٹrX^u. ]CFnoE0z{%:bŁb=e=pahQVCuf6fM|]''~|cu[N)7 PQm.4ҕH/*E-`Cctu#2i/ ƐCe N*Eۢ>74Ub 0K]]KNk8NrֶWU\7tf'Bcn  ` A@PT7D2Y@r \$Yq?9^{'$ysxo~)9OfMns[Z\-?f)~wnߎG(g5?i.ʔ:ʐ29|彏>Ca>*-;=̴)zrУyM -XV5y}/9) ,L4BjG[-3|nF>_3׆lɘ)U6o_4XIKa$'chb}d](In]mIUbēϢ@y)ltc?:g ъ%0fѢGkIc{Ln[-쩷);wQ3} "3 [?/?=d<E}<>8^K\<:NzQz8?4ލbiJPy0>yM-r7NWf"U ?ƟMu d}Lc_$&٦dՒOz'~7|Bh!hawbm 4cZͳ!_ST_9';O㧵 17gܫq G/GEz(?Jg8WtippXaiZSoXݺB ̊Τ);5 =6$S%Ty%~Js|5,_-Uć}jh#ŸUD. # bJ Ԇ5 }Κ\Hu:_.S!/rcR#dhBB ÝtZK%tfT^c9i: ٛt7'v>[c0(!j̒BõsM9[Ɓ[H7쨏TYe1~V7)]7[_$10h("A Oq\E|96eE3X 9SkȈ KY5 #$pQ+Y$~ڎrA듧6{fQ< }E N:n?:^e0xHTϣRLt72[;^IvVA`0 -<=4i9{wDh3>l.]I5錑LɎ72m@PԺj~S}gT) D. 9v~L EꤒYFI$|^ɵJسoJw>rMop?3k8D \>!1${,( }R (ڴ=e|3\c.ňoq{ rWIߣޯ3qd&ح708_q7VMً75媓1#ƮJ "~!d= `Jr Ʀ>g`s,8k3i5y5]J~iH 0M%R&G(G*@Aɐ?Il{ϵI 1I2@ p0d L@2HZ܄@*d%:KO:Lm0`N,d >7Oz5Z9jhw2a](H@ c  1֘3Z~جyj灼i*B,R( &D$5 jcQqԞh;^>rw:'jEv㜅2ł@T Ij@l*2i@REX }~>oo [g #a":`QPD?)6qġ=? XoԚȠk@S(TIP%)1dCPrd0k _q˯ײ;&l[%akv“l;~u?τ8^ vIR@{! &HaB+6lqلe5%F"#](HPFDx`h&!X!N^'X3a@Fq@ksVBFXO|·!$"RB,j?*F2enm߀E2,2X"H* (a\L6r6Ͳc=L po{ 1-'G![}ZW[c@C n1?vBc"D`# ҄ ՗V[uvGR7{aQ,g}JSLUqi2q5r[~Ue -^DX.TE=-40H٥#~ɻs[Qfb.n|['&""DS<>FL8 zJB֧AX=s,B,4ڙgo}F utcOBl͒ճfOũ@#7(AqF?Q!@zIO:Fx<[f,N`s*H E0}gX !o飯*> gL N$q[n!$/HԠ, ?I(H}jP ?':@zD#8w^M pOCsL0%\i!a=OҶ}C:ru}Ǘڥ!DCiJv;""zA)F$g}Y%6^D*8!b ˃{9e|F@e-kcH0>E-ςNCK3 L!3&Q>ӝsl/Bڱ4 V WAZXb!HR5'_%23}>_tM{}ʅ n HATf(N0rkڗ֥դʚA309whst>nih#C5$8F]k8 $ *b FI !!%̒OR[@${d=wZ'ȣ Z|+x?<1E<70&͋%9oƬRl3ilX3;$!aGRePHv'")5ر}_ljqbI \ܲ.B!G Oca.#A j(Bsi;>Zla$_Dڲ$' p 'Ki Q'yDNd0(kdq0:$%吋 w5w[9Cvk.D+,(bZc6[Pp LIJ8QGKLJ (]p&(a* (@’AQCbB8+ )9")(AHfj0ICd,h$ ?=01Cpf49b//Yf }K U5&7j*APDVB!:PX7D{u(($a7M ?MVHgT}38>(uuP+6֣UȚ[|~~1LD6N ?u2,X֛?wu61;~ . еr ̈Q $D2#mE*O1tqz7H1~8!#,f/<@U -^ҙLUЁ3+THvƦnx8ǝ Ҷ$0YQ!wSq,O x\Ou%c*kbQv Sϝ#Z)N; \0;KBJa#$! $8 0P* ;3wk||"JX܄HKM8$EyXְv_ ?SCnjzzBgR]; ?{y8oޢ&q*o!k,,$\ZZZqHHGZ4TVƻt~7k.8;<Mbbռ:rrW`d d`*tuϩ=Y`UGAUAh_bKSV:2u)E-Nh<%Q,xC H/Hbfo'dL枕J\qVWg4~w몁6<8!, D;iĕQI;/>n*n 9+s2Ud3<1}ogd]^x<1S"cX V60f853?QzݺN+׷#j<L Z$E9bNX+yޛQ%->RuEK~x2"2D)hw>Zχ(ҡ/|feoYaX@Ny'9Fvdq-f1S`I]1r' P~d$LJ uoLa(ٲ̔udLj)QҊ PX1?]Q7C2s8r[ʋH2cQ,Wf,b$_7L{m 2;$8eS '3G;'*wC64eTc7a4:n'1A>ol2~x4@佉ra5gi (,$Tlp($qxx*1F$c7Goa'7kHHѨd>g`m!*dOjpS[xv:VBdЙ]USQo‹)ڤm%*2zuL{bAOJЄ9y࿼yw}[R*xULJwZ}8&FT5q"8|_Z9_х6DƇjFi/p_}_ij E}Ê_Q_]̑ Eg@CI4!ԡޤ $!RNte,h.|<0;@Bv%OI¹e*@擹NrF9<[jN!O_b/>:]b}w C"zs-w]MT[!.4ZǚHh15J)CwA]@@D$jx"=xۧP0V_[t,[Ġ3_yc|#+-PRj4zlUk`85 sއv\ h~"H`I 8lv09$%*BwLPIq%TXBbw>h I:Lc7mpPE+ĺ M΋?>n)$ƤriFyI{J$o]:2GTZ94r]|1צگFDϵ_`poNORvS[ v%ʧͷ="L1*o}Yhz}o}JBCH .ZRD=Q8\odó7҆@5! 8lRHw̄Xh YռRѡh(9px|VJs8Hyz\0qWռ»|uXaQlVwa(}_M;}?&Cwm 6gV|d;ݩŁ!b#}s&2H,YM3y? oID Vh`ILP:0zqz)^CBHrRCZ?0>|bi"d'KꄸëC겷#rN$0Y"}'a '6dHzK`NysCBw! ?vV x?%&DoФ ,;.vϕ"6I˒DOb:7/N o.5NPQ%Ti`j Hm=Qԣ~𵸧 wP%Ջ0m~-.SpGL$֪$I8,y5y V&N kgOBXnE)q{Sv%=SOi_;'iP$0HdD@Dg'kڻk~r:>O'uy.vm| `=3H]:l`oOӡa6T-<=]KKVڏbP- JؒZ 0S8O'-rv/s%EB! U@RYeO!BPτf; P & $Jd;/$U#-y^B94=!}+UR YrFaF|0u~w{=,=Lɭtբ@6H w0CHHnRahF 8ѩ}@Rm R@$ڟ% 5^JZ: 99*Kɸ%8ԩMA>j+z^}DBEiAc޾ vL=KE;;E Pkzqͺ@R uro__znl]n_>R Y$ZX+PML!'% P $t $42I+8JPvf|>f@ _@2I^ժ FT4=8VC+9sE/|ICd*sZy|j[{'R8d~k**h󒇧&t%d@Kll̺B;𔐸Vُ5o'Fʺ0Ԥ5(9!c J0$+ SQ >ut^]ョ'P *_GBO#в;)S|ezU# Y<UHWy~}tY(7پp r"$*]^壟0 gLS.Sd ,;USQZG?8>̟*!P!D uvs`MJ">%͊bC,gE@C6-cJ0@#u* !D>']S%P^ O~ #l|;!3IN KTb*_u" sk5 RŠOEw%8Q=[|h|3_'GrVYO?T~}0: F` +I) 5 e(p啚$ȋ`)70M[Y̅ݴf1_Mg.,j ̲7i^M*6dD0]ݙ#^$|_ (MY0Ag2M}4~XQ" $Xu,'sw{`v'/ gX#]hBHZi5@b;LnlL+j)*0"Bkئ!cCKDiik$l (E̓GA@l0:s u6<g2/An`nhb׏]n\VNP1DI"J#wQ]ld ] ` y?MW@8BZNSOpP33_NU(Cn& D4ldS^BZLi9A4:N[P\'%MlA`@@3Q{nj-DC+ v.aNz4{pN:C9)zaĘa<9[hrU&!bjcAf.H|)J2 vN)O-YDlVIy Q~U;Q&RA,$$Z7v6MvXAr Q2mrS0=r%MwBu9]F"EFDbr㜰dI  C eݸv=r1hgF+Ci"$[qR^iViˡL.0]njąC) 7D74a)SͿcܺZQV$k$듽vU&³a1W}F z;QC s~*C:C9JY 2y傐>{jܟVO7w‹jo"J4h1dƆ io'RO:>SRStY4)m>q㭙HrkZ o RQ&%F-,iKa:nfL NO>G]ZIrUR.feIH3!LPq+z?vɾ@! KT,IV'iu9^c'v01pJj.AF L5 nA$/;ؖڙ}7or# w1~.T DGm Jn|,Y0Mg.dvjaWՆ*ş!{B9-S}p%^so b51+96Ҳ1U BTpX(m踋#sHT~MC6vN=Qv;jC ˣ-QSv Տoó-1oI1 8leT+%dY;{;rO3z/1(l.3>bƽ, DK!1K#k ! &Tdl,k+TGdky|<n) ,86:7dbsz|Xw{DPFS/C}e`zBKT=PֹI|\8ׅQ[ITpeh C)j9W|tCiuUM&l1!40d$ǪHbo'Ax[7%_nk>ԎO&fYi͈qZ @" pOF_9]1䥞~;]h0!LNdvyMwIGm-!H+KQ+!M/Ǖ:C^P4 %HS!ʹA*|:\N n'|ǿ?Eu,tGkgJ!e吡G{M6ʼe5>557T ɼR"rv|P/#SQ=5G{\vZ`6ݦG偕WnZCݳww)} 2T "`ad2ʸR%& ~޽脮f~d/@D6}fX.Ν߽)ĸiX$O\]Άr}kǍlz"c>J u)<< bޫnI%Vÿ>.!P d6f Ǽ[ C UA:Oi y1KM~Im8*;WקǡK>7ce>d'}wy4;y<_t:='{+@a8“vF T!L "Oc0r18BTǧb3"x'\٬{&jE`&!y \G=הW? 2xYaXHxhBH}T LRELHި~'+XNM5A0A3ICg/ 4/\auc]HfF~fX<hI_Y`W)[}v siʏhm9ϵY`ItfC.tr _mk5Of?/+X$SW}&B\O- $!z؀RX~)NtjbcH*4)-fm}f|@?/Ŧ`7Y?tj>X5z9pVr9J&H lTa]5PDRFF(7}i;g9JK4Ozt@"ErVo[=OvdJb,a9idHj[zM; ȑUkBApp+!'_ N঵6ReB څb"ڡ(2Y8`†>K$S%Os\mTE:O@Œo*ZY(*j.ֳ^ݭ93`㞕Kf-kM̄UňM-$j㻢8o*1)P~)T,vEIqd1'ٱGhoo/帣wbAE= [ߜ &0\k"rG,@ ċY% ;ҲU.[N iV]Y{==ŦOś,B`?fjWFj,ZVJaSqQ-J0 fTiK2ʂf\y);d"언L H$K;LaQB0v %WnO9.FX81vҺsx4̲ s=bx0C.Rj d d*HJH{hv^ i}9oxoCp9z`^ L+2b$̰OtΝ|EQ:[2[MP$ 9T>Uڎݢݩh 95QuV/-kyBE>/q*o9>jUvMY ʺ{ =[t48owi#ŬoйG NIbꢗi;Uq -v75gWMŽc͊sI],><$HnN:mMrnjeґQUT"g=*/۴mH,iL ""RaZɘXHbH n*7,(?'W?pgvi$_pXXd_s1}:++D)LwwEP;DŽvKfZ׫BfEFYHޘifNAGWDȩp+_KYWg3FcVv+RbR}քHjS]C[:&fd8ڋ~.YeXX $ꠖZUee#']oW1ȝIJn)ov%SȈp,ns(? R˕g_N;[mQbQfIZ-= om=i RݮڨM7){,$I]D敚[v+w`$$hOU_Ә-*a櫾c~63E(¤][Ux;==muDw6E):8K~>={Ff@5Q!j7 [赼IOf2Vie%#@>W#{UwYXfOKyV7܈*^w*V{>JВuN>Uz eӧ5,X±-nE~znCG}ib(@Wź"HA_ss+)݆k[Ҿjѭʼ; aDPIUow*+ Ӻ9) *Q,wJc3mykyÑu3wY:nV1KDֵAU&U5e˨.EH'B9j w0]deTX .;Pܥ-a\oW} fďf-\Wp@AQ[د6zxm޴khkp,*UϞ2\pjeIpN{{zzZ0.>}Z}76ĎbXb߮EBǜ6ƏE'K{}5|H2|PR~f-m7s>23+cfy5fwm d7]q= 6 xzߐ54U/y}Ytr䒞*sQUJ( zf*sSv^Q"nݤh@2WU9 Wگ=>n}["Ny}? ޭ5:TgkWknI{uԽr@Ō3ec__m٩,[zsG*H0rrB$#ZDs.sWL~|<6KRI+ eDfq$*d1I wd *[4MJ,ľE4~|W#uHKUMG>5#!k|P 4`⋄]kpdy)q;jco.W*"+?xk.A4Ԫm^vp({J7jޗ+G'{C;{}O=TǺwt|ެq !9fn^bvY Ƀc#c_r ~.FDZWxdˁde842mlePq՛kbMm,s9݆H)j9\{V;q OS %qօ]8jNWWt| d&R^.ZtS=|~&ܵ&ӛdxx=lVC-\BR29bp@phX%r ЫgaXzdp9Y6/r^{iZC9]+uojMj^ASs{jgGrx(sW_ɡ4EK^¥Nqv4MH*ֽu}G;qjv_%+-K뺱nڭotݺޞq1cwQTRX-Qg\wby1%ooq0^~0v$*I1iҠ}0ts*o;v-rŵ%YY%f(!-;ˆR[C,'<'fUӸHJ(' o.S61#)_)<cQ{1'"Z#˦aD70F̓v|s,[ ڶp;h@e-Sq*Нln)G ` I'!P$l2 d'>!uA?I [_[-xH]@4 IS$덚sA*%^8 ~VCEXhϦ"' &{ B B@"Ҡv,'ppP R"BC @?%2Bd Q!?2uob]K؇uIUWOa'D4PKpvY?e x/q%$qOBLRAd HBI^s"Un)O'?{ⲻϐH9C%_)d[U?/rz|$BOd$@cIHɮIiE؅!2=>9]0FhXIgI*ZC, fޠEKM}tI&,EϗfP2EQ2P1^o 'G!L1vGIAcpva AH(BtIL@H`R^$'^Zݕe;;iꪁce%R&zޏQBd3:rWGw@ yb$D^$lT<?u"\d CjA('1ntViH,ԨI!$?-_bo8 yjTlʼnxz(FEPAI#i,/znHH@AmzO7t 4EH4<7e"`5l>nORcJǩ i{/4?o_hS b"@>R@-dM@^ >-<0V7@ zD CHS$I 'Ԓv$5q> |vO{ϗ{;$H5P$Xj{ ?Z | Y `36ֽa#cDGu>~b<9y}PRHI$e` ']rꚁ(!iI$.HE!$ %``K 輍_QvmK^EF`:Y Y/딐h@ H P<8lsދɎ?ݣ{l,T0!(I2)(׺'^hW&H=Ilt(!$$&!!S%!P~ْ2H !Iϫ "%ƚNHTdSps`1a~Oر}.rWR=WaW_t?D 0,")=bmWHO+/DMjcW6i"! @d.v!Bwl,yC I C@d$$}$-,`² %iĬl v0ؒ`5*H@$L'd,ohvkCrqo ^ ljsj⥼vݵqǿ`=''Ŭwqlkj?%!.H?ROI7$ ¢S$ ˤ:B3lK{64nXn~f,6}5FKSٸMg/FnnK{]K 놄8*8τLkaKfuR4vMT&_֨I:H(צOTťKfS%r)p}8!(՛6LW%)`<5өc9X>f_׶YSWtЄ @;I$BC/Q͞6.N:Dwc.FQ qwZOVI#_ZGثcj. 0I&C<7 "!@sW^Y$pW(] q8Ѕ6mu.k]${B")FG=OX'ArL wJu <1 3ӴlO} ӫK+KpjJ@)BH314p Ɔ`-e~k6cE_.l[SUYĽeD0 cecw[p.ܐLJ՗>)l+_L[և$m\uן`lH$$Ne*d>Hd(XpK\Ȼ1+;LůXS?@8,&֜XomRQo-T3 $]kSHk]w<3goy6(ɏj?&u̶TAw} ($m8@huJ=Ţ JԪGTM3DL{ ;K(Sj,#x e4zmy,՗*H̊X9Dy$whh, ۥNPyd  ڻmyI48CAuXO 1㈬iܻS`~`MD?69{X)*HBӴPOvGW$  x3/* f(UVYN{JP"I%ꮣ"*Vͳ, D톞}Dҽsm5 Ӭ6ucV 46N x>Α ޔ 򶘳gGԞY?&ǑFo+2 6l5o#4zB%3us ˺DrfWTsx堲p/~q8'X!ص[ X0T18>Z ׎5+)ޙn}Es0mggmWeD &^-!Kf. >OJt7OLӺ5==$Ÿ &*Q "AA`WvNjKŜlP^,DcaĘ2H/H,b+B&o!X4RE[nIS[RTذdj"6M;Ҫr ]H^ْSs,~'(ّxX61NmtۭM)B!Ε1cY/,IZ?E )˷Ŏ۬?ՔjQD)_aܟ!(雱928ku㙕ߡN/>-o20 S$2HwŲ*26^m)gD%Y;/'Z8e%J RԓDnXn\i{b;cj$lH2ggnl6h"t"u"CX I Fcw-Ƿ,*q mtxslRvl*@ vʌ*+I{iu]GȐ"őDPdbMcy9&Nb:c$'RuJP;U'.+Pu.AsNi`5yv )KUw2N&,OGZej7i;=NpZ;lnb^Q%)<bti>;+?_W)0"E#Ps" Jk1R>iڧHL7r^w(U٬c(K0MN\QTs pޟ9ӺKpԍL$gdreSeMϱfrr~C) 6KZм5?֖U  w] Z*ӣ Eg698XLdڪ:*Gݗ0`D>cDVRuS0ٹCoiP̈́ c:+v64q-[@cJI;vF ݯk$곾\^uu)h$<|GLiRbƑsh}SIDz\x*zr݂sWcCI|.I:u0-HfYq5\!OṸLA@떎Η'8qs;-l?C(y&TI,2PQSd ܌e2i"㴬k+л[?iA/(B ƂCr]K};57N tŢT7Գq]3lGl@,.zwx=yX/?s{:)in޹;G6=KW8^V%I'~?g7z\ % }2o 뉬JBVؓ}gyQU Oza<5g| ȏer&)gC9]jDȅuhgS(0 ÀÅIs! RCq_u_}=xW-^A5W5gL帽\#rJ9eguH>chȐqE]O-) Ic ǧi}Y;scDOA$ ufk2k"x*?Ў0LnQsiI*;Ok*G:dj}c3Lw*oQ;ڑi7x59P`5SOA[̅[(SKmnqp0P_ݡ'HՆ_r7)ɡ{fo:E~2r[D9D'42jY$$Dd#!SY",姟޷w{@qGߚൾK{M& z9$߃S"3%́2S:j)%>)C$ú$$$ϰ:^&~[vkq|}o/5&?>X*͟)?(T[,!p?A(H' ǝgEtmyY-wݲ d$Pj$)!ꈠDga$!$HHtI:棯yk׹1KCkc*U܎dj*]iH(M~;(m#TIJ)X.ӷwi38ƖUqmOqnwYM$ē4e+nDR@# v\Ua$$OIvLjy]Nu@iwW>&*WTjJ@]]NW฻fGǣ#р@12H\]1nCq{r·g_FS- $$?ڰ }&0%TLMb$̀I5<}5c[x.ʇLlP&AdjN^T1HԐ+0$P>=>{/뢘0ZN½om]O,qC^㾅k0w3VH 1y$O̥(HyŬj$u?$.aqRIL8h7빺eyC+M]\QǺο}vrU_AćBw78tOH |'S~,#В! {6I@a!{ @3;3$Č]4ezN{OWy!7mLR@j@@#jCd%,)HI{5NCi ݣ5iAIԿ;n*ݘՋ6Gߩj3?27ƕJnc"b6ŘebZskVZV& )(:$̴m,vqbu/Ϥ'D'm\> ?wbRe@6I''*, (-]5=SQII$!?$P7BSڴДg I# *Kw!`_ʼn|ڽk"I![hx}.՟[$ 8%rだɥz=7wC*@'>ŁZ; |H$7DDB5dVpga j̰^`]95^C&}$.I>S߰va& p@ 2(ht}Uk*fDy*LG'=o]xɢr$6G =5dReQ^T8֓1XX@ˇizA|;WtwF&Pɦ:Z##+kB0(B\bM]Z%T;qOV܍-Ǎ=`c"y) fOS[! s=\M ɠҦg,6ǿu,U}6'0Nt3k~D͋.bt-?E? tir0GZXU45?KiX`E_n}vks tKXHcݥc.ۓ_ǘc$9)6rA@/j.J4ϓ,26*y#mDEV# \1eAw˿vM<`nX#e@*=ϽDž־ &<:݇2BYTxj; 4Jۄ S2eN8Yv7)M@@O)Pv,:' ZKM=zUfQQ@Ys nIswӌg*rɸ퓇{J|3͏ko.ځʰ)UJ 􋰀\NsGBu5oV5+x<U]^33O0I}P#6;,ULC%€%SzQaAi@r[yKpqԉqp tR-CޮMnnH-7pf=>R,$hGH!󔜵&"hC ʉ9v\7BoѬ>\mFCa dESK圅 | ZS1V.Z(z;@ыS۟ S̏h$p 9nZ+fV3HjʇzŲBi{0[,Xi~yAM/e(ȍpP  >87lea;m]?ঔg)ŘIl';BSJ?as('?RGMZY2%.MO;Iq SߖUDPjr:2MB3I+Ƚ@U4o8{#g %:$yc{֫ 07Q0 ZVsj'#xﻠL 9>Z-Z*]#WiUDw:^!MwaUU 1HR77S7ρ%Ew;78t3wQˍtLJmC]j/+1]qۺNtuY$!M\LGTMYo2DD1_=kSiҧt,o+jNmZGOFEV tsM1U1O %MG.OwyUq Xu !C`2xX"xƾ#[4 gX:RV)D^ycvi*xqEX,`w 2!JGGOyq|0֜륟9vyM8(PSl3LryCvtN's+t]d^Nm))JU֩dPS8[Qƻ*ѯN0gX[Xo@~$w[?>eT!#"|rzl.d6ˑq+;>bN:j;wSqa/xt.0?uBCIDѲ6H}$&b-V{~op`ApG˱c+x&XG{_վdBL~tRM]6h=\J%/J}+sۗn HE$:Q$I-Xc%ʓ>?ИB )T*-YGeR2SN _:#.73O(9) mK P闌'&د|_T-͊!C$N#&ZUB?ddz$om7 '=IL( gJ%I|6O|+JHB@I `d>3Ԓa@CU[q~y]̻{nIJu!gq[zXr !G\CZPtoJAv>Z/!~ŒBSxP}Ĩ~]!A'HnA s$d$$]2Ydxn0unգb\4F~ tڵ;5BMpHP$aW$lRiH~V'uj_Wl% ۺZ6w~]!$=qD̓.YX'jI }^ `xV0UUu2\ tTcTb O+ -ɠafE!&M` q-?7z.F"񔐕xj?0?;JM7)1Z,&I~9@8C!XOwROp}'Gl"d 7/kvHA :}hT! '+&W F%5,Tz{]; h:UBuhBB"@>c~=sVoVm?V{Uz\zX -&u~ `@?-4"j$=u}羚IA-tCӜ5LA17^{K|M뵠P䂒S~~ td|҉Ru3/h>+@:[ܱ2VUjaaHjb>ڢUlMh^ߺ">{2Վm[RlQEVgP+&nNDV>5tW]svWOu4ISdp3ZZm sk@|`ksx:a9JJrX.{?ҷzVzͶ:1t0EAA(( utܽbr'1;n:hpa2 Gpzҍ|vԅ5v̟}ʖxqmCU;y%!8 7Hj"$!9{]Dʣ&$NumxîbcɬC7kN 2iywE,NJQ=u]}W⻣ߪ`Z}cgrm-kEQ@w5-`ս/[u*-~]0;}g_:UNEy[g"I:h!;64x{ڦ3 @R!O3KU#`ikb)E_="<<TBDEddMO-}= 46g2E~KE;; c#4"<亍Ϲ&:c8)*4.t5f'Sw?wPUqdjڦE2ݻ&I< Y{WigQ^@kjBy'1Gwj[4 Cev\Ju$&od"uįs՘9ZHJFTXxgh%/b!Ujl>N*jWfG/8(.,FƱ5LYT=.6wqCeHy'2J1p aCzW7^] !l&#Zeͷ\jl]1SBQOgIDz'ؤ$DR$ղj׭֩nҺ _Lnn-o|@T_8u|x1WwRYw|UϚ\ bZf HOM<6WFҸ+Z/(hs+9]X<͋{[̝Vā?C6I!C2X+'WY*i}y=mEmzmڕ_OLN?mBkp(g>Xq dD4Vxֲw/ўozLr_얊uk|.rM}C}SNA;{/ˣ35m*olJjMFd &X[#-xes6-qKS Զ=BI~OTgB zt^?nxEJ| @ Mwk-sUadCWo!2wj Yy*q  %?DnEC7` LU^4S'^mJD_/塾M\DL7G|e]$={(1zh"9L9T? (tohI4b7o)w&.ގNW*j]ܮp \nՁdz'-Q h9Ur[R8pksYGwt2B0INk YBP;ZR-)EH:5,db_Jg7c!} ȣ[dInt\tgl_P9_l~}a&gGy$TC}ݵgX#VR?2ҁJ3'?е64L>zڮ=c ;#2 J424nBc4קd9ҡS$^Ž>"IjtH8ziepݠ # !f X1Vٍ]D;`M[YRj}/L^vr☲ai"őoq-i`=Gȵq+b8+@ k7}7Eɞ˃gߦr Q ")"kVO\ŵV6nā vv bL|åwUnqH:l$EU7.HnV1Ab.i 9Ǐ?ܽtͧmļ ([]m.|d> f˪Y Hⱙ/A&!Wqr["aO-ԥмҚ+ fUOU?q=X`f9RksUKSB~G1ʿFp5vIK,dk|&}{&LO?"I*s4+uQCUۼK}) )H M#]pwgpӊ^؃à 7ay| n}ڕJ~o[h*i~~][ԍݢԧN빥s*1y{^_& tQ͗eFǸbҎd43y![JF'-".)1tY{:Pft v^[8(=ÛyWy^8@s}qˋpa!B!.%)UUE<:rN`~' *ZOXZvUj64}; aICd$+ |jl6;]cUk_)l]wt> 1["#1J %Dw=v]I9,dJw.5+6m~=d+}8@Z) O!SuCfƗ'P+RsKjNߏw𡏃D  %AmivπS$! Є"i BPIg̥p1vR7չn?bI$g׵QlI¢Ѐb  UTգ-1fhj>cݖn4D3UZifR@@ny0N9BQ:[_ŏR;5%WQWJN 2 BZYl!_R@N  :`ԯBjIUTM9& <__uő=)oxk5SR" |M|G}&FK(Z~ukAN&5ܽ5$уj6+yl !1TcfQBbIY ~dY)/*3Ǭ)Xyno\ I$ g 'wq&R~ IR+>ρ02HjOLHKRPm&;j*˜x^֯(r_=e_&/]=)'B@2B*mR SjE{vO|߇790O?Ż跤~y6NECe2H ~sokO(OFJߕΟځ&&5;@0!F>'=kQէ?nxCQFfף Q)KB}|Ax/wl $v_4X)Z @%2h]F,$n+@"Ő4CtMՋk쬻B # DODBs^ב抛"Cݤ4LAfX}`T T BsP -s/]nPզDg C, )R\dܨȘ)Vi:{}4 O8~=xޗ̛~&9 (N7^`" nna[I|Iu>>ϕ~'2U2iM'< 1 G'T&4y_ZOL7kՙZ!*߸znAkۧcv[}뷝w!EZ-ˬq|0ʀt5_ Lug~M_1}3EX^#dY\R]륐6/E =ڻ-O>{N*;[;U[K*ԥNE?F: ,ܯ*M)?g8>"ZN{=ϖqDD ;ZM馗]Or9kC$Xd>~LJ6Vw.V.kz+j΂M{.}Hh=O`thBWpEApd޹y"o[>\ND⽭{-6~T7Jcor7/3&TDS;Hys|an)C*dOhC"!䙫UZY_ 9ֳ%?D95IYy/yڧ(yM!V|4-,`x! c9:qΤ]fᨄ[nN .+&zXbQZ~_RKפbqMGNWeN, -lFpup(64DpI*"g63IrP-Zp$~iSUZBcRd:˝-":Οž޸_IױT$6 +)eZ~4Ry^~{Oa_g5wU2e3yrz[,fI =˞f=:>g=<2tJ8d#%P~u"!p#f}5ij_Ж9ˊ;3$!Qx48@2>c5 {>>Ȭk@D8=1BR% `]. U3P&U\c_ˊ| =T/Y@r@#\qĕb҃5RVQͦ{XS8rw %NNTWScn%Q"$ <H!B.-k5h2..%!:D֯/fҢJY20 CX[_Pt!U'b)2-nس`y~ǃ=sHVRÌhj5dt,W20$Iehp0C$ؙbhX9cnYs1|9 8SeRsj*gsjMp.R2m ^?LR%yp̳%aZ)wq;*W^Z,>nBwcMq$ RRi%8'd=܅rUxZidp?IH\qT`̹ JPó?;ti"Ju nSwuq{VNng.HC}/_zDcsݪtwMibr|;Dvߴ␡MgOUHM6l_p&]ki֞p<&_s]^~̄5ա& dͩ_^2 Y3mmVݝYx[kW ķʇ,L RLMSW hCeH)hCTG!=[XuҸ_buRbH@(E PUy4f˵kE'/c/ǩU 0OX[0f;G^q<ծ$ ?Sg$ @ )@2Aƛ~Okl Ai.k caln|SR^] j/g}=:Tm2U_kw!;8~#M"BJ8:lJ_.丼߆/LB[rlH*I-W!6kfKz1%੻ˏy?J88)T;_y # yߏnl'h?߳(&ޫA)IYfYD8 8{'@ TH~(} uRTF96xCÎAP65z$)\5ҋiXÝN*psM?s\N>OO2 rXO8@zt:n?ONN"I38֘UM3b6rt~ey}D/AwzEUs+n.״Yt@KH$>@GV35gXR'ӌzb '5<@I }@o04x 7o0|G/jŁ{a$T&c?i2i8XRcHoym 3P"AY%VTmjc _Kȃ,$!!!4J%^1sH"a zH (%a.̆ ~Y#J+L-|x1n=Sup~+R"T8$ *e\]>刭TLwKwȚj7Rjg{ aj= x geq7h\k&l\xjDh "|`&vaJ5uHԪn'*0+dolkskVt*cQ. lmOySsn"/5+;"r⎌ q<_zE/,_ po$7->]zSXA, hP+v8g촶\P;mφ6Ǐ&똶2㻞{zjdDoER0SF,bW:޷|l..R)~3l.ͳ6.q @x2 !PILbt$KiO`%7s4\G!ԲIL &RKNV13WB2;r$N@X( $t'As-4KFH|U!x٩[l{{ޖVI'z]_ X_ 'Bz'פ3q|2mlW3M[~>+^jֶΐ}i1kkT+k^3eZ ]dcIDa/lFAE@Q`#eQ UPQln]=zck;<:ד>gG락VM*MXOt`԰I4}B9G^lQA {W}Rr![[0Do$l1{axXw{XV=kux(\R@^^Ya]4t[}=)RO}N82kƏiTBI! 7kʣ!N5+faǵpV fc)Gg5:}ސLbPw@]27l {m3zB=! p!@ĦhܽJw;D?VSc{تAǽmژhRSJS#e~ ,Aqa;˾̉ <1 -l&OS~' 8|@" kC"I&!n>ڜ %>s]QQR/\1)#"8) DCC~k9_-G>D X5^(c]{|qS!9}wpBsh89w;}ŋIpν7~sx wˀY@ox1]:6U:I }$"$?v&_w¸COMDxYSy7খ[GufC޵ #G$|}2>pFE>lnXSX3֑gX8/ Pgq2} M"ҀUhea,7J[9o;^K n7~ hN8}UҿI i=A=[ôSSKS3V<)^#tԟ8b J3xeSV<$ջ.|\6i/y&yN{ Xň VDzE>AvOke'1|m9Pb"ynCq18xI#g uV7xp]>,=DlȵαL1A C-f g|vۨůL'ŝ,݆( #!h%4{Ꮢ2FAe[gr(N=Ф`㸁sWa C'0"H?$; _~sQbQQݏۦ-[ka_^ONV-뽅dYɪ)ݜBбYQW?Ge]/?ƹY ʴ1N*7u2ԧx}bpfY)D˸t܄9INe`PsrZNGT싄K{gq2N,(O΂ϱsN<^XN~Ez!X Htț !?E讄3Wu?__> oT.q^VwA)'{3LZ+d],S{tۺV-&Y$mmUҷ0mk9muPjawÍpRd"\QH 4zVy~J@ek͙qqx4O:O(5k.t"J. ܹ^! NWZ#@* -R&ࣦ8Ŷ?MmƢa:V&4t =hBnHY$oPYEG}m' 4At\JxaDddOc@P`9@"]5tqjT|~Bu?.Ϣ1@"O:1ǝ^7*^ .Ŝ 9O4+`hiD,:+5IY E?S$dOPOa wi5jTRF]V$o 9Z+pZ@$;TȄ:pvspH# ܕj1n-b7,#Zby[Tt\^;؇v N/$"MF;1,;5ג(5h; 1q8%gXEM$}2 S9fpyUw4*rȤY&ȈHhȘZb.hzEn(IiݓL$ &`?DBoGT1En^VAs[Tвbn\c!IB?}"#e0+NOVؑ#NM!9LypΞ{'a"h#90w{X$QafFmib5; "bf$_ ,t2ՃJCq8y3KK\I! \tBjwd8?EIji>6(DT1[4$fmɾ#а g;gۭ,lߍ!"Ր0BBZ;XlGw+V{ &!$£̅`<[f}4a~<"Dns9\=offK jJ:!_fߠֽYk*#FDmv_c۳gKo1Zv]ۖwsD=݇F2mER\I yn"]qPYWCégD H6z9qY*&bݖJܳZJ)z`l:՘|^Z;OPW2|.qQwL]gb7B7SqD6%3'6xre>VQA4TUx9?! r Y@nyѓ/lꘫB:3: *,]ߓo8nJ* 1\OHlQv_/ܝ,ĉ =2ǤaһFs xa$PX×v &4Ö axMh]WR+9A3^П:D޲؞o{:;HW\UbJv7` vɷ"b|p9~[G!20H MB vI@j&S&7"&n+J#95kc}br;Նdz,PBv>⯡x;nL'a 9$d*I-[O^{R6 jd"h(`(wlH&@#hOkg+"$])SA1FA; ēIbr[ $saeaaf[lg%YʗIQU 1bblZ'Ogy}:V,Q#E{pbE`69m718ͬѺ9">g<}>޹$#((Zd(7chp6t6h+矧?[|("=>kL\Ȏ+LQ [AX`*I%L`V`Ad B)1%eB"AlKlRDQ݅JK"0+mMÁJ2c\yFf&d5ڤju!d 7G]'-Jx]=! UX" `z>CZn: lQ "$*qWş7ُH< Y%Ou1q?#lē\H,Hu-1,@Rbb$,1b@Y* T\a+k`,X(JX *F&4*AdP+J@&JAB d5=I_c#~{RNr{V!k@ׁj'M@(.t%],m?1GWIQg(hGRn#c$cW"O!cl:$g$r.l lzVGsb*w MhG픔oɋG}`$0ql dR.D8:O\ٱߣ;-,8r,d{%!T8˼zѣinEca9U!J,X IԺpm<ԫ5 )=CR@TaP{B"RTP L!,)@Bpd8 zvTCNډ K!"q 0~j V߾t~.᪄X2`), m%}ۢ=ߺཏ2ILg-L/>*fsE?PU}$< qNĖ]T0X !ZnFu pHwkOT^~kݘ"~(cޕȇ,JH%{wܾw($0HVg~g"'Up#qK2@"" |3/jșVݠq+3[p^Y9>FH@KT9Y; o:R-nutpV*(+H)U+?yv)4tPD>#BTiLE[z;yFM3ʉӈG)˩G}@{/Hwʉ!{;3ղ{1_̵/X8:7Zv(Abc*{l2TeZAPR/Q/#Swء;޽Vcvi*ܒz 9+B"l@8 CqeW0'uklso)O.MBf B()ELITJ7Op7QgySLDd&;C:[H"ːFndv=#|g_5uI" \p,xK$sft%e-ި W;6F I!p0(!$Cszg 87EL@{8q%9ȪU$), WLpa UvZ̾H_&SCp"%_rDd~o/BpR]:N<"xu,QNdtåWi&ӍZعjF Ϸ0!AR\mǵvI? @9l^|Қ|U.H0 Ÿ䐁_JC@{(l01CH(}-y׿GsKa;H~m7+zigNBrpVJTFL_TV@ F˗ o Jjإnܳv鋦d#yXw]v9^&tQSX[8(RFo<P0d$RW:) i5]bbaps#J$(1+7f)(o+|HRvI(ubQH@[ZI6jWW:ǃ|2|-u|,;ywUZ tj-i`75[3AƝd FIPEҁ(_G> F%'Ρ@ \/Eo]fM#RI |#J 4{^^T.>[&+IաcOQ61@i0rKxFC$:I^?Wo[!N|05%ߒ'VܧgїʜEh0kܮG % )F2c IIWEM-m8/Re:KoKYvo/@[WIs5.MjVcZn__~dq#I)?;u! -[>UZlL˯[F/ATAH, )H@""ȠEF@B 2,bD0AE1VEX!nٷcBƛ~rp= 75NCԻjD$٦?\] lG+IA1k~[u I0S%( D'3ZL-Q[Ѳ05Yipejoz;iF=ݍ԰8Y= <:/yH}^^*11-e;1 r@ "O04\ x:~d-;J EݸL>1oS+G& /!BuGq?W سwNxM$U*B 4㌪6[,-)l( N?S߶ )&AFaO}Wrc&-+b{enj$ kYhpS~1>?b:NBTWf3#dⰤ޵Jr]~SE10RpLJd/2PZʒRMHV$E85f},ǃANMqnj4np˾YPAkn=PE0S~%@)JD>6^-vdd%dY!`gsm#1f[_7TB`H"nqt]T[)ڧ 7p@:THsVP\ !6tqBǴj ;,]V:>D/1>eܐ[::R i U0NBn+aC%T3t"`;8C$K &,XheD";r+ 5eH AH(HE@b", (j,{r/|<)ŀ$4RiҲcw oc_S4ʂLB:}fvO>gY2$a귞)f;hA*g\ ^M$ĐD$aL7KSFT [zuKb$˻ ,uKkwdп."%gZ A (1-˧6'r52Q0g5kxQC:a?>W i1(7rC+Lg |mo%+[2]cA" (" J)'Vi/PVf^fg*{9NL;L`D,]Dx}C9KG0 6!6xܞL@#<gIeUto_cw(H\,JcqSVQ`zN'ϲx̝ Bz@9fbS N =Z7=_G\5!T[S;sشXRa.P@9r\2 F+mJ.#q:|8iYAuIQRKe{W>GȸYQC? ]Ocm[mr[(.AyE\m$H~A@ +fMwDIP+~>wf9d+s=NwQbչ@pvJ([^ \|g3VmalJ}$a>h# Z,g!=^׃wH>6 N?#T:t(H$1~D2Ya"ȶJ2;+*|U+ XiȜ&`H @}b{d!5S7v% n1Вȝk+$Br B0&iJ7 X\P,H i@5dOtj%b. \Ms@TF6>KAE)8r &!#"xN9"(~?م1XpzQ8I qug3c$YbR3=S&7,g炮=mBj.>Yo"*X|oC4Wz.#gp۞n嗻V=" `ޠ"HAvw}TG8cuAYr#OY'zNGkw}#| ΕOvd$#1z~NI{A2f`UYģ cwYz7tط !H@"@7;ːÌǫwͼťWI5)N\^,.SbK=crJ.<ؘ4Ʒ?8MZ1@zMBF%2Z%t_G6BAJ $r]=+&l(&Dd,_0(, '*ҢFVsz2RerƮ9NuZbNjZy"F{b (m!p*_?[۳|*[V.+mLq&)K+ ¬9ttwk[\a\X6\l"H%<HpN iI 9w TeF:Rwz8c#pEB+<܏{?=@wR_W,zT4WY,El\iBx֏MhIŅ`iJ(~#w 6EsNDʊMW.-XQ1·J<[n8rjʅrٌSb0,U6aK0 w4n4Յ&Cކ@+zonQK}klAEeg5ޜw$71bt|\nѷ5w7SݑCd1o,Zm% .69$ܛjϚ5eelS0k,VRlx)ȱh""#A_N5r nM?Ad$Nh )" (bPyst 6pd18Yvݺn0͹n[~x^kCxH0/a-#>8Kے p'`O,BC(ɍ(VP~G>ORHmT3 \TM6)LN \3 V ]<+ɤ_6S*#wsUR(L~txZ|TAb\>%i^laÇlFӈ趈.IAr5pT `I>_s(` =bl'2jS^_2!(wP=e:{uz}m7;T^Ł]W)dX&D` X4|=?kCkiA/ÐɌj:G0N:_*DgA(dcU@UJ%)loDls)4tF0Pjר,YmLc'FYh s+ZY ,ԁ~uAf~^Qz+6Ln_t0薅i֪*tm톌 a'lKn ]\ S~j}K̬0pCX:Negf{4|Fqi&WA9{=.ZM ]we7ᳫK'fql:I"I" _7%:$*%Z竿R]j.U@:Yeۜ &r2Cbf4,Y}W?k 3^$8Nhq/@He PF…Uv7`Jxu)X5;gзMz>̀')NԸ`vN7)I>=˝osFt)/F7x`Yã+8p )_j| oK%̣>!Ҟ%nyXO+_/k3ט`B܁8՟q50 vvJba^E;N|-9A|F2K5@ uDKQdm[1=D% gFdDAOu1Q@붓R,bJ%$>R̀|?[ެ9Fs=_\\&SջfV;E5@CGw.tX[ ƃ" 6)ͼNy ޴!xzo55\ B>M\B׌ EnceJG$,91eiI;iLxϦ=(7F7_հXX{m)EF+CXmA[)dltŏ 3BN_yH1 KNN*B9׭--H/B/ 'o[%x30'jA":uV[|#VnAݓZ gYˈP+c#}{/hoMoYJ(@1Hw0:R'if!2iO[Uۭ*R)d-d̥WjtۺVʊՐ^L,${oX9l(T]_n(\nSV?T+\*?,; zJ@!ЈEH%(1-ePSXLȇЃϤȀIw AsđWG^oBZ92 2Le*V_~k[V3fM%rKeQ)".aDR(( ~|A5 *ﬦM ;ݜ + FEF&`iߙO[k'018~'BW>oŬi4d.V|Wj4,hmek W X7&!>ݏۢFbJC b+`7fR ̈́ӓ$(f`mLh=}YM"=@պF'q;&Tsk~HwngqrX:#SR2}-[Px_!' aϯL}_<_l!ԭM"]/sM]Pf;,n $$V[  2?q^ !ǐ_fz j: )KgJ&2x;s!y_[q}Z:BZ7aس&Ta@2!LM79)mFX|"7 n[D?gK. /cg (ttqcoI@g|(CO ϔK#-^N wVl H;z9)wV+$8DD&IDk8+|n*EEOԤ]⿒`$ Y#$5/AJɩӭFJ/=[=O!q[ ~(?'Y~ ީE/!|ٚ4i-Nƴ}zA&I[bwr<^gL].E#6 ')Io٪ 55>=ru<#Om U-RT. \GNӵ5 PUiy1/?U.z8164[ Fit_HIa* 9m ,%;WXgWkpLXoҜ^kYפK/g{_2oW`Mx\֏wUM~~i_z -{pc G)4ߕ+P+&ρRiE!k277yP= 㦖U]C~7WKr!rQ %<(M` N DAHȳ TL#Iͳbg$"\.KȄhd_a+ڝ=z,b>#}K\Cvˆ]qVt=X mX^w-Y; ]2H)SӎMxH1vmv)1=LW8:|W)sįa{Fܩtƾ 앱;N$\/1?Zg% _šRYX..6`K.[vF-?' Sӕ|(ooz5>njQyuHPy5?\@`W1֡jIVsB Xa@B.K">3*@tK1wmj;|DjVBVě:?ơ$+]EĵH$2c3IP9cڍw>k $Vؙ_h뎗loSEgE\D@!!f&ضP+k"BŚXI$s2aagep9F3im]_~A S?-'2 }@_KntYyB= G=[/s1"šl8֜lVW$/UWcݳq]u"Jr'Mڀ<񓁸_Մ8r0̶c0IF+lټ/߲ԾHTd} }eeIoY@@޼wI,qϸ 8weoֹNM&MjM̸aC,R͈"$t_g |7qR9"v8̾hf9§q"$2%AO8" zm  ~rS}\ ~kG-ק|tҔUMܦFe.~ أoļ_D8΁#r4@IN4IWhU[::d_F;%+do.6WIr̅0& =i B?&4ì8z^έUNR䪝àWz~0D`jѬhZ6tA+.~ձ)C$#%$!ib ]T!Jx|-1GAW.h"T[ϼb>=Z)P^,U ~ CD||r:ǃ1ՂMiQmI^{>?v[aBNia<*rk'sϠ='yO-Ox]UH=Rtl?#x%JlSF-z#Xܛ\-ؙ!e1'Ff퓪Tz='љ\iӒ ] Dwv <5~aE0>WǙ]KQM#<7q9 罖F d ux_u{pMkv;T8[7N6'4!p7D2 tm[IriG}3. 0`0SOCU3jl@Dw:KE,H2`@8`& M5{)e@4 :AԂEQTD(xՇ1 e dE/KUa+K$MER*P&&*@\c\@Pǖ0WU=i-_=e3:G2\4znO7}TIB nDא]B$pR\W㊘=F0gO/Cg֩9%fkdR$Mjilqj֮ i!Ln*wi =u* ;:#vtm`_YU81׃l+ XЛʨlxۈQLgP0qpH \_Idf@S2@㝝~`vqd^zD1bX5,$LTv9.R _W?9rlBL9 dA7οQ dC@7լ3)h;~OfTo”Oۃ53I~wہeGX Hm?ϖ؉1i  gBCH`/iqĬ8x/ϊ36 2^<Οm< ru N#tҮ֬*)\$"}ҏk=dn+)"[@00VaԃnXa4z'dg:b@@ZjKY,e9k&:z͎t}BJ~ % L@`JBI{jYSVc55>Pf"bC:TBO޿MZ}lhŢ&&4!fun;NW񧛃ās:k-˸۟iuF or@-`e4|"fb&5~,|dçwJtȸ__߷;Hv!f% ׈g@͇g;dfz,2O岰S({qW.5)9]R wMt&H GHT74o5sm7;}[a3Eg,DQ)'owcF XDLVRKnP(Dix&;ˣ騹%Ҫ Qw~}8ѱD@ye\r.a Ա7]Mt-g>7!缸s;UivuJanޮ X"#|})p7'FTِAQ0 ,hQt\3=Aý:"BB%(HQ5 ~wdž{el`s8H&hi \[ wRB "rP!\*AjkAR s']P9B|Ǣ/Vnׅ>zβ L($s2An{\*jS|o\ 㮲a;d1+a>dIRBtȽbv•hw5\X<5W]q`%*øQ=%gD`*+ӰrPYtP^E0(l62xOL$lm/uÝQB B8AJrKdN R9h#W=RX{G)^rX R9DtmInt ! !름׵cUTOf:`"W)~Mq85 ]j > N8uK)٩68|=.,qMw5˾mn7Љ"Hq4STi.EnJ^l.#6Jau8(BvKE2,Qj!AR}yf  C֖ЀBYZf Jrq|0ރ g/yN`vl1qv9iTŒ^!TQt^-yFiÄ.IA<D- 0r/}nguؙ ,`4;;7{Z 䝡I.ƫD:uQ}.;V펖|FN) (SG>^#;^ĔRePO``nM{Ex4lSS2\IO.K!Uu;Be'P" 3>|uC,4` L82\RdaILE-W%&-X znUuH= YNbA !/LY s?ϱgS( M\ap$S!)x15,DĹzdc8v}lu "ehVQyީIX5JʦWyayK%ptRghұ/E( t$Uv[:~eԄ:v|#`2zH2}WL8!jC&MV򩍙Ć4) vnu@ĔiŸu>zUɎNo isum |/q }eJM_rc$,ƈ}D:`Y A@/zcI&  ,A`T95dY?Q ;zjqñ֝+ʥ%pӡ}nv.bh  8I9FFhVj D!>β,`c"AdD",A`A` DHDX2H)@Ad1q `D+Kcw{$r[ypuYt*͢6.<6%+C0wƕmxЌ+=fj52&R5=:zWqmHRgHvߘц.wۨY&Pri„RACxuW^@Cf2xkS4sud]t?BSq] <%;:qvk&lmK-k0* QLQH,o BY,1'/Ǥ.T8Hb' | 3L?LDuQTe3w s[ɗ)ȠͣT6Lz|} kO"dT`*_RvU\5"`Țf;cf+=Ky|\ F(*v!W;G[u+_"ßbi ܸ9eXr6:Q}4KeƠ@@i/(p2#:źm9va^δFG*zsG߷:1,8@N{R*U`B w%VKP *kgÊ0(ʨBK8IDXculgἏE䰼>հ[i"AFAdwX~k !}IAD 9bX`gmDlp4RQ3A {ԚH.̽k3y y*呫߂NCtDҮF/PmW5pRƱ!B˲hCᛞe˹̝ä5tar^!j`a V8Ŕv_/Ê%EUiDx xT84ri2 `79k ȾϜdF C;p%M_SO,ƷJU]?k&믙}E1: ~Ans)?RMr'?kBhp<3Dswl <ԁ$UҞ?y:XZI4\\"S HZܲLaʪ2uY#&(%(㐱3c;0T48>K4(#ݔ۾}ၶ?8#I& J~B=r5),.a6:gZ86>f\Fɮy`UJd ;` %_#r=zȚoKsr"2BnWuJDA0E/,p 7QZ(M[ğ&H5 qN}pO r`EH," )Ed``1H(FH,U$@b@9Lq_`Xp %`,8{88XV /Odb0`bBV TUd1UC1wwܫ*j,o{ț)VfaN}k9Z,ڑKR ,`t+n&B5f!+t@6`AAЃub:aIfTuPrUћIAwI!@wɷ5OWJܱh9yoԗ&s~n-h q$)Dcܯ>,(ΒxsɃ bc X$$>3zԑ9!dDP#sPX}4?{zUƮr3zMKW0L73ՠ^~J6=f@= V6 $xGzHe EMHYKY0H#I"P1jtdtp4{;k\YB|[GY+{ ҃Wc( &xN>hK(tJPlp$S//z>;C坎߸jwU #BxD L#iKY\R[%43ds*\d !hWGavɸNt8OOX 1|0XD& =w{i,{ i/8 ~ޢ!.nDrf=wAvvoϘ NcG G\:kjYfC_g /B]͝x+o%-4YN% B[YӦ?R4S.h }qP9\Pt0d3 ϸA]BsBHȈ:JR<;r1T8@V*tItxY:~!^Y}~Avx$nZ4 ^s)OvY\%ZR5 yv Rmkdܻz l[0[H0$pֿI-4%\H}F4dͻy>m~}K`f z ^MYO]*.K v*o9]x޺層xݷY&&)B G;*>nCc{GIO9z+t-!dHI_ hauU҄(P }8=;. \-W9B)3bͦԲ3ohHUv 'K<6k6vIUߎ@/AN!Qooi;L !qnʒ`^CDM# DN=^} V-.=2pIjb躓u>gtA"@fs]Eo"&vm@x[< ixk˵.ܞ܇A+Fp =1s| T1 B$Aɥ$( ! $b9Ѥ Q MkeUs7_B)~5cWhF®.dc8<ڲ aIĊ\g쀃 "f]jZsO"H)uGnWs/nE|[r22Qں"u=bV:מW~¡I WBuPŅ(Bd;2}!WOoɠ/N 0 fnU 7se#3R jGR^mUPfʘ|q O:`ReBK'ruKÅ8c4-w$bCAF 0C߿ն3uZT-[ӗ,'*|- .U1RvqUw>=x|[̧{n\Oڵ{FYTOujwohZzYO77rS:c. ;qD{2vz<1e TmkKƳERS! $ `j=+kyn&c=+~|D2 =[ڼ{{};*rmגn0L4Pߩ>pg o|ԓy܉ӿZU_X*@@@jlKgJ: .Y6bW.5SEYY{ /UCL`{^cק$bAD#N/y@Μ-^yKyXj^GdX2 +hFYէw;eNjwFaNc*Th""OI^X`JPM'me0M29-_N@az!;-H/6iP:h~k͏.:inY|>?w 2[4gXy)3~Klʿj}/Sxu~-3*cWg-(syG5@0"AjNo#19YBV;qh菥d#gkUF6+=1P>Đ+2\{Kn5תLc媣vD}'n7{w:1џUt9Uع>gYhx4ϻ_̓s&iMJb9 g:ʋЊ%BR^/>B{4e)У\r٬=se\cʚFaX}€%T*3P39:K m|V !І}(\4) Ӄ EMɟ:LbXa(0+Jid*ovw_cA0:;TI~i60a`o 506fpCn}d`851` :@ Ga:~R:w-̂$JT@#-cm >:[̴14)@H8 6;!h|#:ߝPN>,U ^KozBFyXGx5ȷ@%Y4:$h; 9!@[g,h!D#tʼzEaǔb00K:0 C3 OWE8XnY~E皴Un!e?o5'AÝo5[:T^ޫǰBS0t9}LP4JeF*GK"!{\1 &! %QS8#:9.Î1"6"꿒^-!'?]Pж)_WF5a $y#ː/~A\$7 VXX46d_@CSю ,|EB Y䤳MQz٩.֊n;HQL%ϲ KH!Irbn =T>]'jkΊÄ<"GV(ąz;JZ9M,1 r`\ YSB谡6={/7cKGqzӗy_O_坩)]pc'=? ТGԔvߟbW/E }+ =w6;SԤ/dwra@qpq7!s98#OE](Qg}#tzE+[+}&+T ,!CBo;˓PoQB$z~j4\ϻE{:@CZ@QdH).3ޜH_99s0=A anޯ$R.k@ӇĬs_8k{D!aٳmq%w*@pxW4uY!poHYњC8 i5d.sbmGGWB1tkgը e|1Q:)16 s<USC|ЎϦ@Д7l')Vp(8$W u[&9'V]u sqHraNn>^DAߨԺux}~K!a:4?KХ/OtOV5Ѡ>JɩڳP=R/˿w/ 'mK܎mes5@W-{W@ ҂j 򋓭;Oρ/*l &Y7>kQS΋@ k3}wa`6Ydaɾ+N@۝V*jCް7ڜDhݐ -[ecb1yuSg{w` H8=hHw2!.M ɶH2RQ'4=B'}=m:k'^P??W١h"]/( ۋoL5K Q.Ç>y6x߸wy4?lc= KSNp;ow~r%pǕDP{% X QHA:5Rh7ΐ^/cIŽY=ӷTaq}Hy\K)N g\Pݻr ; 'O4,˳{DO%?Yd&Ĭ'@J:Jq@#fxBr8C"VO!|Qi[[n囔C۸wmx ~uT /j{}NզˁB~em%)50c^f⋡wlSm? B _J(EpB!y^$iq>1e;l]ؕt-M<+\x^nQTV\>] j%o𾺍ʹ}$-VK͍=T~翞x;M./'{[}v+ΦVC,`iY|7Wrւ$M)CO=*`!e+:BN|l|\Gv>,PSnޏ5SOK= 1з^ (TK4R>hki $4w6`vTeJ*͋$Igi*,_xY{42I*ifgs8I a/>k~'w# 2vܠP5'ڙS/K?'Nɧ}^x(:A9?kf\*07'Xu&̞y )ßaO_Zm<;iIgl9,r u>W~02.8T]w6zPUG5B˒n:djw~*;1Bq\M]U'|<9I3]vݻνgmJN |fq'{s}K'z͗WzH{vbC"2'"IQ(bIɖ9΋,g ! ćCЕT=mV D%aHsc`QfD96CLTXgTeyK, \ yA\=:JO'{?h߉z]M E]>=ЀQbwe`CP5@ӯ" I/ $c 8᰽٣_;/BF8V}`+o5'{ qb@RV'^r>>.bgomf5Dgn5Ng윩t%!!A)9 ͠fcPđjŭۧ[eYu'tC˼M;aL, >?uG+_8Fyov]Z +u';\JQI%G_31]ixGW.=>D=yHZ}ybYBoJހ{FE ;$1O?3BjzOQAZDFo>r0kHoMo X|6Gkmޮ`bw?gII"ȑ,[l5j!fr=uܦ e] l)z!g!P>jj~Nxޙ/B_T"^ya (R^?+^M/Gu/g F Pʥ|YLKUGPd{]Ҷ#)/ dDBA@v4]ڷ,,oȉ0ZHUMf @DXW]D;4o- bK(ڀ(bӴ4̯u}6t2A벘]2}HEMB'N w9# 6=džۑdI鑁=d[z 7>3}kkH~m1>_RD؜&wt_A6ef0R*%J@E>#bBXq vSjDŽj_[]'8oWZfS4Ab4"')/Ee {>Dg?_߱d {_Yl\#pe~뵆K-)-ҍS d H0}26@ߞI2@<. I'ڤ`Xt<#;+Gv9"4"$L:Hi"oJG4yVDn=|Fm`JU0ﭏ $FyHE-?o7gܰԲE(O27TT0\xzѽzM~^B) BXY cټ6r0,bTYm%7z )ӈ R9iÕٹ*>\.huɴ->(K DHjs/GL(*L,dY;f@Cݹ6ɿe 3hүnWMw:K~AIm & m'AI5]5(E1iA !KS{yq:\zMYJ!GN,ӹ?/ &&+# cFA@N)No} PGoDe+Ę vB:]쇥rǖ"DWTa<]RY(U|,K:@ "I1 $Jg߿r,J-hwq(bm09R$*HX )kW$I.Gfu3I{|EZ]Qly"9$@sӐQݮ,Hb4UaD"ӕp6u ̬^?K7{VnvE-[KwM(v=I`^3/l⧧D7<_V[!a@0 Db7@D Bge>P2;IjtUPóvWy=1vK̔4PɆ,MmXFbhXF#, O$12z4Sd03MB ),+@4r9/r!g%1!/k!iޜYܖѡ(E-HgX fPw[Q2eo("$Ayt?f/ek$j1&f ӏCӜ~}Y>iFeKPā" n` %}ey-d/sߔ1}~hDP%,T2Lao_kc|%D(=v'{/]Bg!zJBe-Cg1UUܣ]q@u[zTBف X n>ೱRkk\H%wUƔ-ECM3 *P#P<6oepD⅔J'5DU\B7lIغS)kg}`any0|؊9⣎ǍO!܉OP{z}W/ ITGyba'}E_.[sW.s49; Iy/?xA3bhp\]gnJ|u6C@KC([9^$p+|KOiȓ:-w[5^5hX-%d)Ȇ 7E>%Gw&P*G|.+0s5$88d @$FM0|RD䁌ۧGAT'DhF{bd卝ȥ4e6D`&l1!=Nu劘K*IaNU_kļͥ7:}s}JWuq{[)vDP5)w IuJB]}!?qy쟇ƇՁtZ +)ͫx?Jo oO~ӣ9(ڀ/*PB)!hؑ@ZSh g F2n7#77b=wdw,[_&\Uݟi&łD%wt BHY5ܝ䚰3d:KO>ÿT )4,XX&hr,YTliWRwóÇo_űNo{ 9jL;'+׻_4РXנepyxy798'd\ne/Ⱥ 5=!ԧA}>LPHHKMJE31 l+wJB-F}w4@|$cR&dɓSǴMמv7o10׍na̳ډO' jn)gn3r4|㹗m32$k Ў~XX|Zq wMpY~=W4k1v3\]NZyK3} kAk2| %oCLDtw],}#E C@0X{Iޚ:M#|'qtHSVrBA_rm}cWis̻TEaA˥[ Ϭ똄u hix:"$BMO<}6Ϡu$\u̮#=DdT ~Z Dm 6ݶkz m4$4wI!tkd(v1W>~VΈr/=4'⅛$5}ىmaTi?4/+n:RVT(H 1WsLG`BCF|^Nrry+Bc$YcyL2W  [ht*ҟ=T̊3il<T}ݶ1r8 Zātg_ ȽaO_4r<fxws̓b> OLٽW#ňXAsŇuHf^N~F$VowN^ebվ[˭Wτ)ٳUmRrvwO(WUg41Ցv-LWB3:Xqr 0Y{o+ z*S$Ŋwj|ilA;K 4CTDI +uw]nzHl}.6ġtauC$Јo$! /\p7K`@~iBOSX` -==#I 6j/Mtp'6HhpЕAFJ:jVDy*ƴI =XX"êfK`dU?])r@ptdd0rfG TSŁn^k"C n×;j $hL`hq7t`hempEhPMBxkqlblm8F@Ir^2Pfd]/揋EK ̕ FV._ȳY䓤 \Tp)p`xF)A)$l`%bHW%q?H`F`%MdEEf`"A֛}g.f`t81! Ć[z8]8s!=B_䥓eK|hBA6uXkP2.|nCEuR^OZxdŃ#$+o'W.Rm+ƊdH=fupĔk=](GK+DSϼ_rqĩ8=<@fsD2D}Lwk]<~ݝl<ܞ9y s,jPa uhH"]գ053+IuHn; Bv p߈3 ,xnjFX=b ,,>ျ/xf( t@ ]ڬM &ElzT RpkPPĨf5o0ۊ @dMd; }yM@o}op^_zQtovq󽀈b`ɐ iJ)x->;48v..{/YAavubY6@mc6VZ H60 ݹ>}Ҁx:"d)Jѥ wnֶ fIV@- A؍j "Mgg{v!/w^a 6VFZme[aDͨmm5_/olź/F@pӝ΍|miXhUkHmW p{AZ(@̰{XӮ2!>yW@3`Z`rݔ2E6 2HȬ: mҀ}yS , P5UJ/ar(7; |E)l-@:>H9ݹtGX4 Ww--F`*Fѕ;DۊGmpf]muy{y޲ܶW @֍'-c {hk<=̰NVn=þuf4Pmmн-V[mh+OAE'klFc海klvi64Y ֹ[\0}Ptנήæ( @3ϡ[ں+GGJjϼ}S_])*ZӾ{θ1uk(1ƾ@P {]wGݻK{@4YkvΛwt܍v"knu]t4t} GV};lYJ{6>Gl5^hWG@ATQJwWilm@vU}bHkRVUTQM_}f^WCUU5 =nl>jGCuU$T*SC_AN<ƒkQ@lw vѡT mTnƷwQ Q@PTzֵ6F1 j@Vk-1Z P@=QP+31Q.z׽/gЎJi 1٠F*FPصj;=oϏynۮO5=$mMGvìv6Ty꧘mzmAրmqhd$ŅA2#&i&M4ѣLh4@h4@hL&b4i0# hL&bbbM!Bhjd4PF1SFgz=FOMOS`zOҏ&QiأLj44SOSjP4i @ i#!0 440cJiOz%?SFA!6)ᩍ2S~hSl$Q=#O)y A&B&4 2jzM42i0S35ns7j]vW{,?On7ug;hmr~gq_EW:u|zh*>o\2?mܖZs owa}Vnaڵb}4⧋?r)Mx!ZnbX  '0 h0/tfK9^'iv;<\7\jffB־ryO2iS9q[7Õgh9oVInhZlەyH\·t̏ˏy@- Rkx0O>;ExrJ{V 査V,{y|M`臓CĻJ+*Vq)XW[S7YxuxgKwm13v~w. 3ΊK}Ϫ@`y{]>js|MjOluO &ߺdXspV!PW|~jqʆd'I}B|y*~^Nl+ޣd{pJhyHfUdxO7sS᯾ix;͆P+/Œ&]ufaVWd]u][>oYZM]cma4SW]tf&vJ wڠAwlw#[]| l*ȋcbٵ|W MPyjn?b!UΩ˨prٸg3i }cs>.l*32_w~ {? ?۱Wv]-㴎BWkkzZ/& چM&Y= E֍JlÙkDp׺Е /N֯\beY;g[Sb5Gsְ\tRg;sh1w4]E ׋I\HtWOڞV[ߟ6HwuN`][^r:rŞ$-iIb^Gw/J'>{#5'̣y2vI X3 Hw >FOyJ3miyDz_л5 ٴzd2YZ ^UEV4aڟFZ`lzl*=d8עhkܴ쾌]n_uPҦK벆lJm1jwM뚜ؿ59,$?!?7"v\so75,/ZlMyWaq!!IzB(MTzj 36d6ո wli m$x-W?62{ ̍>V DA/ygȕ襥5 2Q{F}U=ڲo_3nHZB{.6bc?UFh'!M>1^+'? ΰ5\Jo>U[]hܜ{;nn3pL{x=M9G\/Q>7-C3\,~u-j՞(r Q׭Э+=)j2v2'ǁ&9V+oʄCyUƘl;bq̼2GZ)Y(@Baƽ  R(W3ps"fN=:ő?$,DlP>Αl_ }1ed. KDb5[Y @jLneF}wnu'>Hʈ"ZZLxZ|oX57@l).MXqiq /!rf_iUxL/ ,t#O/Dq[,:=OY$t+迧y2wlaY>ΗaƥkriuR.S|wk)FBsxϖ^nuM1ƃ_1'y37[h'uetV:R{լ@KSWYny(Ky$/wQ5u~=+3qw`xchh>N]]2s>2g]6,LfN벭lņkx\弈/u2mQ3|Q7:O%OXd7Y?9G1vl8OfӍ ;zז,)nv?^Y~ճQS۳p( FUH5.#Rnrt^W|$o[51AF_2Q+U?Vi tZt\E~Iv*gjf"ڤ4>m=Gvҭ>k} ]ks'>u09N$Z:lܤ'rhx]oc}fׯ5EOļP{`o0,z%t8&[I네vO~]O;:xηF]T7L6.bOd3ˮ{@/{fy{U =^k)Knk;e0=[Vi _sVǺiW*s]~;&٣*)_ dF͒ᵭ.vWXk0%.U<#Οmxzs{/k|/zJ3̛&'K|m]=J}>/=e6#g_6ke{I7|T~)?b6Sָ܉n)%J5R f=E/n;-&-xQAFKuꂧs Y-" %t?yM*-aӖZz?qj]u;=ˇ[5{OQkڷef]RCF9 4{z?ʷ$2BZlӱ餩GJRҲGʳ}:e$M\wx\w^E/ nEczoc .}(/ Ѿ6Iejs[s(?Ի,9;Z5V GjMq9_($L2׋xO}sF\.ҪpW*Np86c}.LSms#Ѯ44z 8܎'(͆A1HRhKWk'0Z>͍bh̓?yHu.+'tN֍{s]]4-2Djkw!/tu(:,v*݆ǜ|s8KԾ[Y&"|7@^>N9,%yͥ/hPh`2PbFۙ#6cйu% _6fI>$K~7/|I Q"\0Ft}9,0*6,% Z2ьF)m:GJv$PBo yQkyႝj'Jpz ,qҤX.*!rs\dg/o/q3v C]ʢiM_?f-*fsK'> zN/bﰳb07?ʩHz-cjW$Bǰhw;J2mEWYI/t\-L?A| dg|W~[H29=: Ug䘿#J(~쐡 ŻPc 8id*CF 6Ck~^W?:*?MCw)62;̝iP sRh+ O 91f6egA2d#?s-du@\hHPXjRYC)d@)14U~iMc|~AA&/vr),mN2wY!d+D@qcLRKƖEvSDQh?|__ ^7-6Lz3|ZFW>%i`<`F 3#!1O eFg9m>;čqͪBiAH$)0I*)ºJ:98aB.Z!]fA 3#xj2sG<X JYђ0M u\CA;W UK&]aF9Q ͯS[G!@C L!I$iõmOi= nQ,~ן!́ ^t 6];KqWzZ\Z[ųj4y)﮾U^3dY ҧv2#o?,}c|w}K}KcnIG{tAyև?bD0}oUg}_ƶb7l,22HUE¥a!r%q,I$}8QH[{sVeHi‘?"(@OW A6$' Nhsu)2vRkjZ=M s׵Y4zi֊)]L`MANiљ;Yust&Pæ*v W6m,Rl-Yћ!7` I#d,UL baA!("M* HAC 8\sg:(3"h-?vv~ !omfG.垹"LS̏|z}<,@ߓ ol{ $'XBO*b F9i`t̟ dqMy͓b, .а!ڶJ$ $7>|fbSyuds{כAA!RcBw5vh+{0u$Z+~{hdu 5p)ԢO*1!6kj؛^|&HWQ!w7{]$jL럾125,L F9S"kx/8M)1ekjt ޚ3zp} v>*2E =.70>o=wqY0d+( e4i3q\-#@8u_ܼr=dqb LoL) jDO)i` ~ӱS;3:w0 1,H&1dKtOR\f9FZъ~>OǵsܔCM61)>~RzwS{Q7鹆PH  ')xkyr8Y>͒A|brx< s@\ŜL)䌱*y {~K <1!=]`:J5g{$ #:~o{lp'_筝a-6i\nt q\!y~,KqZ|,-etmDа‘t`NlueV()J`lw Vǝss'1Qb ݘ ^9)epOkkzFW1 u%p0у}+/[ 5e-#8A8`(/f%^ lTI% ۴5*,*7ymaVu;QsNesubxB9u b6#JblICVAJTI rŘ R$T0Xۖywuty,4 يGJpݝsزmyʧa˷z]i`WӱXI:]`T@ʙ6Q8+ })T!$Ѝ?qTvlA\(SiSq{|pEDBBI@ :Z;YAD\Ju*A01ag&1$R(n]ޅ%dDX|ձta%W&Dh 4.A,Q\g.5QSq[/7+ͺ ѧЋ ukkt,]Ql^/92Իtk.C$&k"WpT'A'KmT7Ad['Wj~#>77Cnq峕AJkfzWYg*bЕ.HXUNGL8⬻]6rҳЕհ3AMپh 1LQ ozq.{7e` N[4x޳{IIӾ-=;( q2D %>fQb,qm i5;I%IbůOڋFvԢ.HP~V4曖҉-9Yf h>ydnCT1,!LDꀧMN-3-9ݸbqTAI$M-v0JQ`?%ٲ2:#H l -J!  g/O1Qb0F1y!TÆA…V +-497[~y p 5s]vT)`58l4Du0_ҍZjoBh(ӽg)vzW3vDFˋQ\w-gPL tق(Jȉ@c emul+vݬq6%~Q_%Ot:]?|~ @ʤR5,T;r!TRҵLEkte.<&ZL?wYE6 p6ķr먮p9~Mܗ}mdYHH)lK$m*f+=r|O~%`D!^ }hؿm[\yaI-ĹbUHI[-}>dů/6%O;rU~GsU!X (v.99#չPDV8{j95@ @Ition>O *坶t,ցYswaC9m 6ͣ ^ƽm\+%H@d`e< %!@oJɍAGY8cܩމ]`qgtUU-;;ҵ X(S?^xy6~[)n*`ܔt6߅?9X+4xJ0KYቶ0gh?4_QggT8`U5U|wح箻a6_KkzcofenFby~txUƯ;&mĽՙ-n(0b^n RO^Ȣ(BVA(fP3l@Se0U2 L0&LH\#0ZLԊnEdrP3NDZY$]BM 0<pE$J I #K"bLәdH"#)#\5(Xn@]yUtɍNSPj*#clj8b -/ ECa\yBStՍL# ӯܥJ @+EJˡ5c7 ;o}PPKͤKk^G{Zj;gyXӰ -~#zG3x m U,EcciLci֡>;=^=|B2 ^gwCJ77mmE pнe$u`5Q( FX;(>uudi Q҂lI_=YHWDݬpmRDXv,_RA$}c&OW{!^NU3(5v ɫ`/kp/02V@vŸ  XC^B[gk^_Y PwĄ{JȆMoĴXVd\Ή.qwsJ!훣=hzuQ}|/꜊[6f Sf/EPvTғ/|_-gԃuz WRGl{H2Sŋ-{feC >̴: FD^ܠ('fK6'? Pʘם~G@?[t?e ;t?3W?mUAR*EXDbzٞ4Q0zuck K }ӧ0(W;p]V9 4Zy[ދX(->wfi[ήuτP!a8|c@\t aeI +/d՞so-ҁI-N=!G,;&#M$ tJm3fn℅5*l-~Lt6_b%T)0 _Kr:RѦusA5紘1Z_sl4 #1#vWz1T&NНS&BKnLn,&RW_T!brᴣn<%vzF-&M{ykst5 8iy"4Z5uh4ca h hjthp×բYQaR)E>C7f^lpbV!ΰ8{^Y4Ι F5[Q @@ V{6{la~y>;7^|%?H dF֦rIv=h}5~'k?ӟyb|lh:L3,@HWEBN)EYb?':Qa\WBǛ9{ǯ)jd*6@"@[dH. eB_]HRV֣>٘ZmXTtB68I6\8Hn< "v,7-K.#+?J8(ZU(FIH(Ŝf5pHQG6S)-Jr8R1 e&}g7ۼd56&@H 0`"FJJ #Rad6MDQ{>u~GS?{gĽz[3Y-M;SϼKlWcl(W3Fg9^lj"o`˙TE4i '}nUJbv 7UYD@"<BVΔ_f읖tk}8P~ M?=+~bbzYe2czaħ{x]x\}fd@&:HpPFPM>40,b6SnDmk*ǍQ,k3%HYN%mO-#9vFi׾#.ĿhfsY}~ %FguGeMĖkwqy4$"<ZcܜN-Zy=8+dه&ss=?;X^[|( zd9{VՐ ΢vF r@3I, HDil0Q$t~70RHI(Z# (R A.mRaM9fUJ8p`x,xrrrоݭ"4.,1NA"-ۨAvaI&H,QDUbF $%^1@5ݦScekՒlQTTbu0Q"H(*'.۰Sk3fI@] S]we: E4V`nqy93V[[1q&QkøHgW0 w<_X͂ɜS_lTi֮aj̘9+w[5Ub붱Ka՞N){Ҡ3@ m k p}]{u=V"$EUDH,+*2"*1E(,TXQ"UHŀ* , , C) +*wśM5\+$J)SC"2,`N%TX/-A,@/XH ]EDĭECX/ `j#)ÕYI% 5H"@>` ,`p:,Rl㎗:ћ ]b*CI$OOVn( PPg3 iQģ g $e^07y'Rz$-C k-#KmJ-a@]!8Ͽn4GQӃ{u^4Z27R % 2.PѪh;S٢AMB!$K \ۺ#;uPj0Q,Ю]Ad+W2 DxĎL#*l,Bea5ʧ@.5-A@"%˜"@("NR$bqb4a?bgzWo Gr ,*+7Ja&Fir K=-۞} jm˴C c€A DҫB۶C MHlt! ۓ [qa/4M9gKfe XcB iY{}t lh;{;=!DUBMrA&(`7&g'} UcB$E3}q}mPMPH |d8ëa $%~|7ȼɓssᒖ-~5AֵG.zl]WeJͩeR KL"P^zklg ACֶ塭< XHr/ a0ͷJהŊ-ѭ%8S8,]@"ʋ1ҢHHtbcˌ 0ـv94td$N~ER鹁jRRP(h,قׅ86۽Сk$E^j SU,ܵaoJ 8se,*++ /{-Xdigl*(u5& 3LXk5 N]3*ݕV/2,&,E!8yi5TZC FV Q$-%.{u,Jg#_l`\U*sնw\ DlWR5QP~bk޵5 ̸kWQkQ8b3ܕrF:75wGbpVdeHsTkl4-(ZжA-n΋kMV|Lʋ-v`Yݰ|Mf,ý(RXVl,NƝSxťm0 ]\oqc hU3;|. lJOF1uayxnu}-vgz]MJ:u!C;c [M_PkbPfpkR\:zet\ q4ݵq8.{G\v3 Y S DR*jXM+Q"#nZYHxAkБaD)-oo3BS49͠RD4j8L5 o 1ø-ŷHkb}eRaX656(@˕ \la ,yU\v 0$"s!4R-+V%YD\IU%96g(2H)k)8JL(GT(b`9 T ;PO.Ü^1 Pr!U+u$r zeF~gs7 ocvI*Y0"ԍq^ vI$/կ}B2QZg4e\uWY۳GN.^[O ^-6o1 S\Y)fہlјle^8n2="TwCouX(v[bJCb*"{zTQ5ML5B+Ls57|{Z 9{+)s6 QyԪˡ\\ᒂbf--ɵ֤1'[#/qd[#gۧ -.tATp܆cY0>*RMXM)@TL+E 8Se Ti-1 kJֲѮYgv ( D+0ZBJ5TR&ЁhzE(k  C\nU[{-biUҷ%*C)ɳ(,,_{2RXH db\;Uy"j xjs/9Iut,SNU}qW`8tD IfXtV6`^w)4LMI-][Oˮr;xZެ p &d2( ՘$Xʐ[S$S3-hdmFTx9g&XQWo3B%‹Re"_]6'^X5X&T*(0 HTyY:SFBtSrwR6^G das [kNyru}TXŧv`q)'ZXMZj]γy:E Jݻ^V".<bYH-Y͡@$g<a-kҝ9xС6{z080TiqP2'K2pB``A`I H\#y""Pve;u}l6%GPCdE`3ۑ}ݞϔq"pVbRF JB)x(rajr9@^),p9ǒŹHA BTF$=2d;@D"Cy҂E(A&Sfr9d1Ulh5qY"AG>XF)Ң ](7QYuܥe4:ݲHnqJ#2($&lPbD-5pw^ذ$ 'Yý0*(#xvrP! e.еa$aøubֹhB֏,Uav۶GВ$ȴ G:{U lo}L0Gصm&:b3\o6S WOƬcGYi$HE"=$ ZN:N]ي ItHa̳ԦrwHh1ާ̲ tA$ߞ;/p>}Xzb>lԢXێ|K51>J҅5hmx ar(N \x^ǭi/iUج8fjs )mM2(QAb0F9aHܗ? 8`r96 l9¦`y#T;FZDDD B`)jst,@NtX9XQLM&y&aY]EACXxj S[r)ӭ,HKK'&3*1#{ʉ cv]P@H;) ZC#Fi| w=+OOLPF/5&mᨠ(bloM1aM8fTߕ$z^woBj!-4C@2U']paVκhԼC0(FSg6#JzA%B4Uf`4p[TdM"#Tmm2{`&p-Zd5ki 'fM(b6֡R*ۙ RdR۳]4}9^8h=ҡ 6kI 3bmcnMĬ'bI›4 27,l,fn66@L#clj])Q̬4CYų8Y9w{  @gblaU i I !HE* Ivnc@@䃪%Uy YP ph j_ggȝT[5ǣM.3΃Ak7΂|kDv ({Pc77vK Js 82 mccٚѭܻB/$2cGz7ı2ŒaVh 0Qξ2UکUV *aKQlf[bnz2@ySvWKу͙Ii Ŧa4&t!0D/) (CAgb(@XH #$ 0O*TXEh-}/s5/-_L7j/'KNhe" .9 $7͔24"LXăhS6Km,(km-WR?$0ImЙ(kޒ  M!։>moV%}=z{m_u.mi 3拨 mJx&7NI8Acl%`E"Dՙ%-\`OUӆ摱;N[0(+Hg YWa<TTټAOFm_._zVdl۽\mLˣNgDS|VOĺ5o4ImT?>|0dXY)B &AERQ2ZиɺnXq}Y;ůk~4 M̃n?08m6=ӄ޵ O۽i~?IJk#+Ü:me'cg'=ݥ62%Ź]C~SDb\c8+gWIyۑhvps.[ u+Rl+v,T޾}n= D,I dhYN(G UI`,/^"a dBO#Slhhgi;R79%TW3+Sb"|Nuxyk t8wsz}(ϰpkZ*j?&ނy 酭yBujj'm2>>. ~6Ә/"/>Jem`(T B).͍Kxn+ 3K]g>>'`uoIREwFp4֪EL (av \ q $%]dYYCVL3"|Ǽ#f!z=/M=汼" *.:ba1޵(_YV~(r비]G9_v]gxdGْRfPJ ./&{/r4Et OpyS=P,mPtțDrQ2(5Ij_jՂEe~%1Z7-<[܊c12d4X;vUB=pg\'c_!oۣ_\n^z-jwk{@o-(7_g!/oko ~٪O)iC7wd0 p(r7T+5v6\xJ*Wx~6Y펧2s_;]rQ=n|%y+ $;h2  ~t|*;.2`"O,GKsý9~n;XxԞ)<;GM`okA۫ pۦ!:r;FUS2{;ωk̇uxe;s=o8WQFc58wL^ni¬#;w= )7g#` ?&yì|J'g91|؏=^WȔ_jSͣ蠟w]V.L6X?G{TةVf\+օ<4AN}n}EW(hѦS$ Ɍ5q+?[%δ\Gl |s+oU[^iVo!6s ! !DG(5HeϬfR jgg)1[.- VŸ;_+5v%~|q`q8y_׭WO31N] ;뽔&cTqMw#xuY,D2;@YJG_TF.vDlziSY-u. B6V!3ר+9ڝgΙyk/}ꙻWǢRhW_o}S>ʑr!2' E̝x{T&>gok ^mks}x(1{A5d-R\?-wGWVljHhqPݯ+?tw)Vy٬BzOٺ?ǽDbarcdy̎Ǯm9M?#{׮H8Nëú~kԏn',0^},/VP$ '9PEt2vx[<[9?sum_W٩:ԳCyfRBPjN:OcsF<)ݿ[GU8+#Y[̭4AGɴ>[f.tO83U_u344N=ZWT9hdDDomVxt NA#bPD'YQ"-r83|tKjnc${Z^_ﷺ kIrhmuʹjۏkXiCN}c93;B =gSE2Qz D`t6ikHWs &Q `QV}#yg4S+V3cbq\jC۰-\T#`a5|_-M=3_;֞fV?F1][&${SQq|]lIlӇ9Yf` >bOҧX~qfCs/u.#vKOܱXr,'aҽROבk} saUt-n*9 O+}7:,-[\T:ΣgA`!x(3R5^q&\l$v&Tq_ƎAS# AO#]{~ĬXa\[F?%Mc_b:< y/{Z'r2kj,ZzNJNS|κ'%~'Uw|n^a4?Sop4Z{V7n=2QI7?_*\.q(-K+gb+lX{l1y5ޞ*.{ oLQťyBIeth `<{Os8M,KYm_o]CYU۶,)L >ܗ$t[ĖEkW]DCwNﲠ:,'sI#._=uYqs'`heT:t9|\3oc'1s/Z}|붎 KC\Cb 6<+,pΈؔvKqmr q 'V;g1GkTPeg0Վw 'H~Sgl_ rޛۛg?d8[AYݛҴv?׉{zJ9LbkqMy^ZR>s+-.|6Iەq±>ol J "p`C:(Xclw) J{m)iki>??[#30:PH YDP $6pfĒH@P"i/ ww\2b(D``I ~w/vc6)!f (:L吋"Ihٶ~02iٛ0vxi @ц+VFx!i"U*/WPRHf!IDjQ+͞{FT/.jU|bsE'>)qS Zk,-S'(ܣx-ty3οg6$~+6OCaXz:1q"zb[ eGUgz0WQ;fp-4O-V ]fT<I6`0GgZ#dg>\\#rTS-xu O)Qv?m {&>AU^RV뺟=Щ]m{*vKkK+3Kr&zK1n5޵30Ԝ,m{Z?5#[UU2>#Nk;cط'Ц n.7uL\Ԟ_GWmQ*㒢ZڙV?Dȿv1cB׽@Ⱥb9~Wi %}D^<ܺec54=|>/^ ~kf٣ls9N s?x/ l_|tӲw'3bKw ^zkVtWjpEFiKOotߝu c/1 k%-cruw# 33Oi`  4" nh=~OދARYkipr9$$]2Ik +8q;EZ.sSNkۭAlI$5ߴ.2^d߆OHռg|5^c]mn$\43,:3)Qۨqp!Jƹd3;_ȿdc)+3;_+JC@~uߘvu}'c2翙`"f^w7ڋf`kZSF\ GHib%6>=FbVIuk޶߫ek&߫I[QV \㔭o;3;:fs"| hg ??w C_i'(zWګ0C̛ļWRG`n.j]6^Bo?ސ_йe{Vf(`pid^!<ˮ0{i]~ɥܺA`D@!DNZ"螩׉gqj(0v:\\:Ś"n8!=}]nͭGKqs<f8PMu{ JC,)jawdU}q#a.\Z^xlRˉw2lb '3u[ΌcnŒAiy8/2hߠZ25[~'t'k>/?m&1Kf' 뢡ߗgpHLb?cm؊-ouh{$#ٺ"FzoJj"$A7phN(1Xt˛MFߐY / SOڬDzNa ݤgaᗊm/ycn0i6\ƨJkn  X 9~SfM(v87hՆ ɂPm{Vcї{ _evh+}*ۃK^R bi~G~_å2&]*}9G;{d0QK:SZbf4j$#;ω ﵴ4iaZx 8Pvf]Mcs˕:^2ڶU'tOI]`SoAe` +bg/O :5ߕƵSjez鮬F;yӞT˞a Z®ޖYۘKq:]L~Zr4ښAocrZ|; >a$Gx43|q2w?- s Owjx-],08uGƪw;[ nګ>b`ͿȰA;&^r8 m_WqMgIڳ8nKŬMuSvyP㱢8b [Ss3wSrpy^=W3Xu\Vi > |?CPcq0u!.{N%޽&DxQ6w0yǽ}^m>e.7W۔rIG0,L{J:| SwPsJn:kwNkf+#z^b]g -m\\b[ÁLA P1nƜl `ll%Fվ*LHkGw,/ИG;=5rfvx{Yopy,VlJwuYM.|VZGp[|$aqOX4?foVd1>ˈrCnϑJȌ!DWD:LO;-= _3]XF++跞s2.ϏUW<wZɊfznh߽sv.ޛNSY76-~;{uI˂pqpr\P#A4q>܉{(}ц,4Z5:Ѷ}'@g pk?#$7{jcW)lnᤘ9w;^'-D@O0HA ?5q/lJ3tgL_զxyRhh#AS'T`g,R \V;gǹcgE6OQ똿]_f/ю|?ds!Ym+4,3ߘVI&DG@`O>2AE0t&zIFC$JA[j]Q=Ch1;ǎs波 (x: !o-_ο[Ov$6瞟Єܾݥ~%c,u4qz6 L!Հ5?3>'X7 2">_L T/vIhb[YۗχWZ^}:X0e{}>;<0 Dq,.͐ɒ0*xMq9= 黴 xFpLXB#?pBJsdn#pG"I:qg%u2> ZuFl>c|oq$2Fx-hmv??F8a]qvj|׈U{n#@tAΫS\і)E+C/h 8L<=[pkh0`vl'9b\i[.@ !$BTd[qI (V<2w<Ë^"]?]hDŽuZj ÖsX5Ν4݃D1ua qOAF:nݳ)-wCr$'}cC{߷e2w[M`c *H: CK`W*əӕdÙZ}\Jģak!sefW۟)gý 23C~X rOIDqEh7vSAwljZ/ F` 4Cps,vw.jdr,JLyɆYEފ)V 5F&62uXϧғf0z'2t|YW,ms/'pjcvqO|56 Bh&}|zƠ6pm(`4b)yBa߶JM1A[v-bgrut(V:2 4vub63VllUԍW9NSWNZUkoQS'6e&Lo[Sle Rqw]8ު*EH C%R4(l(BtrkK8N֫ƶL27BY]cpݶ V4I˳Y`q3! D?Rr2Эن?f &-?ȾgPMy:Ǥd9L}~}ג &K֝|K:({).VgWVb 5^4lEδɜZ )Vۏ.wnm-ÓQb]UGnQ輮ht}QV]o;]ku |6S1o$z ο'Wו*фXahb(O9@,Ы$27¥z+hVyAL}@̄̆`',c T8Y׾!r陦X#9+%q~Ǣ7˞X4 SnU\lr^NEĝEi|~cyIák\`եP @P@PIl2MgvNMV/_xNܱ`W5K?o٤r99gNk%C, Yu^vۯ/zM6]-X\E壙vIYeFLUQ*LtJ2C t)@^zb`SMƗn8k⺘ |_Y^f&*ߧol;u"^[M79RܴzӲv7f=BŦ@@1gKrq}Qb B8 ;@QĪSgpq߈ofgڸz+B7~uE,@jKΤf!Î[fjeoq?q֓O5=I!aW;fİ@402*hiD!fZt)6f P>jK#͙#֖,-Bo W1T`s{t< ~pQUvgS£{-,rH4!S MI4} +{)X$Y9W:.KG7-

Rb "WVovDӼ$e_Ѐʼn3 DX`rDp6Kx}.=f#gC| >0u:,+`Ʈڰ^_οt#6s jdE@rMf܍,V6ĀsL3#  ֬{l߫7Pjk25U[~Y*ʾbR?Å=%Z[|Ɠ3bK `蜆zEbc@QA뫎T Af oGA5Lܻnrlz\X= $ @}Wp d(9fW_: MƘ`Ӟ&Hg8 }*6 H$"5ҙ%i=oW5m }-HU@ 2,%.(<5j1+0! _~C56݊gL[Dܬ[iu;:M4.#Qg! Agkξ`[%4cno8Ϣ Ji <"Hst_M{z{M,)ʿ," qqrPNަHހgDlC 0!5%A[  L8cRw1֌?|neA4O͋q0TȊ ArP[H ;%.)8,0F :.">,0Wo_OsJB q~m@7F]r7ΖrH,nqyF Iz>'-}!,^s_Fdlť AwٳLsS7/1$*82%i 6?S;M>޸V4I|/$NAxSQaY6L6۳2|P,7&{y  /WiczJ # ('ė+zscȕ0h9v'g"6z D_sB'6vyXC%f Ȉ|D1Ə٣谛?*p]D);N ĄQG_U?N_c0Zu!İhUr@AZrmmj 塜JItu(XFxbJrtP ae̡"0SCZ@7*C&N+VQdEH 2`7W\4eޚ:Xi8;5E,1+( hYbtW Q.|j餦a, qT$cHnG@p4dw@ pΈH9,E-ح* %0`Auvjr4ZsSu]Juގ(m2qhg9?x{W%Y_Cw-[u $6>V=uJi~/xj4mŋ ʑuhLX>p)f9WOVǮAuW) )%EM͵4e>+(5o, 6tH҂c%VSgYYR) $/UL/Q*&VLX,}pHfM,ǫ&*qwC#ijCJfHh)L&IY Jdecō%Id6~o /ߌvx 4˽,FK+fOfA"yeIYu k$xm90HA0)/f.;bi'E ng ߛ<-[a/W}EMYK0.a3 9H#PNĜ?9}-[0fkm]zXԑ܈lTZ(n,c5 uk=h)؇4Nb6M*|DGw,Uf*fDŕ"Ղ+b*0YYE` 3VF-]YRX YQSl`Kj )Z5 A,$ݗ4vɵި"wm1"KA)ZFx-f'<8QD.'M nmnk8ܴpi-m/ryc/B3#Z X @AIl!B3mHCqiu[F&݉ME B݊X"B gFHmbLmvVITHc NR)R ZSΝn8wKךs ]XH6,7vuٶ[S ̲b.P֩bX(:Llf)kb6`"j1*MQf]8&i.v$1K0eRiJRtҐ& \Q ٻ/_jsi i&21`BRb,f^ e( PUI iŜͶmz|!dD}PcLI LBIXmu\ GmdE,BRIޮdѱ`353 "jM1dd`m+la,B UHyܻI \W*AVhnIo2yWdISmSNJ68\q2\롁ŲCq$yl!,71w oNVU-nf]:AMk!Pͷ7d-Zf$n0A4L `)!r0vBR( 7reulmjԥŶ҆6S$.T[y²s6ѤSVe+*JkfZ"JEť\LQAĴ(k2q\*$ێnM[UZ#c\tDKf@R t\"̲CR mSNADذn\M`ups2ŘU2Ō 1+ffFf])YSJ JH;*Tn6q tmңUWaQ*J&x;͠颎NDlVf|ьR I!wcIu[E$*I|,ƙ_`-N5kZ+Pb1 }k{}S06uAs% jT\`5٩ 2a]o.wAgE{? - M1aY 1+1M2 )@)Yo.zd6ɱm0D$)$uny8hvGfL &!0$xC oqj#*V U+ ;6$fF"HtV6IbRZŜes.2bbl)Q1Ei()mYbӛZSMϞ90Mfڢ<'treZdKmI޷9^6*m۬xHF+S.B " X;!ۆ:okk/O<'@xQ5݇yҹ 4dD59ӕn fX骶I^\+$ mV551GLSNnѐk6M-c ٙb TA n0 p@IЅIRP1efhJaaARo  ĩL5FTb݉&=m|G-oUC,(p)Hw "tn-RHHpP 3dPy-NV†$^^KRH%a)0k_X>gb!JD2 jsPlyd;2עL^ovx&#  8ʦUK3NCUҊ j',8q^Ȣ .Z(6T&Rn ( ٨6erZ[d9mIM=*tBr ÕkZ=N蓆 #x:y<saPA=.j:uam䞮zxvvvn6mŃ]u6VSh۽łuƎ{7LوtJ4l鍫;6ۖn[(YYVil̥ͳLbU,AjAGPDc<{_*t PW! &*fAp:; `=PC.8D؈CD8wBb[i@[0- XI~0Jaɗx\Oq5-hqvQJhR殱ˠ3BLXHxU *٤VSk bD *ݔ1k[/+-$OTS4$ ' k"w- ibs{=5̱C{(#J .ZYpfR˛1?_6rBЌb<ڛaGU @ސӦ C!y2LVI6AIbl Im&eer6:'U̧F1س0 q*tfΙf˙^3vaEL(bRcmݽh-b?_a|EEVWuHHQH+mó'5`Ybܬl9Gj2B)gϗze6(: aL"fW ΏT9*Bddɔ6  j@& Җ GD`DQ2"YBDm P]/ICb {0D q&i_k0"̕i3e^kgsc:*, B 85EA'.š=u#=5V؇о}݀W'$t*w&8IwwRg+D((&CØÓ&&rIjuK+ 6wJQ I!ԓmլG"#ʅf9ưV&1& ZT &uYɆ ٙnVrf04dDŽ6Ǜ+L䘐; &1M ؚ@2Ҍ; bǣf'J벳߰7aӪ9 o1Y4oLCohмk9Ձ4oFg; Ҍ7(OLܽaЛB5/ind?Gh")$!U4\Xx5i4.*ѧkV,أ#( A17 Q]nJ42$zSn^ep7'@Ռ벊" cMCN5#iԐ+-ϧ`tvd Xa0@r @ AC5߷V蝓:iñk S8WuDSg&!A7WPIĆ"6a:\`/T--:6+;cm{ L5g5uk KB)7p.(n` AYW?_^vvJ#p׋yIr.MܷB`sg-79:0jXN8Z c xv7r" Pf×YfcYh ! |! IP%[K(p&m{asFkX<܊sX,N ޥ^f`FՋ.hV, b}@exW(%CZj(sCа,UI1*a{NL r,\,Uk K2Q-EIVQЊaSHD-(8Qa9Tn##;1ð8,!yv+ zXkL g [}?c+}:  E!ty0*5Je,ICbiK4Qѯ52X"Bp!Yˀ)6;Awl{x߰*VI:>5Ì B!,_AQ٤*7[5m [hRPRцy̯<= 0 ?drB ? Ы{y7Xǹ ܱTtb_Z"l: *`Umr=tLu'Q%|]z8˱ H!SܙM ~4 䀈 O Y@Ǻp+de_h]؊;GQ|sRr~J8&L96s*h3b΍^ӆL_mC]]B|I mBQU\Gśa*i,PlCe-^D*$!;Q]KM+5oQ$L6}K#Ge,&EEktyơ>M>jP]<|A[' XiDfL~D.I4E ?H2- P%ɣzVɠ@Mg9^T PĜnf㼖{oůo,ߗI?Ф9mB/=Mh&Jbe9+ChT2Fte@w`,R&2MmbEB&[,a]] ]f}By?˳ogDA…CܪGb|E.[iQXASkc D{cjB6!@ ;и(2]. X"!Wj&0e@fULbY I2-Eh)"dUśqO9>887<݋q.l1UThNK)Tb3LŬ8"L<3q"E,0sj ^HhW Msލ=@0/"ff%_з Űr*6LȻbEbf$m5PKԞ\FF_hp'=+lyT.t#lwqo)'G|gZ3wTŨ:DW15qFec n~$h|?F%1/(m?Y>wdwBI'=T% 4<P.Nvpr`,s'*ޔX$BI" kG :~HjXh,q.5SP^L%Ht @%\a'-  L *)y9OH]_4a۸7qb45\\vv70ct8cm68|>Aw>| jjFöBH@p4N:kg.?z y~^[C TB^Ee(/^Q &)k+%jKlp,XDo@C#rȡ7eg$&>fHTd.#l190>,K6< IPT' ne@zZ˿eR'ZQ+! E:(Xl!(%$b u?~N|{g6 R92Jsd$tɈA(ޛ)V궫As{%rkyO>RQVYOb8|n8wD# H_z@<_=k  A>Q6CpTdݕq3\xP8 VufđRQi?4blk6IC 9 6׼p APH?g2f{}]\ t 7Eb@ FIwPDUCzTP\$H"Eb"`2f6#b0b浽,54ٻ[!\QC$T ,O?*4ӾMCDI6PղJ*aDA0/W2Y՛:7Rm.aY5m U2lټ<;6wCXS312LQ)SU LCuE5THfTƎB0F"3*2~V`bp.j^djCY@ 4*"/E/‹i2"U@~V\816NqB(,ReJ"P@[¬{Y T! 3I&Yn]wK #[fh9;8$HԱ)Cڽn[ju$KŸ Q[FTJ b;-5'^ԛ]ݤ Hf*oia΅Q78hյޕMw7]錿T. w!1Ck+^sFOirHE%/X`D=XkZ7x\(klv`6ChLQM+['!ш-L4-2F*:m vSx ^L/mP4!zUFg ݣ8dLȇDaĎ"k]7y}$:Xd1A f9&QaQ0nFPƜ8QvPx@ (ڝ|g SII]X–` P:u5]77?푞XH|)E)߳p*,f\XY ʓ]BUjp^ˆq6a/Hv F9ݶ1%G}Btlˑ YIb#i$9phQxk!Ʊ@9s؝Y86a9iѠE5dIuD 9ʼ_m-5grce9{|T[,wNBv^Gֽ|=ǯ 5w;AP۰y`b E$ꍔw,.s#Al 3@RMv An:ke:#W뷭R\npyn7^F0)4$!mW]FX^܌nPk~/+-T˨\MϿb珀X߃<7%zomm'@(tV vK 7Y+ lΙ94"Zl8jkZIDedw;/zt!6 4TD^^yHk>0R 0i̲E 2(ͪJ i9S[ʁI.Av!ViM8̒ nhjאwm4}Ǝ B, U1+$UlsD,았,;NI()0(49dqkE̫JTTDyoQ]mfqzpW:la -%D4"&i*[aޘ Sz jn8E*Jn^Uà Md0dɌ3t(CLLH9sP4X m98zю*EƦ-@\PPUfIY,oK 69@QX<]k77XK!^8:, * (RjK1*l µF]y{m\aU T(| Z3TnK\v1Fſ}*.r,:kExPX4n)Ѻ6^s[!)"Y8LR %a6@(q`/]hoZ fbPaYC$H.#@í!hmŽH){2Y" 6 *ZLb h`@ZI1(_gEF2ou$LA$!)$R U80CV`A0=w\a>PVz[-QtN7BPe*m{]~o0s8O9-9YI [~Ŕ *w769EʰuL'caE{f]ʞ)IF4Ҝ@r+8}ah/nS]3!.ySáhM FӼ.Tlp䨥m~=6jfO㝁gwL1t> BZ=ϙnjON7%# }q,)lۖlOkuɿ6՜%nQH&*P>>P\(H"Es43un^x:uӳKa:x(Gnå-Ւ*37{$׌|ގ5 A˽e(T&"j<6:@ Tw :.o3Q< L dVl۵>eѯkkk䠮S}rp:x>V7,6ym?4-K>> e 3VI%29I@` w+锖 btg|BQ\L(!՘SJBܭMH˃~KDJ)dH`D 7D^kno*sͰӖs0F,$޹6mCg3w͋.rȋ/3K0Ewk+̂1gnjh3DAucS"Al #\ H@P_]93R2/ 9S3f]Pj2:_R3pخ@0ړ X-LȴDɜ̂o,'=ȕg ^o^ek p![B1&,PiJJQsbdvcvᐊ! -08] Yə 0 J>wb-*'1ؿ>'7xҔ;w||DٯwLߩngGCggh\/ *Vg(X&3)jvKn^_OC>W3yȭQ& `~+l89Xn{6YQU4SJ ';z؊gL$֬M11R(|w5xl>NcK#Wo4xSkf}ب>O͉/Jp@0rrOf+T=N:w!ޙaEBֵ,5:׵Ĕ;#E&$q"Q*z e-fCP  4PAbʨ`\.F&׌4T4[5j 8q5u 3UUcu#(SwU].Dm#o"ib!Z1FbJv!mS]6f`dDF;+@tÞ̞%Ko6|Xּ{9q-X0%SDn?װֻQ4+$ ks\}.b2||$"0$փDe0xB`C7r-OPۓ2ڀ2@͖&/Ʀܧ3r|宓%lq8b)rcٳ7 hNk^Ihi|X1a"M QSh^3Get"viz/rD@VUW &ʃ8ʛ 睺1x+ @dRXbTb0ݎ@ twIXNuRúNB) "̥XCi `owq|I; bvUoc(SW6 BҦ,0F#@PNYTb5Kqbr-Qnoe[hp?qBH$]p1u73I=kx@#dhQccJI]pHM99 /풊v3hddXC(E"yiy'ۿWn{v;'iđށY $5!`I!&@t&(G[cn9g a F$q^CY:8uS2NO2C]H̹ͩ@ۺNHl$eݚgfԛudfYj9,e#l$bK lW7w9i Wn埁XWRwR&)krHPjX١@f<\b[+_uY\Ű׏ Df PIwfIw ^g4ɌColG)G}0K&LrKGٹ@MXҢigaײt:T !=MGFIbUJF`}Y\ċ3^Z9mKk>eloWVZ#8ˈ+*m4&X_J;Pbfwϔ7 5rQw3nǻ4Asw)ZJHĎh9 O^.@frڍX7ԈQ nzHk `A3QUB5|z_ q*B$A- ??'Zey& fK"!tp>o:؅@(- lurh^ v1 HYB()5ҒEH <"/QwOA/? #'Pڌ!0NXn?=s~+⃟عD!fZWư p_NgN 'ɔCO3Bb&3bFdJ_X^ٶDC}xwD 7LOgP9{7FkO"v}N@SN @<$XcN  qa=\2d5\@5 K2jRGj*(3!od 7y69+IR-sM{WRwh6uu@ `#Zfɦu((Wȼd?J5ewP]ARHVX1.ŖouK+F ͭ>568$YT\o%V( Ay4jyg-1{oǧ) KPcVn\\3unKe2jPaa45.*yϟúf,|(4?})TY ]7JhI##8"YB :rʦ> gr-bv1WW! U Z+)q+kr_&%DrR/< t%$$(\ضPgJWJ<}p>G{ݿtĤC:Nqg|[ +b{r7vI}dq"Pm(@E.K"Eӷn؟Y#ɸ] 0wGēd3;#{f_L&^ˆ{W{ 8XP  Ah(6(&&^\*i@0Jjok #a1Ud%Bj uf&$P 7TjeHAI2n8v\$A2]_ '(М@DfB8"prv(Q( kLQYg"]8ˉx:m"] p& riQ– ؖ`H!iXĪ=HtlXgBx1qb/neqM]'UnNMRj`@!"v6kԶ)MʇT *(/wx~{sT4W+la2QV;zp`ł-yRA bem_G4.S|Ya(I:a~nt hլʥ:(~q띩E11508ύCk9W܃u#= P#1埂(U+j1ծ'xNUoqtAuEºU)(ZYm^޳jBV )!TZ \WF%.lxMQNPPe)Uz.6J(/"$uW"C(ah@z/T-*ʇ@ VBDxػhEzk54e,&JwnpB {-5SEdH gL U!*ӯ f\Gvp\ͅB2 dlR,[oU8߮_Mm<6RYÒg'+ZMnBK9q yֹ:Dm}1aAd$AA30"0'avYbubN[) HGȏ]Hգ;$d((<-#T׌KZ]رVѓkG:%rLePDynrM`CQqk+0 0_0l7 ;~aA.5m ;5+eMfFM24 |of3K|FYFa:>#gy=npAP2 m;0۱`&( IW<9Dcm" iݒ wi d0@;Zugpd̮53 Bk |m@9ɔ)ka|NX@A4`c -J(B&!\y AM޶nszw8#&$*TC%@ HVJ+bF(T--+Cu^Vh/W"rEۥE6 0`w!\}yv97:0Ea2>9a v[+MBED#db&B C9UCyz>׹[oAqݼo9:(ӕuAu|yd_:<ƆFTB]w볈o> 6OT1#/hʕJ^$ ;#pֳϥ9.ȡƐ#Ol[_M#؎&qo^ud~zxc2v:>?ʘXa`ԍS%N!!Xe!mJ`td1UHXC$Ut[} H{Ju6Dˣ($OkL\}\\oZb"R#c$aCH"I:!M6ˊDRfnwlTV J>߉fsPL#MI@ @ $ 1eu3sיHScQE oy{68(K齍Xzo֐u{t >'qz$/&:]th8S_6JqmYp[3y_񿷯]M^m1 cVE jAc,@QdI"2%ת"8uْKe@aUר) HcO&g1j3^slO^X+ɖgTTA lD/51F Tfw5*#t^~q9}񻧾EGv<㜍 {o[W\WrXV.BPQ;cEOfþŌ@S}ҩDOSy%zӘn۴ Qa8(IQ8M%1ANL1VʢyЯn ʤeJC:몐˱k! a+u+ ؀,:[8}1QHHWBN۬~ +jxuXR,SlZlʉvőg#{ 4.c9}ARg[孻¯+g A:RhwnM8f{F4'Rs{Q*d9eX(lF@q]ic* RpP F8XI$0 Pd& Qad +J,b 賁q}u{=\a7u>zqZi^Ѩ 6\>$tPJmH$nYydmM+8;ЁyƣJݬo s6~-ԫ R)|u [Ar&˭Dj"6$!V&B1;SA"'g;I@1"$xBCh) BQJH~mtܤij?fG &BbQȥIELi9ízMN[6LX&" .jǻ-հx#]9oP"Yg~X-+.HC3r UvS{Ŷqsk mh, \{%aT2e"ҁ&iUQ!$Qz`lΔCgȉKws%%|XzG8^@z,gБ5R7-{ߧU zݲ5)hmdIN͐qTW]_u W_9"쯞8xĸlr,·W;^-Hq~vFttF8 ΫZ>&Ȱ`#dTf'&ɭ9'#%)Yie 9,"A lV^f BrKiz(wN#hNT޺"LCsڰwFD*" +)ӸN^mxCmpCa9pW[g2,/ҫ;r61BͼAv:3#DNŊl( B@,i` (&3Q!:p ̅f{B6YEo#')RhzŚ d; y?[_}UMnŭysJS댁(1)Q]] DFmaωVt<="s$Erx*ȯ門$cyr.t~tlI r zs^8WlmY:̴^r"7- 4WH e+Y6Fv#f4(d4\I F =9{)%K_Ol\ (U5XsBEqMDё;A@ME+q?rFiFD y"9\zk\UP:ehb.]6.w}n1W?"8O eJۺZamkHf i 幘6%9$cQ][)R'ufNhhM1P qņύF>Q! tۦJz@ JUbSa,BnTh/+GRXgQ[gT.]?CoT *mOWz덭ȧiʭ`h& 3aC>s]uݶn!w3Ř,CFe$nͨ[mET4 @vXGvZ(,OP1@3 I.@b(E ~V&O$/|36\9-SLR :p5 m$aj „6|D3xH l0@J Dnw>]t5ǮX{G(@V^%gTUmab7+{giwB<'cRJӸ ʓi۩6a _ 'rLkMQp,++l$ 0Q9q 4.$6eoX9Q8%o YBs.ű_5筽V΂c+ ےfi" 8 leS(L3(h KgO'V llJGkptaU36b*l|ڜ[dsxoy8,Bd#LY_ oYzwɌI!olcqLVθ<${{?鳰1 +sHuI!9V<˟LKB!yǢ9*ɡNX&cx:vhwv / HZb+?b{Q-֞D1y]w",]tٺF#v)DZTNTɀC#Iɋ0\9XTI;;:jb'<"I",JsA,tu 4%W Ы.WPVX^!!Z r<ݠN7Wa<(rTz#u$V]AᡁnHʿ E^#s+ ) UԿfcb <-inH!ްBS'U*7R#MtGV@FWD_md. yg5(t @g+*\L)`'e6㯷[f-(sHbn,! DHmWM.Us9K:.89i [ VgISa[E+HDžgES*Lmd vrBAt(X g"[a^؞@RX_e7m]C:`ݺ'}KN]%c1/[?ms*y ߶8н co' M>m|#7_ lO*[DF ^AH$,Y E-xdWQRWT.UT=b"e>.)WL{>7rÎV`Mv85pZCr?Ukk9]:EB_,0WFgϋMkegh67?k+*ؽЌcs}痾^ZLպmV{!lt$ԭoqbCQDZk:22BJD"٠Qʪ&3,\gf}sJǚWرֺgi[*&]PY!xc,tTRWn}پ*J-1#o#t 7x~߉RКl9 ]Nom(6AwrNq-CpbJc@%) : Vm[43XXTS0ڗ;oN{RFT8mjT\3O䚂ER)B+R5vfQ3u{Ms~#|/]m2B*/KinfBU!|Q}zgXɾEp3bͬ;,q篴9kƉ)~/gP=1D02-N۽&Oy8/D1FYF =yzp`Mt2&P*YXnעtmxPnt^Ke!q*&X)] ]oeʸiYh=T Guq^X6WOd3z{ATV6(Čs^I[ ztt[:#[ZVR3(6V(Vt$sİH"H6IZ *z`l-e\I2Y}3mB8.Y T!!T Hg7OS4"2@^iFbĶI0/X2wa0#א}35WCEg7$5Nez %B]JBP zǩrXgS* òBzDꋱ-UNwaF%k a  (z(s’uD qH g^$PZ:Z5TǫX2:w\RU.1"K(Cv&5Q&/R SoEx㒃4! Nsw;P_u4(^ؽd̈́Ibqlwj,mcN" +""D\O !?"у8_%4s2oNZe~ ;=ĉ61n$"9;tJd@$Di } *Nķ2U >jŖ[L"WmkC0k:}yU[>+]ٓD+O.QU=,@}aRܺC5\~K-7kSMq̿ʹ[E,HoQD!>gJeAj`oZTwR^֛/UKD/fbvmo}\zoi5ߟKF.SrxVG>?X!Dֽ@7ĵż{yMk~aMP]^gMwWf[,ಹX`tG'VcEb\S6gY+kV'>=f#,w+F>Ҟט$s [ٙ,uJ3`Ʋ\H }(lݛ2R.DYj 0Iv>kkuV8@u\C=zu/QՕy8c[]pݳ~q )p:WVH (]cR!’퐸9%USYÀ,o6s-Z@abN ' MWiE.MZ7uld]< شnNRʬnY2$ lsSC 'x"xbMxo0rZqeגRE ? HڒYr$u|*~L.s?-nwGሄ$:6$vځ܅{Rl ^ RlkP.0,7,5L1|*ŸE;uMmBojM},o{ʫ,Bֶ[6iG̼K9C%uܜk zVb!M>1Q mU)%ʨ:vp1n}qwP?UhqO}7]f- -oT68\e]i&L1ugzf:X"խbd-gG̹nj.2^xh$em"sS7my痴;*5!Ary8|uųVq vscKh)'5Dʭ{ G^G+9b vYM: >d7Kݷs[W%'F0CrLmQA 5FhEMζQ$ re/vdL(]|}XN. 9B̲u y@uJm88 wH<.$VǥX%fַ-#R[t@ P0,( u0zol.?M_wަX:)(߿dž;4ƹfLxi!8N ezm&S*BoQfLkHG:'\-w`*Hn͡:p0d7j[QX@$8xteo5iF[8ޭw>m3uG+0<bUxuyhP\2z>j{[ $DcJ?a1Z1kbG0XzS BP $*CPr?iؾ{X1NY'CizҌmz!ZV+M34OZZI(K6ΔCޠ7C UcY*@UI%%Sȸp>WQ ՎpC !p%zWr)O8IZPaQ[8q6 (5zi$5,8̸olCo| Ptgٱs$%*a xgl\sJ¡~RN2x⯍Vh*4<߸} GRzUkb-\y鲌]o?YA08 |v[{uv#ed2 Ex@to oW1R[ל1~*H{lt #_Sҽ90[.\( YC~y7(+CV2'߅) nu]NjEe- ɜl5vVP Bjw=^ս:/L=y%m+eW**m='q\m#ĆNj ,YNMBOSf7ݘȀIkq2>'??fO?/M[ pNE[@%3W5%vHb!A?a "̊o[r`4.?6$P`Ŋ3e]Ç]{s=UEU:Gy˯D民$x!xU).wحhqBFQQ/5$4 !*bwPz(+uVGDgQ-cX3E}@\\5 }mҾ?=ComYGrʂ[tl'Xt4ÇsAjƪERRu?˽$`=-C#Nd?]a;U>n)R|> [ d YVҳa`@6~ZL]|7>^O_c]2_4}=^t!4JAf0!sK ȆqQu<4EtĈxBDf:l Mqt7W DZ GçO1owQg@epMU¯[r+lEZ7C'sk\wis07xV'ei \99U7{ 6z7Utzgm,:15m/奢]lӺ=gPWoEak\V!lg}^:)(XswﺪXd_~ƼurHT8s^@}7u=Ug ?4QkWUS|w|S]D:ץ˙XUgۮC!f֧琮6-<;5t^ì ֫l­G9^Ik2GlxʥH1D wZAoǻ0+n_q{+&z -4oWp*bQ ~ GLλGYgWxE1 L͋Xzi|t~:g4J^M(y6LN9gw ."p)dYfu|MyF?I٢fwzYv`g3>ۯշ#j#BU&sNA! 4,F!V:Ӗ[n)jg.qLq4Dm#m^ocieq;]HQ 3yI2DX27C?xgy0,a1D}&0 n@JTvBl$V|,חa(:AQm7YB?sǓ͖->[ eN+ki,6!0כHy2JN'$I9?@!eCY'{ IܢX6.HjIX`lB}vz'R큦 $!l~XrOM$D `Iu0S!°-$M6h3A{_hG-.aZܽ ߃{}8Dc cA,_`6{:g7LJlfP%| >@M vrLBTЋm yQ8W@Ey4P\aBA˵☻v$Ӵ$Sa!~6[v tX` !,`4$[i B<;II=SHl1ؐFsI!ЄXi$0F#WZ iiƗB V02ZCьJlILA  BHݝCАTBJn ta'c$$ BNI$„_M!m|I I$ %ޗI$$us!J|ۍUI%ý+^zj [ \8H 3Ұ@$$wm4JA@$a`$ ^dM ! ޴br-["^"i$}ǀH\B XX #Zxpb4kzaHGXɈ$#{Y$f XX$2 G`IpЅ$hSHXi$h@.)n, HG`W蜁 BHH1HC'`I7A8*(hϴPXW>OY>}?Eb@+F9٠`!s E!!s.rx6s[3?HHt9KǰG+} &n] w`FsFkHy.6|,O{0ߴ?zQ"N[5(]<Ŕ34m_.v+{pШ>C F`?zm9#dDMSLÄ|}Q!2uPp gٲ@yN*/+荓)}&j8z?']Ք B/+D,KS21nٕ 4[dek$}_XV nMz¢ރ fk/݃–~TZ͜$,LiQ${~kӱH8 Ixv$g|;XoަNtRbJ & I;XvJId{( `MI˅00z 'Bϋ7~!F!I +mBGb !D i@g1{h  I{lZhG` zЁ +hm$%nǽ` m!` ^eI}bGgi#4"x$m 0ƴ 9$Zāhh4$PBBFI$JI$?E @y@{`٤!$$!IYbHHAɰ@ $M}=_I `iwP@؁$#ZВY@z$ 5=Abmb?1B:v$JHEX! @BH}p9@y&$#`,f/ 1 4-B@pbBRI $!C@?HzFI/~Ղ_;BBKlлaԄc۴7@#@`[zvZ$ܶ͟. ]wBٴ~~c#hH_{ΐ"ЀEi$-pk0< z k^VB#6r3B ~c@#QoUKn)HRouh!|̿ay ,4y3v_g63HKEVԝCǤӒ#p㬅` +*0>&(1$*C1$i`$cae[]ԃ:Ux,C1j@[CWa;~gb_-jz>54ǎ)EGį9q RX'*dIuLꁼu; QÖðOb'W>,WU_ד3{7jT/N|Kh n_fu3\ؐ33|uJ8n<%d @_um( yu$-mi-:/hSj@ 0LIVf-Z.Xyf[揆Eőt `dz1 dJZۯ>lդق8Y؇SP:kozßڕ>Klf0ĩyKWc6[/͵x*d=6?uΖGd~f:n'ANn5qڸڢnc)t.E%Zb9Q+N MHFMc/%n(A'/ٹur:.YǟqHRϟ.gIrFde0F V%}'&v4G4ؕ7+ڕ1bl㕶:h޷jy?*yx)n7Rܓ>@ jffgVTL a6jY N'6ovaBn):¤:MnSDysGҸs"{_ZӞZKRg7K̰ezݳs`m/_{;Xνn# IkQ5J&g{'%F$hҷbc^q$ȖrviKk׉l+Uz37{S\g;g\U߫~ڬ t\$d /`Ӟ;Qj݋YYܯ^<}+l#j2$ܰ*) Y+iYdqrOBk$,9bĩlsFN;Zz8hWaM8+XP=VvGHsJhnOtcʝ#o˟vXmc_~6fB'=R(ca-yg~FA$:M%ߢdԴiƨiƤ!pzk\.z˗^ {tlƫlەV4=4Crm-hkjSvDǼQUS*Zv 'N'hvLu$ Zn;UWEd*# X)5݋vfBkb is}|gXr*T !"KZ᭼ 3'.F"[ԝ:Cc/\!@@iqdy6:ΞiǍ2ûWf  I$UUqQ{q16zr' $`! ˖p-']Ztuy)y2GJM Ѳ#`M0ɭecq&\32_eSzkLB6f'[]l!RcQj?$ 4v殼;[쌋!%*Sn]ۆ#;/k,_o5 ;ffF{ kqFŊ5 Qȸ}^UЁ6z6imА 9TB~< rQ^&vGsYXH5B$(l$쵛$$}en ! "-$!$;Sh }g$QNdrv4 $$,$ @ I y$!}?_ !!B PJB$7|LHH hA1@.c  \0  >$$/CȄ@$$'Y$<*i+`rv:+h`9g4%ùBV$Y$,:@.EFS3G#khWBA^H0a!ms$$iU!.n2H: r3ƙ{lOdcṽq*w΄G?l[cI ;tKBv O1ـ!׍߸C,8V|vz-wMjbg-} _U-/gM׭XNMu7; QAbD#cJTbʕr(< 3!=I2'gEj5V 憿wۼvTYp)y 9-x QC64գB\Je;sa ]vW9bq7kTٟU.nDk/SBe֍x3^ih\Oͷ}mM\Ƨ3mysܥmK ͍X_:醼K˔zsq@ %@;Ԍ(['7<*ܧ1O/èO=k¤գZҺZa\-{ K\SZۯor3Yx3Cϩ۵Cj-Zѻ4%B@GA"sqF"#҉|"m}\Uu؟K1MѢG-ˮk0*_zx`7rN .<[ &.n +R6UJjM/aiy7xokyqi#/E"sܯ,nZXjx½ 9/sۿ%pgZqgS3 dwKB]8<7qحnjq$, $H e%[yR-ggŎP}!DVJ "ahCc6B |pڻ?V0ܭ5Knl[{N[BkjiZ:l2*I,{13W 2 0@&ĘY^(ܐӃ)}VunYϷ2q65ØѪ,lJΜ* t5TKLWE(=ouLm,85nQi¼kXb( (!Jm.J(n1ٕS1҈[5ȺUU0H%RTvgL(DSPĕbfdDHQ-eT;Y,@X{(m癅*P{LD%q(Fm<2Ǖ8vl eSt¹J~G^ms)nf)x5Q1k)\cs&aTlGTK;{x!ɓHփoĀUʡP<0ݾz7 f=gzi4jz]hrI2#mF1E&4DĔiI$KeE5&0ds2dUj!r!t,ɦQdۃ$ QbT_`%/qCzY׈'e aJCB$0 8-FͤhvN *㕵Wyӣ9de+ILcs=0E?7Y@̎4 "Nj1T&3Oxa VW z hL=<܊ iR7D4D('q"EIZY~>+/K}a?-Lu52O}'qc="4,D9pMDO F6W/Mk34jc, ܻi34 0 (˘K|eD`^y6DbC @7pU,|iQB@gsԚG7Pa0AUE;SfcD4ECuZVϖ؟!4bJ6aSKbVJ1* KI0Ejle1*1uWJf`fY4λ||̈́Q!wK6ڒ[DM%Tz KmPVbu0140)/-d1eE 2* M/-SZ^bgxm lR^*#DTRBi5ɰk2@kfr$4z$,~povr} <*4-iNHjAFLBSq{Qk&?7v C#XǙ€d'MD4W?}w1jCg^QLbdu{ |һ HNEY^'BtG|_S?5lk -n,D/Ukt2I-3EY L\"tj&]L($~`H1d:6?~dLQX9i:t)ϻlԕIڗ{uOg$:0d0bt@L2Np4?O dH(F.ݙw,R]'NQ`_—kW"ޤmd83;ݩJcU KQ%D&jS 6#ؐRQqJ.5Kh{,j $$"gʕ|;*6+ӿkޮ?fm$< :_qø;?A d@ymX66xsBmhpX6_mx[OځA@і_=.d"34%I/o630KzZ'Φfژ~qay XlrGQU8n&Zd:'}ίUR"fA0 f[7~?Zc#t:ya2JǨ3#P2+ 55`Qލ>YO?C1fK񔟮$䞣mج7ѧ  b/$fuK}wGԸ" ;e1*[WNJƙ Q&K#Hfn}_R*nE R͋v$-a%{#Љ"{=#+LB;twߐ?kОwvtIö$e-I/TH|F`N~\kwN Ƭ]*+dre'΀B!3Q|QЬ)Q!f\&VK~;ɋ Ydl?+Gk Oín@kV(cE z bÖ3҈FT6\&mmߏ˄,+B5[Փhm(ȵ"D`:|.^cs%{r-㎟=j sS={z/\ О;D78# мhvdoßrc=7kO[*m'p֚jIٷskwې-_} tD =ō+x(fYE6MtpcKגo+N.㠫H,'hTk`3¶>ӒqU9rc]vkc:EWk;cs y٭:>v5 6S%^%wT47nPF|roSwT9KӸ Ow:"XC$3t(hU^,Gb[$엏ggm{gbd-2@م#4@Rh"eE&NbU},yNiӊȐa!(C4L*AЍ(o= ?ÕJڏ-6.mWNHÖ\{/_{zK8K1I8dx𯈖#0$_ł]c;f/{ѡ_+_r BJ:x^S^g_DVUB:(Ӵ޻{Zż[:YQ0mO='=e>mkOE[Jo+Chٳo~ vo.c65.NFYoFК ՝k,seH\6|6X$_NURE&ECZODsoۛ F=?Ԋ7(}Zi:IǗ(({MLw,ˑ(9gP-[hWL̩ݶij4[u,ΗQu(#KCR0 G`#W@hJ9TivMt@ou0̲Ϸ*Ұmx{R7]~>B LE1R|-~'`]DEDXs4+fʰȄLHA~4%"V\MQ‘Y9|#MIR2L ϷTU8C2.B$PP':0elmSvAlObmKSI+E$ B2jQoٲBRC N͘3wB =_cWLv x!#׳ѹz 2 u?@a!ڭ[o]|EIx( HNj+MHMdb2 ]Oէ+8憉` @i"eM*"geXQ 6D/S Jb\ϙKH {z,{*-B6lj':)M==+} piot#^*=:vwfAZPY@fue.˲zHZhBQm Amq2:'N&V ,L\?/ҭ-!z2$W\\S$QP~s^% 7u'Ⱥs󏫣lt@[F/o%k@ {PßlB7hWx&g5F>MjT.WrFρ ZگX'pԒ\)bsVsM8F"$ 4J&a8uPzq/o͜_.tgqNA8Fo۽B A6V׳߳9ՖY\n3+pgɕؼL@"Y$wb-W5ࣳcj+?ş?lSڔ5J? ֬LUH%>-ve?29(r{%=Ƣ·^i1y^ڨ$T>'3LOդd18Wܸv 0wǝΓ6 Y"ίǫ߄R Jp,+xba(Yf? _q2?lm~s|Pa,\K`諠/%b@jLh{Ējuw]^CafLY !yiOKur{~zoC:3˳jDp}\oy[نIJQjʼGW텋܋4F<woӐyd@oՆ0DFht܇Z+;4p:fH: ˩(GXuMQ^Fm0-XNkwR M8/v2X-Q }䳶BtkkZZ0;~DZ2!\ßji!#6!BLnzѷ;,WNrLVB4IUHܐ@pʤrΰס;k."acP _?Maj#v9 8?tBSg ѼrNEm43xq}tuZLj3O-]4QIz`38ĎTs>y6n6H $q(TL-j>ﶤIdFΞ]gH=GjDj;2{u#OJ o3=q2Z[1 m QFF-!=|~ɇB{4Y&\/pxza[,MxLݸC~%NHzO1[ٺgM6v mX0o",'^߁˰铹"ɐowCI 5ZJzw7dEp}ؕdiiN9ח,Oҏ8h"¿&Vh@i jXv# legIN2ic]k)2-iKnaTC!KBHfT3YcXEL]]7+6  ݃iX:LiѐȐ FDxa; HDMQb|_MҲeuCsy/FQB5<K'W+W)рHaF`UW ùRkr(X" &VT8,EANA( $ dMP^ԀRBpЖ5Ce~Bh"0&ƙ9¤VRX97Ǒ2_wGY@]Ob&~x\#EۙJ7tj\4ҲepU̾;_jZ&nP LeV!҅I\V_#UzWm<|7'& `r (IF cYC*rFzxzYJCx(ug A ѻz#_H%k\fsz8֯!:XcfΝJFH@Y3w7P'F:?+|Y.ϛ;;nc:TIpҽ^[*3wDW6>l@hzX4Q~wO'6Ǜ쯮)6sʹu+tfp4Tm<7X5B]5r^:h"O0ų ek\^ ,\e%9!;&鲆Af4Y#ߚZLD?4>JjvzP XݲeVmoǮhrL2>w~0AGV_ęŒDUvϊxO0j)c=KyL7oV n)TՑAʌ; YLlfpj[\ﶛVfK%2UR>ʃť6<-\C BM8jz’,5X LJ]agI=lO*%6-RgCNJW DzDM_[x  2ŧʚn^gޫƁ&-h]w݊9w䤷41=|:xK#x1OV:oa. [,߻(KTȎZnlHHVVY J%J$KMóDp!M&qylF0݂pyN,FBGP~$I^ Ck頊|ģ 3`iwjCac8jO][0GsO;-7??I_k2;EgW[j[7$^QMeqjsO+suMa: P mvj&\@[1^;Z¦Ei7Ijff{L,YKyuѦ*CB)5U8i'8wHl:ђE mсERu3t9Y&2rJ Aț5XdɩT2UDQ4.Op# 3{3k.©Tm1vfN!HXX9CSILR(wr -<9ron$~f'c"%16J**d^_#x ˽2g6. Tcsh3ȫG@ƒL !zY%ZH5k^P fM e8oK'Sv"461×IB# iLSaZsskːܐk`{wQ%2Z6!MK@(a LKD :. Mb*@›%T; ~LK,:hTXnu 6aVJB&vTt@ޡ]uDY 0;Y1! O^T}u>>/!v8SغN] \=rok>a 򐄒!7xlz7šgw" n׻Mv"Zp=[q Ex;\$YyL%Jŏ1gڽm|^J;HGmg}(_.ް&Qu@Ai6I+goo?[N .(.ٲzR=uU?;0!2 %BLլFGy'kYbI4Zs~&.$?tfpqztEbvA̡8氛a2dMx@(q߯`I[ H $TK?rɾHVfe7ݴMV;|ԇ$0̪vXAsohE[` @Bf8:|ohVڮtQy'oC~Oᘵ Qt9Wo{?^I8 ޻9*cy՛95"N!P0Mx~^ü0[ SYJnZY 8O0-4W~Y-\Lc47un~bbaq֨>81,JA`mCaC} xeљR )310 ,l3P 0m.6Dxn@7|0+Mb]Tc m^6HDtV*BI( ecf']\%/?n$SgR: u"C64AEs -!`32vKAdYaЖ.6]:QZ+"L`W1Z(%L )GL..`6M}^=v|[ 2z_cfP0kBR?s!$)4I#Baٓ(H@0fn;vq6hŤ"'IrMQ#T(Q~ nJe$bPgάn;[o*nKV,oP!@x?vWt/9cUѝ^좀Ï >ֿ6`{t2ϰ6ŀ)<+~Su4v*횒eSΖQlV!NKX:T:,ҭm, "vzzqBU|8( ])-snͭ}k[yA?q5PE;A> \i˨(`qPT@`k+IkbyRLʨxg O|E-P]EGM(sb">f+Wd.~zw_'v]u:ERGjf1 B뇀H<|NXEc I[Ϛ`P?e$$793Mgv/reٳA`J ?NfFM$&~x{v Q%w˭>2t*--: }އ[rf}['!yA KvD+]|E~g%sYۦ9.b^lgތD2wvQ$;M~CkSjjO0%5c47 rJ}ܙ HW<ٗz9'vԎKA6!LF|{3+y}$kf*J YX,c_sfd~a8_ǯ+QMpJ_w"L4a$`H{d]}-1)p\. v"Swݼ^ eZJ}2{jN/&cc P XtZŌk)&`Ki7 7lVOeVb?ao}=pe={a SľGיc iP.7VVv):/݉>P)ݟ /f99 D:*SZnJElVYדC5+;>7΋K >-\m:Gy[M0C4uyiQKTtnnK~V=[z<B:RܳµBcCѓDq N4(&YhU-npl{M3sivlkʅV03⟂$[GYwyTOz㯵<k0ܰ;)]0+I[b"W@%tH u ߭ KvІҗyi usS?tI0V G*:U9JtiZxZكފx,3XaL/> '6ZAgbH-5Z xJSVO1v}'nF,Q#B^'Evk.@)BW%z,% sCcT6«ݲP ҅&h%l{[gbzڣbɮ`&<$YY ֑lȴL7qBm;ɳo<06>uA '"KXX{UtlC=؃Kzp(S5/Ť]}k_ɓrIw^|dV~T)ꞩu }woaTءBIr^̅8OIl8.@!{E LTcu%({kVb<>;9\ؤK"J jKo mr? Lаb}ֺ;BRU1hXt1W4%bElfMOK:tv6Z^T:n:w%2-";c>Ael <$::/Ã5_+FLη)osNX򀛦D6M&ӍFA(P nHaK[T535:)ӑ<̊2"CBOuӜxcǓ&PxZrR%fKR&'c$]5*v>Fm|*sGȞʉaWFA%:;)"F ,O62phM^<>qY1ues,{dIGE"*3M0 Uӧ3|kWHok2ņ2 ,7Ҝy1q]ѱҒ8JZ&廙&Ğg:'\m ][>_kWjYGY+,7Lk}cJ|Qa)s K:NrnO+n1-D*(;zYEٱ߻L!2m_,(c>Ky÷+ef!aR*vν'0F.]U^({-nhv]"~Mi.a{_i>[st*ϳSE2_jrU vʚByncb0ޞ^㓤G9 +29SݚﲋjK}!Gw٢`ErUHRs!pox9)F;r.'`[˂$7Pgz*v2Dœ=R"+Zu2Jdʂx6l* o 7( .d *B.4II &$8Gg!$λ}Qz`*Z3颟֪)*/NAsoW/U1ps'ōst>_+l& 4My~f6-+ .сn=NYlZ "C?4%sYOU^[Vi]C1ErϥLF$y}G&q7}JDZe%xW\JێGFˎ`#$!"H=CHڭ vĄN!RC 9X`}`Cfd`b %IPJ0"+%d :C>!Zb@Ơ\iB0tFbĔW+ B (~5G7d̙lbF(%L!oYQLOcU7e<F* J +!R~;<ɰR)* TQIDV}-y )a`,P(" (EXdyRhVFyo+AHa_qhoy}E!ǮF͉GMakOOɵ擺$XCdk63IhገI|߭HL@'YHM@Ȫ$Pתu{J ޴C 9b.Z%¥.", {O'p=} @ HT+ dVC#6K yȫH(IXT(@ sQȋAu7W }EL-S$6ጙl$TXƒ-Aȥ~߿[J,c$JRW +~ꬔql,1xHM}evoFkPz2p'imTq_9/(psI7Ω(|IY?]<#[O?0;B 3+V=\)U+IۖL<.fj Alq5{f SxČ ^>DILAa-7au|ƐJ6!'WW;R|,I)'kt 6 $ʽG>e _!jBHZPl3L1cg2ػ"ތ7bkw'^㸳 B"TBiJLnK. ]䬖4gX6tڃ@""QS\r3>` +:ZnXe> YɻX!c7D\aEs>3M͞dlgKmU50LTůωx-}{Wa8&OsSSCv1px aMPaɸ//ZGD"u^1moh0[Yeܪ W,IVO}*ꕋ~,y Ҭ.sLD04 {Ά̃a?Sm5PG)gp1b-LTQg̙j8|_3.eOJf&70`YK1(J[ - M>ۤl~z4 LN'xU|9<2W agjq|]FeC)bO MD~46v FzЊ6.U XwR^I 3gWk.q~˯ZuB0?l!ZSV"Zʱҵ33\ = Z˭3`Rd$&h|䇠2~!4ǧĥD&I66#|\'Y`Mرe%_8ڱ8[U49]!⨬Ar@A ,YlE-KM9 |7dI_ԄO#$ۄ)Qb@]!_L~)[r~'b1duMhGX0fb'y?onԯ:gvplч'Ŗ;Q?tHSϐ-(/gld&OZW?1/]N͵%c[N/6be1Y|$1Q63[ڰ9I %y6,}gRL;c>MEWNgu$_g:}K/^},k+{rAˆJFoë[hJp1L+3mU2< Iхn#R݆I #?[VleﱋD)Μi\FMprXRŐ22jfӖ ]Nq_OM^хM`%ʴ;.H|1l$8tg3] !iT?"Y~"Y^_ous9TW~) C( e$@۩NXsQ {1gܿ< [sxkjiIg"v9byw7*Ł;NĠx_ _YOaAU^?ZtwfMx| KlF`|;駹щ});Y&]sGZ2&kW|<%/0+lqx.>$J>T<cLr}޲`̖؊l1[)Lx \2'7_Qo}m&CFzG;Pw˂0gm5i*[%鬁pKk5|mZ p}C˔$@vw$``(!ۖbI }DuãM;_R 2LszuRbXѾs/CƣWdRGu }'X.>Lv0Pb=2]5C0$K?rz9,uqZY~ϏՕO֖G*.cęd% +!` w1-m!1\N|i=4~_T1S^}RI>쇁`L~aY疱)egιE conV3wN͝k2Q#r>F) _-!셚 \P<P[t"Gy5/ {^T&śJT *ocDR}6pYgZ%7r}mcB_6ѳnWv6,:H "0i#\azUޥ[1c{Vj}%׸h:s"ΤXO|oV?f(QCrr(1[8ts ۔pY'n)s&g} 59o$6 ?oKdzgS:YxpA'뱁cFwzF>/W&>`񥼠I'9x<ӵ`>^) հ (Kp0J>KKˑ>bI'/Rv?Cdb^ s#öbQyz20"r6 "6sݚ#ZHI.;_g&)}Xz dJ׵jɒK< v,y C@2!,ϑ';O}DkLDӪc}.vdW~ pus)̇`eJLU84vq |k$ʢI_WwI^8B~S|UqKM ʻ1L uߍO }|$"i!'H{l,Y!'_mAjlBobuիG_ ̩A1~oo,Hv:R' я¥ L0Aq4=ظc-cPFK|6qWRk)v9'6mBa\;N1"3VHmb6%$[~!vRڸD 0ADХtr&`sL)*-/ܓIe5Pgޗ/7S&oR: 8r +oV=!=y^Q-kH#HY qտj> d@%Vѳµwjy;Nޞ SC9~To7:LlN Bm x7/mFppʢI^/On0U1jZ]mTio 7ǙM_nh54!%ѴI H{LEH\'>S jb`$-k!vϱTú'>&+zY/^[t+R̰# um3FBB9 BPDCyA@YⰐ`'I&S>#_>cUkpm`] 4/ {_9 W]+R`.@I0d?eW=7XԺ:=~1'/i_S1߁PDËM_/ &$2I##!! \I/7Y0`fbG.!0J`I$I$ఀzlnH_!oO*ki\" HDquPBؒK|_:u:R7nhKi(qԾ ͝]sQՃM_ʭT)Y]q̹z籜Գ檬d/U36mkXX9`@)!"a?r~6d6a& GؿBJ0!@_ $^Ϫ0 `W8l;#8*CecAH SĎӅk(JʂI̮sbYeĄЀMPr)~7[JFRf[~, 0w >y~B)adNjŽqgk!jp㹎6ˋݝ(ZεR)[ ֒@{|$am@Ѳ4{HMBD@ |@ 'ٶ(OftV!$=b@~(ݺփ;c.hutHTdٓvahB} <+]NV˱8\ZT9Na]0WƗ,֋5ghH4 4؜wqoqN:r^ՒO{ž6 "dq (P38pGxW嗟4^ȶ$/ O _VyS;ľ{_ڮ^*3<귲FuO܃!}qI.fz]-;hѴZa QWEi` rPJ8sq9d*1 +'nnxI W"Vd9w QnTN@=|cs(]ϑ>v%-+YmYj|P$LΞk4V=[n\>usQi}C&H'㴞aA}h BM).@΃Hp ׅ|3vn1ULIs'DEH!J횈vkgS9[] sn,TBɗ IAb>}Yy*G`˶#B^&;}SL?aHߺLx/o_$ xADbK.)DRd:ڷ{jNm6 1ԡCL, * (Ճ $텬aYcWN.oS-OVLJOv6$m-8{K,AIlֶsf;Y{^I+~.o[1Yl*;qVMاIY!1.K.ܯ7-z-3Ӧ N˾HDmMfrD}o1W8=ngYlm#V$_ 2u+{ gJM9bJ/~nl}+\z> W*R^ׄcͯS+@id٤,x?CS 7'26 @|/! g[hfM(iCI6NY/ML|-,ژilC!MI"ۺO#kVY dFE` hc/IO, \v't&f_)7{|⏫0?% gvN-xrqGr ( 1,I.e4g`uRgrn^vk֓#`vRO$YPQ!!9Æ933"e!ϥӣwif ؊VO)wU̬Xn;cKӴf3M䙲ESBΥdkqd1 6޸%X?w-o;Oz޻]jduP@־m9BP4URR9_]2YË|M~bz}nU)jU٪#>M|Ot0(j+%gGF#U!^M47G[9^J2`wC,3e)ӫd Q@YT{߯I46ڂkk#hEu]V64f(>`gMsgF 1 vl!ꩼynru?O; D\V4#{Eg\92є_+qp9 Y1Uzb+קX[(;<~^ش^wEdz>K&~KgAG~VSyqԳtW$KȢbCaY@g P݆jk%7LiJǹgcհ[7Ȱ%ڪp;T;Ru_h?㖃k0ڡƗf5? HW9DzGH:R:~n8;+,/%M@}\>h$REŐDdllHH[.UmmLU-bc3F|xgIC] aY }0Rر#Yv`]kÊcP(%6gjҹFz%+c͜j s9zn+Sz#)MՈxv6jX>5{H@aEc3RϚ3p/ 4X~=A;z{ػ:R[D(=Nk`py|mq^efWuTuѩQ!=5 T6-,U6*Nf!IB(jDž̛]7Vzbx#z+J:˿lJ߭CFxQ1|6{!a(vɶ0Nf5پztUUxs7׏C!9BcG78!8%.\˿=A]6 澇Nz21F@fZy6"g8Y6+>z|7!0X[@CSyfG>H% 0?)3@pDt!.2 INou`y&qPۇ׷X!N@iC'!7K_NmH ~sP$8]s໷ɒzWcB]yVs`}mҴК.^H(2nND8c[Bߖi:uw Bh}7\l "W ˋŤ |,e6C&ľX$&(X~FzzSE$+,HV$.`pizBO}g!m鎂]wy;m(G N 9K3Ię4B{;9/PJR3G6*04a)z{a$ 7Kj*bM2(q&^e MbrW@۾~'I]l6,R]]\ϖlPub$ dz gD JvsWQD$iDC& [;]}OTYJٯy[w,Q=JɘmMz)}mr>o|ȥ8TL1" OŰyVȧ 2+`*L`]%ȍsyvvUǭx^90j,1H%\+Y*z=պ72n!zayJ)!3=X]Z=AɹC[_jl玽v띋B^-|Fu1KNnyTz]$b)V(y%d?-bޘ{|bEh Y <ѷ-K+ $ HM CQn-=%[o?!ٲe Qp-+[Nxy i_oXA_۫^f!AU`A~tI+\PD$up8O# ';<[n5iehgvh6Kk'Ҍ2m"ls3Bӣua !8eӭN/^ g"wȕ,uy{[ez4{Z3Xv{x V⫸m{K}ϐēؐ6HCfn6ս;Sl|iߔNa~6Je =X lh9di8 re8ސ1"LƜ߲q򙺘 -߃9 ?s+mnE',~Wv< Wz fEg_ڶ΃+N7eX̅tu`ސuTD2HMdPg)IPX [[ֲTeLd@ k*! !.u#?/}yZ Ĉy(; ^Xar آH4^!9A"Hko;*uĕSs⬆y،AֱZ&澃J Y3/|{bߛ+g7]e@xn+|z|Bb.-1,cɴWOfFB$Ren9p/HքVP{B؛%77F~xgwsc|^3 IѬ{oڇ^ڜ9N5f@TH*SJڭۺQ3L8:U>8ʅ}uzw]+`\]ˌL$QĠ Ⱥ[&q@7&;K@ł.n]fHX1훽S>M)jrg0ig9ȟ!g_k !KcD;Ls?b5{C; GM#dW-('rKzu(rX,@sԎҒ{>P\ԼcUdx6R#k:Ls;E3wlN ܚ*JTbcZSn0fw*^Ul05*ifc@P֫ k`ExQض*N"'Znb|/)6}8APri5lJ 6gcf@ULL1?đMd>HK@2G ѿkn\[ <| yA ETHe@Wo>h?Ow5y!"Q-ћ%u{=n nasE IvhvͽV~~~ޓ|)Fj ǽY #:3r "7<Ț0ٛ$g3jZ뺵ewv{jFPi۾=_#r6ZwKTb\%L{%G C ֊jl=g`MWnC7ɎJ~}{g'EڝϹN ouef׋6vm黡`\0O.܁#^u1X`h/31a$?]jC2\lbNX|M8Tm_[La0Xtp}㥜Wcʭ ~sNJ; (AGwVhR'20)zc2 *Ng@IQA&f=4_>1V/P UZ^RK&J~-9&}8o=|lA?g=tq!>5m㙷,- ȕW{/FUxMKb:]NI sƵB;]r[6*1[} %} L7 *0:1dlRfP|kʸe}G36/!'Eo'3̤\VP2.(t*83VUr qbGSeiYipl_hg12T+B@'U4.ffrw+[RG $THF(ȤT@$dDPP$TE-}]=.yY$qߤo+5]4Eoώ.#k~V";xಕOO/lۭޓk"6/ :ưKVRbx{L0T.9W&Hq D+3B=aꧤI4,#.׻߹lj;YJ)\yG!AQz;zezsp{_B$>}3cnөۡB> {荅G!yS`O#×<9oܭ#Ȉ|d|'H7 2:2BzN -ˆEB01FIY ?aVtȒJɰw{z KVs8|x/=.**^ a؂twCcN"@:($lF@ 0bD1(``vbzO><;T}O㏋~/c1#g4_CU]Լ iTv?`a6<-#aPR}dk$ %@ !VUc怦F2.hS$f>1 2dZȘnwaX*9HIwBH@nؔ1O3I&@=@RzC,#o˰ Q >uHߥ@bO@HK$?@@1m>Uxi$;@-"6 ̐H؟!6c<+0%FɎ@X} XOyU'THEi:]3J dcnhZ |F>4dH!+ =fOT bd$$E$ !'앂  HCI(d"B"AHߗ!fav_э[%V%bf rÂ̓_ۧ37~}eL\)}!}@E G"СM؄/З` |Oa=@' d1 x1{ @"H)@lِ%d$E$;P> `Ą6ƒB |]}Y D=G3꠪ڿΒX!::X+Ww?1Tc/JZY9/$$]ZkP6 b!m6-_v &El6. bf{C16aChl{g(fe2N^j葱u+09:%?O?2 J`Y8je_|H $$?%H"!'P?n*B| *c%@ }/$D!ʢIR%Ir- 6/Ms H`X GhBcrH6`@n ,(wwp]̍w` (@ `$;4˜zko#r'O7 )3%$ hxTA@SPVB#JJ|kD6 $6I#,Kӌ|^-E{ב>aXoчiS*jm`2@$ I?qHI&2C踒H '"wXޤCCa!>T$VBE!$`F/AζSͪDwRM:FO%JmjqAo:^)Z9BA#%JavLlBGFĄq!C$=.~>Ufi/> u!cԪKB\fdRY]ǞI侙oT_0JU.zT@$a4SH:WHI_BB}V@'VLHi${V1ص}zY=bd iUwQ|  82oSttK34@K`EdPpMl=Kwg ͻKb ,IĐ<3M }F@q0N7_M~f-N64 :UhY^d̬~?4hHxH2Od ?g<#m䝙I$A$xzU!^iD˟_fI̐X3Z P- 0KFSmpyyXt'an3V{ٻ8dFD]`#ޱJ \'1H FJufj?wSm 9Zd`p?ߨŬ2.wۻdzQI^ݏ 23A kO dvkUJ%(İcgV~攚nP40bN2i'nf.ϔ\;':QCb1ՏOg> Vf "dFGiOXSZ SH j~=@ _x;MQ t紊$GRSRnx?c^G N R.^`s @es'YJ܍Vt`rkŽ)JV:Rα w+,-f&r#,苀*r MCށ+l\H"^|fov]]uX:o4_#vE4Mt{OS֦fl̊4]:N*JDX?J~6 r6z 0ރ_ A/;~g|WWuLG Jrwj!@ QXh`~D@3MEeF/ X.I6 VuF,Y&'`)|#O! aw6o$HMj=eWb /`VlVKqa+xZ.04~ې5ѝFhJ>>k;W΍-E`Hwwֽ_}lºJ r3(x38V17~6J" X;]5,VvCNZcd*愄B:b p/~oW5:3FtQjnMH d]/w秚,@ k3$ 0F-vI .Uʶ|-8CAHy0Ľxu!{ӅE"/ْLIw3.BOG0)__K*] 5ʋY4UįXRN+6\7'h#Q0Yrk>ЁcߎLӱat@ڼ|L} mӧB3*v MbKf+{ZKƊ'=bI$'<X"b߻Mo \!b_0_t$g~:̓i"Ry.gm[܆(ty1-Q 'O4sTm eD`tmIkcs: 澚1lRC8z2;8 uFk4LSM|"$2!CȬgxRn@nnDhm?yRx7r&D e+EB ޲ЬT2 l 0>B1dV5$nʱ:rd#ARD;DU 9,SݯPDDd!)D YF@Trf6DcHؚ$Y ([~ӈUMa( >lki>G]l W f3ؙT i4xc{I6ܦ63Û3].XXet;ӕ&K-oڇ~-Kz-^nffrhNoQ2!A A 7Z@cx\&۸ҊrCv'sꪴ٦ϣd2 y`O+p]w7c::M4uS "lƫ@ b/3"#w~KѵF0Lނdras2WNcwMCƆ%BHEN@yL.4J3 pI!{~Fr8ׇm\~>vym66Zhn {MhR[SdA ?cBC;903K+[x"hrB I 5;CrOy;l%H˞y>}«׮޳eC<*KGjjҗ:IJ ;At0 jOy" 6\k3Y^~R;43rf54&U\X._~f/Ŭ~eخ$/,G?bj!zoo oV lY,R' ER)16$"` (2E FDOh Oc5t{^N^\#kAZֵhe7Yz^1)vidMkwkM2-,6A!ۥncD[ClabĭkvS^&^{Iz>E^FݵjtCcmRTXȈcm%<B FGD -AJ_A7;.YA,j.HD JAA ȣ|%@A΍cCI!ە9ū(rs!~)븑\A@Q >!Y.BDAa'xkkBccCcGڍ(w{jq.}R$+\lC|c:Rz'ª*m,E.Zn=7{th:y\ [Dab)3=eO{ŔHF.Rp ?/Z ? bL 喆pPIO{m-H 0C:g` $0&.[ ޴]H_њnQ{=N=ur Dyp^w\L:ݹ{\ŭ۹XW' ܒ_/mߵ *\=^4~_`PvkEI*\kc-O14 b@H/V^\00}z5WDEe#b(( IJ#hH9d!yT8Z~PN]f5DDsEK6,e5[|7[13SF?M #1Q(WXF@J6@7]3JTkSjX6(-z؄jRܽď_NK}뻑|j (9< Prr&@I$RH oN+3RLБ 7 'Xr̅, Š$ѽȿMvrM:yx~xұF5xDiݩjFiQfOPƳD(- #2'eLX ]AVFUw<e{@pU)v-Ʈ0(+y$phSso]] .toY\gF)ZC+qS,c?Cw{?WPBV^80Gn ~IXT cC\О)/RQ?kW%R 0p.G]6D-:~ڒ#S=cJC??Ym͙[wFef24y,_W{/r}^$P AXJBfu _HG>g]zO g=9U!B<$AC\uJBjM)W ![ zqF-+rO6?98p;lNL _)HqFk !h1ضoH ( 2s׸_oЊZ#(/W;oag^t)T4TI{djr'k9fYBco=Nf'@ P^ K)d>Վ9W@Rv;(4p¡Mz*ar U8 a@}Sz ۈbMg޲4:" ,ʩp_yw -,S~뜞&ya G%+w>.):2+֑> p2{95]p#aQeuw|B.۞g*!/O2rvT#sf}7;:U[+n*ұX+@+kIu,O[~3K}GV<1_3qF@F<.MFq!,X0`ɼ!|a`D4a#̹1[(<ͮ]~~4p鞿Eiz"٢f[1wZdIyw6êN̂NAX 5$ ,D q3 PjoBI,1v)b@$Bn:Np5<%bbGԚ [1z{yz W!-֞&G& I1X3FM5ⷦX X/[9)kLbl-ML\5-xU^6-Tpi31:Xp?ţ͛' UnӽYH>A˗vZeNè5H6%ůϊtC yZYuw\hZJGP*66O"é?<v_*XkZ% L$%9R&hls y"fܚS*dJ;!TP%Ŷ'!ok ϲU /g2fLh޲ܻs>VpcӸP,wopr\9/ ֮q+zt}gOH'+s[+Ɣ_B讻o)z%--mY٪I 1K/= 翅#iv͡Z.R SVbL8A+c@60K?vcߚ 2ӕad 4TU[I"uLIT]~.t ,{d ˘{-6l3%{'§՚LҢxbthlXg}":rBHŒBJ;J:֝vwaF-bPWqy3ִż푝~ (g":U^4':Wruh˛{ƞOLzn;=繄:ax/ [?P+Z$(}NvPU 9=$򿙆k@tW*`w%u. $" 96_Y[gLjK#wKIܖ~@֒~whIֽ{#pchhF?PN?&U]zwJ'?vS0]3nG({O[-4eҭXo';NYbb%]7Og({7Gf Qd>k*H)&.یvfͤ &cEG 3QaǓXFJ[AeS^ U[,#ߧǒ1=Ƶ;yEy@>Aq4K14 ILbn]סq%szkصƔAn{A1ҡӲJe93Ŷ|o-PVZ~!hr)b[뱾>tr@(?Nil(q9MCCqūS0LXo9S|8 E&9(p} |rqJ[=mp#NsIWt"^(w2]&h)ݖ~)3uKCr-,Rƫg x.ݚ1J*,,#Vt' 11{Rܖ|9BG $^ t@v/">?WHsJ m?t\uoه@ry;"LhR4WL&$ ɚ^DF BH1X%$bI/fI/hI 8~25! LK&䦄/+]@. Ab{zLWBѾZz+.~sDJq @lOHLMWV4>G<ĂVėaR@FƪDĀ~zUʞxlU&iH㺗O͏&-\ \qz mrrZ:K]D**SUn0K-M'ބ8)$)F:fu=TC|]Ed !2B i9e-I(fBt3>C6@FIZIP(A`)~A\Є!Uvz._k_K2. "QGz v;ȮcJ HI+Pήɯo[eZ rlW*w ['"QnX)2ApJqzDVՖ͍ UoFEHN`!UǜڧK{%#~ARNdzC_/$&%q%h Đ  4x[z14aۗX>zun7ZߋU#ܷTI24h{HLimlO#{K#B=sR`﷿GJJ2Ա!:3Gєc) 3Q"H2eKIM$D$P;ĐGZM s [I3@ei h&ЁOkmc30fMl7Rz1>[BdG# ?˝3 !B/0^Q&uIp€HkaԼ#@_Yb>1^>=kj$Qk֫w:}-6}ʃ;7})]XE]@!6$S HB1kD*OܰH, td$5 {TmӃOXPtgU;U ?lv RW@ڳs-8|F67},jƻv>$,6팩!DR\_9NRǛ6h}ԖZUk$ U@ɼ߶fQ ^;376!,kJ4hdLc~}*8WF1H .h?cgY*"]9_':^B)Yɓ˫[e$#2"BP4ƕΒ^$%nVB_?SFxtɛ(dmИgs~+Q[iZ%{^촵c!U}4ϦqѐTcˀ6`zaѬ1dߨqnTű$7vٿ" $}`W$l|3İ+ۗz݅(F y6JGw4$|'FPy1m3or!IKw=;ƩѶeW;^ z#2l DBmB~ZՑ3g\7D!"$@Dj0/($s.XuLE"I^*؜ȟOG?WYlUJ"/U[V%U sf $D\^&8􎶉L k E|cSٞd e0-ڊ1D!)16 !47L>Q#s`EZ(HBq4U%UpAiے6BD?+gðzYPrE @[x E띱MqÍw cm6PllmM1$X,`,QMM6Ŏ~e-'anv,ВvNX%sϧ=˦ 0M cCdF` @P*"`)VϾ|L}a]BH:DZ|Y0+TxhRKO~x"*|fE,P/JU~vm×xHB W>JWο74@D"1 b 6 륂^rV)v4ޡ' E#GGWKaw.^~Bw͒ 5⺱ki@C 82^$<0}|CXdH֡;u(v[OдkHpuDŽbL$Z֋ԛ8tWp!WPBaD<3]fzuogmґB1bBɩ~v?~gvnd]2 j+umG+L|?,0b^FVhޫ}f_pkIlTäen'2:Ӧ-uh̿{aUKNqd$8 Eujҝ:kͭw +; | }nߒ={oŢz o\M6 vgW>pȻou;[*~ZTґ:-B:v5pv/Md LN}!U40$BtM֜RعI{I(hl~}'1hCmQ6 $b)s6R9%]XU~;.͌܍V$LƐةcd >cNV_rw呿ْB$H uA'tG7[g+l_˹2S[&"C#$ y[,=7Ф҃BD(.~#țS9j,ua:MkZ<2$^YZ֍*.=N:^@ϐff/\$$/q+P0.]c q+bQ 757ŒږT]69FER"iYFk476Eb[IhV7Ʌ[\٧ަ8_i~ce!m񳩭NǺmh2{apYM]u/MS T rn>ui߮Hr1{>JٮQoǝ泀R)'˹[S):^kt˨Ia?~j䧞nv5hf;^{SV72e:%?Yy}-jMb0Zb՚Dz]~6u{1Juē)_Y9>YOv(&gGPs׼槸­߇H˽"R8g1Ǜc8Paf_=RY'FcVdƕh\`w )CQ.i)~ ,-¥*tԩcBb<%Vs+vZ(d^YiP"#O6q$CL:能M7ie0z'Cbv%/Xɨ%yeYCޞ8:h(Z7/O`&x˿&\l0Wwv9Q15Z]Il@J&||Sֳ߰Q |[>Z4GG F+Ɖ9 xk)dUM_ t_RlI.߮OO~ɰY?cGVgw`=%!\I+ͼFhEs ^~c^% (RG9>?[8akPǙaUֲUH""w!tnh4/Q8h] g:I$axZ f3qinf$Rqqbu0OsZ fDBGHh0NWp:H!b^,uM \NٞH>c)'%5kzVraС|36äȊh[ HP(M{BT2^|~~?ՑĐ?C q#3-IVGJt>|;\"EOУN3$Q᯷'3mMyTfzζk +rº~fEfR+wl< 7R釈$,!Xo:'KSכ&vpy4bvhDĂdbc-a^jO;P y>x|mFM ,;zyxc]:?. N6D R`c"$k_i(N#܀/3#~fҙ'?ufAˬ囤$x[xTL{DKiRΌ@Fs 54OpiD{t>vjev%aP[R%UNJdgݻN{ÓY-էܞ^([>UF oG:;KjX]|}$wkϫ9?++|M_`(z^{Fƒ G3]HK;U::^ŭK$^Dks rŚA=SJ'âBP$?!*?]f0[$c *CF]yw:H'ag[vuˌP~221CŦRV$G`/g!6$h4Z._Yω,1 # ק>f]V !a(sU5p#] B O+@TBoH~Չc1h "Y,tF,b ʨk8XwEcGC[R@RĒ͏f؄FP˔4GξAxAB[iKӃmWÉI:yo^CӿN}9NG򟒝]:ƒ@llGoh @R!+opC0 { * ʿ c9=},Z͜Y[ Yuh B G̚>Oz5}~I0"NIV~{_koez0W;/tՍ3 @NPG` h=BOkb4)`!!֋ݹMy_F5ͩyɺ[]m޿ 5}.'7b21gv !$|Ɠ`/:{4;P̆i^m6Z!,3ڠo!mi#_}?j©L iA?C1!#4 iIz(7RS[֑6VC4~xm / l;6caН;)+/VZvm6Q?cƿ|uzу.Nfٜ~iUrIpגb9f$[ `ƨƷ2=szVݽVM%v2B*b3ZH7li% K=AcX޿KFUV3dK6BC/u$f tOLGo!Iixl!5H@"W`A42dB4e)R[~'-ZZ03wGUD fDgi#=hM<! u/hK R$PN\Mge؝$]χb%gg\4sXT! $ gw4hOQm1/\DL2RHC{)eX e-IV6Oz5 i*\LlM/i E-!#qdBE!`'FA1'J8!s>WYӱ7ӳW57i <92@dJ:[ډH0zwP^$KE|l 5tS==SR~H"(ĈbдG9G˂@h+§O*ԐB12FLĞ n#6yR|M>o[WljFNǏNlb+px_MҖ\hm'dyvl+랷ӫ튰QE`Y>&c4?~CCPR"$`(I<ف #*'S{z!miBJnZ((DV|U͉9^>g! [O?. z~yNW0|mztύJ͙QgP1.F8DU\0A$i:k{Mc̾7H ҷd$Y|NBA@@wvg3mp?y TY FQ`"($R "b@ƙrjSem[ɪ)̕⫸'ИQc]UӠ}^oڴ}}W<^ٯù6{j3 /'W-7hXJ""%(Rc ?PCoFHHIi LI;V;k9BCcmpWYk\w v w`xaXG#e"9?92C+sq4ddٲT2PrVe!Ş,LhmdXͷgʝwت\w%x E\tN)|$Zu׎[36vƁ_=bvc䌟X~ZR~ (M Fi* Z2WgM@$ghQEsO.; GN@*#Zn$ H`y嘈F,]R *)uޑH- dd# 6|H={k\Dӄ  ,@DTDQ*(* sBO|_YueYEbRR YX(EA""1aV1`+UP`b"1GT+KJ EX*3N#m=bSV]yK%i]Ȍu^FQr $Y\!&#q޵69tצi5xw|G(pI `j()EHVZ{;tVænN5@QNgbs՚S'Zsg:՗u8y&%Fw7C71])sUv(wڰ I(G AI$b%[tdg?0e{7vβԜX!CUam -Zw+d Z͉ьYNM'H3( SxKhf;&%8f;LA+52'd+ ٛ|VvzɮKwlh Ć EP, UB,X "X)EPXEH(AaTd`TR EbXQHU1bD"EcV E#""(Ub`"" XcE`EU$PF*@b E,dDEQPD|F~{oHn B^s[AR(I$X$ 2ri,%i kR6a7y-B.*a]$C*q>>xshdǹ݂A<78Q$3J$I'襀Zw$}(!oOt&ƙŰBaf Vߺ|8j!󲶩"f, svndDƆ3i}\Ր!+ʱ'2Wȇck8[@\`_>¸)U(?SxM{[OSl]۞uS<Ŵ `i 6LlYFbwPcϫZ$錎vpi'cMf0>bNhg~s6cuÙ |cO~H"mt iCʍ=`\Wx]t ZZƩ(ytt=\2vim%Y!gǚq$=z~0үIir%hdnܳrW hmMF\k~[xW`EA0>Lxb߆Z,ӓ ޣ/9O 1D4݆93ߘlw}Q~+zoW% JR!3*+fg4lDon G V"dU3hH)ϛO$ܤk׏N%$"=l#orŴ vVf#$/aD!υݟv˵EԵ)y5֧RvqIJh`'٤=uNY=~2 J :~_c<';Of16OdO7Ɵxẇ<6DS%TX{5ׯckU䲥]>X6<#FTr(xlF,JVh4\UI۾Y\V|=g^*vv""`bEף>%=Rq bD]}xw{JYH,ef&Bzv }ԀE&(" ܦ!NE2CqB 6.r׶kiөL\g\+אHPADAV,(,cb~>_q# c2##\HÑg+XK$ m+-)h7~?MC+UL2.{z?A^˹syʇ,p܉`l~0c½U>Uu2G{}5(7Bxh)N_xI5oK1V0AB2 &.+9?_9Dޯ" I.yJ#´, 2\A.<9̵XR t°{$8Fw :Hl#i4&ﯭ TFlWYWcteq<b_]^u $ y3Z/rYpX5R XdB_k7sY.L/bOץ#0NrE{{vLPRU:VаgaX!hxMb`\Av"PU܌U풤$)k,v$9=9 |s4sR{FF ,'%U擶'ɿi}OOjQ7b4OjQO5ޅ8܄i@IE%q4Xε?6ά=v (C5K{^N$Vo3e GnoST:D9j;wwve*xaH+KV]}ϝtfv.ә;);cq!\ėi!{Vy_IqU&ly%}֫f9DT8Vݽ+V ,6|Sa'Y0*ϑbz5}<6V7ŷ tT{[bj_vj+ԍW, d+ Պ@ T<.9tF aE F/3 ÃkSWs*:P>S2Cl !y@*0юn:O;"GC{F3\rM\Zߎc^lG=F\PQe3[f+Ɛ H{GW4FzU:(.m_Lv7:uK5YXĪZell;Uq=F8tH;gc:o60QR;Gg@i 4A&-4T\cٲ"niL}k8z<)+ȭ܌ŝ  i]m>O-DHRHBzFVMD6 6J1\#rݘ ȷ-WG;IV]깍!CaDzË,C c6z@%̎5]{uOkvύ,.1I|Yt, \8\}-1I꼷&Lh(KmbHtDkLE1J, Yp;_H6Qic'O6TNɩh<76?p#[uojҭecR&gAW~LvCפ_ޛR  x*OƉV; XbC{ı1 tWVy{LAg]JBxlu_ӵ MՂWM#Ҏ>XH_"\HJ 4+]88_cb\;?^UU]<Ṷ,'*՟.ٜB?D8la~O!̔{D9cC^[3\ő&ߚlaƸ>\Cs=nv'dK%&39rGbtS]Nj}l o`3e6-1gh5==)yjaٚ~4ϋ9HGwd@3aAꙠf,dMm\& I>dz] "tHH!n53W~ O!B Ą3 NVܴqjO#ŴXd6ć~$wogbk5g78q1\ FnRZqRn|h:kz^gm+7)Hb ! ^Аv~)Y؛҈/˴$Rʰy M̌V兘M˰Q}w^{/5JL_'kVBG*\h4Iv]%q{}v_h4oe 6gc#I#b-i:9lB? J /̌whl¦V6ц~=DzuXS )eI$kĄoh)L#fvT*iua&MsK+09{9ojW djO!/(f$Jbs}^XYVPiL-GuW6ś©mrUԦa(gPm}Յ("%[7WЅgP6IhbƝ@`DXH0VrurmE"HEL6̂$ȝYТ `X j󼍎 0EEaSNlIs4iv!%@41c"ZT1boY ATp1.xqQD80wͳ`4 &qйFC& H ՉCe] Q { \zu*#l!kGRH!& s|Μ+Dd8fB3iLS@l $A)[66 L-L;+l8X* `4U]am4rMƍUeiES0@}F2}:wq2yW#``,:݆ܛጠH5pb ;qj!t؅$!Z'$3\:1a|Z/wr ADVӥ$3+ VD;DC5eD f|N1 >p.dV^ga- ECu V _3°cSLnZ@4^(ԺK,v Y:NUdᘷ}+AOn„> Y b;0k;Y*󺬁*!H_g—URθ6 m* 2y3*h܆u2\̜D^"I吝l O{eOg[)1P 0R>O_}8⎃eĽ{3xoaIO$&>E)Zy;!ݟsCﺒƈ9w}XUdd؃t  3@0똒 9lW<$83bĦX&Ӗy\Ft?k_=}fs=Ȍ|WQ#'*4i$5Gḽ̌\B$@C`:+W+9o%UG1Z "IKFMzّ׷jDmmP瘳AԵӴHH޸T4n PU1hVSYx|?۱}\ceL=[vu@g4W/g%!C`izf+WKScD,, f8$#rx mnI.eXM#J2@ BZ655&$$ 7¸OɁyM`# =%ߑ/{*Sd7>9#%^?d?NqOOS.YAʥ?^Kx[iTqBj}u3tkjT92YɌqO#H/~X q]bd<.r[t8 Y^y?ݘ~REcR DE>wщ-ZQgQPB Nyn4 gXeR.MsB E3-eJ".w! dZX^lΞǽi|_5󈷈EGtxZA49M_p~0ju5@g5>Ja!7.ƱV /CS$vz~^{cw[) &T66&FfN4DޚE I֌ Y:"YL'-Z[3ReX2^;ls0NMTl}-ۖ/vD /i^XtM L=&0@72+.Ec"t-61 [ݤ/n<!^p%g |~4Hu qQe6ŭD Tʈ/pv3S󉝞7xX,x H%{$7 V,w-@T3iz>`fV'cAw@t誔On,jgvsA˧M&־wonAhu],u`8N{u9tw4mu7 clD-|i d/=iyܘ#z(dH '3v 5KdٕR'.k4J!zuucWv:sѽD)J_%٦o,9W'09R3&&,Obi.Gط2m;DMXpPIM~s@@2!Pv# 'x'Pd6{Qw#3Sy 'O`>*)&% Ew)ȅ==}a2xi4ZȱA4^AqnԌdH&R`4r'KNZz2\I )Fsn~MK(7S $6+]b]J..*K*IAV$k$b0J)UkPtJ4{GRs&*"qߌ۬HC(βiBsV&8[dhH*5h@ eT H0=<(HCSZ1$bm<7I<-TX*Ŝ:51Y")[JETλ7 IoRv4-Os}k;ymQF}헼KZ"c\ND}K[LeO~SLڜ*k3Qbś-Qm#"*D{y.wSV[q9s Hml̈?&KyfO*}vγ๢ՋK=fLF6V*{׃7Gv52p>ȳSӠNpCgbGÁwHL=F=V[nwVW&=lD9C/KBޚW':?;Ψ9$gb\PMnFU ǑLM7`V95 !㻺&ۓ{5ӃHJ$XZFa-^k35?07Ymk'");l;iƧ/x;E`"^QȞF#WIzxYwq Ր$`O~IHZP->M{d ?#!*A d66XOX[G}B=KE* %(@A[b!Q^&{G%Lìq{Ri5܍Q!TZ Pam|lIH;# ,#4u^ap@IwVH"VTBv$l!*knZ2O+.jCiwoC_/jUOSDXIf{&8tX`FF_O&8\e\YX\OZ.wk(>ALOKky!%LwFKzER ꄌܹT;ݯ4J?y"/6߷yiF3QjB6dI{p!|Fdžm_eHc/h[kbk" w{)BI@Ȳ"2P%6ѡ)15صY,ZlfE{i$ƙ[uaW,O ZxR6x+f7!1%9| /!6K Ż3WՇϺlF};2!bc2ުk\+zf6g$CQH"c v$41&ҚN?i9xઇN-@EHf S@XHR"T m4,2 v*dޤ;*yU}0ӛ[Z>a ~ g-ǩ$ScN׸e|ڍuD^ꙵ&8ܭ 'xuR)W >sk9FHkx}.C2 DJڜŷ#H0SYtUeZ$kz0(-+w5̅JIqtfx> j<)μ-\u$^qwfE d))IBDbtJx l(ísP{JҳOE8OMI? EL1VuOsNv1AUER^ogMF߅XXEӝPVX  Q=`eh(Ȭ[n@taLQAsj 7#سIތ)l:(3-egcdwA֔|H%W[4.R ,&`*q6,Z! kvIk E) "."3׽unFHJR˶VVR `m4jܟ3q)R]q9<:z)ćBz3+SR_+ 2lY/P֍FnI spv_M npT' s.  5}Y] vզ!P& &ʮx.u*8 d\:S qs^܅CbH(ҏK#Ch 3&_1 WP멳p`&ܵ=Rq_Ɣ,gF GTʑ_`H9c7 ,L8 (!4:iq2,Lɇ,Jɩ>uBQKB z Re\gwe>_z ʡfyak_`0UolݪbY C#' 8 +Iul h\w l9jPEUlN59~9tJRךROe$"H= z=x8qt~'sW3>''U-{Eh%U3U o6† 1ƲP`}6$fc]yыQPPH$֪ k>Fב4R4r'@A2`@6DAnJH;VOtT.|ѫڌ2fhZl44мTGV4Ė#22n\yPdWr߄>v?Nt(bdX<߱BH[yʇH){|Wpw1"DWr ?u视ƏJX˃ g\BШbO[ :_{=HWnmsΣ-bرduLtE9̌qD I fz K՚`Z w7~w\v:9??7iDfS]8r1*AO)VFO\׿Q$:]=DeI FiN%g~FeNgH52RPrVsB͍s%Ў]ƃ5jSř/QZl켟dvJ1 n]c7Z! # =oֲJœm!lŮ wgp9l}TL/3 re_ ݣ?fý~2^{!^ Ӥ, Uɋk$V482%bǜZY\3_sL;+}ݷGLH뤑N_f)첟s=Cy˸6q#I0x KZL$1BE]eE< \*/ζYlk} ]2s;z_"o=$Y@Đ&3*dy;cS1noohŧ|+]"<[B5!Ą/reIi˽.e2ii-->Qϒh9itv"eLD`E1#p` ( 9hyP]wr> &*6JV@nbY+49\A{p2˖U9Sw($4}Y7iL7!ns `37eX*r/a8 ʵy% G [wE(dsY0: nf77R?6kf9(,)믍~  QԐ=\vtzcr7~XiO26~$ lmOډSμ4w*qkb&{~ii4!1P[ M_l?j@;̢C:;鹽M=}7?Q,94a7hcPI/34! ? a=REL8᠕$RA yɑ}^FBqw?ON%ݭJSj*l9gVga}N{h61/aSsTOAQb?hmt0_ǣtdrh9՝aȆyqrq2kme&X6B  a#Zh:'y(U4{GH}|YL=zj둿M{˴W_ɱҗdsLjR+cRSּ*}n!_!l տ,E]!d2eŮSojإ̱DE^z_B`s4z- Q혻ߵksɦĞpVOY}{GǷ-Y 4?tְ bB-CgMeYeFGT&^}|^|~[bx|1>.IE EĒ=IA!- ,QFɝ*u{vE'O~u]Xs1\UXZ-X}֌^R??RRvݢ,٩DZR~o>&꾝zu%B"x !TRmxֈO$eOh<BId23WwijBRv]qd_"\)W("5ر| ZsX``r)i /OU$p$]U;VXYԂp(@`䗢sBKٱ. 6PIYEf}^֙i"sFT^gm;%'tRȑi, ނP&Lv~ty4v餈 ;_}g^TԩC1蠁Ňf1-r^q)PjD|t&lBAĎ'?40kT'_KDžK#/UvƯ^'J^L~!dO=vP1x.ŽHiy]yM]y}JȂuT5F[K1n+Ѿ[t÷$Xx2= zvAi~{BeRUdK@qYryz1ad7p2B@DV|2MQX}z?SN&}Te1XZHM}kS$~yVw6sidT]q:me҇m+ hl( B޹%hBN:qowVot3س'LOGh%bIt@!^l=KFABͨ5$␰4Y˕vo|lb˔1?a,l5jAjAfVJfl!8./Z7݂-wiqޞ=B-ք)m1F6 Dk7.fV3h{Ufǔ'fz*֬x2x&5]B% @#urUn#c`yގLecoj˹nrEV>ߎ#I#H'(HRڛGxA/>o.a/Ŏ;]Dv΍y< *`xZ3f|-n1g?ruiRI'k@KŅz̡`Y^Z2yYGr!1 2%a`đ\s&g,_~^OG,ݹƃô1Ey)%*oBcItHDoEsa$D@Hwe3=_a]۞jvN0J>ur{^45ߵ30?ىA*cT`6&XTAiÅ9DhDwD-Ey0I#M\I-c8>/]'O"sExGM_ h&6 k:"Iv G@йV9fo{b4k+g%qv!uS<֏aQi3ϽL~FѬdep5&HwHMU{A :@xW&Pxfm+@,焑 ={KHJaSp`-Q}$:~/2t:+ty㮈h`.?u}f7rڼNiVh b|TbCqRưZ_ƄP@#D9;B oTpCk/9-$j!By&a?+T47 T?xOÖTV\.w* !Fq-0\\U<(FA@ w<˳t#gJWf8F3[s717{<~hҶO[`A!,2 tOϥo=RAŌ#w[萰1x2G$~IAŒ=x4ͱNfXm)tG T,ܙ/ujeMxdf+^8cu0xAhP(2@D  _"FDDAN'HO ,ҥ]†ʘ{RÔ;\%.rd 'bQkM->`q>QQL2PK-&-5h5v{mb7Kyƙ4os%]*M_FcvGqUWǑ\@`KorF?&qV'I|$]WΪ'lБa$JLX2@ҥ_:>/yގJyT؍ph 25q5O65Ī0tT:@ `"׾{_2o>5~oogoXI^ހEbʣ\уFC԰>S㰗G͆v{dэ\װ(\jq]Γ[?cuΪN[J|חrm0as?uć7 גHHiP_aB(%xSc!% / JrEy9֜\ O=Fc0xĹ X~̶/5HXM ARwϔY٦6ڏso$y֕][e&CϑAQ6;`($䳳Tdz65ZXt٩Tn<򶚮qǬuߡ랂쓿 d: Y2AtrNυSqhpoy$;lk9-_ td=^i\[:ea-ӍQRjYzghN^jQ w8LrXiӎ L kt$:v{:ڽZ. @r+wLMpUx+ck]z_k߄낕+χd%BI"8v,AdNKZD1

A l{?I$r,P<zա1c_J9_]z<Ĺ^=1.$Z.~ܹ D3MX+ZvMС$AD\O<)=h!@o8Uh zJJy@Hhl/)Dïk%s6v/DU={ٵɡXr7h y;B<ś];FTguV wȺÕ3 /f׷y yh?v'ł!Re.ҠSWI(Uw]ܵ@"$b>e/gw8< '%%C:k M(-4YY#BsMt_{M я0NC u$H`4|% V3\=bN&ڹS; ӏ Ql-#QsU$ > [3"~ad8)Yꪅgc[1h4٭.*TT IbTlc 2 GĂ$8y{ $ ZØy~.ǰxF>$X܆%cumFd~t%^O$Wn*~K nN}ۙzv6޲j1=_g耭-! zIs%wayn/#d7\GA"DC:6xL)dAX"ATcb ѕ0=< $A%)ٟLjwA*c PV1`TDUEDQ$EXAQEEb"F0b (Dbň1TAbbDD`b MNj3ohBPX( F<ňƓlCm6 x\;lڝŵ㽕b,dŊX,YM2Yyoy3)\(IEF)d)J,YD[m_ DV5`XΥRο.FIE00&"Qvd١, ? F^3DDF@[fO+.V` 1E:r 1M%D:ydg޾Ċ%dDXE$+~W~ClV*ZѵPR4Ƈtڥ TI& #j(HƠ/鷝,RnF0I9} u ow dD%Pⷱɍu1)@bĨy-2v4A& Ҁ vy B7ٳWW%~ Se D,\P\(0dQ@,!ʆ>7v @ Vw>Eȵ | e(I=s&}%#=b22 GtEՎԢ:8RO1YMشigQ I#gUܳu_+erv ӲMS պT$B0HC#o-|>_~w%Y\F]CM1eћ9BmmQZk2zKn'9DP}~Z('ϓԔ0)w]y68Q=ޮ,Pb 1^8m_`U+UaNJxa j04HT Z*}%C֭LcKĺIDGE "$W`;ZxSAAIOD<^PTˑ̗elwvaW)46TQ v$ mjbI1=aվt.Ig帿ww·HQ` ιKx3L:rYtw1} I 3L{*X> K=o]p/z ]:qmS ݻJ-: e~W4FXWWD%0'߿قt>_һ;p_+9 ot|/o!neHdLTKrdopIezUY\HOgUYE]XLi: 2a g v'il⑲?SEl܏7v-׍rR2;FMVV}tW q_P@7~)=05xJ>Q] AY4Whh5>.UV{\+wl& $P er67WŚއ q<|I \қDk6˨K0c 3Vhڷ9ώSԘ$Ohrm#R K# ĊIQOjOY\ ^=oM ˇ?!Tc?$,hO/L1N%~C8PA GME8ػ,!N a F1J ,Gni 4Ɯ3(c?Nn.[=yF e .~._e?:g.)-dT^zpbNCPiՓ:xFYĬ*N¸P똂yAn\K5)aj;O֧-ZZF_Y֐=L "vO5)facvz$J,Uu' ڸW;oWh/Ϣ"!u`4i/M)-&$c/WÞ\G=͊ ?8~)!66p~ b骂]S%OF0KS͔ȝެI+3|Q$^q#@$#!=4MĊJ|ٰ5cϓ$kF=7+qmZwank$v8 laK`B{j3(1T86\ 0+ezLCݜK~UQgE8 -!,A3]XM+LO\[g2R` ?( GT2}ST3?i!p_,̢41K]J$#ʩYEIH,~w9N`#q(Tzv@Dr@Fr8m/;[L{ƟR!|y4$׵hU{Yl|_S`x*`m2hƩz3oa&_x-zKʨTXĊdY2eIEIDu!Ԙ*B/}zA@`q}SSOc?G@HSbUՊ?9l{BkCՁ;oV}oo9!wy@NzbOXZtM }5e<)&hJ1!d',zNv'sFyVf"r URw*MZ$3o>&(P,L'$+$ S~BrFF21,9H鈞GCKKTJDɠLXpYI $.ؼD>nHs|uV>1C=&AhV6;ikQv)XFqqk[ z 4ǮdjHpQ:IhκCj&x*maMA:?NEk[Ԝ688@rs,MEyI+u_@0g>ru"{ߕ!sR%Fƨ2y+886*wo!UuQHD6i8eN! F9ŋ3ɞl͓,U7HG9rQ֡aDbT7]'ЄT[`SԈaW<!k9-('&(߰ي)ILpeS/[OHĢyM#Qy$9=hR5<^2Eo#CtJ$"2GiV`bͬ!ˆ0%҃1t83>R[4 ]%L[cןYW,:^a9#;ShxW(;s3`X`imiyOK2{ ʬ2VÐpLgT`_06w40R I,g 9ϩ\Ee.2D^~HwUP!V3"3nƆ%dK "P$yU 4M)xmF &jaܟNT3EqxFALv,UrTnL-mu#YYeY.=aW%b@M5q!dC4a(q0_oFpcN,C'Lu 3.Tg$cZr*RbZ^|}֫\'hWғr0܂?Qd.ޝF~ )T!)%hétF5R~{+b&x1[L87h)% gBŔ"bM\Z&)JWRe. n`etQw1߰'.$hF@!!G꿦;QEoY2ޗw0i3Sq339˽^ccJ$.+4Ʉ[ԂTTmNq!\s°.J^:x^x3bKR:o4ԥ(Q^ECTH 8lqX w]Ї8*r: W8,FҮY;"w%hGfAdDL\Xd ƥSm썔M"}iǓUlMudU) ȿ/JE# ,J}ifxP(r {G<Mh2/dG_D*ou ΐ< !0!2RmۋnO(0].j-Rv#l$BĄсT|]r?ǣ{͜*+l_NB,Ptm#1Ks(lF Yw <[ת"o(E{cqz9s֭ڊ(U1O33 r>@j1X.࿉f7x@V=6ɡ&TeWUt%\c|x80/{ss>%`j5b|,fvFᄏ_0xshNzS-E.&ME!fO/ژ^jTmMz!q" IJ`B/*2"8xhg?2./w<Vkͳ5T V[!yI.`f OD:qqn32yuK%޿6ܺx湾*[L8F]ƣ-yp֒%% Y^HYEs?\_]!x\h2vz r!$ȄPnQe,s5u,n揦5 ?j%ċE>, hD (@%XWD{eX#&1cLOͩx?\.́uL%W&57?Ǜ|Oae,AVVB6LSz94> ^=`!LFqevMjlюz?2:PS'U9T U׿yG`#ptEtiœd1qX4љl.~~4~-j!ZSZWw.z=?KGRX U]Mo_ڿ*h|cY5N쀋e)4ۗښZ Xb2rB^yIIڹdENZpJop S+eZIggmEA"C?2Pv q8bJ,*.hzoV/Aף|N+Zٞpy+'Rz H8Xl^fd] c?;V#ǿIc1Ƈ1<$G[-gY}䗫>l WF]237.cnVѯde+v۷򞲲=tW:azҳEQ`/{'@qD8V\G~08jP ʕVcƪXhCe} 2+܂3c(l 31d6/v]rĸ Y%^^d J}[dA!jzG#"m`Ԇ)bR2"2Y$'aZݶcWy~{CޡX$u$ -/"bGB=:R)YjR=7NUl~c"=9H/i]XxqWӋ""u=@C(o.A^tqE:a<%xV . cMLJ N:Q-L6W& tqL[/*o&cHŽŞ0\2sq<~/OJ}YgeEȌmI6 "=G/2֩fYҀWyƗ-!ƌ Jki )g)5ry 4L1#0勱aԧ9IٳWg-/r\`~ʹdxˌ&A`Nm# ˎu="F K7qf<  ~ss~}\?(cZmQ%A.Oe2zd&|!ZA d=5f?E TX!ǁG|@[PPfG8g|JZNbjFi]Z ̎]N( F`[P\.o}JP ?sXF~8$)&d隟!n+Hm-Xf<߻6e[#RĝSq,]Õ~^ª5 %N-VZ0&c=GfNZ:l^ku[>ڸbm` IPA]8TO2Ǥs>.%EgSP*m:-<%z)*dbD! A֐/u,W 9 ]Ë0*Avc ˰ICl}q}K 1ca2&tA)mnqW\&4tB֧; kH>f1R Nn̑рŲ[dG~GZ& \/bVG(=ncA$ 0xj_ٿY15P_MI[9[b ױ5퍈xLHzx馣C dmom9CƢrBZb e )ʪ;}1+S# G.ʣ O)&WR]A`Y.CedJvmIO>dz(04:fePQ>i¯OqUo!xf7{i )/5_WyW -mZaA Q>AEQp ҏbgn2O#DUR2@\hLaii`4كlK22A{{ljnuҼfА^Mv+R* CrbZG(AxT?8;URYAGCE'r*4wq@s$5 `ěcĺCżZ DG(j7S冀'o|N \HjL/R\$, ^s]g+FbAtퟙ'y"j\黍VB>޿-w2F8W<#W +$ÅAsomW7`vLӦҭ[)Y!^ah>&IŨ2+!Y%%|~s7>ě׼ϗrjN *q6J/6 zCHV9˝B2B$fUOшud!)ϐeW5(t͊%Dlf{o%T8<F?wf8>g(]g??/đ͆m@-x7PI C<@fZ8W$gΩ4R2J> Q?d ' C!>I5Cd)g֙hy*+}˷|i]EvieJ8GR|(6J./[G 3$Wee"lnˊOvc:rdZt訤vE#}?ZA;~sg:U(+E!ɻyx_{-!=nsӁwx+󮅞vjKPEpHwӱH`ڌĿ%QH^/q5Q0\ H/+jWfxP0b=1R9XұZ`LM[{ͳf >'Jҿ@%P#BQ{l }=~@B- Wfܓ:=*V7!#ޕA 8p\ P5XR9ҫDI=+(C/BVn$nX4Ec 0۸҆{ff5aާ{kίsnrZ²|n?jۥMT*bF.  ƒ3J77} }oJ "g/ڧI_@^[U> ʏء:GJ82|EIhҘsh,YI[e[]=_iη"鸟"-nœ7K{hg?9lbQUb6 Gh<~N]v ?f1i#E>(x ѰK\[ݔ4lTJx9GHāߐ #HXL4R(s;+Me)/#55\{y'1}>{j 9:%fx,H[5R38NH 's "x|gѠ A2GK.I'g@uw.ZPr(%Qr92UQnLлiSs 't%w0Q!Y`qt/7wːDr1ds<`LVc [/q$L>ƜDh`ܯuPeC|[>weܢ>^-9,Ciz,-}O=OEC)5->YѻzI7U+ah[ԺWʜ ?l٨a0l$>C(yH9%R-ؠ 0acPYsTCRa3A?zXDr1S|AqRTLݷOG]REbMr^cfמ$ LOːqrbD[83ILBIWhFffCwk\CH 8&ΐf fcYv#(7$TC39 @-ԥVsN1?h5"eUmmoozc'*aN4yцXR֭7B⑶{$8JOz!9jHA+F4F M`$DdlA:wm[(?N*cA*rW 0=,eKxѴ!>TpqXy*Z"싫o`>]3Ҵs EwuҒʤ36B"Q+ *8B9Ň g -޵~'UPEQ<ZBuưqCD*H;ԭ惄l>l@ƀ5+'dZzxX؛Kr0r 8i]zs07kWXHsuV)% g`6.I4"ܥd'"Zl n #LS܆L]N(6F"%JR'i}FWpgc}qԲ.;6iZb.]}9VtK/r ݻ" c#S  c^Rw1cU$ԗCf*71u*cؔ:<\Qi-Ժobg.}G햣S`RųPsou.$ā[?'XՏqӤOʃ>N2OS.g%nX(|˩ŪkD<@>ywekM'PtNݪxUN/,\*@Fe&+J+ԥy,| êa@dI MϟLYd&sb$Z %pC*ܧ,A(uGVN#f͓2)+ i>VB\q9^7v? őJn)k5S,mZ$1o>"ߑ)1HM~); jG+*+hpe?~^op]:guZ~sj}Wk/[==6ߧdc  y0Ckc#sFYܙ=;?ߡ~n#zL'ʴ1\k;@|?'qѡ树k>D~9}^lQ`C><{Iv"6]=Zq MOdVt:)ZV #=FD Gp/tD=6X}kσֶ$ i%VcH-_1]h]nn{O!!ƻI,W=W_oN ˛ZiP&3S@vؗH)Ap%?LL\|m#loj+y2#Gh$_nauZmzVGmeroS6 DR?eQbY;6m nꡣ߰iDV[3g{osͿĶbS} JFEBώ!~mj@&}6[/̶ OCgvPy\qw]%=+ĤN4=XgqܻreEmwgEe-66Qf"6{2緦BٴSaȱ`a^fkxZڣ6xAҹ8yƓmT.qb}UbLË7a@^2)[G׻n/뜉7H1L9laWUdSjHtf悯f2*yWZW[ga/- +xlN%yy5Sb]YD"]}Hf,mkϯ&ʆvYR*&,Lc Z/1쨧C)Ojiu#5U=_nՒ23"jR1S^-Eƃ <ɋLo+%pEhnib<4:"`vfMIDžlgsQSGy7/`o~%R؄~6|ۓ=ZlFkzkSmon-cm!Bo.7NaɌx1rTK{*`NDN=]<; EL3/2BZ:u־k{<{/m& . `+j`2$dr4+0sc1~D=+Fim3)V#ҎC_+ |9ب)ϻyr.0ζ`CfhJ쭽 N@Y).SKF>%ƀDL9^zb@'&?Eʀ >96,MřQ$sc}s朱p*-!Y9ʀ 6]eby&xl/4apb<Gw!rR23H6Nc Ȣe(l|gB`kx:E, ,Hiȉ~E D@TUR0~lXq6}Ō |Ӻ3$e)6x(D>z(xT>{̯Y$lq졢X l`ɧWwH0at_>U9݇lɸ$Be $󲧄!9C(1īFCE턝Tepb!=̃R.f!6ld-p]c~ڳ=<*H-ط+t kQz9ʭ50{7fxb٘h\ LI+ETgEg3+I(b}3fh;u:9&63nYrm>r`x$R43Cze2+1ڴW$JY9Ug_r3SǴVҭAq9DȻ&]`r&ս]kFW_'H.G6[u $, jx݁kIJoH'| jk\_.$DU@W8]f- lHi:dSb|pv*խƗ/_"cHMM@{z88z Q; g$OR5)֎p/#TjNZ)lr WN)V8(?uz=ټ2tvO'ƮsnF"͎iZ31x-阮v=*F jOk9Q!_rIi_\K7un8[wP#=!Cfˡ kr<ķp߃{gm9J<-Rl̕O_ڱ]K9Ԭ?L5;ď#tt*_=سKӊz~ģ3z'3A; %d $-@ /ՈO|4w[.fsǾ5;!p,Z.bGʝ 7tu#R5Xk$kr--7VNs[w{O`z+%hFM 2Eѣjm/۔ @3 GP-pki(ˎ<;_SMh QJS\+wGu`d$#/kN8͗)$Zdap۰_x5WJ-L5nr3z?S{~Mp׋HJJJV.<\fͯ|`0G"< hӓ>+)61%y^64H0,0maeYwnd,V!;XB#hN HKΦ4 %Jp0E'.1\3d4.>!^!-#io'%`k46:⑐p ~3;-f0Dod|e͇4; 9g?=&ӐH ֔TFgAT:⫱$0(,sҢHʽ{?~EUzUn!"1{x$c& YPm}3RQԢ!D 4g܈u={vp}j0hrTa<~7AzM1^IRl@HH2?//-SB/\ Е̓2ly(WE=_OD"yאn#jDD^̛c|q~$se#K;[tE>&UkD2|Q19?i]F`{?=ȀD(x-&+TrD ێD^ZQ&,`dJڸ`MnϑI&YT69\ |XH|p9du yr!˪sTd@4֬톎 wҏ)BR_K{'H2>~ZRkO9?w}0_GY Hdb%ۅV~j]k.̌1)ӽmfxH478g+Pa g}>0ICWnWkzH.@{7@wri$=>C;h~գ/ 72H۲盳-ed.G3&&%Πh 831`qJ";#T_xiϣl9cu $yxHg ^xdzPH2P{bZr!$΍}_FC3Zmg)XsK.ul.o6 dC~)EZA*`b+#Ƥu8u+~j<z}_EF-F.6ZPPl m%fc/l\UV|fp_#>iPdTj27G;== m%pDBDC*?v1*ID PI'*l\O?:a#II޸jQ}zJ2\Άؘ7N1"^RJ $2gY?{Z?`Ic3U$u[cDc1Њ%m OR}uwzF7uz)<HT7iNp笏0X a5NUhYeVLFO(40$ t\MHaqfA%\5kK#|1H MsSoFw,ag,{Qg3fU6hc+M.LI]k"FjG䧒sO7SIǧ{0xw bݍZ1ZZ7n } JŜ~Ăi?UUڦ XGty$֗ DU8_ߕQ,˛ng3n`؛ ]c=e!8Oys 5s{ +6 u=t$]1{:(8z$G,33h َ~AziJ~Cc^l˩/Ǖb\:+Jn[{6U+r^i[c=5hت.#.i8'/k?7;GɅL:{N2,6\KNĭb[W:lLr̞/%`Gp&"r1ChɊ 537=u;b1s3[RBHf+ m4\ד[F5'@N- ͖IĶHx@3SPu}s|bo_Wrr҆ivˮ w|=ͭOPlCa>ՄsM&6 ;%bcѵGY lW;]gA4@wgh .%k˫(D1` V=O;I\\S<;>p3Au1p)~7.ѥTR'8nShvӖ<}c73xurƂ~gz O>,{g6*Tw ֢~?KntbR:i;i cw㰫6Mߗzi^TܼgO~fX<}/I[3ӽey #9ejx&| ʥ- W!'bnjjR|j2f!A,r0;Aߚ1kFΆu,-nm]h^/.@LV6-K#@iP5\ Df] j#yqB>5ɛ[82B!P#}t3ő^OxHI/SYHW7_b3"Kè\l&>Dɯ^s^o@[!< VOH59dw>]YD6O F4ǎ5G/A>%]s_D]z^x`}v" aOjB>Pe]4xOv TfjOQ?Ί$Gl?6֙lAgԟe1-[{3} CtBk4`ioWcd C퟽Dw_+gW"(Pǎf 9 isxK_JG˰< aL%XQ+%y:&E5u19@%_D5H3B DAec$0;Nn\ؖ:iBcmD$"3HI)H 'ߚ::!r ];l? '[hco2]T3wg!gc:?|iSYEcDQfE]"8z?~ ` m 7;J>*뵠F"IjfW_%u\ I~=K=&.ԥd1n lm8H#+Q~ X?hXc/s9 ?Q ̢  $7x}VUm$R?tѦLrıe&K6?<} #z4|T9/ _|Zyu1}QEaS1-l,Lv^]]( M&kxKc>_ζ\X*Z*rDrҔLh5'vz[Dt4#;/H$Vp$$J+F9jVsMxA ?pqT WK~-,kY?}?K%0|~9~դ IYY0?_1?1]f3\,$ ^68҇r|WAgj d#x?Җa 㽹q (P_&Ffw zVhf66 ;OC R†,4Ȓ|.tǮ7}QD\fL}(mr4X"WF|1w.F6<?kՉuLG4)jRH5dX>v1&VBe';w}%5i6":y^_)[p><: ܑ  xsL*m]Wn7F{H^\΄l+dlA*so}~cDL=4rZظ@VN}3+Ao*tTHG֫SqIuy5a$_E.|"Hb LOaˎ?z9}Ӈ'a0QpcB13SeA!o=Jf †V\8Rgfh_[ D2te_nw0 ;\ P@f@8}dZv:Q#˂!]`V9LD/(^B(7zRvoTmZ]sgȀ=Əx^ 7]ɯ ׇp4I?6?dd0'%!)cdvO% D98>S{(>Q>(&E@>o}Ny(֘B/\mY \wP8(tV:P2PpGPvb0@~Oxxӛ*j5i* DO0+zuC;w3 INtTHⴑvw 5_̃SbLZ@Hl]GdFF4 BrgiFVXʪBj3- 1ȝ%%E'b&EMI|qy~%{#i 3*= LvfH-= GlaB o^^LW?1zn?bG'˾Hgyv}&1r._vܺ-{n Fwj>t37gQ}Gb2a޾ySՎMs. 1f#|ٮ{G*B΢~.N/enc"^eg0цy)5I" a· fW_^=/`J!c?Jֹϸ|E'Ć^kME2ʱBm$J·ᣎg*exbjZqP mT,!&R#Y#(X}~~UHgG*K's++ԅQu%bap$5w0A-wO.D o ) #A#Co<2 o[,d=/UI+D 6O䴑 Whc?i̍ɗVN )Ohov"^ƂQ _5x?v6/>O2lj? ¡a&|c2Ckj<-f,=v_ <&gS^Ak6ۉ 62 8nX'~koAEL8Q3 1.JQ1=&EsZR,UD@(ER (Jd=Cڮ0뭜3?gΆrT+5YHq Zau}ߟc[&Y5\].otaW%֦5ӥ7@VeW &! ¾J*0"HXDDss0@kj^4湰淅3PH]Қv_ -aT/)P6"Qi"\^C/\h$YI f.c๜c/ ?%*ReI<+3!_C>{"(a[zG+goZ3Mfst;6=; 33-麆$d^fP}+A֜,Rlš2+zR}5f zN B|:3:oF&2KWs,fxg/ݺMj"S]>eVjmq:r>uiw-;{N=u!2fХ6S6&35pzI|-p#F4:֛8"LmPnu@?,c`ZCm~Ln\AiP*?0T*B@]&`kP"0=DRE+AM 9*P~/qѫVֈZ r#O#CWU4=͊lwػ fWfds?Ɍĸ- Al;^0mR# b eC[5e6y]#}St=k(6&4ثп\YpHk;FC51[OJݦ/?x}M~6%'yES6qApJ,tC1OdV؆ 3Mʹc[hr!¿*Um^ysdA$w\SJ7?+ \43iOC'MR(JZwA7t #ȣtJhr-]՝~I -;Ims#ANtn93yq;@~Dƍmr 9L}Hđb jli&,fؓ$Eqzzu XД sEM7^.gzἮ7`"x ZN Ww^8A:څ #Q*g1M0qպIab'] E2^WR<Ըs`$;h>S%+Mm.V CqY'6hXTOr.34 毗R<|Mþ:2s+ut-Y_ 5KW |' 9X7<>G3ڽe.?L܎fŭ:JC-3MåM3zcFU$"!ksȘdO3&ME^>nf^ro1oi%WD?Bj1Ts+Q;^;?o+8hE 3H~!bεn(gAfUۙ_cF8]RRaS_޵9чє|ȏ413NʂV̎du0/$\$1]`J ;R FQP@wn0iFO]O=d4Ԇg>nhdGa LDX;ڹ%͟ȕY5'%;4pBP9ں8~&Ut}>N%G!ڶ1uI{,+KDvPowrO&d>e<*XУM)E=ЎL"{Q zqs+;AoրQxFa4S Ȩa [kSg 5Zür81U^;5=n[ɮ' UK*!CɰUUoݠ|S4utJ4*y{Li/f[5_Fg7z{W|6f4t"=813\ ߇4x NX?RIiXHə D "FqIwڿq_&_n@9i\1Fhɦ m*V͋Mru^d{&DqTzV4|*3{:bs>GZ}u*asvW*p(nSwѱ8y]R4Y1 s{/e͢٧M XO;zMv}m` $ѠjX(>{RZF0nuz.1ja$bHSd8}R&j1, ;ٟG&A`d%; P@Y!~:C= `RT%Ec˟; 7M.;S9zy⿐ܚ3B^#ć1TE <9~;r]8/g,Sau6O4dI5fckl|&jx~k+eO6U}}Ւ`h $h{Sp#']$!p ;ק;2Dce')o~o&{ ;ûvlWU.@n-H,%DjA D NFۥ9^r4HטW,1G4oM&΅L*ZVp%X#ܟ.F+`;mڕ~3V͞%X/Ȑ<=y^ >eܸWwꦢqo/'wܕUĸ7,v4yY"$܉PsOgBҀ͵, ͫ{K@SDkp=^ 829ˌ8罸$DN{J׵6EٯtyxoN˖}Ic/k,UZd6g z5Y?T% NKw߰4P6$XcƤs2,==}L4-\.AkQdzy5,x`Q>&K|B/+BF^YîʘlmL#]A)6Vr.kkn]1dF8CurCSEF):si͋=v܃iק[w.1Vϑ\.E{Ef1H,[C6qUTr_:K:7ɂƼ4M7٘`4ͭJ׳˓<`@y-RkНqa<̝|(S)c(yrg<]5-3ǚ[ڮ}'|6:|-Â&p\9 ɈjoiN({,ɡ<<ۺlW$J79v7ۂUƶz\U2Nƃ`$Aw(M)O^Hͦ/(~.{&"әw:=ճ%ɰ&sQ7ֱLlgس}ƏBM>dzwo]GЭ<ƪ(^sE^0][NJl׭3`r=}'j}6;_f>tښ@q~^f5ϧ Yز4tTn;I9i+ v"  8gl X11",U޳C?~ {F~]mT[jߓl^/2?d_*72喑??v9<-Ng>7of=.l`5̵6I.nVZ%qv:Oh[WQ㼻kQU~U|+CIͲ3ͨ:X57 #cwSvmcl6XympS8^o'vߪb"ǞGw s y~E^-L䉨ckt_E/@y|xzDSi7ƱY6 GN6{or֛|أ׃b}cDj4jysn;߫W\W k͋e3~ʲ?u'}έG;w;lR6fn.6O6yqy $!i~X GLs3~q'f儫's_GF\t5}]W(u_kX\\<4^>m4$~ L>2u&nD^y,Gvָ&5!;P8)[ym=ydux=erj]2)LA BCB鳴y%Vф2,L =Q=&y x{zd-ծ<{ Y T~Qԯ(=1bRWDiak/ Tb]kLDt@_|a9LT؊'xnva#;rTuhe"ƌ,/O* >>!Hw8K rV) }-30npËyd"!"" n/:>O_,OzKjgQH[HKp02- $X ߏ!D9^1 \x,Ƨ!bD0L"O>m؍}x!&7`["hIB0c)`H$P"Dd|[ir:kH480&5Ȳ>t]q 3H>s3T:]k? ՠ=SHn;~}I_T[Y$4%ŘN\/YaL"$B I4 Z_fƫAlC#tPUOF;Յ]+8l^{vb<ڛN(;Uuq1=铎$5/x|NvJlDs lr[,u eLR-^ˮm,=46F?goP?/!qϚ]mM{L= SPtdI}A(gI5DHw;Ԍ#;.Ɩ\ @"GIlwV͗juZt~N[ggmE`aj~ɶ}Z Zf4IOae !i1c/n>]9P AƟ YnFOOB ߟ)G+Ξk9w'ui-r !+ " 碤#ê݇xb'|'wo[}uurRaNl}C8q9<= 4ƻ/q]6Tb?۶KæƉ߽-eox䶗 x-2ȹ%͞_>|~4hyoPSWPc> CGNLĥD} X Ghhi]rIa@O]O̱#c7ʣD3}Xvw2*yWRp94Z6^n8eV8ٖ&yO*6vc=@#KWkdU0eHh'm'G!b 68iz J!%H!\5~:-;+(}3/K:חgn dg˿yD}ݧ̽[yk$DY#ؒ-LGBAnoA֐Z DEP툳wѵ<"bڅO_4IEkԋX[n7^i;6Pǻ(B<p?? M\zEL"9X;0Q} ~uUHPČjlZ79 DܖY.q>F<0ad ?ZI';AHJq@)4" DQ\@ѿ穾]c7e9#HRY"(s1rj+^I.,^$y*eQܖ~-ytUM@v 8i+~Rݷj#>(dn]g R @N=vͽQraR ?B$`FK\b#Tlj:w{s#أ.f,y6 ZhfV)O߷U6I[/9fCegdqh́5=wYLtr@gDMQё;)ryV -c2RĤ.l,~5:.,yX/i`^)&y-$bI|T֍O0ecmcܝ<'/N- `DED&QdRwIʍ}> T'ʀ s>Ca  k`{ᯎi~W|Slv$ i.Usi!(0[EhP;XCd MZHaFOsoJNLw_s>[GpwMX"NhL'DLiQYC1Q G4Ki:=MYln-ԳY)@###E.SQIk?!ġBQ`\ q+k%Ad-w MvTD@l(f\eHvGJ*kM02H5g}y19rЉs +oV>~0\ڐxAUIiҁ3to;ŕ~MJ.)|@ɲHUԸ$L'Zo %Mt!o^*~ѓmǚʂz2APL# =U&`yQTD|fqo7e EYZdHrd&$8SdfIA><-ĺaϐ:ﴂbJ8'+*nR(NFe&,@1XHTBTXHD$Ӌ!:WCeaT}?4 5 bJnj3% 3(xwҝL9iI iCrT݇8?B[PrE/XgyNBMzxUDrA˪}K :HΖe ȏu)8#<פݧ܆бAZؗ¶F&RMMQ*Rga{xNf3Ū/ zpWL\2fNPI@19(>'JrrҞqeQewNzϩ,Ov}NIճ&=oHiC%d D4ٝu`66W{%? z|Bgr+ҊCTG,/:Vb4H,1=W}CxNҍxg*ZltF D4TҁFQ+TƦ6U9>*ׯǪx||TrmE٩,uhˏe4EddcFM}648A n?s({u:Ng>'k/MAJ"䌈ySv

`Bc'n|f|B|fο~f_a>-v^SPf]z̔&,z >ܦ&>. وl$d:k]($EʦII-B%]<Zvs>\ƶ巼\P|r|; @iy6 ǯ&,Pcڇ o{|<:PE :P@ %;G ;-IA^đV"dJԲC)F,IGgSn7uVD˱x=gO.υ(' Hc_7 'ϡҚEB$Ԋ_D5 "\?``aRQ l!{>+9jBob!cdpD8\)7].Rga#11lU\͊5O0{vC会y&꬜v95@6W^ΖB\jYYk /CYXrc(|+>7~ov7|-͈\"IE^#2Kiqt2]N,DF=Eju̎s1)+@61;C ٦Aigrz]4Yȳɞ&RQ]EW"Ї։@ޑ\vaN0KI(# I+{81 l,BaQyaN:Ϸ:ה7NwOEdDP؜@Uah_]+>W'a^0- *k_NJ-܃;Kq,P-9t/<,QMx>#cs^rmc1Z1^K==_;$ưXFƞgmǰA"1|H(e Ϫgg!k<:4,h{בД/fԒY3Jw-׏7:j$Ġ,31Z?1݉"M@eIIfƷ-Kȗ٬':]AR aQC"ݜ,|i (tJ.|[XٺTo?pHt]hIg߳bعO='}?[K E' MJlK;m˳PI֍t11 ׅ`cX;kxbOVYCҐACwY |J^-?5` Q2eieg쑬n0JgI!Q<'?.?!']mkCe +?3)YLO0**j1XiLf%x vl:F1"i 1%Aƨ%s/ʻ eKRyleKl<=m8jߝpABAOǜWlSC*HA?2RmbpG᤹F%=?QGg*DEHN2,L`xhtCLCZ:9t銽DK2-d;MX4#HPKWEe t)d 3Ӛ> x8h*UꫴP /ȓo=ߡ ΅xuN~6?д}@7k0 !5?Dey=M?6xo-m~Ję!bHsL`gڦrNv ?_! -g½ m"wֲ ^qWR($0nWИS1#KoQa;DB|iC=+9#8kL])Dqt?si>W<1 BL46 UnZ?Oܼ `D"=ە  %yIM}~}r7nêQV(ȥ 6A""qf |ndU(D-\G']fnhFJ{/ޮ .NL4/ ls3`lzY l1TjT)<%ZfM:0]l\NSv1׳yzJ-5ҷJml/-}ai]}?NiS9UT-n:3 p0h}*ޕzQuaZ5|gڕcQ_=whQBKZ]"ŎLWy$yy:]wtϵfκ t :R,&ہXøւXvd~c7Ӊ@nW([G %63v@[ˆ-zoa!򶵡r e 1٭5SZ/KaA ~q[xr{Or.%4xh 'u7BUs3j^fY Yu3V-yOV+hep9Ti vq! +OJFw\}9 Ĉ0ޥ 兩Nֲh-5@v..?~E]o߬zt#|KX(_NZLK_.IܛR99&n$WŠ1y̳i66+%V2?ڟ񏹶U0~:y|ﳣ~mHi{2 @ YB 2Ca,tw[8'4Eq86&gEI,ntk{%W&S庸sRǿ0Գt|3ԪK KqyV NQƈ ᭙qۏ:iTQy^ɍ=pnP5vU@@ %(42 N[屇3jKi[0d?ڪ,M ^N?bdgPrEIEB+%yO9i)˜qBGOjwl۔G$*ӡXuhȿ^V5OLּrjMPq{t(ġzW x\q+5' qE[*ГlUrK]LE9NP '5=sδ6~V"w#3zL += :jCB^t.0XR\WOJBl{B oX\Q2)fռE&+D!(ܗZ\Uh]ZZbs^zٳtŠ7M*RKքGJڇA^僛7+R (no>s-T5>әˎ͈AbX;'l^˖-;)ϼ5V8WItYޱ'I/ 5iqGܻWfZ8+6]v 3?O6.mQ"tq[nƻv{YF!BÔ|Q29+XwrerQCV\9(,%ÂTDrϤQ؈^fճױ\a&﷯RsmbdΛCuɌxؐ,~A篵))4D /:tק Ma0}ĂىCjAC3%ͅ^j07e7WT6z|wH}3g` `\!8 -:ʀmلȺzwKv9^яBF!Wkە -Xx26IIMis݆neV|ܡ5qlqvuHkI^7u]ִo`ŸgܓR/w%ȜQڙc BۉI|vPQ!ƅ&JrG'!!7/ᢙ oMp`$U6YKl Y"t0ȉ@׉M=4LQ">ߧcVWPI%%A,zSgC`)) jc åe~5 +E?;M$|wl*bԐ#Y$j+ruxNɢgG^sZ>M=nq{>W=> t$H7oX-?C.3DV<qYou4bΊ峚Nw?2uު{OiٴWԊg{鲿]7cԘZz|_ٱ0ϹrJn7`.?YW5/::+C~ϹB$t__T]40!9R!,d̄fVZF1&iLR/u),P6ׅ;91AY&SYKHidk&UG{)zrv w_apIj)_g{ㅣ}{݄J龃CpwRzh1 d0to<@C@M4&0z#&h&ѓAjy0Țf@hz4 S4#&4Ҟ&M50M1546(4#@L&AM4LjzU ~TYN+*yYy碡rUxUm29L?{kcU%y]Z5Wͮm]|$!gU9{pB9=$tp#F^S;G9'J~ev_oG^-;JOДF؛-nےdrCĻJߥ4s^'}#@ij]ss5Zߠ:`bR=z]UWm< 5}Z]) L{.fwmkAttBO@i0PFBA mB(#>Ȥ~\zz nĢMZ fzd38̕Ivh̃yscN+y 34ZPQU~zƍI5H=zN9"Zb5u=&Z#A4C 60$"&cd, q2blr! E@M tC79M ^n@^Db'#WL=6E 4,HiFC!0Ha4#W̍ ȎV1|y q%tvIl­(R%DXIJXԲ:t]Jkߣ;ٽ럶ͭѱ0_޶NU/.^6&4(f@&.W)y)aP5z4jM+y+cPC_{1ߺ\v.m+Q&3#)- ȣ PhBt mM$,jj6l$2 !IJmbO /Hbyp c#s"N)x]Fj Ku0z)a]@u2 Fx32;o8"DՑV[BjzYi.R @KD!gQզ: F`#@")HymB HNidG_eVa22(rr$#Au)T[`zeJc3'Q *4$7J,iBW٬.v+\c?RZ ?ڑbvsUͮ"ZvlE$C@>QJe0$G"(ugkeax9[PFrGrp_Z5_*h)=̲6O}^b bv[_6vzLD#{MP`)B & ?^kŬto twݶ`qêl2 xyjxJ!#L֮ سd|!> {i-@(WI8S+Ma^4 KNJx Mw*Ww8{FHRl!n)a~WCj1i #Q=x9A:m2a D=Vvvsb+ȭ&ck, i{'Xƿljm^e~%{$E%.*k{qݕIr 4?0 O~`)Rt.Lk/;X(_ Qݠi4R] 8-\2A+ek%';i aPPC\) пZl헨T@sͤ^6Sh@0mTY¤JCgb(0ucpnZd dI9Y +*/gi'M04 '\BL*%F %Y+P^i RA@AE,(8 IEE݄Y{\) -H. $ @@6H$ ALn;e3)xׯuo"B >=FW7_f!N6>o]dZ~5x*DQfDduĤ[+¡+v]ޫwX&#0 " -)'~z_3 1LO xEЄ,1k#`!y d`fp;y/a8%IdI3n dH(Ƿ8@@VwB\ 12a!k̛ȉ(+OQ U7Iv5>G/lN͠`j[`(TrH7Mi_e=vTVqfVϩiAFe1@HY/8C Ubl8SE=_Xe<ɋbNW@Ijrs1VV7EWA) B͊%!TG{);(Zl[/x.M'5dS"O*uR53*ăTyaWyΣ<%W3]-#Q7ZZxKnK*%s;X|izTx/(dlȑDXke.OW-, uе|3Fxsyd9FEUfsGȻ&* z^yuHh ̙Js]W9]?S[bs3ѣ{U? xp;-ml<];>JZm;;,zcFGnj:!D a,‚f` %$uqIPDSy؇Y/SkJ>'?X!D"#\ ~!1A YJ+-"ȊlwR@B*ACDx[nJ{U3l`(x Nd" HNʪ](Pof؀._ACeQ-EQKLx^r⠏~*@qPA: XL9:Ei]wXtǂ,̐d/4?2洿࣡hl .*"(ʷMM` \3UTNa`4n][x"}h. xOi*u@A}6i "]84sL ;T " "'EG\rVx>h矑S@OHI[ׅdjP<e^~9.h` @|^&@* #, N9(j#v<-U;Hg2a^U" ._.6D6D^cw`p!X8h*uKRD^4ȅ S Jmp#3L)ՑzqR86IJibb79=F֪s"W=LR f3XP+Ց57Kuha(L 1AhW&= "$q=/8 B Xb92GsZ'jJ!d?o &5oqv5mOK5+m׵m Q&HE_]ϲfF??X}}ztsC1K7&~S/\5ZmMwjɪ&2zx́2/c$ўpPY8Z,z~ T#nSzuWu$%d Ḥ>_.iiqBVm~<=pYtgG䱍֍ćtjonu8фnEX( it7/;nEW߽̗?-5Xn` }&m;Uk!l5U\[m?T@m&uoa|zIo}:Z ^Ah7IB/$/PpֵR0`~?[ctr6a /ϥ6ffR=Vx؈q((DXS=aI*=4Ep.(sA&BbVW"i&Y$ 'κcRDZP7u)✢rf("[(#Gkb٥(8)(-m||$x` `br^To[q[טI8nSQ<,#a 4Ṵˬ؀ieo7XȀLRkc"[ᚻTƿU%]}; ĥZ;ZrEEzB]ZL)~0Z$Nő+,w#,5W?"8#yqWv[%F|ȭIc{?["%E eUxo7|a@\ pB-)ă͟L;;2S_pʹkD1A"OS>_RjVQk]ٶ/etR$Ɇ6Ll4~MVԓOo@6;,([ $Y (Q0-,Txg+`b #@ <$_R6$C&U%9ٷBn[ݸѠt}02/GFv}UiϹ|h0?`Jd$tr& Kٵj!t45` -)22gFm di"ƫ+۬˼F$|{ OJȎ P lYZO1א?7 ¬Z0D"qfyх~ij`=L su&DڰS0@ȺZhoDi>Jn?wF>>,gdZbb"Y Z:la4"S&Sa{ꩍ7S.Qd f^biN@hG XH a7φgz="aw[{/yyKˊ[RSƓ|U %YiomO[]"5G47imM_CRN^z(0/&p9 uup7"h,Q@fzU'E^]>X"jI<QKi`E4;v]DD |vJhek-SYAJk2-Uw(n3i ~ ,RW%WbELZNv"y[ʂvP {>Tc 6?/[8}6+0kUik:C9D51N5f_zjwS$?RwU:_S9"w$&֫fsOӶvM1ЕK)VG^n+3Q%jϪ̭w2-|H31ϑCUEf 9Vg kE0J.H៯CV1Gv=,~y1+entع { 8қrJ/g@gy7*UȘ*w\o'`g5y{CQJ] .+妞} ǡ lM/7tt]0P}fLo$I˚zپ@GU ml_cK"9 !H( O:DM@M2Jx ^v> T][R{XwF[UN%Q%|I6~\2 i>D#=F,sr6N,UCh+uS]RY5"͒L{O}lc5{0b/DUEK("ceݴVEKρeG#Xצ6%F#q׺]uzie97a_E;6RYE 0/1`"T:PFpL5a H Z>S9HFa7U?d:}2˷^O{պ!PLĝfk\R"slf F~ (APTqPm!H^9{'$s%D/`M< & qbYgUZctJ+M!ۨkkoP瞧lVդx/N:'w{H Xg>{^V7!}6|^SƬ߯mEa`gw*؎kYmB0Jsf*ޯj+5oE'ϏwKba谺}XĄ#mOu 'bN:3Ɠf`oP #3dlyRZYʑXG O&?&N@8 -Dgrd)\!Ub#_,5ScK{ ڶtq.=7%2 YBN>.!Pʥ D@]s@vS[f= %;oBM%jB|(YN{k:Y4_%1W>񜏟֯{8y? kG|u䮺4ggABؙ5ߦ1ZFc&;ʹ:e1?J^],Wr/̀)u@k_J|'= Bʲ05jzCtJe< I(>Yx~{?/_Cf< =͒6yG)ߚ.kLZ(z);;/|&%2.9sYY}y9lN]f맃KRWd0bXl)ZU-X<1NxISRS/b5Q1qΚM c p|ዮMKӟGئ-T6`P Nj6A!l4Nʣ̀m#dbz8Ǩh7c+rh=?-cݮ ;l%`-UF啚(~^{*M?gKCVX׎unUM@'* : OHew"Z=N7qy{E?Ǥʖ(xɼdQ6ؘm0f`ّHW$[pCY85@?h3DיPcߤ..Xԣ):ݶnlӘؐQ˞nJezXL4, d֘z\԰TAxaLgL+1N ɷ+n72 [N93U/]-lٳ%3^ס[ƛD*[eGS`X:[Ӂ[9skVal0i1.&l7"i>__-Zyn$IGqͽ:x\=盽yɺW?^}u01a8$Y@o}3 zT4;;pޱ5(A $B!",kQV0{QEdx̑sl56NODQL e$B dҋ$F^FVTw+"oSF2/#GO*N2nTOxg"i&ẕzl&D$4%zB&BHGRN?=ȋ i%Q1*6ݨ N@LzbAd$9,b@؍>[)ܛA&:Y)WDheoL2j]%*SW\Lx< '5M7up: 2RA"&DtD&cvRPd$4V.AsqP ~Fis{* pJtXa0mNJ 0şPkN=m+Z񴽐IQGaTwvbvd, (kgsxe9$kB tf 6i^GH Vil=oxAq$TthsM df86-.d⒪T3WC:Ct穁O ln3%H-8%) LID%{BE$ݷmvMXE-% `׉Vl؄|?3 @y=:D.zo]]GF& +b+YeraY?㋘1X^3F1#1զ$$zKp,t;gs#䧮"9 [/ͯxxJYͨ0p hA)tꬦP#vAsyi0h絧 δ(#DVCfϵ=;{pk!QHx/USq˓*$j 2bdc8{~^,dխ4 1^ Ton4FJC X:H^>Qoy֝I(30sf XenWm]ZP{'I%D񇴏[ %sLÏÏÏÏÏÏÏ鲲ÏÏÏÏPÏÏÏÏÏÏÏ {P^aFJ2c